oxen-io/oxen-storage-server
1
0
Fork 0
mirror of https://github.com/oxen-io/oxen-storage-server.git synced 2023-12-13 21:00:26 +01:00
Code Issues Projects Releases Wiki Activity

Require loki or oxen prefix in server urls

Browse source
This commit is contained in:
Maxim Shishmarev 2021-04-08 14:47:44 +10:00
parent 305d73d62f
commit 41b434d6b2
3 changed files with 24 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
httpserver/onion_processing.cpp
View file

@ -194,6 +194,13 @@ static void relay_to_node(const ServiceNode& service_node,
} }
} }
bool is_server_url_allowed(std::string_view url) {
return (util::starts_with(url, "/loki/") ||
util::starts_with(url, "/oxen/")) &&
util::ends_with(url, "/lsrpc") &&
(url.find('?') == std::string::npos);
}
void RequestHandler::process_onion_req(const std::string& ciphertext, void RequestHandler::process_onion_req(const std::string& ciphertext,
const std::string& ephem_key, const std::string& ephem_key,
std::function<void(oxen::Response)> cb, std::function<void(oxen::Response)> cb,
@ -217,7 +224,8 @@ void RequestHandler::process_onion_req(const std::string& ciphertext,
process_ciphertext_v2(this->channel_cipher_, ciphertext, ephem_key); process_ciphertext_v2(this->channel_cipher_, ciphertext, ephem_key);
} else { } else {
OXEN_LOG(warn, "onion requests v1 are no longer supported"); OXEN_LOG(warn, "onion requests v1 are no longer supported");
cb(oxen::Response{Status::BAD_REQUEST, "onion requests v2 not supported"}); cb(oxen::Response{Status::BAD_REQUEST,
"onion requests v1 not supported"});
return; return;
} }
@ -246,8 +254,7 @@ void RequestHandler::process_onion_req(const std::string& ciphertext,
const auto& target = info->target; const auto& target = info->target;
// Forward the request to url but only if it ends in `/lsrpc` // Forward the request to url but only if it ends in `/lsrpc`
if ((util::ends_with(target, "/lsrpc")) && if (is_server_url_allowed(target)) {
(target.find('?') == std::string::npos)) {
this->process_onion_to_url(info->protocol, info->host, info->port, this->process_onion_to_url(info->protocol, info->host, info->port,
target, info->payload, std::move(cb)); target, info->payload, std::move(cb));

2
httpserver/onion_processing.h
View file

@ -66,4 +66,6 @@ auto parse_combined_payload(const std::string& payload) -> CiphertextPlusJson;
auto process_inner_request(const CiphertextPlusJson& parsed, auto process_inner_request(const CiphertextPlusJson& parsed,
std::string plaintext) -> ParsedInfo; std::string plaintext) -> ParsedInfo;
bool is_server_url_allowed(std::string_view url);
} // namespace oxen } // namespace oxen

12
unit_test/onion_requests.cpp
View file

@ -114,4 +114,16 @@ BOOST_AUTO_TEST_CASE(relay_to_node) {
} }
BOOST_AUTO_TEST_CASE(correctly_filters_urls) {
BOOST_CHECK(is_server_url_allowed("/loki/v3/lsrpc"));
BOOST_CHECK(is_server_url_allowed("/loki/oxen/v4/lsrpc"));
BOOST_CHECK(is_server_url_allowed("/oxen/v3/lsrpc"));
BOOST_CHECK(!is_server_url_allowed("/not_loki/v3/lsrpc"));
BOOST_CHECK(!is_server_url_allowed("/loki/v3"));
BOOST_CHECK(!is_server_url_allowed("/loki/v3/lsrpc?foo=bar"));
}
BOOST_AUTO_TEST_SUITE_END() BOOST_AUTO_TEST_SUITE_END()