fix: apply production hot-patches

Co-authored-by: Jonathan Barrow <jonbarrow1998@gmail.com>
2025-04-02 11:02:15 -04:00 · 2025-03-22 21:36:04 +00:00 · 2025-03-22 21:36:04 +00:00 · 99aec607fa
commit 99aec607fa
parent bc406ec1b5
7 changed files with 36 additions and 8 deletions
--- a/src/database.ts
+++ b/src/database.ts
@ -104,12 +104,17 @@ export async function getPNIDByBasicAuth(token: string): Promise<HydratedPNIDDoc
 	return pnid;
 }

-export async function getPNIDByTokenAuth(token: string): Promise<HydratedPNIDDocument | null> {
+export async function getPNIDByTokenAuth(token: string, allowedTypes?: number[]): Promise<HydratedPNIDDocument | null> {
 	verifyConnected();

 	try {
 		const decryptedToken = decryptToken(Buffer.from(token, 'hex'));
 		const unpackedToken = unpackToken(decryptedToken);
+
+		if (allowedTypes && !allowedTypes.includes(unpackedToken.system_type)) {
+			return null;
+		}
+
 		const pnid = await getPNIDByPID(unpackedToken.pid);

 		if (pnid) {
--- a/src/middleware/pnid.ts
+++ b/src/middleware/pnid.ts
@ -21,9 +21,20 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon
 	}

 	if (type === 'Basic') {
+		if (!request.path.includes('v1/api/people/@me/devices')) {
+			response.status(401).send(xmlbuilder.create({
+				errors: {
+					error: {
+						code: '1105',
+						message: 'Email address, username, or password, is not valid'
+					}
+				}
+			}).end());
+		}
+
 		pnid = await getPNIDByBasicAuth(token);
 	} else {
-		pnid = await getPNIDByTokenAuth(token);
+		pnid = await getPNIDByTokenAuth(token, [1, 2]);
 	}

 	if (!pnid) {
--- a/src/nintendo-certificate.ts
+++ b/src/nintendo-certificate.ts
@ -125,6 +125,11 @@ class NintendoCertificate {
 			this._certificateBody = this._certificate.subarray(0x4 + signatureTypeSizes.SIZE + signatureTypeSizes.PADDING_SIZE);

 			this.signature = this._certificate.subarray(0x4, 0x4 + signatureTypeSizes.SIZE);
+
+			const padding = this._certificate.subarray(0x4 + signatureTypeSizes.SIZE, 0x4 + signatureTypeSizes.SIZE + signatureTypeSizes.PADDING_SIZE);
+
+			this.valid = padding.every(byte => byte === 0);
+
 			this.issuer = this._certificate.subarray(0x80, 0xC0).toString().split('\0')[0];
 			this.keyType = this._certificate.readUInt32BE(0xC0);
 			this.certificateName = this._certificate.subarray(0xC4, 0x104).toString().split('\0')[0];
@ -137,7 +142,11 @@ class NintendoCertificate {
 				this.consoleType = '3ds';
 			}

-			this._verifySignature();
+			if (!this.valid) {
+				return;
+			}
+
+			this._verifySignatureECDSA();
 		}
 	}

--- a/src/services/api/routes/v1/forgotPassword.ts
+++ b/src/services/api/routes/v1/forgotPassword.ts
@ -58,6 +58,7 @@ router.post('/', async (request: express.Request, response: express.Response): P
 	}

 	if (pnid) {
+		console.log('API forgot password for', pnid);
 		await sendForgotPasswordEmail(pnid);
 	}

--- a/src/services/grpc/api/forgot-password.ts
+++ b/src/services/grpc/api/forgot-password.ts
@ -21,6 +21,8 @@ export async function forgotPassword(request: ForgotPasswordRequest): Promise<Em
 		pnid = await getPNIDByUsername(input);
 	}

+	console.log('gRPC forgot password for', pnid);
+
 	if (pnid) {
 		await sendForgotPasswordEmail(pnid);
 	}
--- a/src/services/nasc/routes/ac.ts
+++ b/src/services/nasc/routes/ac.ts
@ -39,8 +39,8 @@ router.post('/', async (request: express.Request, response: express.Response): P
 	}

 	if (server.maintenance_mode) {
-		// TODO - FIND THE REAL UNDER MAINTENANCE ERROR CODE. 110 IS NOT IT
-		response.status(200).send(nascError('110').toString());
+		// TODO - FIND THE REAL UNDER MAINTENANCE ERROR CODE
+		response.status(503).send(nascError('101').toString());
 		return;
 	}

--- a/src/services/nnas/routes/support.ts
+++ b/src/services/nnas/routes/support.ts
@ -3,7 +3,7 @@ import express from 'express';
 import xmlbuilder from 'xmlbuilder';
 import moment from 'moment';
 import { getPNIDByEmailAddress, getPNIDByPID } from '@/database';
-import { sendEmailConfirmedEmail, sendConfirmationEmail, sendForgotPasswordEmail, sendEmailConfirmedParentalControlsEmail } from '@/util';
+import { sendEmailConfirmedEmail/*, sendConfirmationEmail, sendForgotPasswordEmail*/, sendEmailConfirmedParentalControlsEmail } from '@/util';

 const router = express.Router();

@ -120,7 +120,7 @@ router.get('/resend_confirmation', async (request: express.Request, response: ex
 		return;
 	}

-	await sendConfirmationEmail(pnid);
+	//await sendConfirmationEmail(pnid);

 	response.status(200).send('');
 });
@ -180,7 +180,7 @@ router.get('/forgotten_password/:pid', async (request: express.Request, response
 		return;
 	}

-	await sendForgotPasswordEmail(pnid);
+	//await sendForgotPasswordEmail(pnid);

 	response.status(200).send('');
 });