Merge branch 'master' of http://github.com/amark/gun

SECURITY.md

@@ -0,0 +1,47 @@
+# Security Policy
+
+## Introduction
+
+Security is our top priority. We are committed to ensuring that our project is as secure as possible for everyone who uses it. This document outlines our security policy and procedures for dealing with security issues.
+
+## Supported Versions
+
+We provide security updates for the following versions of our project:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.2020.x| :white_check_mark: |
+| < 0.2020| :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.
+
+### Report Format
+
+When reporting vulnerabilities, please include the following details:
+
+- Description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact if left unaddressed
+- Suggested mitigation or resolution if any
+
+### Response Time
+
+We aim to confirm the receipt of your vulnerability report within 48 hours. Depending on the severity and complexity of the issue, we strive to investigate the issue and provide an initial response within a week.
+
+### Disclosure Policy
+
+If the vulnerability is confirmed, we will work on a fix and plan a release. We ask that you do not publicly disclose the issue until it has been addressed by us.
+
+## Security Practices
+
+We follow industry-standard security practices, including regular audits of the services and features we provide, to maintain the trust of our users.
+
+## Security Updates
+
+We will communicate any security updates through our standard communication channels, including our project's release notes and official website.
+
+## Conclusion
+
+We greatly value the work of security researchers and believe that responsible disclosure of vulnerabilities is a valuable contribution to the security of the Internet. We encourage users to contribute to the security of our project by reporting any security-related issues to us.

browser.js

@@ -1,4 +1,4 @@
-if(!(typeof navigator == "undefined") && navigator.product == "ReactNative"){
-    require("./lib/mobile.js");
-}
+// if(!(typeof navigator == "undefined") && navigator.product == "ReactNative"){
+//     require("./lib/mobile.js");
+// }
 module.exports = require('./gun.js');

lib/radisk.js

@@ -590,17 +590,15 @@
 		}
 	}());
 
-	if(typeof window !== "undefined"){
-	  var Gun = window.Gun;
-	  var Radix = window.Radix;
-	  window.Radisk = Radisk;
-	} else { 
-	  var Gun = require('../gun');
-		var Radix = require('./radix');
-		//var Radix = require('./radix2'); Radisk = require('./radisk2');
-		try{ module.exports = Radisk }catch(e){}
-	}
+	var Gun = (typeof window !== "undefined" && window.Gun)? window.Gun : require('../gun');
+	var Radix = (typeof window !== "undefined" && window.Radix)? window.Radix : require('./radix');
 
 	Radisk.Radix = Radix;
+	((name, exports) => {
+		try { module.exports = exports } catch (e) { }
+		if (typeof window !== "undefined") {
+			window[name] = window[name]||exports;
+		}
+	})("Radisk", Radisk);
 
 }());

lib/radix.js

@@ -108,11 +108,12 @@
 		} catch (e) { console.error(e); }
 	};
 
-	if(typeof window !== "undefined"){
-	  window.Radix = Radix;
-	} else { 
-		try{ module.exports = Radix }catch(e){}
-	}
+	(function(name, exports){
+		if(typeof window !== "undefined"){
+			window[name] = window[name]||exports;
+		} 
+		try{ module.exports = exports }catch(e){}
+	})("Radix",Radix);
 	var each = Radix.object = function(o, f, r){
 		for(var k in o){
 			if(!o.hasOwnProperty(k)){ continue }

lib/rfs.js

@@ -78,12 +78,12 @@ function Store(opt){
 	return store;
 }
 
-var Gun = (typeof window !== "undefined")? window.Gun : require('../gun');
+var Gun = (typeof window !== "undefined" && window.Gun) ? window.Gun : require('../gun');
 Gun.on('create', function(root){
 	this.to.next(root);
 	var opt = root.opt;
 	if(opt.rfs === false){ return }
-	opt.store = opt.store || (!Gun.window && Store(opt));
+	opt.store = opt.store || (!Gun.window || opt.rfs === true && Store(opt));
 });
 
 module.exports = Store;

rad.js

@@ -3,7 +3,7 @@
 	var sT = setTimeout, Book = sT.Book || require('gun/src/book'), RAD = sT.RAD || (sT.RAD = function(opt){
 		opt = opt || {};
 		opt.file = String(opt.file || 'radata');
-		var log = opt.log || nope;
+		var log = opt.log || console.log
 
 		var has = (sT.RAD.has || (sT.RAD.has = {}))[opt.file];
 		if(has){ return has } // TODO: BUG? Not reuses same instance?
@@ -115,7 +115,7 @@
 	sT.each = sT.each || function(l,f){l.forEach(f)};
 
 	try { module.exports = RAD } catch (e){ }
-
+/*
 	// junk below that needs to be cleaned up and corrected for the actual correct RAD API.
 	var env = {}, nope = function(){ }, nah = function(){ return nope }, u;
 	env.require = (typeof require !== '' + u && require) || nope;
@@ -141,7 +141,7 @@
 		stats.memory.used = env.process.memoryUsage().rss / 1024 / 1024; // in MB
 		console.log(stats.memory);
 	}, 9);
-
+*/
 }());
 
 

sea.js

@@ -1389,7 +1389,7 @@
             if (u !== data && u !== data.e && msg.put['>'] && msg.put['>'] > parseFloat(data.e)) return no("Certificate expired.") // certificate expired
             // "data.c" = a list of certificants/certified users
             // "data.w" = lex WRITE permission, in the future, there will be "data.r" which means lex READ permission
-            if (u !== data && data.c && data.w && (data.c === certificant || data.c.indexOf('*' || certificant) > -1)) {
+            if (u !== data && data.c && data.w && (data.c === certificant || data.c.indexOf('*') > -1 || data.c.indexOf(certificant) > -1)) {
               // ok, now "certificant" is in the "certificants" list, but is "path" allowed? Check path
               let path = soul.indexOf('/') > -1 ? soul.replace(soul.substring(0, soul.indexOf('/') + 1), '') : ''
               String.match = String.match || Gun.text.match