mirror of
https://github.com/amark/gun.git
synced 2025-11-27 15:54:04 +00:00
Merge pull request #1034 from mimiza/master
change SEA.certify() && check.pub()
This commit is contained in:
Mark Nadal
GitHub
commit
be0b1cefb2
25
sea.js
25
sea.js
@ -694,7 +694,7 @@
|
|||||||
|
|
||||||
const expiry = opt.expiry && (typeof opt.expiry === 'number' || typeof opt.expiry === 'string') ? parseFloat(opt.expiry) : null
|
const expiry = opt.expiry && (typeof opt.expiry === 'number' || typeof opt.expiry === 'string') ? parseFloat(opt.expiry) : null
|
||||||
const readPolicy = (policy || {}).read ? policy.read : null
|
const readPolicy = (policy || {}).read ? policy.read : null
|
||||||
const writePolicy = (policy || {}).write ? policy.write : typeof policy === 'string' || Array.isArray(policy) || (policy["?"] || policy["#"] || policy["."] || policy["="] || policy["*"] || policy[">"] || policy["<"]) ? policy : null
|
const writePolicy = (policy || {}).write ? policy.write : typeof policy === 'string' || Array.isArray(policy) || policy["+"] || policy["#"] || policy["."] || policy["="] || policy["*"] || policy[">"] || policy["<"] ? policy : null
|
||||||
const readBlacklist = ((opt || {}).blacklist || {}).read && (typeof opt.blacklist.read === 'string' || opt.blacklist.read['#']) ? opt.blacklist.read : null
|
const readBlacklist = ((opt || {}).blacklist || {}).read && (typeof opt.blacklist.read === 'string' || opt.blacklist.read['#']) ? opt.blacklist.read : null
|
||||||
const writeBlacklist = typeof (opt || {}).blacklist === 'string' || (((opt || {}).blacklist || {}).write || {})['#'] ? opt.blacklist : ((opt || {}).blacklist || {}).write && (typeof opt.blacklist.write === 'string' || opt.blacklist.write['#']) ? opt.blacklist.write : null
|
const writeBlacklist = typeof (opt || {}).blacklist === 'string' || (((opt || {}).blacklist || {}).write || {})['#'] ? opt.blacklist : ((opt || {}).blacklist || {}).write && (typeof opt.blacklist.write === 'string' || opt.blacklist.write['#']) ? opt.blacklist.write : null
|
||||||
|
|
||||||
@ -1331,7 +1331,7 @@
|
|||||||
check.pub = function(eve, msg, val, key, soul, at, no, user, pub){ var tmp // Example: {_:#~asdf, hello:'world'~fdsa}}
|
check.pub = function(eve, msg, val, key, soul, at, no, user, pub){ var tmp // Example: {_:#~asdf, hello:'world'~fdsa}}
|
||||||
const raw = S.parse(val) || {}
|
const raw = S.parse(val) || {}
|
||||||
const verify = (certificate, certificant, cb) => {
|
const verify = (certificate, certificant, cb) => {
|
||||||
if (certificate.m && certificate.s && certificant && pub) {
|
if (certificate.m && certificate.s && certificant && pub)
|
||||||
// now verify certificate
|
// now verify certificate
|
||||||
return SEA.verify(certificate, pub, data => { // check if "pub" (of the graph owner) really issued this cert
|
return SEA.verify(certificate, pub, data => { // check if "pub" (of the graph owner) really issued this cert
|
||||||
if (u !== data && u !== data.e && msg.put['>'] && msg.put['>'] > parseFloat(data.e)) return no("Certificate expired.") // certificate expired
|
if (u !== data && u !== data.e && msg.put['>'] && msg.put['>'] > parseFloat(data.e)) return no("Certificate expired.") // certificate expired
|
||||||
@ -1345,7 +1345,7 @@
|
|||||||
for (const lex of w) {
|
for (const lex of w) {
|
||||||
if ((String.match(path, lex['#']) && String.match(key, lex['.'])) || (!lex['.'] && String.match(path, lex['#'])) || (!lex['#'] && String.match(key, lex['.'])) || String.match((path ? path + '/' + key : key), lex['#'] || lex)) {
|
if ((String.match(path, lex['#']) && String.match(key, lex['.'])) || (!lex['.'] && String.match(path, lex['#'])) || (!lex['#'] && String.match(key, lex['.'])) || String.match((path ? path + '/' + key : key), lex['#'] || lex)) {
|
||||||
// is Certificant forced to present in Path
|
// is Certificant forced to present in Path
|
||||||
if (lex['?'] && lex['?'].indexOf('*') > -1 && path && path.indexOf(certificant) == -1 && key.indexOf(certificant) == -1) return no("Key not same as certificant pub.")
