feat(signature): verify hash
All checks were successful
Open PR on Staging / audit_and_check (pull_request) Successful in 38s
All checks were successful
Open PR on Staging / audit_and_check (pull_request) Successful in 38s
This commit is contained in:
parent
3255e93121
commit
a371e98e9e
@ -15,14 +15,9 @@ export const SignatureStrategy: MarkStrategy = {
|
|||||||
render: MarkRenderSignature,
|
render: MarkRenderSignature,
|
||||||
encryptAndUpload: async (value, encryptionKey) => {
|
encryptAndUpload: async (value, encryptionKey) => {
|
||||||
// Value is the stringified signature object
|
// Value is the stringified signature object
|
||||||
// Encode it as text to the arrayBuffer
|
// Encode it to the arrayBuffer
|
||||||
const encoder = new TextEncoder()
|
const encoder = new TextEncoder()
|
||||||
const uint8Array = encoder.encode(value)
|
const uint8Array = encoder.encode(value)
|
||||||
const hash = await getHash(uint8Array)
|
|
||||||
|
|
||||||
if (!hash) {
|
|
||||||
throw new Error("Can't get file hash.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!encryptionKey) {
|
if (!encryptionKey) {
|
||||||
throw new Error('Signature requires an encryption key')
|
throw new Error('Signature requires an encryption key')
|
||||||
@ -34,6 +29,11 @@ export const SignatureStrategy: MarkStrategy = {
|
|||||||
encryptionKey
|
encryptionKey
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const hash = await getHash(encryptedArrayBuffer)
|
||||||
|
if (!hash) {
|
||||||
|
throw new Error("Can't get encrypted file hash.")
|
||||||
|
}
|
||||||
|
|
||||||
// Create the encrypted json file from array buffer and hash
|
// Create the encrypted json file from array buffer and hash
|
||||||
const file = new File([encryptedArrayBuffer], `${hash}.json`)
|
const file = new File([encryptedArrayBuffer], `${hash}.json`)
|
||||||
|
|
||||||
@ -51,7 +51,7 @@ export const SignatureStrategy: MarkStrategy = {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Handle offline?
|
// TOOD: offline
|
||||||
}
|
}
|
||||||
|
|
||||||
return value
|
return value
|
||||||
@ -65,6 +65,15 @@ export const SignatureStrategy: MarkStrategy = {
|
|||||||
responseType: 'arraybuffer'
|
responseType: 'arraybuffer'
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// Verify hash
|
||||||
|
const parts = value.split('/')
|
||||||
|
const urlHash = parts[parts.length - 1]
|
||||||
|
const hash = await getHash(encryptedArrayBuffer.data)
|
||||||
|
if (hash !== urlHash) {
|
||||||
|
// TODO: handle hash verification failing
|
||||||
|
throw new Error('Unable to verify signature')
|
||||||
|
}
|
||||||
|
|
||||||
const arrayBuffer = await decryptArrayBuffer(
|
const arrayBuffer = await decryptArrayBuffer(
|
||||||
encryptedArrayBuffer.data,
|
encryptedArrayBuffer.data,
|
||||||
encryptionKey
|
encryptionKey
|
||||||
@ -76,11 +85,11 @@ export const SignatureStrategy: MarkStrategy = {
|
|||||||
if (arrayBuffer) {
|
if (arrayBuffer) {
|
||||||
// decode json
|
// decode json
|
||||||
const decoder = new TextDecoder()
|
const decoder = new TextDecoder()
|
||||||
const value = decoder.decode(arrayBuffer)
|
const json = decoder.decode(arrayBuffer)
|
||||||
return value
|
return json
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle offline?
|
// TOOD: offline
|
||||||
return value
|
return value
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user