Merge pull request #8 from DanielSidhion/check_security_hash

Check security hash before accepting downloaded files.
2016-10-22 19:39:03 +03:00 · 2016-10-22 19:39:03 +03:00 · ca11bc07f8
commit ca11bc07f8
parent 2e7694b89d daee3bf493
2 changed files with 47 additions and 39 deletions
--- a/cachep2p.min.js
+++ b/cachep2p.min.js
--- a/index.js
+++ b/index.js
@ -129,34 +129,42 @@ function CacheP2P(opts, callback){
        // debug(b)
        // debug(b.toString('utf8'))
        var got_page = JSON.parse(b.toString('utf8'))
-        // self.emit('message', "Got cached version of "+got_page.url+" from web peer, modifying link to point to cache.")
+        // self.emit('message', "Got cached version of "+got_page.url+" from web peer, checking security hash.")
-        cached_link_lists[got_page.url] = got_page
+        sha(got_page.page, function (page_hash) {
-        self.update_links()
+          if (page_hash != self.security_sha1[got_page.url]) {
            self.emit('message', 'Cached version of ' + got_page.url + ' has wrong security hash. This is possibly malicious content! Ignoring the version obtained.');
            return;
          }
-        window.onpopstate = function(to) {
+          self.emit('message', 'Cached version of ' + got_page.url + ' has a verified security hash! Proceeding by changing links in page.');
-          document.documentElement.innerHTML = to.state.page
+          cached_link_lists[got_page.url] = got_page
-          document.title = cached_mark+" "+to.state.title
+          self.update_links()
          window.scrollTo(0, 0);
          self.emit('onpopstate', to)
-          var this_page_links = document.getElementsByTagName('a')
+          window.onpopstate = function(to) {
-          for(var i = 0; i < this_page_links.length ; i++){
+            document.documentElement.innerHTML = to.state.page
-            if(Object.keys(cached_link_lists).indexOf(this_page_links[i].href) > -1){
+            document.title = cached_mark+" "+to.state.title
-              this_page_links[i].onclick = function(event){
+            window.scrollTo(0, 0);
-                event.preventDefault();
+            self.emit('onpopstate', to)
-                document.documentElement.innerHTML = cached_link_lists[event.target.href].page
+
-                document.title = cached_mark+' '+cached_link_lists[event.target.href].title
+            var this_page_links = document.getElementsByTagName('a')
-                window.history.pushState({page: cached_link_lists[event.target.href].page, title: cached_link_lists[event.target.href].title},"", event.target.href);
+            for(var i = 0; i < this_page_links.length ; i++){
-                setTimeout(function(){
+              if(Object.keys(cached_link_lists).indexOf(this_page_links[i].href) > -1){
-                  window.scrollTo(0, 0);
+                this_page_links[i].onclick = function(event){
-                }, 10)
+                  event.preventDefault();
                  document.documentElement.innerHTML = cached_link_lists[event.target.href].page
                  document.title = cached_mark+' '+cached_link_lists[event.target.href].title
                  window.history.pushState({page: cached_link_lists[event.target.href].page, title: cached_link_lists[event.target.href].title},"", event.target.href);
                  setTimeout(function(){
                    window.scrollTo(0, 0);
                  }, 10)
                }
              } else {
                self.fetch(this_page_links[i])
              }
            } else {
              self.fetch(this_page_links[i])
            }
          }
-        }
+        });
      })
    })
  }