From 11740ec210fe52631623d17025ad2701897724e4 Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@hebeler.club>
Date: Sat, 11 Mar 2023 21:20:58 +0100
Subject: [PATCH] actually discharging key for signatures

---
 pass/routes/api.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pass/routes/api.js b/pass/routes/api.js
index 1d3d20f..96c781e 100644
--- a/pass/routes/api.js
+++ b/pass/routes/api.js
@@ -227,7 +227,7 @@ router.post(
       res.status(422).json(errors);
       return;
     }
-    let key = await Key.GET_KEY(req.body.key, false);
+
     let date = dayjs(
       req.body.date,
       config.get("crypto.private_key.date_format")
@@ -235,10 +235,14 @@ router.post(
     let blinded_tokens = req.body.blinded_tokens;
     let signed_tokens = {};
 
+    let key = await Key.GET_KEY(req.body.key, true);
     if (key.get_charge() < blinded_tokens.length) {
       res.status(422).json({
         message: "Invalid Key",
       });
+    } else {
+      key.discharge_key(blinded_tokens.length);
+      await key.save();
     }
 
     // Make signing requests always the same duration to prevent timing attacks on the private key
-- 
GitLab