Check security hash before accepting downloaded files.
Fixes #7 in the simplest possible way. The current code will ignore any files with a different security hash from the one given by the developer. When ignoring, it emits a message warning of a potentially malicious content. It will also always emit a message when a downloaded file passes the security hash check.
This commit is contained in:
parent
2e7694b89d
commit
daee3bf493
2 changed files with 47 additions and 39 deletions
2
cachep2p.min.js
vendored
2
cachep2p.min.js
vendored
File diff suppressed because one or more lines are too long
84
index.js
84
index.js
|
@ -17,10 +17,10 @@ var history_initialized = false
|
||||||
|
|
||||||
inherits(CacheP2P, EventEmitter)
|
inherits(CacheP2P, EventEmitter)
|
||||||
|
|
||||||
var cached_mark
|
var cached_mark
|
||||||
function CacheP2P(opts, callback){
|
function CacheP2P(opts, callback){
|
||||||
var self = this
|
var self = this
|
||||||
|
|
||||||
if(typeof(opts)==='function'){
|
if(typeof(opts)==='function'){
|
||||||
callback = opts
|
callback = opts
|
||||||
}
|
}
|
||||||
|
@ -55,7 +55,7 @@ function CacheP2P(opts, callback){
|
||||||
self.emit('alert', "Please tell a friend to open this site's "+page_link.text+" to see it in action.")
|
self.emit('alert', "Please tell a friend to open this site's "+page_link.text+" to see it in action.")
|
||||||
added_links.push(page_link.href)
|
added_links.push(page_link.href)
|
||||||
sha(page_link.href, function(result){
|
sha(page_link.href, function(result){
|
||||||
|
|
||||||
var magnet = 'magnet:?xt=urn:btih:'+result+'&dn=Unnamed+Torrent+1476541118022&tr=udp%3A%2F%2Fexodus.desync.com%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.internetwarriors.net%3A1337&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.openwebtorrent.com'
|
var magnet = 'magnet:?xt=urn:btih:'+result+'&dn=Unnamed+Torrent+1476541118022&tr=udp%3A%2F%2Fexodus.desync.com%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.internetwarriors.net%3A1337&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=wss%3A%2F%2Ftracker.openwebtorrent.com'
|
||||||
torrent = client.add(magnet, onTorrent)
|
torrent = client.add(magnet, onTorrent)
|
||||||
|
|
||||||
|
@ -70,26 +70,26 @@ function CacheP2P(opts, callback){
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
self.scan_links = function(){
|
self.scan_links = function(){
|
||||||
self.emit('message', "Pre-fetching uncached links in this page... ")
|
self.emit('message', "Pre-fetching uncached links in this page... ")
|
||||||
var this_page_links = document.getElementsByTagName('a')
|
var this_page_links = document.getElementsByTagName('a')
|
||||||
for(var i = 0; i < this_page_links.length ; i++){
|
for(var i = 0; i < this_page_links.length ; i++){
|
||||||
if(this_page_links[i].href && this_page_links[i].href.length !== window.location.href.length && this_page_links[i].href.indexOf(window.location.href+'#') == -1 && this_page_links[i].href.indexOf(document.domain) > -1){
|
if(this_page_links[i].href && this_page_links[i].href.length !== window.location.href.length && this_page_links[i].href.indexOf(window.location.href+'#') == -1 && this_page_links[i].href.indexOf(document.domain) > -1){
|
||||||
if(!document.security_sha1 || Object.keys(document.security_sha1).indexOf(this_page_links[i].href) > -1){
|
if(!document.security_sha1 || Object.keys(document.security_sha1).indexOf(this_page_links[i].href) > -1){
|
||||||
if(Object.keys(cached_link_lists).indexOf(this_page_links[i].href) === -1){
|
if(Object.keys(cached_link_lists).indexOf(this_page_links[i].href) === -1){
|
||||||
self.fetch(this_page_links[i])
|
self.fetch(this_page_links[i])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
self.update_links()
|
self.update_links()
|
||||||
}
|
}
|
||||||
|
|
||||||
self.update_links = function(){
|
self.update_links = function(){
|
||||||
var all_links = document.getElementsByTagName('a')
|
var all_links = document.getElementsByTagName('a')
|
||||||
|
|
||||||
Object.keys(cached_link_lists).forEach(function(each_url){
|
Object.keys(cached_link_lists).forEach(function(each_url){
|
||||||
var got_page = cached_link_lists[each_url]
|
var got_page = cached_link_lists[each_url]
|
||||||
for(var i = 0 ; i < all_links.length ; i++ ){
|
for(var i = 0 ; i < all_links.length ; i++ ){
|
||||||
|
@ -99,7 +99,7 @@ function CacheP2P(opts, callback){
|
||||||
self.emit('alert', "Security check of content received: "+sha.sync(got_page.page)+"...")
|
self.emit('alert', "Security check of content received: "+sha.sync(got_page.page)+"...")
|
||||||
self.emit('success', "Got this site's '" +all_links[i].text+"' in Cache (sha1: "+got_page.page_hash+" ✔)")
|
self.emit('success', "Got this site's '" +all_links[i].text+"' in Cache (sha1: "+got_page.page_hash+" ✔)")
|
||||||
self.emit('success', "The main server will not be used when '"+link_to_page.text+"' is clicked.")
