dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean server code

This commit is contained in:
yflory 2022-10-14 16:53:38 +02:00
parent 8a3be878e8
commit bde6bb0032
7 changed files with 76 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/commands/channel.js
View File

@ -208,25 +208,37 @@ Channel.trimHistory = function (Env, safeKey, data, cb) {
});
};
Channel.deleteLine = function (Env, safeKey, data, cb) {
// Delete a signed mailbox message. This is used when users want
// to delete their form reponses.
Channel.deleteMailboxMessage = function (Env, safeKey, data, cb) {
const channelId = data.channel;
const hash = data.hash;
const proof = data.proof;
const nonce = Nacl.util.decodeBase64(proof.split('|')[0]);
const proofBytes = Nacl.util.decodeBase64(proof.split('|')[1]);
Env.msgStore.trimChannel(channelId, hash, function (err) {
let nonce, proofBytes;
try {
nonce = Nacl.util.decodeBase64(proof.split('|')[0]);
proofBytes = Nacl.util.decodeBase64(proof.split('|')[1]);
} catch (e) {
return void cb('EINVAL');
}
Env.msgStore.deleteChannelLine(channelId, hash, function (msg) {
// Check if you're allowed to delete this hash
try {
const mySecret = new Uint8Array(32);
const msgBytes = Nacl.util.decodeBase64(msg).subarray(64); // Remove signature
const theirPublic = msgBytes.subarray(24,56); // 0-24 = nonce; 24-56=publickey (32 bytes)
const hashBytes = Nacl.box.open(proofBytes, nonce, theirPublic, mySecret);
return Nacl.util.encodeUTF8(hashBytes) === hash;
} catch (e) {
return false;
}
}, function (err) {
if (err) { return void cb(err); }
// clear historyKeeper's cache for this channel
Env.historyKeeper.channelClose(channelId);
cb();
delete Env.channel_cache[channelId];
delete Env.metadata_cache[channelId];
}, function (msg) {
const mySecret = new Uint8Array(32);
const msgBytes = Nacl.util.decodeBase64(msg).subarray(64); // Remove signature
const theirPublic = msgBytes.subarray(24,56); // 0-24 = nonce; 24-56=publickey (32 bytes)
const hashBytes = Nacl.box.open(proofBytes, nonce, theirPublic, mySecret);
return Nacl.util.encodeUTF8(hashBytes) === hash;
});
};

2
lib/rpc.js
View File

@ -47,7 +47,7 @@ const AUTHENTICATED_USER_TARGETED = {
CLEAR_OWNED_CHANNEL: Channel.clearOwnedChannel,
REMOVE_OWNED_CHANNEL: Channel.removeOwnedChannel,
TRIM_HISTORY: Channel.trimHistory,
DELETE_LINE: Channel.deleteLine,
DELETE_MAILBOX_MESSAGE: Channel.deleteMailboxMessage,
UPLOAD_STATUS: Upload.status,
UPLOAD: Upload.upload,
UPLOAD_COMPLETE: Upload.complete,

