Skip to content

Commit

Permalink
sessionの脆弱性修正、アイコンとニックネームの変更に対応
Browse files Browse the repository at this point in the history
  • Loading branch information
@tako0614
tako0614 committed Jun 20, 2024
1 parent 8035605 commit 75c5e42
Show file tree
Hide file tree
Showing 21 changed files with 251 additions and 298 deletions.
2 changes: 2 additions & 0 deletions fresh.gen.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import * as $api_v1_server_talk_send from "./routes/api/v1/server/talk/send.ts"
import * as $api_v1_server_token from "./routes/api/v1/server/token.ts"
import * as $api_v1_server_users_ID_name from "./routes/api/v1/server/users/[ID]/name.ts"
import * as $api_v1_server_users_ID_uuid from "./routes/api/v1/server/users/[ID]/uuid.ts"
import * as $api_v1_setting_icon from "./routes/api/v1/setting/icon.ts"
import * as $api_v1_setting_index from "./routes/api/v1/setting/index.ts"
import * as $api_v1_users_icon from "./routes/api/v1/users/icon.ts"
import * as $api_v1_users_info_icon from "./routes/api/v1/users/info/icon.ts"
Expand Down Expand Up @@ -98,6 +99,7 @@ const manifest = {
$api_v1_server_users_ID_name,
"./routes/api/v1/server/users/[ID]/uuid.ts":
$api_v1_server_users_ID_uuid,
"./routes/api/v1/setting/icon.ts": $api_v1_setting_icon,
"./routes/api/v1/setting/index.ts": $api_v1_setting_index,
"./routes/api/v1/users/icon.ts": $api_v1_users_icon,
"./routes/api/v1/users/info/icon.ts": $api_v1_users_info_icon,
Expand Down
10 changes: 5 additions & 5 deletions islands/Chats/Chat.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,16 +94,16 @@ export default function Home(
useEffect(() => {
const createWebSocket = () => {
let wssprotocol
if (window.location.protocol === 'https:') {
if (window.location.protocol === "https:") {
wssprotocol = "wss://"
} else {
wssprotocol = "ws://"
}
const origin = window.location.origin;
const domain = (new URL(origin)).hostname;
const origin = window.location.origin
const domain = (new URL(origin)).host
const wsurl = wssprotocol + domain + "/api/v1/main"
const socket = new WebSocket(
wsurl
wsurl,
)
socket.onopen = () => {
socket.send(
Expand Down Expand Up @@ -191,7 +191,7 @@ export default function Home(
setTimeout(() => {
const socket = createWebSocket()
setWs(socket)
}, 1000);
}, 1000)
}
return socket
}
Expand Down
9 changes: 5 additions & 4 deletions islands/Chats/ChatTalk.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,8 @@ function TalkArea(props: any) {
<ul class="p-talk-chat-main__ul">
{props.talkData.map((data: any) => {
const isEncodeDate =
new Date(DateState).toLocaleDateString() !== new Date(data.time).toLocaleDateString()
new Date(DateState).toLocaleDateString() !==
new Date(data.time).toLocaleDateString()
DateState = data.time
if (data.type == "message") {
if (data.sender == props.userName) {
Expand All @@ -101,7 +102,7 @@ function TalkArea(props: any) {
<>
{isEncodeDate && (
<ChatDate
date={new Date(data.time)}
date={new Date(data.time)}
/>
)}
<ChatSendMessage
Expand All @@ -120,7 +121,7 @@ function TalkArea(props: any) {
<>
{isEncodeDate && (
<ChatDate
date={new Date(data.time)}
date={new Date(data.time)}
/>
)}
<ChatOtherMessage
Expand All @@ -138,7 +139,7 @@ function TalkArea(props: any) {
<>
{isEncodeDate && (
<ChatDate
date={new Date(data.time)}
date={new Date(data.time)}
/>
)}
<ChatOtherMessage
Expand Down
28 changes: 15 additions & 13 deletions islands/Chats/FriendRequest.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,7 @@ export default function RegisterForm() {
</p>
</div>
<div>
<Input
value={value}
setValue={setValue}
/>
<Input />
</div>
</div>
</div>
Expand Down Expand Up @@ -211,15 +208,20 @@ const VideoList = () => {
<div className="container mx-auto mt-8">
<div className="bg-white rounded-lg overflow-y-auto max-h-96 mx-auto">
<ul className="space-y-2 p-4">
{items.map((video, index) => (
<User
key={index}
icon={video.icon}
userName={video.userName}
items={items}
setItems={setItems}
/>
))}
{items.map((video, index) => {
if (!video || !video.icon) {
return null
}
return (
<User
key={index}
icon={video.icon}
userName={video.userName}
items={items}
setItems={setItems}
/>
)
})}
</ul>
</div>
</div>
Expand Down
50 changes: 26 additions & 24 deletions islands/Settings/Profile.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,8 @@ export default function RegisterForm(props: any) {
const [icon, setIcon] = useState<File | null | Uint8Array>(null)

