From 0ef054ef4ffc0bfb2d1da777def83bb66b93d1a1 Mon Sep 17 00:00:00 2001 From: sairajzero Date: Wed, 26 Jul 2023 03:23:14 +0530 Subject: [PATCH] Improvement: edit comment request - a request signature is required to process the request (which is validated by time, but not stored. ie, only re-signing of actual data will be store) --- src/client.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/client.js b/src/client.js index 5e39b26..0a447d5 100644 --- a/src/client.js +++ b/src/client.js @@ -97,6 +97,9 @@ function processEditFromUser(data) { let closeNode = cloud.closestNode(data.receiverID); if (!_list.serving.includes(closeNode)) return reject(INVALID("Incorrect Supernode")); + let request_hash = ["time", "vectorClock", "edit", "re_sign"].map(d => data[d]).join("|"); + if (!floCrypto.verifySign(request_hash, data.sign, data.pubKey)) + return reject(INVALID("Invalid request signature")); DB.getData(closeNode, data.vectorClock).then(result => { if (!result.length) return reject(INVALID("Invalid vectorClock")); @@ -109,10 +112,10 @@ function processEditFromUser(data) { tmp_data.comment = data.edit; //edited comment data let hashcontent = ["receiverID", "time", "application", "type", "message", "comment"] .map(d => tmp_data[d]).join("|"); - if (!floCrypto.verifySign(hashcontent, data.sign, data.pubKey)) - return reject(INVALID("Invalid signature")); + if (!floCrypto.verifySign(hashcontent, data.re_sign, data.pubKey)) + return reject(INVALID("Invalid re-signature")); let comment_edit = ([null].includes(data.edit) ? null : data.note.toString()); //if value is null, then comment will be removed (ie, NULL value in SQL) - DB.editData(closeNode, data.vectorClock, comment_edit, data.sign).then(rb => { + DB.editData(closeNode, data.vectorClock, comment_edit, data.re_sign).then(rb => { DB.getData(closeNode, data.vectorClock) .then(result => resolve([result[0], 'EDIT', rb])) .catch(error => reject(error))