From 50e2efee32b4b8d532fb9fdf4b38beef732f8654 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Fri, 6 Sep 2019 17:22:33 -0500 Subject: [PATCH] set idstrings async, validate sig on plaintext blocks before save, and change to returning unpadded key from API --- onionr/httpapi/miscclientapi/endpoints.py | 4 +++- onionr/onionrutils/validatemetadata.py | 10 ++++++++ onionr/static-data/www/shared/misc.js | 29 +++++++++++++++++------ 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/onionr/httpapi/miscclientapi/endpoints.py b/onionr/httpapi/miscclientapi/endpoints.py index c843b309..553123dc 100644 --- a/onionr/httpapi/miscclientapi/endpoints.py +++ b/onionr/httpapi/miscclientapi/endpoints.py @@ -18,6 +18,7 @@ along with this program. If not, see . ''' from flask import Response, Blueprint, request, send_from_directory, abort + from httpapi import apiutils import onionrcrypto, config from netcontroller import NetController @@ -25,7 +26,8 @@ from serializeddata import SerializedData from onionrutils import mnemonickeys from onionrutils import bytesconverter -pub_key = onionrcrypto.pub_key +pub_key = onionrcrypto.pub_key.replace('=', '') + class PrivateEndpoints: def __init__(self, client_api): private_endpoints_bp = Blueprint('privateendpoints', __name__) diff --git a/onionr/onionrutils/validatemetadata.py b/onionr/onionrutils/validatemetadata.py index 23d0a2f6..da45e716 100644 --- a/onionr/onionrutils/validatemetadata.py +++ b/onionr/onionrutils/validatemetadata.py @@ -76,6 +76,16 @@ def validate_metadata(metadata, block_data) -> bool: except AssertionError: logger.warn('Invalid encryption mode') break + elif i == 'sig': + try: + metadata['encryptType'] + except KeyError: + signer = metadata['signer'] + sig = metadata['sig'] + encodedMeta = bytesconverter.str_to_bytes(metadata['meta']) + encodedBlock = bytesconverter.str_to_bytes(block_data) + if not onionrcrypto.signing.ed_verify(encodedMeta + encodedBlock[1:], signer, sig): + break else: # if metadata loop gets no errors, it does not break, therefore metadata is valid # make sure we do not have another block with the same data content (prevent data duplication and replay attacks) diff --git a/onionr/static-data/www/shared/misc.js b/onionr/static-data/www/shared/misc.js index b08c29a8..a123fd70 100755 --- a/onionr/static-data/www/shared/misc.js +++ b/onionr/static-data/www/shared/misc.js @@ -19,8 +19,16 @@ webpass = document.location.hash.replace('#', '') nowebpass = false +myPub = "" -myPub = httpGet('/getHumanReadable') +fetch('/getActivePubkey', { + headers: { + "token": webpass + }}) +.then((resp) => resp.text()) +.then(function(resp) { + myPub = resp +}) function post_to_url(path, params) { @@ -95,15 +103,22 @@ for (var i = 0; i < document.getElementsByClassName('closeOverlay').length; i++) } } -var idStrings = document.getElementsByClassName('myPub') -for (var i = 0; i < idStrings.length; i++){ - if (idStrings[i].tagName.toLowerCase() == 'input'){ - idStrings[i].value = myPub +function setIdStrings(){ + if (myPub === ""){ + setTimeout(function(){setIdStrings()}, 700) + return } - else{ - idStrings[i].innerText = myPub + var idStrings = document.getElementsByClassName('myPub') + for (var i = 0; i < idStrings.length; i++){ + if (idStrings[i].tagName.toLowerCase() == 'input'){ + idStrings[i].value = myPub + } + else{ + idStrings[i].innerText = myPub + } } } +setIdStrings() /* Copy public ID on homepage */ if (typeof myPubCopy != "undefined"){