mirror of https://github.com/xwiki-labs/cryptpad
ensure that the correct form of a signing key is used
This commit is contained in:
parent
183fae6948
commit
d05063a5a2
|
@ -381,20 +381,15 @@ var isValidKey = key => {
|
||||||
var getUserTotalSize = function (Env, Server, cb, data) {
|
var getUserTotalSize = function (Env, Server, cb, data) {
|
||||||
var signingKey = Array.isArray(data) && data[1];
|
var signingKey = Array.isArray(data) && data[1];
|
||||||
if (!isValidKey(signingKey)) { return void cb("EINVAL"); }
|
if (!isValidKey(signingKey)) { return void cb("EINVAL"); }
|
||||||
Pinning.getTotalSize(Env, signingKey, cb); // XXX frequently incorrect...
|
var safeKey = Util.escapeKeyCharacters(signingKey);
|
||||||
|
Pinning.getTotalSize(Env, safeKey, cb);
|
||||||
};
|
};
|
||||||
|
|
||||||
var getPinActivity = function (Env, Server, cb, data) {
|
var getPinActivity = function (Env, Server, cb, data) {
|
||||||
var signingKey = Array.isArray(data) && data[1];
|
var signingKey = Array.isArray(data) && data[1];
|
||||||
if (!isValidKey(signingKey)) { return void cb("EINVAL"); }
|
if (!isValidKey(signingKey)) { return void cb("EINVAL"); }
|
||||||
|
// the db-worker ensures the signing key is of the appropriate form
|
||||||
Env.getPinActivity(signingKey, function (err, response) {
|
Env.getPinActivity(signingKey, function (err, response) {
|
||||||
// XXX
|
|
||||||
/*
|
|
||||||
Env.Log.debug('GET_PIN_ACTIVITY', {
|
|
||||||
error: err,
|
|
||||||
response: response,
|
|
||||||
});
|
|
||||||
*/
|
|
||||||
if (err) { return void cb(err && err.code); }
|
if (err) { return void cb(err && err.code); }
|
||||||
cb(void 0, response);
|
cb(void 0, response);
|
||||||
});
|
});
|
||||||
|
|
|
@ -381,8 +381,8 @@ const getOlderHistory = function (data, cb) {
|
||||||
};
|
};
|
||||||
|
|
||||||
const getPinState = function (data, cb) {
|
const getPinState = function (data, cb) {
|
||||||
const safeKey = data.key;
|
if (typeof(data.key) !== 'string') { return void cb('INVALID_KEY'); }
|
||||||
|
const safeKey = Util.escapeKeyCharacters(data.key);
|
||||||
var ref = {};
|
var ref = {};
|
||||||
var lineHandler = Pins.createLineHandler(ref, Env.Log.error);
|
var lineHandler = Pins.createLineHandler(ref, Env.Log.error);
|
||||||
|
|
||||||
|
@ -504,8 +504,9 @@ const getHashOffset = function (data, cb) {
|
||||||
};
|
};
|
||||||
|
|
||||||
const removeOwnedBlob = function (data, cb) {
|
const removeOwnedBlob = function (data, cb) {
|
||||||
|
if (typeof(data.safeKey) !== 'string') { return void cb("INVALID_KEY"); }
|
||||||
const blobId = data.blobId;
|
const blobId = data.blobId;
|
||||||
const safeKey = data.safeKey;
|
const safeKey = Util.escapeKeyCharacters(data.safeKey);
|
||||||
|
|
||||||
nThen(function (w) {
|
nThen(function (w) {
|
||||||
// check if you have permissions
|
// check if you have permissions
|
||||||
|
@ -570,8 +571,9 @@ var reportStatus = function (Env, label, safeKey, err, id, size) {
|
||||||
|
|
||||||
const completeUpload = function (data, cb) {
|
const completeUpload = function (data, cb) {
|
||||||
if (!data) { return void cb('INVALID_ARGS'); }
|
if (!data) { return void cb('INVALID_ARGS'); }
|
||||||
|
if (typeof(data.key) !== 'string') { return void cb("INVALID_KEY"); }
|
||||||
var owned = data.owned;
|
var owned = data.owned;
|
||||||
var safeKey = data.safeKey;
|
var safeKey = Util.escapeKeyCharacters(data.safeKey);
|
||||||
var arg = data.arg;
|
var arg = data.arg;
|
||||||
var size = data.size;
|
var size = data.size;
|
||||||
|
|
||||||
|
@ -593,9 +595,11 @@ const completeUpload = function (data, cb) {
|
||||||
|
|
||||||
const getPinActivity = function (data, cb) {
|
const getPinActivity = function (data, cb) {
|
||||||
if (!data) { return void cb("INVALID_ARGS"); }
|
if (!data) { return void cb("INVALID_ARGS"); }
|
||||||
|
if (typeof(data.key) !== 'string') { return void cb("INVALID_KEY"); }
|
||||||
|
var safeKey = Util.escapeKeyCharacters(data.key);
|
||||||
var first;
|
var first;
|
||||||
var latest;
|
var latest;
|
||||||
pinStore.getMessages(data.key, line => {
|
pinStore.getMessages(safeKey, line => {
|
||||||
if (!line || !line.trim()) { return; }
|
if (!line || !line.trim()) { return; }
|
||||||
try {
|
try {
|
||||||
var parsed = JSON.parse(line);
|
var parsed = JSON.parse(line);
|
||||||
|
|
Loading…
Reference in New Issue