javascript - node-soap 上的身份验证问题
问题描述
感谢您抽出时间来阅读,
我对node-soap有一点问题,所以基本上我试图在发回响应之前验证客户端的身份,在遵循文档之后我找到了server.authenticate函数。
server.authenticate = async function (security: any) {
const binarySecurityTokenAsBase64String = security.BinarySecurityToken.$value;
const pemKeyFromRequestAsString = "-----BEGIN CERTIFICATE-----" + "\n" + binarySecurityTokenAsBase64String.replace(/(.{64})/g, "$1\n") + "\n" + "-----END CERTIFICATE-----";
const success = await validateCertificate(pemKeyFromRequestAsString);
if (success) {
return true;
} else {
winston.warn("Failed to validate Certificate - Either Certificate Verification with CA Chain Failed or the system encountered an error");
return false;
}
};
这就是我进行验证业务并根据结果返回 true 或 false 的地方:
const success = await validateCertificate(pemKeyFromRequestAsString);
我的问题是,无论结果如何,我仍然会在日志上得到响应,一切都很好并确认验证失败,这可能是因为异步/同步的东西。我真的是 Javascript/ 新手打字稿世界,任何帮助将不胜感激。
这是我的代码预览:
try {
const myService = {
Calculate_Service: {
Calculate_Port: {
multiply: function(args, callback) {
const a = 1;
try {
winston.debug("Reached the multiply Function");
const n = args.a * args.b;
callback({
multiplicationResult : n
});
} catch (e) {
winston.error(e);
throw {
Fault: {
Code: {
Value: "soap:Sender",
Subcode: { value: "rpc:BadArguments" }
},
Reason: { Text: JSON.stringify(e) },
statusCode: 500
}
};
}
},
}
}
}
const xml = fs.readFileSync(AppConfiguration.responseServerWsdlPath, "utf8");
app.use(bodyParser.raw({
type: function () {
return true;
}, limit: "5mb"
}));
app.listen(port, async function () {
winston.info("Express server listening on port " + port);
const server = ArcNodeSoap.listen(app, "/calculatorService", myService, xml);
server.authenticate = async function (security: any) {
const binarySecurityTokenAsBase64String = security.BinarySecurityToken.$value;
const pemKeyFromRequestAsString = "-----BEGIN CERTIFICATE-----" + "\n" + binarySecurityTokenAsBase64String.replace(/(.{64})/g, "$1\n") + "\n" + "-----END CERTIFICATE-----";
const success = await validateCertificate(pemKeyFromRequestAsString);
if (success) {
return true;
} else {
winston.warn("Failed to validate Certificate - Either Certificate Verification with CA Chain Failed or the system encountered an error");
return false;
}
};
server.log = function (type, data) {
winston.debug("type: " + type);
winston.debug(JSON.stringify(data));
};
server.on("headers", function (headers, methodName) {
//More debug stuff;
winston.debug("****** HEADERS **********");
winston.debug(JSON.stringify(headers));
winston.debug("methodName: " + methodName);
winston.debug("*************************")
});
});
} catch (err) {
winston.error(err);
}
我很感谢你的时间,谢谢!
解决方案
我终于解决了我的问题,如果有人对异步/同步代码有同样的问题:我使用文档中的 Async 方法修复了它
server.authenticate = function (security: any, callback): any {
//Get the Binary Security Token coming from the request as a Base 64 String
const binarySecurityTokenAsBase64String = security.BinarySecurityToken.$value;
//Creating a new certificate with header, footer and line breaks from the binarySecurityTokenAsBase64String
const pemKeyFromRequestAsString = "-----BEGIN CERTIFICATE-----" + "\n" + binarySecurityTokenAsBase64String.replace(/(.{64})/g, "$1\n") + "\n" + "-----END CERTIFICATE-----";
//Validate the certificate
//This is an async wrapper where I added all my verification steps;
validateCertificateWrapper(pemKeyFromRequestAsString).then((authorized: boolean) => {
//If the certificate is valid
if (authorized) {
winston.info("Verification successfully Passed");
return callback(true);
} else { //If the certificate is invalid
winston.error("Failed to validate Certificate");
return callback(false);
}
}, () => {
winston.error("Failed to validate Certificate");
return callback(false);
} );
};
推荐阅读
- c++ - MATLAB 由于 calllib(C++ .h 文件和 FORTRAN .dll)而崩溃
- javascript - 从 express-handlebars 获取数据到我的 javascript 文件
- docker - 如何减少构建上下文
- reactjs - 我如何在 reactJS 上制作 lib 文件
- node.js - 使用 Express Nodejs 在浏览器中输出
- php - 遍历目录并使用 PHP 获取文件并将每个文件夹文件包装在 ul li 元素中
- django - 排除所有并保留一个 Django 查询
- javascript - VSCode HTML缩进,同一行结束标记
- azure-active-directory - Azure 托管服务标识:12 次后无法获取令牌
- python - 检查是一个字符串是二进制