Skip to content

Commit

Permalink
chore: merged the latest master branch
Browse files Browse the repository at this point in the history
  • Loading branch information
@Silver-IT
Silver-IT committed Feb 23, 2024
2 parents 31954f5 + af730aa commit e6b9491
Show file tree
Hide file tree
Showing 42 changed files with 62,452 additions and 169 deletions.
1 change: 1 addition & 0 deletions .flowconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
<PROJECT_ROOT>/contracts/.*
.*/backend/dashboard/.*
.*/shared/multiformats/.*
.*/shared/blake2bstream.js
.*/frontend/assets/.*
.*/frontend/controller/service-worker.js
.*/frontend/utils/blockies.js
Expand Down
87 changes: 65 additions & 22 deletions backend/routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ route.GET('/eventsAfter/{contractID}/{since}', {}, async function (request, h) {
try {
const { contractID, since } = request.params

if (contractID.startsWith('_private_') || since.startsWith('_private_')) {
if (contractID.startsWith('_private') || since.startsWith('_private')) {
return Boom.notFound()
}

Expand Down Expand Up @@ -94,7 +94,7 @@ route.GET('/eventsBefore/{before}/{limit}', {}, async function (request, h) {
if (!before) return Boom.badRequest('missing before')
if (!limit) return Boom.badRequest('missing limit')
if (isNaN(parseInt(limit)) || parseInt(limit) <= 0) return Boom.badRequest('invalid limit')
if (before.startsWith('_private_')) return Boom.notFound()
if (before.startsWith('_private')) return Boom.notFound()

const stream = await sbp('backend/db/streamEntriesBefore', before, parseInt(limit))
request.events.once('disconnect', stream.destroy.bind(stream))
Expand All @@ -112,7 +112,7 @@ route.GET('/eventsBetween/{startHash}/{endHash}', {}, async function (request, h
if (!startHash) return Boom.badRequest('missing startHash')
if (!endHash) return Boom.badRequest('missing endHash')
if (isNaN(offset) || offset < 0) return Boom.badRequest('invalid offset')
if (startHash.startsWith('_private_') || endHash.startsWith('_private_')) return Boom.notFound()
if (startHash.startsWith('_private') || endHash.startsWith('_private')) return Boom.notFound()

const stream = await sbp('backend/db/streamEntriesBetween', startHash, endHash, offset)
request.events.once('disconnect', stream.destroy.bind(stream))
Expand All @@ -132,7 +132,7 @@ route.POST('/name', {
}, async function (request, h) {
try {
const { name, value } = request.payload
if (value.startsWith('_private_')) return Boom.badData()
if (value.startsWith('_private')) return Boom.badData()
return await sbp('backend/db/registerName', name, value)
} catch (err) {
return logger(err)
Expand All @@ -152,7 +152,7 @@ route.GET('/latestHEADinfo/{contractID}', {
}, async function (request, h) {
try {
const { contractID } = request.params
if (contractID.startsWith('_private_')) return Boom.notFound()
if (contractID.startsWith('_private')) return Boom.notFound()
const HEADinfo = await sbp('chelonia/db/latestHEADinfo', contractID)
if (!HEADinfo) {
console.warn(`[backend] latestHEADinfo not found for ${contractID}`)
Expand Down Expand Up @@ -180,8 +180,9 @@ const SECOND = 1000
route.POST('/file', {
// TODO: only allow uploads from registered users
payload: {
output: 'data',
multipart: true,
parse: true,
output: 'stream',
multipart: { output: 'annotated' },
allow: 'multipart/form-data',
failAction: function (request, h, err) {
console.error('failAction error:', err)
Expand All @@ -193,16 +194,58 @@ route.POST('/file', {
}, async function (request, h) {
try {
console.log('FILE UPLOAD!')
const { hash, data } = request.payload
if (!hash) return Boom.badRequest('missing hash')
if (!data) return Boom.badRequest('missing data')
const ourHash = createCID(data)
if (ourHash !== hash) {
console.error(`hash(${hash}) != ourHash(${ourHash})`)
return Boom.badRequest('bad hash!')
}
await sbp('chelonia/db/set', hash, data)
return '/file/' + hash
const manifestMeta = request.payload['manifest']
if (typeof manifestMeta !== 'object') return Boom.badRequest('missing manifest')
if (manifestMeta.filename !== 'manifest.json') return Boom.badRequest('wrong manifest filename')
if (!(manifestMeta.payload instanceof Uint8Array)) return Boom.badRequest('wrong manifest format')
const manifest = (() => {
try {
return JSON.parse(Buffer.from(manifestMeta.payload).toString())
} catch {
throw Boom.badData('Error parsing manifest')
}
})()
if (typeof manifest !== 'object') return Boom.badData('manifest format is invalid')
if (manifest.version !== '1.0.0') return Boom.badData('unsupported manifest version')
if (manifest.cipher !== 'aes256gcm') return Boom.badData('unsupported cipher')
if (!Array.isArray(manifest.chunks) || !manifest.chunks.length) return Boom.badData('missing chunks')

