Fix: Some calls returned not only the node but also nodeSecrets.

* Broke REST-calls. * Also prevents leaking monitoring tokens.
2021-01-25 22:40:41 +01:00 · 2021-01-25 22:40:41 +01:00 · cc44bce95a
parent 642803f0bb
commit cc44bce95a
2 changed files with 27 additions and 11 deletions
--- a/server/services/monitoringService.ts
+++ b/server/services/monitoringService.ts
@ -296,7 +296,7 @@ async function sendMonitoringMailsBatched(
            const mac = nodeState.mac;
            Logger.tag('monitoring', 'mail-sending').debug('Loading node data for: %s', mac);

-            const result = await NodeService.getNodeDataByMac(mac);
+            const result = await NodeService.getNodeDataWithSecretsByMac(mac);
            if (!result) {
                Logger
                    .tag('monitoring', 'mail-sending')
@ -502,7 +502,7 @@ async function retrieveNodeInformationForUrls(urls: string[]): Promise<RetrieveN
            continue;
        }

-        await storeNodeInformation(nodeData, result.node);
+        await storeNodeInformation(nodeData, result);

        Logger
            .tag('monitoring', 'information-retrieval')
@ -602,7 +602,7 @@ export async function getByMacs(macs: string[]): Promise<{[key: string]: NodeSta
 }

 export async function confirm(token: string): Promise<Node> {
-    const {node, nodeSecrets} = await NodeService.getNodeDataByMonitoringToken(token);
+    const {node, nodeSecrets} = await NodeService.getNodeDataWithSecretsByMonitoringToken(token);
    if (!node.monitoring || !nodeSecrets.monitoringToken || nodeSecrets.monitoringToken !== token) {
        throw {data: 'Invalid token.', type: ErrorTypes.badRequest};
    }
@ -618,7 +618,7 @@ export async function confirm(token: string): Promise<Node> {
 }

 export async function disable(token: string): Promise<Node> {
-    const {node, nodeSecrets} = await NodeService.getNodeDataByMonitoringToken(token);
+    const {node, nodeSecrets} = await NodeService.getNodeDataWithSecretsByMonitoringToken(token);
    if (!node.monitoring || !nodeSecrets.monitoringToken || nodeSecrets.monitoringToken !== token) {
        throw {data: 'Invalid token.', type: ErrorTypes.badRequest};
    }
@ -695,8 +695,7 @@ export async function deleteOfflineNodes(): Promise<void> {
        let node;

        try {
-            const result = await NodeService.getNodeDataByMac(mac);
-            node = result && result.node;
+            node = await NodeService.getNodeDataByMac(mac);
        }
        catch (error) {
            // Only log error. We try to delete the nodes state anyways.
--- a/server/services/nodeService.ts
+++ b/server/services/nodeService.ts
@ -352,7 +352,7 @@ export async function createNode (node: Node): Promise<{token: Token, node: Node
 }

 export async function updateNode (token: Token, node: Node): Promise<{token: Token, node: Node}> {
-    const {node: currentNode, nodeSecrets} = await getNodeDataByToken(token);
+    const {node: currentNode, nodeSecrets} = await getNodeDataWithSecretsByToken(token);

    let monitoringConfirmed = false;
    let monitoringToken = '';
@ -424,18 +424,35 @@ export async function getAllNodes(): Promise<Node[]> {
    return nodes;
 }

-export async function getNodeDataByMac (mac: string): Promise<{node: Node, nodeSecrets: NodeSecrets} | null> {
+export async function getNodeDataWithSecretsByMac (mac: string): Promise<{node: Node, nodeSecrets: NodeSecrets} | null> {
    return await findNodeDataByFilePattern({ mac: mac });
 }

-export async function getNodeDataByToken (token: Token): Promise<{node: Node, nodeSecrets: NodeSecrets}> {
+export async function getNodeDataByMac (mac: string): Promise<Node | null> {
+    const result = await findNodeDataByFilePattern({ mac: mac });
+    return result ? result.node : null;
+}
+
+export async function getNodeDataWithSecretsByToken (token: Token): Promise<{node: Node, nodeSecrets: NodeSecrets}> {
    return await getNodeDataByFilePattern({ token: token });
 }

+export async function getNodeDataByToken (token: Token): Promise<Node> {
+    const {node} = await getNodeDataByFilePattern({ token: token });
+    return node;
+}
+
+export async function getNodeDataWithSecretsByMonitoringToken (
+    monitoringToken: MonitoringToken
+): Promise<{node: Node, nodeSecrets: NodeSecrets}> {
+    return await getNodeDataByFilePattern({ monitoringToken: monitoringToken });
+}
+
 export async function getNodeDataByMonitoringToken (
    monitoringToken: MonitoringToken
-): Promise<{node: Node, nodeSecrets: NodeSecrets}> {
-    return await getNodeDataByFilePattern({ monitoringToken: monitoringToken });
+): Promise<Node> {
+    const {node} = await getNodeDataByFilePattern({ monitoringToken: monitoringToken });
+    return node;
 }

 export async function fixNodeFilenames(): Promise<void> {