mirror of https://github.com/xwiki-labs/cryptpad
Clean server code
This commit is contained in:
parent
8a3be878e8
commit
bde6bb0032
|
@ -208,25 +208,37 @@ Channel.trimHistory = function (Env, safeKey, data, cb) {
|
|||
});
|
||||
};
|
||||
|
||||
Channel.deleteLine = function (Env, safeKey, data, cb) {
|
||||
// Delete a signed mailbox message. This is used when users want
|
||||
// to delete their form reponses.
|
||||
Channel.deleteMailboxMessage = function (Env, safeKey, data, cb) {
|
||||
const channelId = data.channel;
|
||||
const hash = data.hash;
|
||||
const proof = data.proof;
|
||||
const nonce = Nacl.util.decodeBase64(proof.split('|')[0]);
|
||||
const proofBytes = Nacl.util.decodeBase64(proof.split('|')[1]);
|
||||
Env.msgStore.trimChannel(channelId, hash, function (err) {
|
||||
let nonce, proofBytes;
|
||||
try {
|
||||
nonce = Nacl.util.decodeBase64(proof.split('|')[0]);
|
||||
proofBytes = Nacl.util.decodeBase64(proof.split('|')[1]);
|
||||
} catch (e) {
|
||||
return void cb('EINVAL');
|
||||
}
|
||||
Env.msgStore.deleteChannelLine(channelId, hash, function (msg) {
|
||||
// Check if you're allowed to delete this hash
|
||||
try {
|
||||
const mySecret = new Uint8Array(32);
|
||||
const msgBytes = Nacl.util.decodeBase64(msg).subarray(64); // Remove signature
|
||||
const theirPublic = msgBytes.subarray(24,56); // 0-24 = nonce; 24-56=publickey (32 bytes)
|
||||
const hashBytes = Nacl.box.open(proofBytes, nonce, theirPublic, mySecret);
|
||||
return Nacl.util.encodeUTF8(hashBytes) === hash;
|
||||
} catch (e) {
|
||||
return false;
|
||||
}
|
||||
}, function (err) {
|
||||
if (err) { return void cb(err); }
|
||||
// clear historyKeeper's cache for this channel
|
||||
Env.historyKeeper.channelClose(channelId);
|
||||
cb();
|
||||
delete Env.channel_cache[channelId];
|
||||
delete Env.metadata_cache[channelId];
|
||||
}, function (msg) {
|
||||
const mySecret = new Uint8Array(32);
|
||||
const msgBytes = Nacl.util.decodeBase64(msg).subarray(64); // Remove signature
|
||||
const theirPublic = msgBytes.subarray(24,56); // 0-24 = nonce; 24-56=publickey (32 bytes)
|
||||
const hashBytes = Nacl.box.open(proofBytes, nonce, theirPublic, mySecret);
|
||||
return Nacl.util.encodeUTF8(hashBytes) === hash;
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ const AUTHENTICATED_USER_TARGETED = {
|
|||
CLEAR_OWNED_CHANNEL: Channel.clearOwnedChannel,
|
||||
REMOVE_OWNED_CHANNEL: Channel.removeOwnedChannel,
|
||||
TRIM_HISTORY: Channel.trimHistory,
|
||||
DELETE_LINE: Channel.deleteLine,
|
||||
DELETE_MAILBOX_MESSAGE: Channel.deleteMailboxMessage,
|
||||
UPLOAD_STATUS: Upload.status,
|
||||
UPLOAD: Upload.upload,
|
||||
UPLOAD_COMPLETE: Upload.complete,
|
||||
|
|
|
@ -928,7 +928,7 @@ var getMessages = function (env, chanName, handler, cb) {
|
|||
});
|
||||
};
|
||||
|
||||
var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
|
||||
var filterMessages = function (env, channelName, check, filterHandler, _cb) {
|
||||
var cb = Util.once(Util.mkAsync(_cb));
|
||||
// this function is queued as a blocking action for the relevant channel
|
||||
|
||||
|
@ -987,8 +987,8 @@ var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
|
|||
}));
|
||||
}).nThen(function (w) {
|
||||
// If we want to delete a signle line of the file, make sure this pad allows it
|
||||
if (!deleteOneLine) { return; }
|
||||
if (!metadataReference.meta || !metadataReference.meta.deleteLines) {
|
||||
if (typeof(check) !== "function") { return; }
|
||||
if (!metadataReference.meta || !check(metadataReference.meta)) {
|
||||
w.abort();
|
||||
return void cb("EFORBIDDEN");
|
||||
}
|
||||
|
@ -1030,28 +1030,15 @@ var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
|
|||
if (!msg) { return void readMore(); }
|
||||
var msgHash = Extras.getHash(msg[4]);
|
||||
|
||||
// If we only want to delete the selected hash...
