Validate messages not coming from history-keeper

www/common/outer/async-store.js

@@ -918,8 +918,12 @@ define([
                 channel.data = padData || {};
                 postMessage("PAD_READY");
             }, // post EV_PAD_READY
-            onMessage: function (m) {
-                postMessage("PAD_MESSAGE", m);
+            onMessage: function (user, m, validateKey) {
+                postMessage("PAD_MESSAGE", {
+                    user: user,
+                    msg: m,
+                    validateKey: validateKey
+                });
             }, // post EV_PAD_MESSAGE
             onJoin: function (m) {
                 postMessage("PAD_JOIN", m);

www/common/outer/chainpad-netflux-worker.js

@@ -130,7 +130,7 @@ define([], function () {
             message = unBencode(message);//.slice(message.indexOf(':[') + 1);
 
             // pass the message into Chainpad
-            onMessage(message);
+            onMessage(peer, message, validateKey);
             //sframeChan.query('Q_RT_MESSAGE', message, function () { });
         };
 

www/common/sframe-chainpad-netflux-outer.js

@@ -39,9 +39,11 @@ define([], function () {
         });
 
         // shim between chainpad and netflux
-        var msgIn = function (msg) {
+        var msgIn = function (peer, msg) {
             try {
-                var decryptedMsg = Crypto.decrypt(msg, isNewHash);
+                var isHk = peer.length !== 32;
+                var key = isNewHash ? validateKey : false;
+                var decryptedMsg = Crypto.decrypt(msg, key, isHk);
                 return decryptedMsg;
             } catch (err) {
                 console.error(err);
@@ -67,8 +69,11 @@ define([], function () {
             padRpc.sendPadMsg(msg, cb);
         });
 
-        var onMessage = function(msg) {
-            var message = msgIn(msg);
+        var onMessage = function(msgObj) {
+            if (msgObj.validateKey && !validateKey) {
+                validateKey = msgObj.validateKey;
+            }
+            var message = msgIn(msgObj.user, msgObj.msg);
 
             verbose(message);
 

www/common/sframe-common-outer.js

@@ -325,7 +325,9 @@ define([
                     validateKey: secret.keys.validateKey
                 }, function (encryptedMsgs) {
                     cb(encryptedMsgs.map(function (msg) {
-                        return crypto.decrypt(msg, true);
+                        // The 3rd parameter "true" means we're going to skip signature validation.
+                        // We don't need it since the message is already validated serverside by hk
+                        return crypto.decrypt(msg, true, true);
                     }));
                 });
             });