Fix race condition with the allow list
parent
f071e2df25
commit
daeae8b74e
|
@ -1703,26 +1703,29 @@ define([
|
|||
// There is an allow list: check if we can authenticate
|
||||
if (!Array.isArray(allowed)) { return void cb('EINVAL'); }
|
||||
if (!store.loggedIn || !store.proxy.edPublic) { return void cb('EFORBIDDEN'); }
|
||||
var rpc;
|
||||
var teamModule = store.modules['team'];
|
||||
var teams = (teamModule && teamModule.getTeams()) || [];
|
||||
|
||||
if (allowed.indexOf(store.proxy.edPublic) !== -1) {
|
||||
// We are allowed: use our own rpc
|
||||
rpc = store.rpc;
|
||||
} else if (teams.some(function (teamId) {
|
||||
// We're not allowed: check our teams
|
||||
var ed = Util.find(store, ['proxy', 'teams', teamId, 'keys', 'drive', 'edPublic']);
|
||||
if (allowed.indexOf(ed) === -1) { return false; }
|
||||
// This team is allowed: use its rpc
|
||||
var t = teamModule.getTeam(teamId);
|
||||
rpc = t.rpc;
|
||||
return true;
|
||||
})) {}
|
||||
onReadyEvt.reg(function () {
|
||||
var rpc;
|
||||
var teamModule = store.modules['team'];
|
||||
var teams = (teamModule && teamModule.getTeams()) || [];
|
||||
|
||||
if (!rpc) { return void cb('EFORBIDDEN'); }
|
||||
rpc.send('COOKIE', '', function (err) {
|
||||
cb(err);
|
||||
if (allowed.indexOf(store.proxy.edPublic) !== -1) {
|
||||
// We are allowed: use our own rpc
|
||||
rpc = store.rpc;
|
||||
} else if (teams.some(function (teamId) {
|
||||
// We're not allowed: check our teams
|
||||
var ed = Util.find(store, ['proxy', 'teams', teamId, 'keys', 'drive', 'edPublic']);
|
||||
if (allowed.indexOf(ed) === -1) { return false; }
|
||||
// This team is allowed: use its rpc
|
||||
var t = teamModule.getTeam(teamId);
|
||||
rpc = t.rpc;
|
||||
return true;
|
||||
})) {}
|
||||
|
||||
if (!rpc) { return void cb('EFORBIDDEN'); }
|
||||
rpc.send('COOKIE', '', function (err) {
|
||||
cb(err);
|
||||
});
|
||||
});
|
||||
},
|
||||
onConnectionChange: function (info) {
|
||||
|
|
|
@ -113,7 +113,6 @@ define([
|
|||
if (!config.store.id && !config.store.network) {
|
||||
Cache.getChannelCache(secret.channel, waitFor(function (err, res) {
|
||||
if (err === "EINVAL") { // Cache not found
|
||||
console.warn(secret.channel);
|
||||
waitFor.abort();
|
||||
store.manager.restrictedProxy(id, secret.channel);
|
||||
// XXX unrestrict when we connect?
|
||||
|
|
Loading…
Reference in New Issue