|
||||
if (deleteOneLine) {
|
||||
if (msgHash === hash) {
|
||||
if (!deleteOneLine(msg[4])) {
|
||||
return void abort();
|
||||
}
|
||||
retain = true;
|
||||
return void readMore();
|
||||
}
|
||||
return void tempStream.write(s_msg + '\n', function () {
|
||||
var remove = function () { readMore(); };
|
||||
var preserve = function () {
|
||||
tempStream.write(s_msg + '\n', function () {
|
||||
readMore();
|
||||
});
|
||||
}
|
||||
};
|
||||
var preserveRemaining = function () { retain = true; };
|
||||
|
||||
if (msgHash === hash) {
|
||||
// everything from this point on should be retained
|
||||
retain = true;
|
||||
return void tempStream.write(s_msg + '\n', function () {
|
||||
readMore();
|
||||
});
|
||||
}
|
||||
readMore();
|
||||
filterHandler(msg, msgHash, abort, remove, preserve, preserveRemaining);
|
||||
};
|
||||
|
||||
readMessagesBin(env, channelName, 0, handler, w(function (err) {
|
||||
|
@ -1123,6 +1110,35 @@ var trimChannel = function (env, channelName, hash, _cb, deleteOneLine) {
|
|||
});
|
||||
});
|
||||
};
|
||||
var deleteChannelLine = function (env, channelName, hash, checkRights, _cb) {
|
||||
var check = function (meta) { return Boolean(meta.deleteLines); };
|
||||
var handler = function (msg, msgHash, abort, remove, preserve, preserveRemaining) {
|
||||
if (msgHash === hash) {
|
||||
if (typeof(checkRights) === "function" && !checkRights(msg[4])) {
|
||||
// Not allowed: abort
|
||||
return void abort();
|
||||
}
|
||||
// Line found: remove it and preserve all remaining lines
|
||||
preserveRemaining();
|
||||
return void remove();
|
||||
}
|
||||
// Continue until we find the correct hash
|
||||
preserve();
|
||||
};
|
||||
filterMessages(env, channelName, check, handler, _cb);
|
||||
};
|
||||
var trimChannel = function (env, channelName, hash, _cb) {
|
||||
var handler = function (msg, msgHash, abort, remove, preserve, preserveRemaining) {
|
||||
if (msgHash === hash) {
|
||||
// Everything from this point on should be retained
|
||||
preserveRemaining();
|
||||
return void preserve();
|
||||
}
|
||||
// Remove until we find our hash
|
||||
remove();
|
||||
};
|
||||
filterMessages(env, channelName, null, handler, _cb);
|
||||
};
|
||||
|
||||
module.exports.create = function (conf, _cb) {
|
||||
var cb = Util.once(Util.mkAsync(_cb));
|
||||
|
@ -1251,10 +1267,16 @@ module.exports.create = function (conf, _cb) {
|
|||
clearChannel(env, channelName, Util.both(cb, next));
|
||||
});
|
||||
},
|
||||
trimChannel: function (channelName, hash, cb, deleteOne) {
|
||||
trimChannel: function (channelName, hash, cb) {
|
||||
if (!isValidChannelId(channelName)) { return void cb(new Error('EINVAL')); }
|
||||
schedule.blocking(channelName, function (next) {
|
||||
trimChannel(env, channelName, hash, Util.both(cb, next), deleteOne);
|
||||
trimChannel(env, channelName, hash, Util.both(cb, next));
|
||||
});
|
||||
},
|
||||
deleteChannelLine: function (channelName, hash, checkRights, cb) {
|
||||
if (!isValidChannelId(channelName)) { return void cb(new Error('EINVAL')); }
|
||||
schedule.blocking(channelName, function (next) {
|
||||
deleteChannelLine(env, channelName, hash, checkRights, Util.both(cb, next));
|
||||
});
|
||||
},
|
||||
|
||||
|
|
|
@ -206,12 +206,11 @@ define([
|
|||
hash: hash,
|
||||
proof: proof
|
||||
};
|
||||
postMessage("DELETE_PAD_LINE", lineData, waitFor(function (obj) {
|
||||
if (obj && obj.error === 'EFORBIDDEN') {
|
||||
postMessage("DELETE_MAILBOX_MESSAGE", lineData, waitFor(function (obj) {
|
||||
if (obj && obj.error) {
|
||||
waitFor.abort();
|
||||
return void cb(obj);
|
||||
}
|
||||
if (obj || obj.error) { return; }
|
||||
toDelete.push(hash);
|
||||
}));
|
||||
}).nThen;
|
||||
|
|
|
@ -2179,9 +2179,9 @@ define([
|
|||
}
|
||||
};
|
||||
|
||||
Store.deletePadLine = function (clientId, data, cb) {
|
||||
Store.deleteMailboxMessage = function (clientId, data, cb) {
|
||||
if (!store.rpc) { return void cb({error: 'RPC_NOT_READY'}); }
|
||||
store.rpc.deleteLine(data, function (e) {
|
||||
store.rpc.deleteMailboxMessage(data, function (e) {
|
||||
cb({error:e});
|
||||
});
|
||||
};
|
||||
|
|
|
@ -88,7 +88,7 @@ define([
|
|||
GET_LAST_HASH: Store.getLastHash,
|
||||
GET_SNAPSHOT: Store.getSnapshot,
|
||||
CORRUPTED_CACHE: Store.corruptedCache,
|
||||
DELETE_PAD_LINE: Store.deletePadLine,
|
||||
DELETE_MAILBOX_MESSAGE: Store.deleteMailboxMessage,
|
||||
// Drive
|
||||
DRIVE_USEROBJECT: Store.userObjectCommand,
|
||||
// Settings,
|
||||
|
|
|
@ -249,8 +249,8 @@ var factory = function (Util, Rpc) {
|
|||
}, cb);
|
||||
};
|
||||
|
||||
exp.deleteLine = function (obj, cb) {
|
||||
rpc.send('DELETE_LINE', {
|
||||
exp.deleteMailboxMessage = function (obj, cb) {
|
||||
rpc.send('DELETE_MAILBOX_MESSAGE', {
|
||||
channel: obj.channel,
|
||||
hash: obj.hash,
|
||||
proof: obj.proof
|
||||
|
|
Loading…
Reference in New Issue