rpc should only respond to signed messages

pull/1/head
ansuz 8 years ago
parent d585fce67b
commit ac08c9f3d9

@ -15,11 +15,44 @@ var isValidChannel = function (chan) {
return /^[a-fA-F0-9]/.test(chan); return /^[a-fA-F0-9]/.test(chan);
}; };
var checkSignature = function (signedMsg, publicKey) {
if (!(signedMsg && publicKey)) { return null; }
var signedBuffer = Nacl.util.decodeBase64(signedMsg);
var pubBuffer = Nacl.util.decodeBase64(publicKey);
var opened = Nacl.sign.open(signedBuffer, pubBuffer);
if (opened) {
var decoded = Nacl.util.encodeUTF8(opened);
try {
return JSON.parse(decoded);
} catch (e) { } // fall through to return
}
return null;
};
RPC.create = function (config, cb) { RPC.create = function (config, cb) {
// load pin-store... // load pin-store...
console.log('loading rpc module...'); console.log('loading rpc module...');
var rpc = function (ctx, msg, respond) { var rpc = function (ctx, args, respond) {
if (args.length < 2) {
return void respond("INSUFFICIENT_ARGS");
}
var signed = args[0];
var publicKey = args[1];
var msg = checkSignature(signed, publicKey);
if (!msg) {
return void respond("INVALID_SIGNATURE");
}
if (typeof(msg) !== 'object') {
return void respond('INVALID_MSG');
}
switch (msg[0]) { switch (msg[0]) {
case 'ECHO': case 'ECHO':
respond(void 0, msg); respond(void 0, msg);

Loading…
Cancel
Save