RSCord/ServerSpacebarOld
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prettier

Browse Source
This commit is contained in:
Rory& 2025-07-06 11:08:51 +02:00
parent 199a518092
commit b590482bfb
9 changed files with 148 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/api/routes/attachments/refresh-urls.ts
View File

@ -17,7 +17,11 @@
*/
import { route } from "@spacebar/api";
import { RefreshUrlsRequestSchema, getUrlSignature, NewUrlSignatureData } from "@spacebar/util";
import {
RefreshUrlsRequestSchema,
getUrlSignature,
NewUrlSignatureData,
} from "@spacebar/util";
import { Request, Response, Router } from "express";
const router = Router();
@ -37,12 +41,16 @@ router.post(
async (req: Request, res: Response) => {
const { attachment_urls } = req.body as RefreshUrlsRequestSchema;
const refreshed_urls = attachment_urls.map(url => {
return getUrlSignature(new NewUrlSignatureData({
url: url,
ip: req.ip,
userAgent: req.headers["user-agent"] as string
})).applyToUrl(url).toString();
const refreshed_urls = attachment_urls.map((url) => {
return getUrlSignature(
new NewUrlSignatureData({
url: url,
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}),
)
.applyToUrl(url)
.toString();
});
return res.status(200).json({

15
src/api/routes/channels/#channel_id/messages/#message_id/index.ts
View File

@ -30,7 +30,8 @@ import {
emitEvent,
getPermission,
getRights,
uploadFile, NewUrlUserSignatureData,
uploadFile,
NewUrlUserSignatureData,
} from "@spacebar/util";
import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server";
@ -245,10 +246,14 @@ router.put(
console.error("[Message] post-message handler failed", e),
);
return res.json(message.withSignedAttachments(new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
})));
return res.json(
message.withSignedAttachments(
new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}),
),
);
},
);

44
src/api/routes/channels/#channel_id/messages/index.ts
View File

@ -36,7 +36,9 @@ import {
getPermission,
isTextChannel,
getUrlSignature,
uploadFile, NewUrlSignatureData, NewUrlUserSignatureData,
uploadFile,
NewUrlSignatureData,
NewUrlUserSignatureData,
} from "@spacebar/util";
import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server";
@ -210,17 +212,25 @@ router.get(
y.proxy_url = url.toString();
y.proxy_url = getUrlSignature(new NewUrlSignatureData({
url: y.proxy_url,
userAgent: req.headers["user-agent"],
ip: req.ip,
})).applyToUrl(y.proxy_url).toString();
y.proxy_url = getUrlSignature(
new NewUrlSignatureData({
url: y.proxy_url,
userAgent: req.headers["user-agent"],
ip: req.ip,
}),
)
.applyToUrl(y.proxy_url)
.toString();
y.url = getUrlSignature(new NewUrlSignatureData({
url: y.url,
userAgent: req.headers["user-agent"],
ip: req.ip,
})).applyToUrl(y.url).toString();
y.url = getUrlSignature(
new NewUrlSignatureData({
url: y.url,
userAgent: req.headers["user-agent"],
ip: req.ip,
}),
)
.applyToUrl(y.url)
.toString();
});
/**
@ -439,10 +449,14 @@ router.post(
console.error("[Message] post-message handler failed", e),
);
return res.json(message.withSignedAttachments(new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
})));
return res.json(
message.withSignedAttachments(
new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}),
),
);
},
);

25
src/cdn/routes/attachments.ts
View File

@ -18,8 +18,10 @@
import {
Config,
hasValidSignature, NewUrlUserSignatureData,
Snowflake, UrlSignResult,
hasValidSignature,
NewUrlUserSignatureData,
Snowflake,
UrlSignResult,
} from "@spacebar/util";
import { Request, Response, Router } from "express";
import FileType from "file-type";
@ -93,16 +95,21 @@ router.get(
const path = `attachments/${channel_id}/${id}/${filename}`;
const fullUrl = (req.headers["x-forwarded-proto"] ?? req.protocol) + "://"
+ (req.headers["x-forwarded-host"] ?? req.hostname)
+ req.originalUrl;
const fullUrl =
(req.headers["x-forwarded-proto"] ?? req.protocol) +
"://" +
(req.headers["x-forwarded-host"] ?? req.hostname) +
req.originalUrl;
if (
Config.get().security.cdnSignUrls &&
!hasValidSignature(new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}), UrlSignResult.fromUrl(fullUrl))
!hasValidSignature(
new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}),
UrlSignResult.fromUrl(fullUrl),
)
) {
return res.status(404).send("This content is no longer available.");
}

17
src/gateway/listener/listener.ts
View File

@ -27,7 +27,8 @@ import {
EVENTEnum,
Relationship,
RelationshipType,
Message, NewUrlUserSignatureData,
Message,
NewUrlUserSignatureData,
} from "@spacebar/util";
import { OPCODES } from "../util/Constants";
import { Send } from "../util/Send";
@ -291,11 +292,15 @@ async function consume(this: WebSocket, opts: EventOpts) {
case "MESSAGE_CREATE":
case "MESSAGE_UPDATE":
// console.log(this.request)
if(data["attachments"])
data["attachments"] = Message.prototype.withSignedAttachments.call(data, new NewUrlUserSignatureData({
ip: this.ipAddress,
userAgent: this.userAgent
})).attachments;
if (data["attachments"])
data["attachments"] =
Message.prototype.withSignedAttachments.call(
data,
new NewUrlUserSignatureData({
ip: this.ipAddress,
userAgent: this.userAgent,
}),
).attachments;
break;
default:
break;