70
lib/storage/file.js
View File

@ -928,7 +928,7 @@ var getMessages = function (env, chanName, handler, cb) {
});
};
var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
var filterMessages = function (env, channelName, check, filterHandler, _cb) {
var cb = Util.once(Util.mkAsync(_cb));
// this function is queued as a blocking action for the relevant channel
@ -987,8 +987,8 @@ var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
}));
}).nThen(function (w) {
// If we want to delete a signle line of the file, make sure this pad allows it
if (!deleteOneLine) { return; }
if (!metadataReference.meta || !metadataReference.meta.deleteLines) {
if (typeof(check) !== "function") { return; }
if (!metadataReference.meta || !check(metadataReference.meta)) {
w.abort();
return void cb("EFORBIDDEN");
}
@ -1030,28 +1030,15 @@ var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
if (!msg) { return void readMore(); }
var msgHash = Extras.getHash(msg[4]);
// If we only want to delete the selected hash...
if (deleteOneLine) {
if (msgHash === hash) {
if (!deleteOneLine(msg[4])) {
return void abort();
}
retain = true;
return void readMore();
}
return void tempStream.write(s_msg + '\n', function () {
var remove = function () { readMore(); };
var preserve = function () {
tempStream.write(s_msg + '\n', function () {
readMore();
});
}
};
var preserveRemaining = function () { retain = true; };
if (msgHash === hash) {
// everything from this point on should be retained
retain = true;
return void tempStream.write(s_msg + '\n', function () {
readMore();
});
}
readMore();
filterHandler(msg, msgHash, abort, remove, preserve, preserveRemaining);
};
readMessagesBin(env, channelName, 0, handler, w(function (err) {
@ -1123,6 +1110,35 @@ var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
});
});
};
var deleteChannelLine = function (env, channelName, hash, checkRights, _cb) {
var check = function (meta) { return Boolean(meta.deleteLines); };
var handler = function (msg, msgHash, abort, remove, preserve, preserveRemaining) {
if (msgHash === hash) {
if (typeof(checkRights) === "function" && !checkRights(msg[4])) {
// Not allowed: abort
return void abort();
}
// Line found: remove it and preserve all remaining lines
preserveRemaining();
return void remove();
}
// Continue until we find the correct hash
preserve();
};
filterMessages(env, channelName, check, handler, _cb);
};
var trimChannel = function (env, channelName, hash, _cb) {
var handler = function (msg, msgHash, abort, remove, preserve, preserveRemaining) {
if (msgHash === hash) {
// Everything from this point on should be retained
preserveRemaining();
return void preserve();
}
// Remove until we find our hash
remove();
};
filterMessages(env, channelName, null, handler, _cb);
};
module.exports.create = function (conf, _cb) {
var cb = Util.once(Util.mkAsync(_cb));
@ -1251,10 +1267,16 @@ module.exports.create = function (conf, _cb) {
clearChannel(env, channelName, Util.both(cb, next));
});
},
trimChannel: function (channelName, hash, cb, deleteOne) {
trimChannel: function (channelName, hash, cb) {
if (!isValidChannelId(channelName)) { return void cb(new Error('EINVAL')); }
schedule.blocking(channelName, function (next) {
trimChannel(env, channelName, hash, Util.both(cb, next), deleteOne);
trimChannel(env, channelName, hash, Util.both(cb, next));
});
},
deleteChannelLine: function (channelName, hash, checkRights, cb) {
if (!isValidChannelId(channelName)) { return void cb(new Error('EINVAL')); }
schedule.blocking(channelName, function (next) {
deleteChannelLine(env, channelName, hash, checkRights, Util.both(cb, next));
});
},

5
www/common/cryptpad-common.js
View File

@ -206,12 +206,11 @@ define([
hash: hash,
proof: proof
};
postMessage("DELETE_PAD_LINE", lineData, waitFor(function (obj) {
if (obj && obj.error === 'EFORBIDDEN') {
postMessage("DELETE_MAILBOX_MESSAGE", lineData, waitFor(function (obj) {
if (obj && obj.error) {
waitFor.abort();
return void cb(obj);
}
if (obj || obj.error) { return; }
toDelete.push(hash);
}));
}).nThen;

4
www/common/outer/async-store.js
View File

@ -2179,9 +2179,9 @@ define([
}
};
Store.deletePadLine = function (clientId, data, cb) {
Store.deleteMailboxMessage = function (clientId, data, cb) {
if (!store.rpc) { return void cb({error: 'RPC_NOT_READY'}); }
store.rpc.deleteLine(data, function (e) {
store.rpc.deleteMailboxMessage(data, function (e) {
cb({error:e});
});
};

2
www/common/outer/store-rpc.js
View File

@ -88,7 +88,7 @@ define([
GET_LAST_HASH: Store.getLastHash,
GET_SNAPSHOT: Store.getSnapshot,
CORRUPTED_CACHE: Store.corruptedCache,
DELETE_PAD_LINE: Store.deletePadLine,
DELETE_MAILBOX_MESSAGE: Store.deleteMailboxMessage,
// Drive
DRIVE_USEROBJECT: Store.userObjectCommand,
// Settings,

4
www/common/pinpad.js
View File

@ -249,8 +249,8 @@ var factory = function (Util, Rpc) {
}, cb);
};
exp.deleteLine = function (obj, cb) {
rpc.send('DELETE_LINE', {
exp.deleteMailboxMessage = function (obj, cb) {
rpc.send('DELETE_MAILBOX_MESSAGE', {
channel: obj.channel,
hash: obj.hash,
proof: obj.proof