freifunk/ffffng
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix: Some calls returned not only the node but also nodeSecrets.

Browse source 
* Broke REST-calls.
* Also prevents leaking monitoring tokens.
This commit is contained in:
baldo 2021-01-25 22:40:41 +01:00
parent 642803f0bb
commit cc44bce95a
2 changed files with 27 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
server/services/monitoringService.ts
View file

@ -296,7 +296,7 @@ async function sendMonitoringMailsBatched(
const mac = nodeState.mac; const mac = nodeState.mac;
Logger.tag('monitoring', 'mail-sending').debug('Loading node data for: %s', mac); Logger.tag('monitoring', 'mail-sending').debug('Loading node data for: %s', mac);
const result = await NodeService.getNodeDataByMac(mac); const result = await NodeService.getNodeDataWithSecretsByMac(mac);
if (!result) { if (!result) {
Logger Logger
.tag('monitoring', 'mail-sending') .tag('monitoring', 'mail-sending')
@ -502,7 +502,7 @@ async function retrieveNodeInformationForUrls(urls: string[]): Promise<RetrieveN
continue; continue;
} }
await storeNodeInformation(nodeData, result.node); await storeNodeInformation(nodeData, result);
Logger Logger
.tag('monitoring', 'information-retrieval') .tag('monitoring', 'information-retrieval')
@ -602,7 +602,7 @@ export async function getByMacs(macs: string[]): Promise<{[key: string]: NodeSta
} }
export async function confirm(token: string): Promise<Node> { export async function confirm(token: string): Promise<Node> {
const {node, nodeSecrets} = await NodeService.getNodeDataByMonitoringToken(token); const {node, nodeSecrets} = await NodeService.getNodeDataWithSecretsByMonitoringToken(token);
if (!node.monitoring || !nodeSecrets.monitoringToken || nodeSecrets.monitoringToken !== token) { if (!node.monitoring || !nodeSecrets.monitoringToken || nodeSecrets.monitoringToken !== token) {
throw {data: 'Invalid token.', type: ErrorTypes.badRequest}; throw {data: 'Invalid token.', type: ErrorTypes.badRequest};
} }
@ -618,7 +618,7 @@ export async function confirm(token: string): Promise<Node> {
} }
export async function disable(token: string): Promise<Node> { export async function disable(token: string): Promise<Node> {
const {node, nodeSecrets} = await NodeService.getNodeDataByMonitoringToken(token); const {node, nodeSecrets} = await NodeService.getNodeDataWithSecretsByMonitoringToken(token);
if (!node.monitoring || !nodeSecrets.monitoringToken || nodeSecrets.monitoringToken !== token) { if (!node.monitoring || !nodeSecrets.monitoringToken || nodeSecrets.monitoringToken !== token) {
throw {data: 'Invalid token.', type: ErrorTypes.badRequest}; throw {data: 'Invalid token.', type: ErrorTypes.badRequest};
} }
@ -695,8 +695,7 @@ export async function deleteOfflineNodes(): Promise<void> {
let node; let node;
try { try {
const result = await NodeService.getNodeDataByMac(mac); node = await NodeService.getNodeDataByMac(mac);
node = result && result.node;
} }
catch (error) { catch (error) {
// Only log error. We try to delete the nodes state anyways. // Only log error. We try to delete the nodes state anyways.

27
server/services/nodeService.ts
View file

@ -352,7 +352,7 @@ export async function createNode (node: Node): Promise<{token: Token, node: Node
} }
export async function updateNode (token: Token, node: Node): Promise<{token: Token, node: Node}> { export async function updateNode (token: Token, node: Node): Promise<{token: Token, node: Node}> {
const {node: currentNode, nodeSecrets} = await getNodeDataByToken(token); const {node: currentNode, nodeSecrets} = await getNodeDataWithSecretsByToken(token);
let monitoringConfirmed = false; let monitoringConfirmed = false;
let monitoringToken = ''; let monitoringToken = '';
@ -424,18 +424,35 @@ export async function getAllNodes(): Promise<Node[]> {
return nodes; return nodes;
} }
export async function getNodeDataByMac (mac: string): Promise<{node: Node, nodeSecrets: NodeSecrets} | null> { export async function getNodeDataWithSecretsByMac (mac: string): Promise<{node: Node, nodeSecrets: NodeSecrets} | null> {
return await findNodeDataByFilePattern({ mac: mac }); return await findNodeDataByFilePattern({ mac: mac });
} }
export async function getNodeDataByToken (token: Token): Promise<{node: Node, nodeSecrets: NodeSecrets}> { export async function getNodeDataByMac (mac: string): Promise<Node | null> {
const result = await findNodeDataByFilePattern({ mac: mac });
return result ? result.node : null;
}
export async function getNodeDataWithSecretsByToken (token: Token): Promise<{node: Node, nodeSecrets: NodeSecrets}> {
return await getNodeDataByFilePattern({ token: token }); return await getNodeDataByFilePattern({ token: token });
} }
export async function getNodeDataByToken (token: Token): Promise<Node> {
const {node} = await getNodeDataByFilePattern({ token: token });
return node;
}
export async function getNodeDataWithSecretsByMonitoringToken (
monitoringToken: MonitoringToken
): Promise<{node: Node, nodeSecrets: NodeSecrets}> {
return await getNodeDataByFilePattern({ monitoringToken: monitoringToken });
}
export async function getNodeDataByMonitoringToken ( export async function getNodeDataByMonitoringToken (
monitoringToken: MonitoringToken monitoringToken: MonitoringToken
): Promise<{node: Node, nodeSecrets: NodeSecrets}> { ): Promise<Node> {
return await getNodeDataByFilePattern({ monitoringToken: monitoringToken }); const {node} = await getNodeDataByFilePattern({ monitoringToken: monitoringToken });
return node;
} }
export async function fixNodeFilenames(): Promise<void> { export async function fixNodeFilenames(): Promise<void> {