thegamer/Cable-Desktop
2
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Validate attachment urls

Browse source 
// FREEBIE
This commit is contained in:
lilia 2015-11-24 12:40:00 -08:00
parent f977827483
commit 4cc6b1ff9a
6 changed files with 74 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Gruntfile.js
View file

@ -127,7 +127,9 @@ module.exports = function(grunt) {
if (srcpath.match('background.js')) { if (srcpath.match('background.js')) {
return content.replace( return content.replace(
/textsecure-service-staging.whispersystems.org/g, /textsecure-service-staging.whispersystems.org/g,
'textsecure-service-ca.whispersystems.org:4433'); 'textsecure-service-ca.whispersystems.org:4433').replace(
/whispersystems-textsecure-attachments-staging.s3.amazonaws.com/g,
'whispersystems-textsecure-attachments.s3.amazonaws.com');
} else { } else {
return content; return content;
} }

5
js/background.js
View file

@ -54,6 +54,7 @@
}); });
var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org'; var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
var messageReceiver; var messageReceiver;
window.getSocketStatus = function() { window.getSocketStatus = function() {
if (messageReceiver) { if (messageReceiver) {
@ -96,7 +97,7 @@
var mySignalingKey = storage.get('signaling_key'); var mySignalingKey = storage.get('signaling_key');
// initialize the socket and start listening for messages // initialize the socket and start listening for messages
messageReceiver = new textsecure.MessageReceiver(SERVER_URL, USERNAME, PASSWORD, mySignalingKey); messageReceiver = new textsecure.MessageReceiver(SERVER_URL, USERNAME, PASSWORD, mySignalingKey, ATTACHMENT_SERVER_URL);
messageReceiver.addEventListener('message', onMessageReceived); messageReceiver.addEventListener('message', onMessageReceived);
messageReceiver.addEventListener('receipt', onDeliveryReceipt); messageReceiver.addEventListener('receipt', onDeliveryReceipt);
messageReceiver.addEventListener('contact', onContactReceived); messageReceiver.addEventListener('contact', onContactReceived);
@ -106,7 +107,7 @@
messageReceiver.addEventListener('contactsync', onContactSyncComplete); messageReceiver.addEventListener('contactsync', onContactSyncComplete);
window.textsecure.messaging = new textsecure.MessageSender(SERVER_URL, USERNAME, PASSWORD); window.textsecure.messaging = new textsecure.MessageSender(SERVER_URL, USERNAME, PASSWORD, ATTACHMENT_SERVER_URL);
if (firstRun === true && textsecure.storage.user.getDeviceId() != '1') { if (firstRun === true && textsecure.storage.user.getDeviceId() != '1') {
textsecure.messaging.sendRequestContactSyncMessage().then(function() { textsecure.messaging.sendRequestContactSyncMessage().then(function() {
textsecure.messaging.sendRequestGroupSyncMessage(); textsecure.messaging.sendRequestGroupSyncMessage();

