From 53d16d7dac9504e86ce379e6d87630420074ac4a Mon Sep 17 00:00:00 2001 From: Audric Ackermann Date: Tue, 23 Mar 2021 16:47:39 +1100 Subject: [PATCH 1/2] remove fallback to node-fetch --- app/config.js | 1 - js/modules/debuglogs.js | 6 +- js/modules/loki_app_dot_net_api.js | 39 +++--- js/modules/loki_primitives.js | 11 +- js/modules/loki_public_chat_api.js | 123 ++++++++++-------- .../session/LeftPaneContactSection.tsx | 3 +- .../conversation/SessionStagedLinkPreview.tsx | 10 +- ts/models/conversation.ts | 6 +- ts/session/onions/index.ts | 12 +- ts/session/snode_api/lokiRpc.ts | 60 ++++----- ts/session/snode_api/onions.ts | 9 +- ts/session/snode_api/serviceNodeAPI.ts | 30 +++-- ts/session/snode_api/snodePool.ts | 20 ++- ts/session/snode_api/swarmPolling.ts | 1 - ts/session/snode_api/swarmPollingStub.ts | 4 +- .../integration/stubs/stub_message_api.ts | 4 +- ts/util/linkPreviewFetch.ts | 1 - ts/util/lint/exceptions.json | 8 -- 18 files changed, 169 insertions(+), 179 deletions(-) diff --git a/app/config.js b/app/config.js index 760f20e33..4419147fd 100644 --- a/app/config.js +++ b/app/config.js @@ -23,7 +23,6 @@ if (environment === 'production') { process.env.HOSTNAME = ''; process.env.ALLOW_CONFIG_MUTATIONS = ''; process.env.SUPPRESS_NO_CONFIG_WARNING = ''; - process.env.NODE_TLS_REJECT_UNAUTHORIZED = ''; // We could be running againt production but still be in dev mode, we need to handle that if (!isDevelopment) { diff --git a/js/modules/debuglogs.js b/js/modules/debuglogs.js index bea65a431..eb26aea5a 100644 --- a/js/modules/debuglogs.js +++ b/js/modules/debuglogs.js @@ -2,7 +2,7 @@ /* global window */ const FormData = require('form-data'); -const fetch = require('node-fetch'); +const insecureNodeFetch = require('node-fetch'); const BASE_URL = 'https://debuglogs.org'; const VERSION = window.getVersion(); @@ -10,7 +10,7 @@ const USER_AGENT = `Session ${VERSION}`; // upload :: String -> Promise URL exports.upload = async content => { - const signedForm = await fetch(BASE_URL, { + const signedForm = await insecureNodeFetch(BASE_URL, { headers: { 'user-agent': USER_AGENT, }, @@ -38,7 +38,7 @@ exports.upload = async content => { filename: `session-desktop-debug-log-${VERSION}.txt`, }); - const result = await fetch(url, { + const result = await insecureNodeFetch(url, { method: 'POST', body: form, }); diff --git a/js/modules/loki_app_dot_net_api.js b/js/modules/loki_app_dot_net_api.js index 80b940e4f..1921be595 100644 --- a/js/modules/loki_app_dot_net_api.js +++ b/js/modules/loki_app_dot_net_api.js @@ -1,7 +1,7 @@ /* global log, textsecure, libloki, Signal, Whisper, clearTimeout, getMessageController, libsignal, StringView, window, _, dcodeIO, Buffer, process */ -const nodeFetch = require('node-fetch'); +const insecureNodeFetch = require('node-fetch'); const { URL, URLSearchParams } = require('url'); const FormData = require('form-data'); const https = require('https'); @@ -253,7 +253,7 @@ const serverRequest = async (endpoint, options = {}) => { let response; let result; let txtResponse; - let mode = 'nodeFetch'; + let mode = 'insecureNodeFetch'; try { const host = url.host.toLowerCase(); // log.info('host', host, FILESERVER_HOSTS); @@ -268,7 +268,12 @@ const serverRequest = async (endpoint, options = {}) => { fetchOptions, options )); - } else if (window.lokiFeatureFlags.useFileOnionRequests && srvPubKey) { + } else if (window.lokiFeatureFlags.useFileOnionRequests) { + if (!srvPubKey) { + throw new Error( + 'useFileOnionRequests=true but we do not have a server