Buffer module replace by safe-buffer in SEA

2025-03-30 15:08:33 +00:00 · 2018-01-15 20:32:50 +02:00 · 2018-01-15 20:32:50 +02:00 · 59e5b01b17
commit 59e5b01b17
parent ac31e953c4
5 changed files with 18 additions and 12 deletions
--- a/gun.min.js
+++ b/gun.min.js
--- a/package.json
+++ b/package.json
@ -52,7 +52,6 @@
    "ws": "~>4.0.0"
  },
  "devDependencies": {
-    "spark-md5": "^3.0.0",
    "@std/esm": "^0.8.3",
    "@trust/webcrypto": "^0.7.1",
    "buffer": "^5.0.7",
@ -66,6 +65,8 @@
    "node-webcrypto-ossl": "^1.0.31",
    "panic-manager": "^1.2.0",
    "panic-server": "^1.1.0",
+    "safe-buffer": "^5.1.1",
+    "spark-md5": "^3.0.0",
    "text-encoding": "^0.6.4",
    "uglify-js": ">=2.8.22",
    "uws": "~>0.14.1"
--- a/sea.js
+++ b/sea.js
@ -19,7 +19,8 @@
    var Buffer = buffer.Buffer;
  }
  if(typeof Buffer === 'undefined'){
-    var Buffer = require('buffer').Buffer;  //eslint-disable-line no-redeclare
+    var Buffer = require('safe-buffer').Buffer;  //eslint-disable-line no-redeclare
+    // var Buffer = require('buffer').Buffer;  //eslint-disable-line no-redeclare
  }

  var subtle, subtleossl, TextEncoder, TextDecoder, getRandomBytes;
@ -136,8 +137,8 @@
          root.get(pub).get(function(at, ev){
            pub = pub.slice(4);
            ev.off(); c--;
-            if(at.put){ 
-              aliases.push({pub: pub, at: at}); 
+            if(at.put){
+              aliases.push({pub: pub, at: at});
            }
            if(!c && (c = -1)){ resolve(aliases) }
          });
@ -678,8 +679,7 @@
    }

    var doIt = function(resolve, reject){
-      // opts = { hook: function({ iat, exp, alias, proof }),
-      //   session: false } // true uses random PIN, no PIN UX error generated
+      // opts = { hook: function({ iat, exp, alias, proof }) }
      // iat == Date.now() when issued, exp == seconds to expire from iat
      // How this works:
      // called when app bootstraps, with wanted options
@ -1176,7 +1176,7 @@
      if(!m){ if(false === p){ return resolve(m) }
        return resolve();
      }
-      if(!m.slice || 'SEA[' !== m.slice(0,4)){ 
+      if(!m.slice || 'SEA[' !== m.slice(0,4)){
        if(false === p){ return resolve(m) }
        return resolve()
      }
@ -1185,7 +1185,7 @@
      }catch(e){ return reject(e) }
      m = m || '';
      d = m[0];
-      try{ d = d.slice ? JSON.parse(d) : d }catch(e){} 
+      try{ d = d.slice ? JSON.parse(d) : d }catch(e){}
      if(false === p){ resolve(d) }
      SEA.verify(m[0], p, m[1]).then(function(ok){
        if(!ok){ return resolve() }
--- a/src/chain.js
+++ b/src/chain.js
@ -250,9 +250,9 @@ function ask(at, soul){
 	Gun.obj.del(at, 'ask'); // TODO: PERFORMANCE? More elegant way?
 }
 function ack(msg, ev){
-	var as = this.as, get = as.get || empty, at = as.gun._;
+	var as = this.as, get = as.get || empty, at = as.gun._, tmp = (msg.put||empty)[get['#']];
 	if(at.ack){ at.ack = (at.ack + 1) || 1 }
-	if(!msg.put /*|| node_ == get['.']*/ || (get['.'] && !obj_has(msg.put[get['#']], at.get))){
+	if(!msg.put /*|| node_ == get['.']*/ || (get['.'] && !obj_has(tmp, at.get))){
 		if(at.put !== u){ return }
 		//at.ack = 0;
 		at.on('in', {
@ -263,6 +263,10 @@ function ack(msg, ev){
 		})
 		return;
 	}
+	if(node_ == get['.']){ // is this a security concern?
+		at.on('in', {get: at.get, put: tmp[at.get], gun: at.gun, '@': msg['@']});
+		return;
+	}
 	//if(/*!msg.gun &&*/ !get['.'] && get['#']){ at.ack = (at.ack + 1) || 1 }
 	//msg = obj_to(msg);
 	msg.gun = at.root;
--- a/src/root.js
+++ b/src/root.js
@ -103,7 +103,7 @@ Gun._ = { // some reserved key words, these are not the only ones.
 		var ctx = this, cat = ctx.gun._, at = (cat.next || empty)[soul];
 		if(!at){
 			ctx.souls[soul] = false;
-			return
+			return 
 		}
 		var msg = ctx.map[soul] = {
 			put: node,
@ -224,3 +224,4 @@ module.exports = Gun;
 		},1);
 	});
 });*/
+