regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Maybe fix signed links?

Browse Source
This commit is contained in:
Regalijan 2023-10-23 20:32:18 -04:00
parent 4559349ac6
commit 320d33c5fa
Signed by untrusted user who does not match committer: regalijan
GPG Key ID: 5D4196DA269EF520
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
functions/api/me/items/[type]/[id].ts
View File

@ -15,7 +15,18 @@ export async function onRequestGet(context: RequestContext) {
user?: { id: string; username: string }; user?: { id: string; username: string };
} & { [k: string]: any }; } & { [k: string]: any };
if (data?.user?.id !== context.data.current_user.id)
return jsonError("Item does not exist", 404);
if (type === "report") { if (type === "report") {
let unsignedUrls = [];
const exp = Math.round(Date.now() / 1000) + 1800;
for (const attachment of data.attachments)
unsignedUrls.push(
`https://mediaproxy.carcrushers.cc/${attachment}?Expires=${exp}&KeyName=portal-media-linkgen`,
);
let resolvedUrls = []; let resolvedUrls = [];
let signingPromises = []; let signingPromises = [];
const key = await crypto.subtle.importKey( const key = await crypto.subtle.importKey(
@ -28,14 +39,14 @@ export async function onRequestGet(context: RequestContext) {
["sign"], ["sign"],
); );
const exp = Math.round(Date.now() / 1000) + 1800; for (let i = 0; i < unsignedUrls.length; i++)
for (const attachment of data.attachments) {
const unsignedUrl = `https://mediaproxy.carcrushers.cc/${attachment}?Expires=${exp}&KeyName=portal-media-linkgen`;
signingPromises.push( signingPromises.push(
crypto.subtle.sign("HMAC", key, new TextEncoder().encode(unsignedUrl)), crypto.subtle.sign(
"HMAC",
key,
new TextEncoder().encode(unsignedUrls[i]),
),
); );
}
let signatures: ArrayBuffer[]; let signatures: ArrayBuffer[];
@ -49,9 +60,7 @@ export async function onRequestGet(context: RequestContext) {
for (let i = 0; i < signatures.length; i++) { for (let i = 0; i < signatures.length; i++) {
resolvedUrls.push( resolvedUrls.push(
`https://mediaproxy.carcrushers.cc/${ `${unsignedUrls[i]}Signature=${btoa(
data.attachments[i]
}?Expires=${exp}&KeyName=portal-media-linkgen&Signature=${btoa(
String.fromCharCode(...new Uint8Array(signatures[i])), String.fromCharCode(...new Uint8Array(signatures[i])),
) )
.replaceAll("+", "-") .replaceAll("+", "-")
@ -63,8 +72,5 @@ export async function onRequestGet(context: RequestContext) {
data.resolved_attachments = resolvedUrls; data.resolved_attachments = resolvedUrls;
} }
if (data?.user?.id !== context.data.current_user.id)
return jsonError("Item does not exist", 404);
return jsonResponse(JSON.stringify(data)); return jsonResponse(JSON.stringify(data));
} }