|
self.emit('success', "The main server will not be used when '"+link_to_page.text+"' is clicked.")
|
||||||
|
|
||||||
link_to_page.onclick = function(event){
|
link_to_page.onclick = function(event){
|
||||||
event.preventDefault();
|
event.preventDefault();
|
||||||
if(!history_initialized){
|
if(!history_initialized){
|
||||||
|
@ -109,18 +109,18 @@ function CacheP2P(opts, callback){
|
||||||
document.title = cached_mark+' '+cached_link_lists[event.target.href].title
|
document.title = cached_mark+' '+cached_link_lists[event.target.href].title
|
||||||
// setTimeout(function(){
|
// setTimeout(function(){
|
||||||
// window.scrollTo(0, 0);
|
// window.scrollTo(0, 0);
|
||||||
|
|
||||||
// }, 10)
|
// }, 10)
|
||||||
self.emit('cache', event)
|
self.emit('cache', event)
|
||||||
self.emit('ready')
|
self.emit('ready')
|
||||||
self.scan_links()
|
self.scan_links()
|
||||||
|
|
||||||
window.history.pushState({page: got_page.page, title: got_page.title},"", got_page.url);
|
window.history.pushState({page: got_page.page, title: got_page.title},"", got_page.url);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
function onTorrent (torrent) {
|
function onTorrent (torrent) {
|
||||||
torrent.files.forEach(function (file) {
|
torrent.files.forEach(function (file) {
|
||||||
|
@ -129,42 +129,50 @@ function CacheP2P(opts, callback){
|
||||||
// debug(b)
|
// debug(b)
|
||||||
// debug(b.toString('utf8'))
|
// debug(b.toString('utf8'))
|
||||||
var got_page = JSON.parse(b.toString('utf8'))
|
var got_page = JSON.parse(b.toString('utf8'))
|
||||||
// self.emit('message', "Got cached version of "+got_page.url+" from web peer, modifying link to point to cache.")
|
// self.emit('message', "Got cached version of "+got_page.url+" from web peer, checking security hash.")
|
||||||
|
|
||||||
cached_link_lists[got_page.url] = got_page
|
|
||||||
self.update_links()
|
|
||||||
|
|
||||||
window.onpopstate = function(to) {
|
sha(got_page.page, function (page_hash) {
|
||||||
document.documentElement.innerHTML = to.state.page
|
if (page_hash != self.security_sha1[got_page.url]) {
|
||||||
document.title = cached_mark+" "+to.state.title
|
self.emit('message', 'Cached version of ' + got_page.url + ' has wrong security hash. This is possibly malicious content! Ignoring the version obtained.');
|
||||||
window.scrollTo(0, 0);
|
return;
|
||||||
self.emit('onpopstate', to)
|
}
|
||||||
|
|
||||||
var this_page_links = document.getElementsByTagName('a')
|
self.emit('message', 'Cached version of ' + got_page.url + ' has a verified security hash! Proceeding by changing links in page.');
|
||||||
for(var i = 0; i < this_page_links.length ; i++){
|
cached_link_lists[got_page.url] = got_page
|
||||||
if(Object.keys(cached_link_lists).indexOf(this_page_links[i].href) > -1){
|
self.update_links()
|
||||||
this_page_links[i].onclick = function(event){
|
|
||||||
event.preventDefault();
|
window.onpopstate = function(to) {
|
||||||
document.documentElement.innerHTML = cached_link_lists[event.target.href].page
|
document.documentElement.innerHTML = to.state.page
|
||||||
document.title = cached_mark+' '+cached_link_lists[event.target.href].title
|
document.title = cached_mark+" "+to.state.title
|
||||||
window.history.pushState({page: cached_link_lists[event.target.href].page, title: cached_link_lists[event.target.href].title},"", event.target.href);
|
window.scrollTo(0, 0);
|
||||||
setTimeout(function(){
|
self.emit('onpopstate', to)
|
||||||
window.scrollTo(0, 0);
|
|
||||||
}, 10)
|
var this_page_links = document.getElementsByTagName('a')
|
||||||
|
for(var i = 0; i < this_page_links.length ; i++){
|
||||||
|
if(Object.keys(cached_link_lists).indexOf(this_page_links[i].href) > -1){
|
||||||
|
this_page_links[i].onclick = function(event){
|
||||||
|
event.preventDefault();
|
||||||
|
document.documentElement.innerHTML = cached_link_lists[event.target.href].page
|
||||||
|
document.title = cached_mark+' '+cached_link_lists[event.target.href].title
|
||||||
|
window.history.pushState({page: cached_link_lists[event.target.href].page, title: cached_link_lists[event.target.href].title},"", event.target.href);
|
||||||
|
setTimeout(function(){
|
||||||
|
window.scrollTo(0, 0);
|
||||||
|
}, 10)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
self.fetch(this_page_links[i])
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
self.fetch(this_page_links[i])
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
});
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
setTimeout(function(){
|
setTimeout(function(){
|
||||||
|
|
||||||
self.emit('message', "Initializing CacheP2P")
|
self.emit('message', "Initializing CacheP2P")
|
||||||
|
|
||||||
self.scan_links()
|
self.scan_links()
|
||||||
|
|
||||||
var message = {
|
var message = {
|
||||||
|
|
Loading…
Reference in a new issue