From 82f5d3c96f6d55bb3dedf0e7a3712602bb335c40 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Wed, 31 May 2017 12:51:26 +0200
Subject: [PATCH] abstract checks for authenticated RPCs

---
 rpc.js | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/rpc.js b/rpc.js
index f108b1ab8..8be2f1df8 100644
--- a/rpc.js
+++ b/rpc.js
@@ -785,6 +785,24 @@ var upload_status = function (Env, publicKey, filesize, cb) {
     });
 };
 
+var isAuthenticatedCall = function (call) {
+    return [
+        //'COOKIE',
+        'RESET',
+        'PIN',
+        'UNPIN',
+        'GET_HASH',
+        'GET_TOTAL_SIZE',
+        'GET_FILE_SIZE',
+        'UPDATE_LIMITS',
+        'GET_LIMIT',
+        'GET_MULTIPLE_FILE_SIZE',
+        'UPLOAD',
+        'UPLOAD_COMPLETE',
+        'UPLOAD_CANCEL',
+    ].indexOf(call) !== -1;
+};
+
 /*::const ConfigType = require('./config.example.js');*/
 RPC.create = function (config /*:typeof(ConfigType)*/, cb /*:(?Error, ?Function)=>void*/) {
     // load pin-store...
@@ -840,7 +858,6 @@ RPC.create = function (config /*:typeof(ConfigType)*/, cb /*:(?Error, ?Function)
         beginSession(Sessions, publicKey);
 
         var cookie = msg[0];
-
         if (!isValidCookie(Sessions, publicKey, cookie)) {
             // no cookie is fine if the RPC is to get a cookie
             if (msg[1] !== 'COOKIE') {
@@ -854,8 +871,10 @@ RPC.create = function (config /*:typeof(ConfigType)*/, cb /*:(?Error, ?Function)
             return void respond('INVALID_MESSAGE_OR_PUBLIC_KEY');
         }
 
-        if (checkSignature(serialized, signature, publicKey) !== true) {
-            return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
+        if (isAuthenticatedCall(msg[1])) {
+            if (checkSignature(serialized, signature, publicKey) !== true) {
+                return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
+            }
         }
 
         var safeKey = escapeKeyCharacters(publicKey);