const handleChnageIcon = (event: React.ChangeEvent<HTMLInputElement>) => {
if (event.target.files && event.target.files.length > 0) {
const file = event.target.files[0] // 最初のファイルを取得します
const fileReader = new FileReader()
fileReader.onload = function webViewerChangeFileReaderOnload(evt) {
if (evt.target) {
const buffer = evt.target.result
if (buffer instanceof ArrayBuffer) {
const uint8Array = new Uint8Array(buffer)
// 生成したUint8Arrayをコンソールに表示
console.log(uint8Array)
setIcon(uint8Array)
}
}
}
fileReader.readAsArrayBuffer(file)
if (event.currentTarget.files) {
setIcon(event.currentTarget.files[0])
}
}
const handleChangeNickName = (
Expand All @@ -30,22 +17,37 @@ export default function RegisterForm(props: any) {
}
const handleSubmit = async (event: h.JSX.TargetedEvent<any>) => {
event.preventDefault()
/* 画像ファイルをBase64に変更してNickNameと一緒に送信
{
nickName: nickName,
icon: icon,
}
の形のjsonで送信する
*/
const csrftoken = await fetch(
"/api/v1/csrftoken?origin=" + window.location.origin,
)
const token = await csrftoken.json()
const csrftokenValue = token.csrftoken
const formData = new FormData()
formData.append("icon", icon)
let requirement: {
nickName: string | boolean | null
icon: string | boolean | null
} = {
nickName: null,
icon: null,
}
if (!icon) {
requirement = {
nickName: true,
icon: false,
}
} else {
requirement = {
icon: true,
nickName: true,
}
formData.append("icon", icon);
}
if(!nickName){
requirement.nickName = false
}
formData.append("csrftoken", csrftokenValue)
formData.append("nickName", nickName)
formData.append("requirement", JSON.stringify(requirement))
const resp = await fetch("/api/v1/setting", {
method: "POST",
body: formData,
Expand All @@ -55,7 +57,7 @@ export default function RegisterForm(props: any) {
if (data.status === false) {
return
}
props.setSettingPage("")
alert("保存しました")
}
return (
<>
Expand Down
3 changes: 0 additions & 3 deletions islands/Welcome.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,3 @@ export default function Welcome({ sitekey }: { sitekey: string }) {
</>
)
}
function setRecaptcha(token: string) {
throw new Error("Function not implemented.")
}
5 changes: 4 additions & 1 deletion routes/api/v1/chats/friendList.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,10 @@ export const handler = {
})
}

const iscsrfToken = await csrftoken.findOne({ token: data.csrftoken })
const iscsrfToken = await csrftoken.findOne({
token: data.csrftoken,
sessionID: cookies.sessionid,
})
if (iscsrfToken === null || iscsrfToken === undefined) {
return new Response(JSON.stringify({ status: "csrftoken error" }), {
headers: { "Content-Type": "application/json" },
Expand Down
20 changes: 10 additions & 10 deletions routes/api/v1/friends/[ID]/icon.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,16 +70,16 @@ export const handler = {
try {
const filePath = `./files/userIcons/${
mailSpilit(FriendInfo.uuid)
}.webp`
}.jpeg`
const result = await Deno.readFile(filePath)
return new Response(result, {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 200,
})
} catch (error) {
console.error(error)
return new Response("./people.png", {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 400,
})
}
Expand Down Expand Up @@ -120,16 +120,16 @@ export const handler = {
try {
const filePath = `./files/userIcons/${
mailSpilit(user.uuid)
}.webp`
}.jpeg`
const result = await Deno.readFile(filePath)
return new Response(result, {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 200,
})
} catch (error) {
console.error(error)
return new Response("./people.png", {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 400,
})
}
Expand Down Expand Up @@ -197,16 +197,16 @@ export const handler = {
try {
const filePath = `./files/userIcons/${
splitUserName(friendid)?.name
}.webp`
}.jpeg`
const result = await Deno.readFile(filePath)
return new Response(result, {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 200,
})
} catch (error) {
console.error(error)
return new Response("./people.png", {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 400,
})
}
Expand Down Expand Up @@ -295,7 +295,7 @@ export const handler = {

const icon = await iconRes.arrayBuffer()
return new Response(icon, {
headers: { "Content-Type": "image/webp" },
headers: { "Content-Type": "image/jpeg" },
status: 200,
})
}
Expand Down
10 changes: 10 additions & 0 deletions routes/api/v1/friends/reqLists.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,16 @@ export const handler = {
},
),
)
if (result == null) {
return new Response(
JSON.stringify({ status: true, result: null }),
{
headers: { "Content-Type": "application/json" },
status: 200,
},
)
}
console.log(result)
return new Response(
JSON.stringify({ status: true, result: result }),
{
Expand Down
1 change: 1 addition & 0 deletions routes/api/v1/friends/request.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ export const handler = {

const csrfTokenRecord = await csrftoken.findOne({
token: data.csrftoken,
sessionID: cookies.sessionid,
})
if (
!csrfTokenRecord || csrfTokenRecord.sessionID !== cookies.sessionid
Expand Down
1 change: 1 addition & 0 deletions routes/api/v1/logins/logout.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ export const handler = {
}
const csrfTokenRecord = await csrftoken.findOne({
token: data.csrftoken,
sessionID: cookies.sessionid,
})
if (
!csrfTokenRecord ||
Expand Down
6 changes: 3 additions & 3 deletions routes/api/v1/logins/register.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,12 +231,12 @@ export const handler = {
age: age,
})
const defaultIcon = await Deno.readFile(
"./static/people.webp",
"./static/people.jpeg",
)
try {
const uuidBody = splitMail(result.uuid)
await Deno.writeFile(
`./files/userIcons/${uuidBody}.webp`,
`./files/userIcons/${uuidBody}.jpeg`,
defaultIcon,
)
} catch (error) {
Expand All @@ -247,7 +247,7 @@ export const handler = {
await Deno.mkdir("./files/userIcons")
await Deno.mkdir("./files/pictures")
await Deno.writeFile(
`./files/userIcons/${uuidBody}.webp`,
`./files/userIcons/${uuidBody}.jpeg`,
defaultIcon,
)
} catch (error) {
Expand Down
Loading

0 comments on commit 75c5e42

Please sign in to comment.