86
src/util/Signing.ts
View File

@ -39,7 +39,9 @@ export class NewUrlSignatureData extends NewUrlUserSignatureData {
this.path = data.path;
this.url = data.url;
if (!this.path && !this.url) {
throw new Error("Either path or url must be provided for URL signing");
throw new Error(
"Either path or url must be provided for URL signing",
);
}
if (this.path && this.url) {
console.warn(
@ -51,7 +53,9 @@ export class NewUrlSignatureData extends NewUrlUserSignatureData {
const parsedUrl = new URL(this.url);
this.path = parsedUrl.pathname;
} catch (e) {
throw new Error("Invalid URL provided for signing: " + this.url);
throw new Error(
"Invalid URL provided for signing: " + this.url,
);
}
}
}
@ -176,12 +180,21 @@ function calculateHash(request: UrlSignatureData): UrlSignResult {
expiresAt: request.expiresAt,
hash,
});
console.log("[Signing]", {
path: request.path,
validity: request.issuedAt + " .. " + request.expiresAt,
ua: Config.get().security.cdnSignatureIncludeUserAgent ? request.userAgent : "[disabled]",
ip: Config.get().security.cdnSignatureIncludeIp ? request.ip : "[disabled]"
}, "->", result);
console.log(
"[Signing]",
{
path: request.path,
validity: request.issuedAt + " .. " + request.expiresAt,
ua: Config.get().security.cdnSignatureIncludeUserAgent
? request.userAgent
: "[disabled]",
ip: Config.get().security.cdnSignatureIncludeIp
? request.ip
: "[disabled]",
},
"->",
result,
);
return result;
}
@ -212,7 +225,10 @@ export const isExpired = (data: UrlSignResult | UrlSignatureData) => {
return false;
};
export const hasValidSignature = (req: NewUrlUserSignatureData, sig: UrlSignResult) => {
export const hasValidSignature = (
req: NewUrlUserSignatureData,
sig: UrlSignResult,
) => {
// if the required query parameters are not present, return false
if (!sig.expiresAt || !sig.issuedAt || !sig.hash) {
console.warn(
@ -227,31 +243,45 @@ export const hasValidSignature = (req: NewUrlUserSignatureData, sig: UrlSignResu
return false;
}
const calcResult = calculateHash(new UrlSignatureData({
path: sig.path,
issuedAt: sig.issuedAt,
expiresAt: sig.expiresAt,
ip: req.ip,
userAgent: req.userAgent
}));
const calcResult = calculateHash(
new UrlSignatureData({
path: sig.path,
issuedAt: sig.issuedAt,
expiresAt: sig.expiresAt,
ip: req.ip,
userAgent: req.userAgent,
}),
);
const calcd = calcResult.hash;
const calculated = Buffer.from(calcd);
const received = Buffer.from(sig.hash as string);
console.assert(sig.issuedAt == calcResult.issuedAt, "[Signing] Mismatched issuedAt", {
is: sig.issuedAt,
calculated: calcResult.issuedAt,
});
console.assert(
sig.issuedAt == calcResult.issuedAt,
"[Signing] Mismatched issuedAt",
{
is: sig.issuedAt,
calculated: calcResult.issuedAt,
},
);
console.assert(sig.expiresAt == calcResult.expiresAt, "[Signing] Mismatched expiresAt", {
ex: sig.expiresAt,
calculated: calcResult.expiresAt,
});
console.assert(
sig.expiresAt == calcResult.expiresAt,
"[Signing] Mismatched expiresAt",
{
ex: sig.expiresAt,
calculated: calcResult.expiresAt,
},
);
console.assert(calculated.length === received.length, "[Signing] Mismatched hash length", {
calculated: calculated.length,
received: received.length,
});
console.assert(
calculated.length === received.length,
"[Signing] Mismatched hash length",
{
calculated: calculated.length,
received: received.length,
},
);
const isHashValid =
calculated.length === received.length &&

8
src/util/entities/Attachment.ts
View File

@ -84,10 +84,14 @@ export class Attachment extends BaseClass {
...this,
url: getUrlSignature(
new NewUrlSignatureData({ ...data, url: this.url }),
).applyToUrl(this.url).toString(),
)
.applyToUrl(this.url)
.toString(),
proxy_url: getUrlSignature(
new NewUrlSignatureData({ ...data, url: this.proxy_url }),
).applyToUrl(this.proxy_url).toString(),
)
.applyToUrl(this.proxy_url)
.toString(),
};
}
}

4
src/util/entities/Message.ts
View File

@ -266,8 +266,8 @@ export class Message extends BaseClass {
return {
...this,
attachments: this.attachments?.map((attachment: Attachment) =>
Attachment.prototype.signUrls.call(attachment, data)
)
Attachment.prototype.signUrls.call(attachment, data),
),
};
}
}

2
src/util/util/WebAuthn.ts
View File

@ -25,7 +25,7 @@ const jwtSignOptions: jwt.SignOptions = {
expiresIn: "5m",
};
const jwtVerifyOptions: jwt.VerifyOptions = {
algorithms: ["HS256"]
algorithms: ["HS256"],
};
export const WebAuthn: {