// Now that the manifest format looks right, validate the chunks
let ourSize = 0
const chunks = manifest.chunks.map((chunk, i) => {
// Validate the chunk information
if (
!Array.isArray(chunk) ||
chunk.length !== 2 ||
typeof chunk[0] !== 'number' ||
typeof chunk[1] !== 'string' ||
!Number.isSafeInteger(chunk[0]) ||
chunk[0] <= 0
) {
throw Boom.badData('bad chunk description')
}
if (!request.payload[i] || !(request.payload[i].payload instanceof Uint8Array)) {
throw Boom.badRequest('chunk missing in submitted data')
}
const ourHash = createCID(request.payload[i].payload)
if (request.payload[i].payload.byteLength !== chunk[0]) {
throw Boom.badRequest('bad chunk size')
}
if (ourHash !== chunk[1]) {
throw Boom.badRequest('bad chunk hash')
}
// We're done validating the chunk
ourSize += chunk[0]
return [ourHash, request.payload[i].payload]
})
// Finally, verify the size is correct
if (ourSize !== manifest.size) return Boom.badRequest('Mismatched total size')

// Now, store all chunks and the manifest
await Promise.all(chunks.map(([cid, data]) => sbp('chelonia/db/set', cid, data)))
const manifestHash = createCID(manifestMeta.payload)
await sbp('chelonia/db/set', manifestHash, manifestMeta.payload)
return manifestHash
} catch (err) {
return logger(err)
}
Expand All @@ -220,7 +263,7 @@ route.GET('/file/{hash}', {
const { hash } = request.params
console.debug(`GET /file/${hash}`)

if (hash.startsWith('_private_')) {
if (hash.startsWith('_private')) {
return Boom.notFound()
}

Expand Down Expand Up @@ -293,7 +336,7 @@ route.POST('/zkpp/register/{contractID}', {
])
}
}, async function (req, h) {
if (req.params['contractID'].startsWith('_private_')) return Boom.notFound()
if (req.params['contractID'].startsWith('_private')) return Boom.notFound()
try {
if (req.payload['b']) {
const result = await registrationKey(req.params['contractID'], req.payload['b'])
Expand Down Expand Up @@ -321,7 +364,7 @@ route.GET('/zkpp/{contractID}/auth_hash', {
query: Joi.object({ b: Joi.string().required() })
}
}, async function (req, h) {
if (req.params['contractID'].startsWith('_private_')) return Boom.notFound()
if (req.params['contractID'].startsWith('_private')) return Boom.notFound()
try {
const challenge = await getChallenge(req.params['contractID'], req.query['b'])

Expand All @@ -344,7 +387,7 @@ route.GET('/zkpp/{contractID}/contract_hash', {
})
}
}, async function (req, h) {
if (req.params['contractID'].startsWith('_private_')) return Boom.notFound()
if (req.params['contractID'].startsWith('_private')) return Boom.notFound()
try {
const salt = await getContractSalt(req.params['contractID'], req.query['r'], req.query['s'], req.query['sig'], req.query['hc'])

Expand All @@ -370,7 +413,7 @@ route.POST('/zkpp/updatePasswordHash/{contractID}', {
})
}
}, async function (req, h) {
if (req.params['contractID'].startsWith('_private_')) return Boom.notFound()
if (req.params['contractID'].startsWith('_private')) return Boom.notFound()
try {
const result = await updateContractSalt(req.params['contract'], req.payload['r'], req.payload['s'], req.payload['sig'], req.payload['hc'], req.payload['Ea'])

Expand Down
Loading

0 comments on commit e6b9491

Please sign in to comment.