get pubkey and encrypt password on login (#1965)

* get pubkey and encrypt password on login * only encrypt password if insecure context * fix logic * fix secure context conditional * get-pubkey to auth api * save two lines * feat: Add the backend to the ui (#1968) * hide app show if insecure and update copy for LAN * show install progress when insecure and prevent backup and restore * ask remove USB Co-authored-by: Matt Hill <matthewonthemoon@gmail.com> Co-authored-by: J M <2364004+Blu-J@users.noreply.github.com>
2026-04-04 14:29:45 +00:00 · 2022-11-26 09:47:00 -07:00
parent bd4c431eb4
commit 9146c31abf
24 changed files with 381 additions and 170 deletions
--- a/frontend/projects/ui/src/app/services/api/embassy-api.service.ts
+++ b/frontend/projects/ui/src/app/services/api/embassy-api.service.ts
@@ -1,12 +1,24 @@
 import { BehaviorSubject, Observable } from 'rxjs'
 import { Update } from 'patch-db-client'
-import { RR } from './api.types'
+import { RR, Encrypted } from './api.types'
 import { DataModel } from 'src/app/services/patch-db/data-model'
 import { Log } from '@start9labs/shared'
 import { WebSocketSubjectConfig } from 'rxjs/webSocket'
+import * as jose from 'node-jose'

 export abstract class ApiService {
  readonly patchStream$ = new BehaviorSubject<Update<DataModel>[]>([])
+  pubkey?: jose.JWK.Key
+
+  async encrypt(toEncrypt: string): Promise<Encrypted> {
+    if (!this.pubkey) throw new Error('No pubkey found!')
+    const encrypted = await jose.JWE.createEncrypt(this.pubkey!)
+      .update(toEncrypt)
+      .final()
+    return {
+      encrypted,
+    }
+  }

  // http

@@ -25,6 +37,8 @@ export abstract class ApiService {

  // auth

+  abstract getPubKey(): Promise<void>
+
  abstract login(params: RR.LoginReq): Promise<RR.loginRes>

  abstract logout(params: RR.LogoutReq): Promise<RR.LogoutRes>