|
if (lex['+'] && lex['+'].indexOf('*') > -1 && path && path.indexOf(certificant) == -1 && key.indexOf(certificant) == -1) return no(`Path "${path}" or key "${key}" must contain string "${certificant}".`)
|
||||||
// path is allowed, but is there any WRITE blacklist? Check it out
|
// path is allowed, but is there any WRITE blacklist? Check it out
|
||||||
if (data.wb && (typeof data.wb === 'string' || ((data.wb || {})['#']))) { // "data.wb" = path to the WRITE blacklist
|
if (data.wb && (typeof data.wb === 'string' || ((data.wb || {})['#']))) { // "data.wb" = path to the WRITE blacklist
|
||||||
var root = user.back(-1)
|
var root = user.back(-1)
|
||||||
@ -1361,24 +1361,23 @@
|
|||||||
return no("Certificate verification fail.")
|
return no("Certificate verification fail.")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ('pub' === key && '~'+pub === soul) {
|
if ('pub' === key && '~' + pub === soul) {
|
||||||
if(val === pub){ return eve.to.next(msg) } // the account MUST match `pub` property that equals the ID of the public key.
|
if (val === pub) return eve.to.next(msg) // the account MUST match `pub` property that equals the ID of the public key.
|
||||||
return no("Account not same!")
|
return no("Account not same!")
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((tmp = user.is) && tmp.pub && !raw['*'] && !raw['+'] && (pub === tmp.pub || (pub !== tmp.pub && ((msg._.out || {}).opt || {}).cert))){
|
if ((tmp = user.is) && tmp.pub && !raw['*'] && !raw['+'] && (pub === tmp.pub || (pub !== tmp.pub && ((msg._.out || {}).opt || {}).cert))){
|
||||||
SEA.sign(SEA.opt.pack(msg.put), (user._).sea, function(data){
|
SEA.sign(SEA.opt.pack(msg.put), (user._).sea, function(data){
|
||||||
if(u === data){ return no(SEA.err || 'Signature fail.') }
|
if (u === data) return no(SEA.err || 'Signature fail.')
