pspdfkit-web-signing-service-example/lib/app.js at master · PSPDFKit/pspdfkit-web-signing-service-example · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import express from "express";

import { DEFAULT_SIGN_METHOD, SignMethod } from "./sign-method.js";
import * as users from "./users.js";

import { requestLoggerMiddleware } from "./logger-middleware.js";

// We create a single signing handler per signing method for the whole
// lifetime of the signing service. That way, we can store data we
// want to preserve across endpoint calls.
let signingHandlers = new Map();

/**
 * Parse signing token used in this example. Which can be either:
 * 1. JSON string with `userId` of the signer and `signMethod` to use.
 * 2. String representing the `userId` of the signer.
 */
export const parseSigningToken = (signingToken) => {
  try {
    const signToken = JSON.parse(signingToken);

    return {
      userId: signToken["userId"],
      signMethod: signToken["signMethod"]
        ? SignMethod.valueOf(signToken["signMethod"])
        : DEFAULT_SIGN_METHOD,
    };
  } catch {
    return {
      userId: signingToken,
      signMethod: DEFAULT_SIGN_METHOD,
    };
  }
};

function sendSignedData(res, signedData) {
  if (signedData) {
    res.send(signedData);
  } else {
    res.status(400);
    res.send("Signing failed");
  }
}

const app = express();

app.use(express.json({ limit: "100mb" }));
app.use(requestLoggerMiddleware({ logger: console.log }));

app.get("/", (_req, res) => res.send("Hello World!"));

app.post("/sign", async (req, res) => {
  const signToken = parseSigningToken(req.body.signing_token);
  if (!signToken.signMethod) {
    res.status(400);
    res.send("Invalid sign method");
    return;
  }

  let signingHandler = signingHandlers.get(signToken.signMethod);
  if (!signingHandler) {
    console.log(`Initializing signing handler "${signToken.signMethod.name}"`);
    signingHandler = signToken.signMethod.getSignMethodHandler();
    signingHandlers.set(signToken.signMethod, signingHandler);
  }

  try {
    const action = req.body.action || "sign";
    const signatureType = req.body.signature_type || "cms";

    if (action == "get_certificates") {
      const certificates = await signingHandler.getCertificates();
      res.send(certificates);
    } else if (users.canSign(signToken.userId)) {
      if (action == "sign_pkcs7") {
        if (signatureType == "cades") {
          res.status(400);
          res.send(
            "CAdES PKCS#7 signatures are not supported by this example, use RAW signature container instead."
          );
          return;
        }

        const documentContents = Buffer.from(req.body.encoded_contents, "base64");
        const signedData = await signingHandler.signPkcs7(
          documentContents,
          req.body.hash_algorithm || "sha256"
        );
        sendSignedData(res, signedData);
      } else if (action == "sign") {
        const dataToBeSigned = Buffer.from(req.body.data_to_be_signed, "base64");
        const signedData = await signingHandler.signRaw(
          dataToBeSigned,
          req.body.hash_algorithm || "sha256"
        );
        sendSignedData(res, signedData);
      } else {
        res.status(400);
        res.send(`Unknown action ${action}`);
      }
    } else {
      res.status(401);
      res.send("Unauthorized");
    }
  } catch (e) {
    console.log(e);
    res.status(500);
    res.send(e.message);
  }
});

export default app;