51
js/libtextsecure.js
View file

@ -36241,15 +36241,24 @@ var TextSecureServer = (function() {
attachment : "/v1/attachments" attachment : "/v1/attachments"
}; };
var attachment_id_regex = RegExp( "^https:\/\/.*\/(\\d+)\?"); function TextSecureServer(url, username, password, attachment_server_url) {
function TextSecureServer(url, username, password) {
if (typeof url !== 'string') { if (typeof url !== 'string') {
throw new Error('Invalid server url'); throw new Error('Invalid server url');
} }
this.url = url; this.url = url;
this.username = username; this.username = username;
this.password = password; this.password = password;
this.attachment_id_regex = RegExp("^https:\/\/.*\/(\\d+)\?");
if (attachment_server_url) {
// strip trailing /
attachment_server_url = attachment_server_url.replace(/\/$/,'');
// and escape
attachment_server_url = attachment_server_url.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&');
this.attachment_id_regex = RegExp( "^" + attachment_server_url + "\/(\\d+)\?");
}
} }
TextSecureServer.prototype = { TextSecureServer.prototype = {
@ -36415,29 +36424,37 @@ var TextSecureServer = (function() {
httpType : 'GET', httpType : 'GET',
urlParameters : '/' + id, urlParameters : '/' + id,
}).then(function(response) { }).then(function(response) {
var match = response.location.match(this.attachment_id_regex);
if (!match) {
throw new Error('Received invalid attachment url');
}
return ajax(response.location, { return ajax(response.location, {
type : "GET", type : "GET",
responseType: "arraybuffer", responseType: "arraybuffer",
contentType : "application/octet-stream" contentType : "application/octet-stream"
}); });
}); }.bind(this));
}, },
putAttachment: function(encryptedBin) { putAttachment: function(encryptedBin) {
return this.ajax({ return this.ajax({
call : 'attachment', call : 'attachment',
httpType : 'GET', httpType : 'GET',
}).then(function(response) { }).then(function(response) {
// Extract the id as a string from the location url
// (workaround for ids too large for Javascript numbers)
var match = response.location.match(this.attachment_id_regex);
if (!match) {
throw new Error('Received invalid attachment url');
}
return ajax(response.location, { return ajax(response.location, {
type : "PUT", type : "PUT",
contentType : "application/octet-stream", contentType : "application/octet-stream",
data : encryptedBin, data : encryptedBin,
processData : false, processData : false,
}).then(function() { }).then(function() {
// Parse the id as a string from the location url return match[1];
// (workaround for ids too large for Javascript numbers) }.bind(this));
return response.location.match(attachment_id_regex)[1]; }.bind(this));
});
});
}, },
getMessageSocket: function() { getMessageSocket: function() {
return new WebSocket( return new WebSocket(
@ -36639,12 +36656,12 @@ var TextSecureServer = (function() {
* vim: ts=4:sw=4:expandtab * vim: ts=4:sw=4:expandtab
*/ */
function MessageReceiver(url, username, password, signalingKey) { function MessageReceiver(url, username, password, signalingKey, attachment_server_url) {
this.url = url; this.url = url;
this.signalingKey = signalingKey; this.signalingKey = signalingKey;
this.username = username; this.username = username;
this.password = password; this.password = password;
this.server = new TextSecureServer(url, username, password); this.server = new TextSecureServer(url, username, password, attachment_server_url);
var unencoded = textsecure.utils.unencodeNumber(username); var unencoded = textsecure.utils.unencodeNumber(username);
this.number = unencoded[0]; this.number = unencoded[0];
@ -37048,8 +37065,8 @@ MessageReceiver.prototype = {
window.textsecure = window.textsecure || {}; window.textsecure = window.textsecure || {};
textsecure.MessageReceiver = function(url, username, password, signalingKey) { textsecure.MessageReceiver = function(url, username, password, signalingKey, attachment_server_url) {
var messageReceiver = new MessageReceiver(url, username, password, signalingKey); var messageReceiver = new MessageReceiver(url, username, password, signalingKey, attachment_server_url);
this.addEventListener = messageReceiver.addEventListener.bind(messageReceiver); this.addEventListener = messageReceiver.addEventListener.bind(messageReceiver);
this.removeEventListener = messageReceiver.removeEventListener.bind(messageReceiver); this.removeEventListener = messageReceiver.removeEventListener.bind(messageReceiver);
this.getStatus = messageReceiver.getStatus.bind(messageReceiver); this.getStatus = messageReceiver.getStatus.bind(messageReceiver);
@ -37209,8 +37226,8 @@ OutgoingMessage.prototype = {
/* /*
* vim: ts=4:sw=4:expandtab * vim: ts=4:sw=4:expandtab
*/ */
function MessageSender(url, username, password) { function MessageSender(url, username, password, attachment_server_url) {
this.server = new TextSecureServer(url, username, password); this.server = new TextSecureServer(url, username, password, attachment_server_url);
this.pendingMessages = {}; this.pendingMessages = {};
} }
@ -37527,8 +37544,8 @@ MessageSender.prototype = {
window.textsecure = window.textsecure || {}; window.textsecure = window.textsecure || {};
textsecure.MessageSender = function(url, username, password) { textsecure.MessageSender = function(url, username, password, attachment_server_url) {
var sender = new MessageSender(url, username, password); var sender = new MessageSender(url, username, password, attachment_server_url);
textsecure.replay.registerFunction(sender.tryMessageAgain.bind(sender), textsecure.replay.Type.ENCRYPT_MESSAGE); textsecure.replay.registerFunction(sender.tryMessageAgain.bind(sender), textsecure.replay.Type.ENCRYPT_MESSAGE);
textsecure.replay.registerFunction(sender.transmitMessage.bind(sender), textsecure.replay.Type.TRANSMIT_MESSAGE); textsecure.replay.registerFunction(sender.transmitMessage.bind(sender), textsecure.replay.Type.TRANSMIT_MESSAGE);

