infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

Make sure the ID is not used when uploading a file

Browse Source
pull/1/head
yflory 7 years ago
parent 586193d6a1
commit 8aac7bad45
1 changed files with 93 additions and 75 deletions
Show Stats Download Patch File Download Diff File

168
www/common/outer/upload.js
Unescape Escape View File

@ -1,8 +1,9 @@
define([ define([
'/file/file-crypto.js', '/file/file-crypto.js',
'/common/common-hash.js', '/common/common-hash.js',
'/bower_components/nthen/index.js',
'/bower_components/tweetnacl/nacl-fast.min.js', '/bower_components/tweetnacl/nacl-fast.min.js',
], function (FileCrypto, Hash) { ], function (FileCrypto, Hash, nThen) {
var Nacl = window.nacl; var Nacl = window.nacl;
var module = {}; var module = {};
@ -14,89 +15,106 @@ define([
var path = file.path; var path = file.path;
var password = file.password; var password = file.password;
var hash = Hash.createRandomHash('file', password); var hash, secret, key, id, href;
var secret = Hash.getSecrets('file', hash, password);
var key = secret.keys.cryptKey; var getNewHash = function () {
var id = secret.channel; hash = Hash.createRandomHash('file', password);
secret = Hash.getSecrets('file', hash, password);
// XXX check id here (getFileSize) key = secret.keys.cryptKey;
id = secret.channel;
var next = FileCrypto.encrypt(u8, metadata, key); href = '/file/#' + hash;
var estimate = FileCrypto.computeEncryptedSize(u8.length, metadata);
var sendChunk = function (box, cb) {
var enc = Nacl.util.encodeBase64(box);
common.uploadChunk(enc, function (e, msg) {
cb(e, msg);
});
}; };
var actual = 0; var getValidHash = function (cb) {
var again = function (err, box) { getNewHash();
if (err) { throw new Error(err); } common.getFileSize(href, password, function (err, size) {
if (box) { if (err || typeof(size) !== "number") { throw new Error(err || "Invalid size!"); }
actual += box.length; if (size === 0) { return void cb(); }
var progressValue = (actual / estimate * 100); getValidHash();
updateProgress(progressValue);
return void sendChunk(box, function (e) {
if (e) { return console.error(e); }
next(again);
});
}
if (actual !== estimate) {
console.error('Estimated size does not match actual size');
}
// if not box then done
common.uploadComplete(id, function (e) {
if (e) { return void console.error(e); }
var uri = ['', 'blob', id.slice(0,2), id].join('/');
console.log("encrypted blob is now available as %s", uri);
var href = '/file/#' + hash;
var title = metadata.name;
if (noStore) { return void onComplete(href); }
var data = {
title: title || "",
href: href,
path: path,
password: password,
channel: id
};
common.setPadTitle(data, function (err) {
if (err) { return void console.error(err); }
onComplete(href);
common.setPadAttribute('fileType', metadata.type, null, href);
});
}); });
}; };
common.uploadStatus(estimate, function (e, pending) { nThen(function (waitFor) {
if (e) { // Generate a hash and check if the resulting id is valid (not already used)
console.error(e); getValidHash(waitFor());
onError(e); }).nThen(function () {
return; var next = FileCrypto.encrypt(u8, metadata, key);
}
var estimate = FileCrypto.computeEncryptedSize(u8.length, metadata);
if (pending) {
return void onPending(function () { var sendChunk = function (box, cb) {
// if the user wants to cancel the pending upload to execute that one var enc = Nacl.util.encodeBase64(box);
common.uploadCancel(estimate, function (e) { common.uploadChunk(enc, function (e, msg) {
if (e) { cb(e, msg);
return void console.error(e); });
} };
var actual = 0;
var again = function (err, box) {
if (err) { throw new Error(err); }
if (box) {
actual += box.length;
var progressValue = (actual / estimate * 100);
updateProgress(progressValue);
return void sendChunk(box, function (e) {
if (e) { return console.error(e); }
next(again); next(again);
}); });
}
if (actual !== estimate) {
console.error('Estimated size does not match actual size');
}
// if not box then done
common.uploadComplete(id, function (e) {
if (e) { return void console.error(e); }
var uri = ['', 'blob', id.slice(0,2), id].join('/');
console.log("encrypted blob is now available as %s", uri);
var title = metadata.name;
if (noStore) { return void onComplete(href); }
var data = {
title: title || "",
href: href,
path: path,
password: password,
channel: id
};
common.setPadTitle(data, function (err) {
if (err) { return void console.error(err); }
onComplete(href);
common.setPadAttribute('fileType', metadata.type, null, href);
});
}); });
} };
next(again);
common.uploadStatus(estimate, function (e, pending) {
if (e) {
console.error(e);
onError(e);
return;
}
if (pending) {
return void onPending(function () {
// if the user wants to cancel the pending upload to execute that one
common.uploadCancel(estimate, function (e) {
if (e) {
return void console.error(e);
}
next(again);
});
});
}
next(again);
});
}); });
}; };
return module; return module;
}); });

Write Preview
Loading…
Cancel
Save