Skip to content

Fix to use url safe base64 #742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jackycute wants to merge 3 commits into from
Closed

Fix to use url safe base64 #742

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e776953
Remove and replace all note id compression in LZString with base64url
jackycute Feb 26, 2018
b67300b
Add migration for LZString compressed note id in history
jackycute Feb 26, 2018
3e3d016
Update to move note id encode/decode function back to model
jackycute Feb 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion lib/history.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
'use strict'
// history
// external modules
var LZString = require('lz-string')

// core
var config = require('./config')
Expand All @@ -27,7 +28,26 @@ function getHistory (userid, callback) {
}
var history = {}
if (user.history) {
history = parseHistoryToObject(JSON.parse(user.history))
history = JSON.parse(user.history)
// migrate LZString encoded note id to base64url encoded note id
for (let i = 0, l = history.length; i < l; i++) {
let item = history[i]
// try to parse in base64url
let id = models.Note.decodeNoteId(item.id)
if (!id || !models.Note.checkNoteIdValid(id)) {
// try to parse in LZString if it can't be parsed in base64url
try {
id = LZString.decompressFromBase64(item.id)
} catch (err) {
id = null
}
if (id && models.Note.checkNoteIdValid(id)) {
// replace the note id to base64url encoded note id
history[i].id = models.Note.encodeNoteId(id)
}
}
}
history = parseHistoryToObject(history)
}
if (config.debug) {
logger.info('read history success: ' + user.id)
Expand Down
27 changes: 27 additions & 0 deletions lib/models/note.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
var fs = require('fs')
var path = require('path')
var LZString = require('lz-string')
var base64url = require('base64url')
var md = require('markdown-it')()
var metaMarked = require('meta-marked')
var cheerio = require('cheerio')
Expand Down Expand Up @@ -114,6 +115,22 @@ module.exports = function (sequelize, DataTypes) {
return false
}
},
encodeNoteId: function (id) {
// remove dashes in UUID and encode in url-safe base64
return base64url.encode(id.replace(/-/g, ''))
},
decodeNoteId: function (encodedId) {
// decode from url-safe base64
let id = base64url.decode(encodedId)
// add dashes between the UUID string parts
let idParts = []
idParts.push(id.substr(0, 8))
idParts.push(id.substr(8, 4))
idParts.push(id.substr(12, 4))
idParts.push(id.substr(16, 4))
idParts.push(id.substr(20, 12))
return idParts.join('-')
},
checkNoteIdValid: function (id) {
var uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i
var result = id.match(uuidRegex)
Expand Down Expand Up @@ -190,6 +207,16 @@ module.exports = function (sequelize, DataTypes) {
return _callback(err, null)
})
},
parseNoteIdByBase64Url: function (_callback) {
// try to parse note id by base64url
try {
var id = Note.decodeNoteId(noteId)
if (id && Note.checkNoteIdValid(id)) { return callback(null, id) } else { return _callback(null, null) }
} catch (err) {
return _callback(err, null)
}
},
// parse note id by LZString is deprecated, here for compability
parseNoteIdByLZString: function (_callback) {
// try to parse note id by LZString Base64
try {
Expand Down
3 changes: 1 addition & 2 deletions lib/realtime.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ var cookie = require('cookie')
var cookieParser = require('cookie-parser')
var url = require('url')
var async = require('async')
var LZString = require('lz-string')
var randomcolor = require('randomcolor')
var Chance = require('chance')
var chance = new Chance()
Expand Down Expand Up @@ -703,7 +702,7 @@ function operationCallback (socket, operation) {
}

function updateHistory (userId, note, time) {
var noteId = note.alias ? note.alias : LZString.compressToBase64(note.id)
var noteId = note.alias ? note.alias : models.Note.encodeNoteId(note.id)
if (note.server) history.updateHistory(userId, noteId, note.server.document, time)
}

Expand Down
11 changes: 5 additions & 6 deletions lib/response.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
// external modules
var fs = require('fs')
var markdownpdf = require('markdown-pdf')
var LZString = require('lz-string')
var shortId = require('shortid')
var querystring = require('querystring')
var request = require('request')
Expand Down Expand Up @@ -124,7 +123,7 @@ function newNote (req, res, next) {
alias: req.alias ? req.alias : null,
content: req.body ? req.body : ''
}).then(function (note) {
return res.redirect(config.serverurl + '/' + LZString.compressToBase64(note.id))
return res.redirect(config.serverurl + '/' + models.Note.encodeNoteId(note.id))
}).catch(function (err) {
logger.error(err)
return response.errorInternalError(res)
Expand Down Expand Up @@ -179,7 +178,7 @@ function showNote (req, res, next) {
findNote(req, res, function (note) {
// force to use note id
var noteId = req.params.noteId
var id = LZString.compressToBase64(note.id)
var id = models.Note.encodeNoteId(note.id)
if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverurl + '/' + (note.alias || id)) }
return responseHackMD(res, note)
})
Expand Down Expand Up @@ -321,7 +320,7 @@ function actionPDF (req, res, note) {
function actionGist (req, res, note) {
var data = {
client_id: config.github.clientID,
redirect_uri: config.serverurl + '/auth/github/callback/' + LZString.compressToBase64(note.id) + '/gist',
redirect_uri: config.serverurl + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
scope: 'gist',
state: shortId.generate()
}
Expand Down Expand Up @@ -418,7 +417,7 @@ function publishNoteActions (req, res, next) {
var action = req.params.action
switch (action) {
case 'edit':
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
break
default:
res.redirect(config.serverurl + '/s/' + note.shortid)
Expand All @@ -432,7 +431,7 @@ function publishSlideActions (req, res, next) {
var action = req.params.action
switch (action) {
case 'edit':
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : LZString.compressToBase64(note.id)))
res.redirect(config.serverurl + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
break
default:
res.redirect(config.serverurl + '/p/' + note.shortid)
Expand Down
1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
"async": "^2.1.4",
"aws-sdk": "^2.7.20",
"base64url": "^2.0.0",
"blueimp-md5": "^2.6.0",
"body-parser": "^1.15.2",
"bootstrap": "^3.3.7",
Expand Down