set idstrings async, validate sig on plaintext blocks before save, and change to returning unpadded key from API

This commit is contained in:
Kevin Froman 2019-09-06 17:22:33 -05:00
parent ddcb1e39e3
commit 50e2efee32
3 changed files with 35 additions and 8 deletions

View File

@ -18,6 +18,7 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
from flask import Response, Blueprint, request, send_from_directory, abort
from httpapi import apiutils
import onionrcrypto, config
from netcontroller import NetController
@ -25,7 +26,8 @@ from serializeddata import SerializedData
from onionrutils import mnemonickeys
from onionrutils import bytesconverter
pub_key = onionrcrypto.pub_key
pub_key = onionrcrypto.pub_key.replace('=', '')
class PrivateEndpoints:
def __init__(self, client_api):
private_endpoints_bp = Blueprint('privateendpoints', __name__)

View File

@ -76,6 +76,16 @@ def validate_metadata(metadata, block_data) -> bool:
except AssertionError:
logger.warn('Invalid encryption mode')
break
elif i == 'sig':
try:
metadata['encryptType']
except KeyError:
signer = metadata['signer']
sig = metadata['sig']
encodedMeta = bytesconverter.str_to_bytes(metadata['meta'])
encodedBlock = bytesconverter.str_to_bytes(block_data)
if not onionrcrypto.signing.ed_verify(encodedMeta + encodedBlock[1:], signer, sig):
break
else:
# if metadata loop gets no errors, it does not break, therefore metadata is valid
# make sure we do not have another block with the same data content (prevent data duplication and replay attacks)

View File

@ -19,8 +19,16 @@
webpass = document.location.hash.replace('#', '')
nowebpass = false
myPub = ""
myPub = httpGet('/getHumanReadable')
fetch('/getActivePubkey', {
headers: {
"token": webpass
}})
.then((resp) => resp.text())
.then(function(resp) {
myPub = resp
})
function post_to_url(path, params) {
@ -95,15 +103,22 @@ for (var i = 0; i < document.getElementsByClassName('closeOverlay').length; i++)
}
}
var idStrings = document.getElementsByClassName('myPub')
for (var i = 0; i < idStrings.length; i++){
function setIdStrings(){
if (myPub === ""){
setTimeout(function(){setIdStrings()}, 700)
return
}
var idStrings = document.getElementsByClassName('myPub')
for (var i = 0; i < idStrings.length; i++){
if (idStrings[i].tagName.toLowerCase() == 'input'){
idStrings[i].value = myPub
}
else{
idStrings[i].innerText = myPub
}
}
}
setIdStrings()
/* Copy public ID on homepage */
if (typeof myPubCopy != "undefined"){