web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use version 3 for hidden hashes

Browse Source
This commit is contained in:
yflory 2020-01-27 13:53:54 +01:00
parent 2c1e26cb52
commit 7b9f86157e
2 changed files with 43 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
www/common/common-hash.js
View File

@ -61,9 +61,9 @@ var factory = function (Util, Crypto, Nacl) {
} }
}; };
Hash.getHiddenHashFromKeys = function (type, secret, opts) { Hash.getHiddenHashFromKeys = function (type, secret, opts) {
var mode = (secret.keys && secret.keys.editKeyStr) ? 'edit' : 'view'; var mode = ((secret.keys && secret.keys.editKeyStr) || secret.key) ? 'edit' : 'view';
var pass = secret.password ? 'p/' : ''; var pass = secret.password ? 'p/' : '';
var hash = '/2/' + secret.type + '/' + mode + '/' + secret.channel + '/' + pass; var hash = '/3/' + type + '/' + mode + '/' + secret.channel + '/' + pass;
var href = '/' + type + '/#' + hash; var href = '/' + type + '/#' + hash;
var parsed = Hash.parsePadUrl(href); var parsed = Hash.parsePadUrl(href);
if (parsed.hashData && parsed.hashData.getHash) { if (parsed.hashData && parsed.hashData.getHash) {
@ -172,38 +172,12 @@ Version 1
}; };
var parseTypeHash = Hash.parseTypeHash = function (type, hash) { var parseTypeHash = Hash.parseTypeHash = function (type, hash) {
if (!hash) { return; } if (!hash) { return; }
var options; var options = [];
var parsed = {}; var parsed = {};
var hashArr = fixDuplicateSlashes(hash).split('/'); var hashArr = fixDuplicateSlashes(hash).split('/');
if (['media', 'file', 'user', 'invite'].indexOf(type) === -1) { if (['media', 'file', 'user', 'invite'].indexOf(type) === -1) {
parsed.type = 'pad'; parsed.type = 'pad';
parsed.getHash = function () { return hash; }; parsed.getHash = function () { return hash; };
if (hash.slice(0,1) !== '/' && hash.length >= 56) { // Version 0
// Old hash
parsed.channel = hash.slice(0, 32);
parsed.key = hash.slice(32, 56);
parsed.version = 0;
return parsed;
}
if (hashArr[1] && hashArr[1] === '1') { // Version 1
parsed.version = 1;
parsed.mode = hashArr[2];
parsed.channel = hashArr[3];
parsed.key = Crypto.b64AddSlashes(hashArr[4]);
options = hashArr.slice(5);
parsed.present = options.indexOf('present') !== -1;
parsed.embed = options.indexOf('embed') !== -1;
parsed.ownerKey = getOwnerKey(options);
parsed.getHash = function (opts) {
var hash = hashArr.slice(0, 5).join('/') + '/';
var owner = typeof(opts.ownerKey) !== "undefined" ? opts.ownerKey : parsed.ownerKey;
if (owner) { hash += owner + '/'; }
if (opts.embed) { hash += 'embed/'; }
if (opts.present) { hash += 'present/'; }
return hash;
};
parsed.getOptions = function () { parsed.getOptions = function () {
return { return {
embed: parsed.embed, embed: parsed.embed,
@ -211,26 +185,15 @@ Version 1
ownerKey: parsed.ownerKey ownerKey: parsed.ownerKey
}; };
}; };
if (hash.slice(0,1) !== '/' && hash.length >= 56) { // Version 0
// Old hash
parsed.channel = hash.slice(0, 32);
parsed.key = hash.slice(32, 56);
parsed.version = 0;
return parsed; return parsed;
} }
if (hashArr[1] && hashArr[1] === '2') { // Version 2
parsed.version = 2;
parsed.app = hashArr[2];
parsed.mode = hashArr[3];
// Check if the key is a channel ID
if (/^[a-f0-9]{32,34}$/.test(hashArr[4])) {
parsed.channel = hashArr[4];
} else {
parsed.key = hashArr[4];
}
options = hashArr.slice(5);
parsed.password = options.indexOf('p') !== -1;
parsed.present = options.indexOf('present') !== -1;
parsed.embed = options.indexOf('embed') !== -1;
parsed.ownerKey = getOwnerKey(options);
// Version >= 1: more hash options
parsed.getHash = function (opts) { parsed.getHash = function (opts) {
var hash = hashArr.slice(0, 5).join('/') + '/'; var hash = hashArr.slice(0, 5).join('/') + '/';
var owner = typeof(opts.ownerKey) !== "undefined" ? opts.ownerKey : parsed.ownerKey; var owner = typeof(opts.ownerKey) !== "undefined" ? opts.ownerKey : parsed.ownerKey;
@ -240,13 +203,44 @@ Version 1
if (opts.present) { hash += 'present/'; } if (opts.present) { hash += 'present/'; }
return hash; return hash;
}; };
parsed.getOptions = function () { var addOptions = function () {
return { parsed.password = options.indexOf('p') !== -1;
embed: parsed.embed, parsed.present = options.indexOf('present') !== -1;
present: parsed.present, parsed.embed = options.indexOf('embed') !== -1;
ownerKey: parsed.ownerKey parsed.ownerKey = getOwnerKey(options);
};
}; };
if (hashArr[1] && hashArr[1] === '1') { // Version 1
parsed.version = 1;
parsed.mode = hashArr[2];
parsed.channel = hashArr[3];
parsed.key = Crypto.b64AddSlashes(hashArr[4]);
options = hashArr.slice(5);
addOptions();
return parsed;
}
if (hashArr[1] && hashArr[1] === '2') { // Version 2
parsed.version = 2;
parsed.app = hashArr[2];
parsed.mode = hashArr[3];
parsed.key = hashArr[4];
options = hashArr.slice(5);
addOptions();
return parsed;
}
if (hashArr[1] && hashArr[1] === '3') { // Version 3: hidden hash
parsed.version = 3;
parsed.app = hashArr[2];
parsed.mode = hashArr[3];
parsed.channel = hashArr[4];
options = hashArr.slice(5);
addOptions();
return parsed; return parsed;
} }
return parsed; return parsed;
@ -536,7 +530,6 @@ Version 1
if (parsed.hashData.type === 'pad' || parsed.hashData.type === 'file') { if (parsed.hashData.type === 'pad' || parsed.hashData.type === 'file') {
if (!parsed.hashData.key && !parsed.hashData.channel) { return; } if (!parsed.hashData.key && !parsed.hashData.channel) { return; }
if (parsed.hashData.key && !/^[a-zA-Z0-9+-/=]+$/.test(parsed.hashData.key)) { return; } if (parsed.hashData.key && !/^[a-zA-Z0-9+-/=]+$/.test(parsed.hashData.key)) { return; }
if (parsed.hashData.channel && !/^[a-f0-9]{32,34}$/.test(parsed.hashData.channel)) { return; }
} }
} }
return true; return true;

2
www/common/sframe-common-outer.js
View File

@ -30,7 +30,7 @@ define([
var password; var password;
var initialPathInDrive; var initialPathInDrive;
var currentPad = { var currentPad = window.CryptPad_location = {
href: cfg.href || window.location.href, href: cfg.href || window.location.href,
hash: cfg.hash || window.location.hash hash: cfg.hash || window.location.hash
}; };