From f071e2df25be47564c5eebd4f47e908a82ec0b35 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 25 Feb 2021 11:15:24 +0100 Subject: [PATCH 1/2] Fix shared folders allow list --- www/common/outer/sharedfolder.js | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/www/common/outer/sharedfolder.js b/www/common/outer/sharedfolder.js index 05428e11e..68fd8960c 100644 --- a/www/common/outer/sharedfolder.js +++ b/www/common/outer/sharedfolder.js @@ -107,6 +107,21 @@ define([ // If we try to load an existing shared folder (isNew === false) but this folder // doesn't exist in the database, abort and cb nThen(function (waitFor) { + // XXX use a config.cache flag in the new branches + // If we don't have a network yet and we're pulling our own SF (no team id) + // Make sure we have a cache + if (!config.store.id && !config.store.network) { + Cache.getChannelCache(secret.channel, waitFor(function (err, res) { + if (err === "EINVAL") { // Cache not found + console.warn(secret.channel); + waitFor.abort(); + store.manager.restrictedProxy(id, secret.channel); + // XXX unrestrict when we connect? + return void cb(null); + } + })); + } + }).nThen(function (waitFor) { isNewChannel(null, { channel: secret.channel }, waitFor(function (obj) { if (obj.isNew && !isNew) { store.manager.deprecateProxy(id, secret.channel); @@ -190,7 +205,7 @@ define([ validateKey: secret.keys.validateKey || undefined, owners: owners }, - //onRejected: onRejected // XXX not working + onRejected: onRejected // XXX not working }; var rt = sf.rt = Listmap.create(listmapConfig); rt.proxy.on('cacheready', function () { From daeae8b74e6e4da058665de479fd4f03f598da99 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 25 Feb 2021 11:27:39 +0100 Subject: [PATCH 2/2] Fix race condition with the allow list --- www/common/outer/async-store.js | 41 +++++++++++++++++--------------- www/common/outer/sharedfolder.js | 1 - 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/www/common/outer/async-store.js b/www/common/outer/async-store.js index 56cba5ff6..a5d73002e 100644 --- a/www/common/outer/async-store.js +++ b/www/common/outer/async-store.js @@ -1703,26 +1703,29 @@ define([ // There is an allow list: check if we can authenticate if (!Array.isArray(allowed)) { return void cb('EINVAL'); } if (!store.loggedIn || !store.proxy.edPublic) { return void cb('EFORBIDDEN'); } - var rpc; - var teamModule = store.modules['team']; - var teams = (teamModule && teamModule.getTeams()) || []; - - if (allowed.indexOf(store.proxy.edPublic) !== -1) { - // We are allowed: use our own rpc - rpc = store.rpc; - } else if (teams.some(function (teamId) { - // We're not allowed: check our teams - var ed = Util.find(store, ['proxy', 'teams', teamId, 'keys', 'drive', 'edPublic']); - if (allowed.indexOf(ed) === -1) { return false; } - // This team is allowed: use its rpc - var t = teamModule.getTeam(teamId); - rpc = t.rpc; - return true; - })) {} - if (!rpc) { return void cb('EFORBIDDEN'); } - rpc.send('COOKIE', '', function (err) { - cb(err); + onReadyEvt.reg(function () { + var rpc; + var teamModule = store.modules['team']; + var teams = (teamModule && teamModule.getTeams()) || []; + + if (allowed.indexOf(store.proxy.edPublic) !== -1) { + // We are allowed: use our own rpc + rpc = store.rpc; + } else if (teams.some(function (teamId) { + // We're not allowed: check our teams + var ed = Util.find(store, ['proxy', 'teams', teamId, 'keys', 'drive', 'edPublic']); + if (allowed.indexOf(ed) === -1) { return false; } + // This team is allowed: use its rpc + var t = teamModule.getTeam(teamId); + rpc = t.rpc; + return true; + })) {} + + if (!rpc) { return void cb('EFORBIDDEN'); } + rpc.send('COOKIE', '', function (err) { + cb(err); + }); }); }, onConnectionChange: function (info) { diff --git a/www/common/outer/sharedfolder.js b/www/common/outer/sharedfolder.js index 68fd8960c..8ade0d250 100644 --- a/www/common/outer/sharedfolder.js +++ b/www/common/outer/sharedfolder.js @@ -113,7 +113,6 @@ define([ if (!config.store.id && !config.store.network) { Cache.getChannelCache(secret.channel, waitFor(function (err, res) { if (err === "EINVAL") { // Cache not found - console.warn(secret.channel); waitFor.abort(); store.manager.restrictedProxy(id, secret.channel); // XXX unrestrict when we connect?