actually discharging key for signatures

11740ec2 · Dominik Hebeler · c3bf3be7 · 11740ec2
Commit 11740ec2 authored 2 years ago by Dominik Hebeler
--- a/pass/routes/api.js
+++ b/pass/routes/api.js
@@ -227,7 +227,7 @@ router.post(
      res.status(422).json(errors);
      return;
    }
-    let key = await Key.GET_KEY(req.body.key, false);
+
    let date = dayjs(
      req.body.date,
      config.get("crypto.private_key.date_format")
@@ -235,10 +235,14 @@ router.post(
    let blinded_tokens = req.body.blinded_tokens;
    let signed_tokens = {};

+    let key = await Key.GET_KEY(req.body.key, true);
    if (key.get_charge() < blinded_tokens.length) {
      res.status(422).json({
        message: "Invalid Key",
      });
+    } else {
+      key.discharge_key(blinded_tokens.length);
+      await key.save();
    }

    // Make signing requests always the same duration to prevent timing attacks on the private key