Handle errors in challenge assertion

2025-09-13 13:03:26 +00:00 · 2023-11-04 09:43:00 +00:00
parent 9c19cf509b
commit 5d32933ba0
1 changed files with 22 additions and 14 deletions
--- a/src/services/challenge.ts
+++ b/src/services/challenge.ts
@@ -1,4 +1,8 @@
-import { ChallengeCode } from '@/db/models/ChallengeCode';
+import {
+  ChallengeCode,
+  ChallengeFlow,
+  ChallengeType,
+} from '@/db/models/ChallengeCode';
 import { StatusError } from '@/services/error';
 import { EntityManager } from '@mikro-orm/core';
 import forge from 'node-forge';
@@ -28,6 +32,7 @@ export async function assertChallengeCode(
  if (challenge.expiresAt.getTime() <= now)
    throw new StatusError('Challenge Code Expired', 401);

+  try {
    const verifiedChallenge = forge.pki.ed25519.verify({
      publicKey: new forge.util.ByteStringBuffer(
        Buffer.from(publicKey, 'base64url'),
@@ -43,4 +48,7 @@ export async function assertChallengeCode(
      throw new StatusError('Challenge Code Signature Invalid', 401);

    em.remove(challenge);
+  } catch (e) {
+    throw new StatusError('Challenge Code Signature Invalid', 401);
+  }
 }