handle invalid input when adding peer better

This commit is contained in:
Kevin Froman 2020-10-15 22:02:51 +00:00
parent a9096dc048
commit cf669024bf
3 changed files with 45 additions and 25 deletions

View File

@ -1,9 +1,15 @@
'''
Onionr - Private P2P Communication
"""Onionr - Private P2P Communication.
add user keys or transport addresses
'''
'''
"""
import sqlite3
from onionrutils import stringvalidators
from . import listkeys
from utils import gettransports
from .. import dbfiles
import onionrcrypto
from etc import onionrvalues
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
@ -16,20 +22,11 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
import sqlite3
from onionrplugins import onionrevents as events
from onionrutils import stringvalidators
from . import listkeys
from utils import gettransports
from .. import dbfiles
import onionrcrypto
from etc import onionrvalues
"""
def add_peer(peerID, name=''):
'''
Adds a public key to the key database (misleading function name)
'''
"""Add a public key to the key database (misleading function name)."""
if peerID in listkeys.list_peers() or peerID == onionrcrypto.pub_key:
raise ValueError("specified id is already known")
@ -37,8 +34,6 @@ def add_peer(peerID, name=''):
if not stringvalidators.validate_pub_key(peerID):
return False
#events.event('pubkey_add', data = {'key': peerID}, onionr = core_inst.onionrInst)
conn = sqlite3.connect(dbfiles.user_id_info_db, timeout=onionrvalues.DATABASE_LOCK_TIMEOUT)
hashID = ""
c = conn.cursor()
@ -60,9 +55,9 @@ def add_peer(peerID, name=''):
return True
def add_address(address):
'''
"""
Add an address to the address database (only tor currently)
'''
"""
if type(address) is None or len(address) == 0:
return False
@ -89,8 +84,6 @@ def add_address(address):
conn.commit()
conn.close()
#events.event('address_add', data = {'address': address}, onionr = core_inst.onionrInst)
return True
else:
return False

View File

@ -1,11 +1,27 @@
"""Onionr - Private P2P Communication.
add a transport address to the db
"""
from onionrutils.stringvalidators import validate_transport
from coredb.keydb.addkeys import add_address
from coredb.keydb.listkeys import list_adders
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def add_peer(peer):
# this is ok for security since add_address does this manually
assert validate_transport(peer)
if peer in list_adders():
return "already added"
if add_address(peer):

View File

@ -13,11 +13,22 @@ fetch('/shared/sidebar/sidebar.html', {
function sidebarAddPeerRegister(){
document.getElementById('addPeerBtn').onclick = function(){
let newPeer = document.getElementById('addPeerInput').value
if (! newPeer.includes(".")){
PNotify.error({text: "Invalid peer address"})
return
}
fetch('/addpeer/' + newPeer, {
method: 'POST',
headers: {
"token": webpass
}})
.then(function(resp){
if (! resp.ok){
PNotify.error({text: "Could not add peer. Is your input valid?"})
throw new Error("Could not add peer " + newPeer)
}
})
.then((resp) => resp.text())
.then(function(data) {
if (data == "success"){