kev/Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

set idstrings async, validate sig on plaintext blocks before save, and change to returning unpadded key from API

Browse Source
This commit is contained in:
Kevin Froman 2019-09-06 17:22:33 -05:00
parent ddcb1e39e3
commit 50e2efee32
3 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
onionr/httpapi/miscclientapi/endpoints.py
View File

@ -18,6 +18,7 @@
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
''' '''
from flask import Response, Blueprint, request, send_from_directory, abort from flask import Response, Blueprint, request, send_from_directory, abort
from httpapi import apiutils from httpapi import apiutils
import onionrcrypto, config import onionrcrypto, config
from netcontroller import NetController from netcontroller import NetController
@ -25,7 +26,8 @@ from serializeddata import SerializedData
from onionrutils import mnemonickeys from onionrutils import mnemonickeys
from onionrutils import bytesconverter from onionrutils import bytesconverter
pub_key = onionrcrypto.pub_key pub_key = onionrcrypto.pub_key.replace('=', '')
class PrivateEndpoints: class PrivateEndpoints:
def __init__(self, client_api): def __init__(self, client_api):
private_endpoints_bp = Blueprint('privateendpoints', __name__) private_endpoints_bp = Blueprint('privateendpoints', __name__)

10
onionr/onionrutils/validatemetadata.py
View File

@ -76,6 +76,16 @@ def validate_metadata(metadata, block_data) -> bool:
except AssertionError: except AssertionError:
logger.warn('Invalid encryption mode') logger.warn('Invalid encryption mode')
break break
elif i == 'sig':
try:
metadata['encryptType']
except KeyError:
signer = metadata['signer']
sig = metadata['sig']
encodedMeta = bytesconverter.str_to_bytes(metadata['meta'])
encodedBlock = bytesconverter.str_to_bytes(block_data)
if not onionrcrypto.signing.ed_verify(encodedMeta + encodedBlock[1:], signer, sig):
break
else: else:
# if metadata loop gets no errors, it does not break, therefore metadata is valid # if metadata loop gets no errors, it does not break, therefore metadata is valid
# make sure we do not have another block with the same data content (prevent data duplication and replay attacks) # make sure we do not have another block with the same data content (prevent data duplication and replay attacks)

17
onionr/static-data/www/shared/misc.js
View File

@ -19,8 +19,16 @@
webpass = document.location.hash.replace('#', '') webpass = document.location.hash.replace('#', '')
nowebpass = false nowebpass = false
myPub = ""
myPub = httpGet('/getHumanReadable') fetch('/getActivePubkey', {
headers: {
"token": webpass
}})
.then((resp) => resp.text())
.then(function(resp) {
myPub = resp
})
function post_to_url(path, params) { function post_to_url(path, params) {
@ -95,6 +103,11 @@ for (var i = 0; i < document.getElementsByClassName('closeOverlay').length; i++)
} }
} }
function setIdStrings(){
if (myPub === ""){
setTimeout(function(){setIdStrings()}, 700)
return
}
var idStrings = document.getElementsByClassName('myPub') var idStrings = document.getElementsByClassName('myPub')
for (var i = 0; i < idStrings.length; i++){ for (var i = 0; i < idStrings.length; i++){
if (idStrings[i].tagName.toLowerCase() == 'input'){ if (idStrings[i].tagName.toLowerCase() == 'input'){
@ -104,6 +117,8 @@ for (var i = 0; i < idStrings.length; i++){
idStrings[i].innerText = myPub idStrings[i].innerText = myPub
} }
} }
}
setIdStrings()
/* Copy public ID on homepage */ /* Copy public ID on homepage */
if (typeof myPubCopy != "undefined"){ if (typeof myPubCopy != "undefined"){