35
libtextsecure/api.js
View file

@ -89,15 +89,24 @@ var TextSecureServer = (function() {
attachment : "/v1/attachments" attachment : "/v1/attachments"
}; };
var attachment_id_regex = RegExp( "^https:\/\/.*\/(\\d+)\?"); function TextSecureServer(url, username, password, attachment_server_url) {
function TextSecureServer(url, username, password) {
if (typeof url !== 'string') { if (typeof url !== 'string') {
throw new Error('Invalid server url'); throw new Error('Invalid server url');
} }
this.url = url; this.url = url;
this.username = username; this.username = username;
this.password = password; this.password = password;
this.attachment_id_regex = RegExp("^https:\/\/.*\/(\\d+)\?");
if (attachment_server_url) {
// strip trailing /
attachment_server_url = attachment_server_url.replace(/\/$/,'');
// and escape
attachment_server_url = attachment_server_url.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&');
this.attachment_id_regex = RegExp( "^" + attachment_server_url + "\/(\\d+)\?");
}
} }
TextSecureServer.prototype = { TextSecureServer.prototype = {
@ -263,29 +272,37 @@ var TextSecureServer = (function() {
httpType : 'GET', httpType : 'GET',
urlParameters : '/' + id, urlParameters : '/' + id,
}).then(function(response) { }).then(function(response) {
var match = response.location.match(this.attachment_id_regex);
if (!match) {
throw new Error('Received invalid attachment url');
}
return ajax(response.location, { return ajax(response.location, {
type : "GET", type : "GET",
responseType: "arraybuffer", responseType: "arraybuffer",
contentType : "application/octet-stream" contentType : "application/octet-stream"
}); });
}); }.bind(this));
}, },
putAttachment: function(encryptedBin) { putAttachment: function(encryptedBin) {
return this.ajax({ return this.ajax({
call : 'attachment', call : 'attachment',
httpType : 'GET', httpType : 'GET',
}).then(function(response) { }).then(function(response) {
// Extract the id as a string from the location url
// (workaround for ids too large for Javascript numbers)
var match = response.location.match(this.attachment_id_regex);
if (!match) {
throw new Error('Received invalid attachment url');
}
return ajax(response.location, { return ajax(response.location, {
type : "PUT", type : "PUT",
contentType : "application/octet-stream", contentType : "application/octet-stream",
data : encryptedBin, data : encryptedBin,
processData : false, processData : false,
}).then(function() { }).then(function() {
// Parse the id as a string from the location url return match[1];
// (workaround for ids too large for Javascript numbers) }.bind(this));
return response.location.match(attachment_id_regex)[1]; }.bind(this));
});
});
}, },
getMessageSocket: function() { getMessageSocket: function() {
return new WebSocket( return new WebSocket(

8
libtextsecure/message_receiver.js
View file

@ -2,12 +2,12 @@
* vim: ts=4:sw=4:expandtab * vim: ts=4:sw=4:expandtab
*/ */
function MessageReceiver(url, username, password, signalingKey) { function MessageReceiver(url, username, password, signalingKey, attachment_server_url) {
this.url = url; this.url = url;
this.signalingKey = signalingKey; this.signalingKey = signalingKey;
this.username = username; this.username = username;
this.password = password; this.password = password;
this.server = new TextSecureServer(url, username, password); this.server = new TextSecureServer(url, username, password, attachment_server_url);
var unencoded = textsecure.utils.unencodeNumber(username); var unencoded = textsecure.utils.unencodeNumber(username);
this.number = unencoded[0]; this.number = unencoded[0];
@ -411,8 +411,8 @@ MessageReceiver.prototype = {
window.textsecure = window.textsecure || {}; window.textsecure = window.textsecure || {};
textsecure.MessageReceiver = function(url, username, password, signalingKey) { textsecure.MessageReceiver = function(url, username, password, signalingKey, attachment_server_url) {
var messageReceiver = new MessageReceiver(url, username, password, signalingKey); var messageReceiver = new MessageReceiver(url, username, password, signalingKey, attachment_server_url);
this.addEventListener = messageReceiver.addEventListener.bind(messageReceiver); this.addEventListener = messageReceiver.addEventListener.bind(messageReceiver);
this.removeEventListener = messageReceiver.removeEventListener.bind(messageReceiver); this.removeEventListener = messageReceiver.removeEventListener.bind(messageReceiver);
this.getStatus = messageReceiver.getStatus.bind(messageReceiver); this.getStatus = messageReceiver.getStatus.bind(messageReceiver);

8
libtextsecure/sendmessage.js
View file

@ -1,8 +1,8 @@
/* /*
* vim: ts=4:sw=4:expandtab * vim: ts=4:sw=4:expandtab
*/ */
function MessageSender(url, username, password) { function MessageSender(url, username, password, attachment_server_url) {
this.server = new TextSecureServer(url, username, password); this.server = new TextSecureServer(url, username, password, attachment_server_url);
this.pendingMessages = {}; this.pendingMessages = {};
} }
@ -319,8 +319,8 @@ MessageSender.prototype = {
window.textsecure = window.textsecure || {}; window.textsecure = window.textsecure || {};
textsecure.MessageSender = function(url, username, password) { textsecure.MessageSender = function(url, username, password, attachment_server_url) {
var sender = new MessageSender(url, username, password); var sender = new MessageSender(url, username, password, attachment_server_url);
textsecure.replay.registerFunction(sender.tryMessageAgain.bind(sender), textsecure.replay.Type.ENCRYPT_MESSAGE); textsecure.replay.registerFunction(sender.tryMessageAgain.bind(sender), textsecure.replay.Type.ENCRYPT_MESSAGE);
textsecure.replay.registerFunction(sender.transmitMessage.bind(sender), textsecure.replay.Type.TRANSMIT_MESSAGE); textsecure.replay.registerFunction(sender.transmitMessage.bind(sender), textsecure.replay.Type.TRANSMIT_MESSAGE);