Initial commit

Signed-off-by: Mart Somermaa <[email protected]>

Author: mrts

.editorconfig

@@ -0,0 +1,10 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+max_line_length = 120

.eslintignore

@@ -0,0 +1,4 @@
+/bin
+/node_modules
+/lib/public/hwcrypto-*.js
+/lib/public/token-signing.js

.eslintrc.js

@@ -0,0 +1,30 @@
+module.exports = {
+  root: true,
+  env: {
+    browser: true,
+    node: true,
+    es6: true,
+  },
+  extends: [
+    "eslint:recommended"
+  ],
+  rules: {
+    "quotes": ["error", "double", { "avoidEscape": true }],
+    "semi": "off",
+    "indent": ["error", 2],
+    "brace-style": "error",
+    "key-spacing": ["error", { "align": "value" }],
+    "comma-dangle": ["error", {
+      "arrays": "always-multiline",
+      "objects": "always-multiline",
+      "imports": "always-multiline",
+      "exports": "always-multiline",
+    }],
+    "object-curly-spacing": ["error", "always"],
+    "array-bracket-spacing": "error",
+  },
+  parserOptions: {
+    sourceType: "module",
+    ecmaVersion: 2018
+  }
+};

.gitignore

@@ -0,0 +1,4 @@
+node_modules
+.vscode
+.cache
+*.swp

.npmrc

@@ -0,0 +1 @@
+@web-eid:registry=https://gitlab.com/api/v4/packages/npm

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020 eID on platform Web
+Copyright (c) 2020 The Web eID Project
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -0,0 +1,77 @@
+# web-eid-webextension-mock-webapp
+
+![European Regional Development Fund](https://github.com/e-gov/RIHA-Frontend/raw/master/logo/EU/EU.png)
+
+A Node.js/Express/Handlebars mock web application for testing the Web eID browser extension.
+
+## Setup
+
+1. Install the latest LTS version of Node.js - [https://nodejs.org](https://nodejs.org)
+    - **Windows:** Install Node.js via the official installer.
+    - **Linux and MacOS:**
+      - **Option 1:** Install Node.js and NPM via the official Node.js installer and optionally configure NPM global package path manually.
+        ___
+        **The following steps can be skipped when running the project locally and when you don't need global packages!**
+        The following steps configure the NPM global package path, so that installing packages globally and running them does not require root or `sudo`.
+        If you wish to run this project as a service on a server, then the recommended approach is to use a globally installed [PM2](https://pm2.keymetrics.io) and then the following steps are necessary.
+        1. On the command line, in your home directory, create a directory for global installations:
+            ```bash
+            mkdir ~/.npm-global
+            ```
+        2. Configure npm to use the new directory path:
+            ```bash
+            npm config set prefix '~/.npm-global'
+            ```
+        3. In your preferred text editor, open or create a `~/.profile` file and **add this line**:
+            ```bash
+            export PATH=~/.npm-global/bin:$PATH
+            ```
+        4. On the command line, update your system variables:
+            ```bash
+            source ~/.profile
+            ```
+        6. To test your new configuration, install a package globally without using `sudo`
+            ```bash
+            npm install -g pm2
+            ```
+    - **Option 2:** Install Node.js and NPM via NVM (Node Version Manager).
+      This option is recommended by NPM, but unless you need to switch between different Node.js versions quickly, I would recommend the first option instead.
+      Manual configuration is more transparent.
+
+2. Clone the project
+    ```bash
+    git clone [email protected]:web-eid/web-eid-webextension-mock-webapp.git
+    ```
+3. Install dependencies
+    ```bash
+    cd webextension-service-mock
+    npm install
+    ```
+3. Start the service
+    ```bash
+    npm run start
+    ```
+4. Optionally use `ngrok` to serve your locally running service mock on an HTTPS connection.
+    Get `ngrok` from [https://ngrok.com/](https://ngrok.com/) and run it in a separate terminal.
+    ```bash
+    ngrok http 3000 --region=eu
+    ```
+    It should display something similar to this:
+    ```bash
+    Session Status    online
+    Session Expires   7 hours, 59 minutes
+    Version           2.3.35
+    Region            Europe (eu)
+    Web Interface     http://127.0.0.1:4040
+    Forwarding        http://e569eb9def37.eu.ngrok.io -> http://localhost:3000
+    Forwarding        https://e569eb9def37.eu.ngrok.io -> http://localhost:3000
+    ```
+    From there, use the HTTPS forwarding URL for testing.
+
+## Development
+
+During development, start the service via `npm run dev`, this will:
+
+- Watch for changes in the project files
+- Run the linter when changes occur
+- Automatically restart the service