|
||||||
msg.put[':'] = {':': tmp = SEA.opt.unpack(data.m), '~': data.s}
|
msg.put[':'] = {':': tmp = SEA.opt.unpack(data.m), '~': data.s}
|
||||||
msg.put['='] = tmp
|
msg.put['='] = tmp
|
||||||
|
|
||||||
// if writing to own graph, just allow it
|
// if writing to own graph, just allow it
|
||||||
if (pub === user.is.pub) {
|
if (pub === user.is.pub) {
|
||||||
if (tmp = link_is(val)) { (at.sea.own[tmp] = at.sea.own[tmp] || {})[pub] = 1 }
|
if (tmp = link_is(val)) (at.sea.own[tmp] = at.sea.own[tmp] || {})[pub] = 1
|
||||||
msg.put[':'] = JSON.stringify(msg.put[':'])
|
msg.put[':'] = JSON.stringify(msg.put[':'])
|
||||||
return eve.to.next(msg)
|
return eve.to.next(msg)
|
||||||
}
|
}
|
||||||
@ -1387,7 +1386,7 @@
|
|||||||
if (pub !== user.is.pub && ((msg._.out || {}).opt || {}).cert) {
|
if (pub !== user.is.pub && ((msg._.out || {}).opt || {}).cert) {
|
||||||
const cert = S.parse(msg._.out.opt.cert)
|
const cert = S.parse(msg._.out.opt.cert)
|
||||||
// even if cert exists, we must verify it
|
// even if cert exists, we must verify it
|
||||||
if (cert && cert.m && cert.s) {
|
if (cert && cert.m && cert.s)
|
||||||
verify(cert, user.is.pub, _ => {
|
verify(cert, user.is.pub, _ => {
|
||||||
msg.put[':']['+'] = cert // '+' is a certificate
|
msg.put[':']['+'] = cert // '+' is a certificate
|
||||||
msg.put[':']['*'] = user.is.pub // '*' is pub of the user who puts
|
msg.put[':']['*'] = user.is.pub // '*' is pub of the user who puts
|
||||||
@ -1395,24 +1394,22 @@
|
|||||||
return eve.to.next(msg)
|
return eve.to.next(msg)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}, {raw: 1})
|
}, {raw: 1})
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
SEA.verify(SEA.opt.pack(msg.put), raw['*'] || pub, function(data){ var tmp;
|
SEA.verify(SEA.opt.pack(msg.put), raw['*'] || pub, function(data){ var tmp;
|
||||||
data = SEA.opt.unpack(data);
|
data = SEA.opt.unpack(data);
|
||||||
if(u === data){ return no("Unverified data.") } // make sure the signature matches the account it claims to be on. // reject any updates that are signed with a mismatched account.
|
if (u === data) return no("Unverified data.") // make sure the signature matches the account it claims to be on. // reject any updates that are signed with a mismatched account.
|
||||||
if((tmp = link_is(data)) && pub === SEA.opt.pub(tmp)){ (at.sea.own[tmp] = at.sea.own[tmp] || {})[pub] = 1 }
|
if ((tmp = link_is(data)) && pub === SEA.opt.pub(tmp)) (at.sea.own[tmp] = at.sea.own[tmp] || {})[pub] = 1
|
||||||
|
|
||||||
// check if cert ('+') and putter's pub ('*') exist
|
// check if cert ('+') and putter's pub ('*') exist
|
||||||
if (raw['+'] && raw['+']['m'] && raw['+']['s'] && raw['*']) {
|
if (raw['+'] && raw['+']['m'] && raw['+']['s'] && raw['*'])
|
||||||
// now verify certificate
|
// now verify certificate
|
||||||
verify(raw['+'], raw['*'], _ => {
|
verify(raw['+'], raw['*'], _ => {
|
||||||
msg.put['='] = data;
|
msg.put['='] = data;
|
||||||
return eve.to.next(msg);
|
return eve.to.next(msg);
|
||||||
})
|
})
|
||||||
}
|
|
||||||
else {
|
else {
|
||||||
msg.put['='] = data;
|
msg.put['='] = data;
|
||||||
return eve.to.next(msg);
|
return eve.to.next(msg);
|
||||||
|
|||||||
@ -606,10 +606,10 @@ describe('SEA', function(){
|
|||||||
})
|
})
|
||||||
}())})
|
}())})
|
||||||
|
|
||||||
it('Certify: Path must contain Certificant Pub', function(done){(async function(){
|
it('Certify: Path or Key must contain Certificant Pub', function(done){(async function(){
|
||||||
var alice = await SEA.pair()
|
var alice = await SEA.pair()
|
||||||
var bob = await SEA.pair()
|
var bob = await SEA.pair()
|
||||||
var cert = await SEA.certify(bob, {"*": "private", "?": "*"}, alice)
|
var cert = await SEA.certify(bob, {"*": "private", "+": "*"}, alice)
|
||||||
|
|
||||||
user.auth(bob, () => {
|
user.auth(bob, () => {
|
||||||
var data = Gun.state.lex()
|
var data = Gun.state.lex()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user