kev/Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

handle invalid input when adding peer better

Browse Source
This commit is contained in:
Kevin Froman 2020-10-15 22:02:51 +00:00
parent a9096dc048
commit cf669024bf
3 changed files with 45 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/coredb/keydb/addkeys.py
View File

@ -1,9 +1,15 @@
''' """Onionr - Private P2P Communication.
Onionr - Private P2P Communication
add user keys or transport addresses add user keys or transport addresses
''' """
''' import sqlite3
from onionrutils import stringvalidators
from . import listkeys
from utils import gettransports
from .. import dbfiles
import onionrcrypto
from etc import onionrvalues
"""
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
@ -16,20 +22,11 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
''' """
import sqlite3
from onionrplugins import onionrevents as events
from onionrutils import stringvalidators
from . import listkeys
from utils import gettransports
from .. import dbfiles
import onionrcrypto
from etc import onionrvalues
def add_peer(peerID, name=''): def add_peer(peerID, name=''):
''' """Add a public key to the key database (misleading function name)."""
Adds a public key to the key database (misleading function name)
'''
if peerID in listkeys.list_peers() or peerID == onionrcrypto.pub_key: if peerID in listkeys.list_peers() or peerID == onionrcrypto.pub_key:
raise ValueError("specified id is already known") raise ValueError("specified id is already known")
@ -37,8 +34,6 @@ def add_peer(peerID, name=''):
if not stringvalidators.validate_pub_key(peerID): if not stringvalidators.validate_pub_key(peerID):
return False return False
#events.event('pubkey_add', data = {'key': peerID}, onionr = core_inst.onionrInst)
conn = sqlite3.connect(dbfiles.user_id_info_db, timeout=onionrvalues.DATABASE_LOCK_TIMEOUT) conn = sqlite3.connect(dbfiles.user_id_info_db, timeout=onionrvalues.DATABASE_LOCK_TIMEOUT)
hashID = "" hashID = ""
c = conn.cursor() c = conn.cursor()
@ -60,9 +55,9 @@ def add_peer(peerID, name=''):
return True return True
def add_address(address): def add_address(address):
''' """
Add an address to the address database (only tor currently) Add an address to the address database (only tor currently)
''' """
if type(address) is None or len(address) == 0: if type(address) is None or len(address) == 0:
return False return False
@ -89,8 +84,6 @@ def add_address(address):
conn.commit() conn.commit()
conn.close() conn.close()
#events.event('address_add', data = {'address': address}, onionr = core_inst.onionrInst)
return True return True
else: else:
return False return False

20
src/httpapi/miscclientapi/addpeer.py
View File

@ -1,11 +1,27 @@
"""Onionr - Private P2P Communication.
add a transport address to the db
"""
from onionrutils.stringvalidators import validate_transport from onionrutils.stringvalidators import validate_transport
from coredb.keydb.addkeys import add_address from coredb.keydb.addkeys import add_address
from coredb.keydb.listkeys import list_adders from coredb.keydb.listkeys import list_adders
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def add_peer(peer): def add_peer(peer):
# this is ok for security since add_address does this manually
assert validate_transport(peer)
if peer in list_adders(): if peer in list_adders():
return "already added" return "already added"
if add_address(peer): if add_address(peer):

11
static-data/www/shared/sidebar/sidebar.js
View File

@ -13,11 +13,22 @@ fetch('/shared/sidebar/sidebar.html', {
function sidebarAddPeerRegister(){ function sidebarAddPeerRegister(){
document.getElementById('addPeerBtn').onclick = function(){ document.getElementById('addPeerBtn').onclick = function(){
let newPeer = document.getElementById('addPeerInput').value let newPeer = document.getElementById('addPeerInput').value
if (! newPeer.includes(".")){
PNotify.error({text: "Invalid peer address"})
return
}
fetch('/addpeer/' + newPeer, { fetch('/addpeer/' + newPeer, {
method: 'POST', method: 'POST',
headers: { headers: {
"token": webpass "token": webpass
}}) }})
.then(function(resp){
if (! resp.ok){
PNotify.error({text: "Could not add peer. Is your input valid?"})
throw new Error("Could not add peer " + newPeer)
}
})
.then((resp) => resp.text()) .then((resp) => resp.text())
.then(function(data) { .then(function(data) {
if (data == "success"){ if (data == "success"){