lib/app.js

@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2020 The Web eID Project
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+const path         = require("path");
+const express      = require("express");
+const cookieParser = require("cookie-parser");
+const logger       = require("morgan");
+const helmet       = require("helmet");
+
+const IndexController   = require("./controllers/RootController");
+const AuthController    = require("./controllers/AuthController");
+const SignController    = require("./controllers/SignController");
+
+const controllers = [
+  new IndexController(),
+  new AuthController(),
+  new SignController(),
+];
+
+const app = express();
+
+// view engine setup
+app.set("views", path.join(__dirname, "views"));
+app.set("view engine", "hbs");
+
+if (!process.argv.slice(2).includes("--no-csp")) {
+  app.use(helmet.contentSecurityPolicy());
+}
+
+app.use(helmet.dnsPrefetchControl());
+app.use(helmet.expectCt());
+app.use(helmet.frameguard());
+app.use(helmet.hidePoweredBy());
+app.use(helmet.hsts());
+app.use(helmet.ieNoOpen());
+app.use(helmet.noSniff());
+app.use(helmet.permittedCrossDomainPolicies());
+app.use(helmet.referrerPolicy());
+app.use(helmet.xssFilter());
+
+app.use(logger("dev"));
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, "public")));
+app.use("/lib", express.static(path.join(__dirname, "../node_modules/@web-eid/web-eid-library/dist/")));
+
+app.get("/", (req, res) => res.render("index", {
+  tokenSigning: req.query.tokenSigning == "true",
+}));
+
+app.get("/webeid", (req, res) => res.render("webeid", {
+  tokenSigning: req.query.tokenSigning == "true",
+}));
+
+app.get("/hwcrypto", (req, res) => res.render("hwcrypto", {
+  tokenSigning: req.query.tokenSigning == "true",
+}));
+
+controllers.forEach((controller) => app.use("/", controller.router));
+
+module.exports = app;

lib/controllers/AuthController.js

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2020 The Web eID Project
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+const { Router } = require("express");
+
+module.exports = class AuthController {
+  constructor() {
+    this.path   = "/auth";
+    this.router = Router();
+
+    this.router.get(this.path + "/challenge", this.getAuthChallenge);
+    this.router.post(this.path + "/token", this.postAuthToken);
+  }
+
+  getAuthChallenge(req, res) {
+    const nonceLength = req.header("X-Nonce-Length") ? parseInt(req.header("X-Nonce-Length"), 10) : 32;
+
+    // String of random numbers from 0-9 with the string length of nonceLength
+    // For example if nonceLength is 5, nonce could be "77391"
+    const nonce = (
+      Array.from(
+        { length: nonceLength },
+        () => "" + Math.floor(Math.random() * 10)
+      ).join("")
+    )
+
+    res.send({ nonce });
+  }
+
+  postAuthToken(req, res) {
+    const [, encodedPayload] = req.body["auth-token"].split(".");
+
+    const payload = JSON.parse(Buffer.from(encodedPayload, "base64").toString());
+
+    setTimeout(() => res.send(payload), 1000)
+  }
+};

lib/controllers/RootController.js

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2020 The Web eID Project
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+const { Router } = require("express");
+
+module.exports = class RootController {
+  constructor() {
+    this.path   = "/";
+    this.router = Router();
+
+    this.router.get(this.path, (req, res) => res.render("index"));
+  }
+};