pubkey set.' + ); + } mode = 'sendViaOnionOG'; ({ response, txtResponse, result } = await sendViaOnion( srvPubKey, @@ -277,13 +282,9 @@ const serverRequest = async (endpoint, options = {}) => { options )); } else { - // disable check for .loki - process.env.NODE_TLS_REJECT_UNAUTHORIZED = host.match(/\.loki$/i) - ? '0' - : '1'; - result = await nodeFetch(url, fetchOptions); - // always make sure this check is enabled - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'; + // we end up here only if window.lokiFeatureFlags.useFileOnionRequests is false + log.info(`insecureNodeFetch => plaintext for ${url}`); + result = await insecureNodeFetch(url, fetchOptions); txtResponse = await result.text(); // cloudflare timeouts (504s) will be html... @@ -1395,23 +1396,13 @@ class LokiPublicChannelAPI { // do we already have this image? no, then // download a copy and save it - const imageData = await nodeFetch(avatarAbsUrl); - // eslint-disable-next-line no-inner-declarations - function toArrayBuffer(buf) { - const ab = new ArrayBuffer(buf.length); - const view = new Uint8Array(ab); - // eslint-disable-next-line no-plusplus - for (let i = 0; i < buf.length; i++) { - view[i] = buf[i]; - } - return ab; - } - // eslint-enable-next-line no-inner-declarations + const imageData = await this.serverAPI.downloadAttachment( + avatarAbsUrl + ); - const buffer = await imageData.buffer(); const newAttributes = await window.Signal.Types.Conversation.maybeUpdateAvatar( this.conversation.attributes, - toArrayBuffer(buffer), + imageData, { writeNewAttachmentData, deleteAttachmentData, diff --git a/js/modules/loki_primitives.js b/js/modules/loki_primitives.js index c673b7110..f296b9ea0 100644 --- a/js/modules/loki_primitives.js +++ b/js/modules/loki_primitives.js @@ -41,9 +41,14 @@ async function allowOnlyOneAtATime(name, process, timeout) { try { innerRetVal = await process(); } catch (e) { - log.error( - `loki_primitives:::allowOnlyOneAtATime - error ${e.code} ${e.message}` - ); + if (typeof e === 'string') { + log.error(`loki_primitives:::allowOnlyOneAtATime - error ${e}`); + } else { + log.error( + `loki_primitives:::allowOnlyOneAtATime - error ${e.code} ${e.message}` + ); + } + // clear timeout timer if (timeout) { if (timeoutTimer !== null) { diff --git a/js/modules/loki_public_chat_api.js b/js/modules/loki_public_chat_api.js index 116c5e28e..1e722b82e 100644 --- a/js/modules/loki_public_chat_api.js +++ b/js/modules/loki_public_chat_api.js @@ -2,78 +2,93 @@ const EventEmitter = require('events'); const LokiAppDotNetAPI = require('./loki_app_dot_net_api'); -const nodeFetch = require('node-fetch'); - +const insecureNodeFetch = require('node-fetch'); + +/** + * Tries to establish a connection with the specified open group url. + * + * This will try to do an onion routing call if the `useFileOnionRequests` feature flag is set, + * or call directly insecureNodeFetch if it's not. + * + * Returns + * * true if useFileOnionRequests is false and no exception where thrown by insecureNodeFetch + * * true if useFileOnionRequests is true and we established a connection to the server with onion routing + * * false otherwise + * + */ const validOpenGroupServer = async serverUrl => { // test to make sure it's online (and maybe has a valid SSL cert) try { const url = new URL(serverUrl); - if (window.lokiFeatureFlags.useFileOnionRequests) { - // check for LSRPC + if (!window.lokiFeatureFlags.useFileOnionRequests) { + // we are not running with onion request + // this is an insecure insecureNodeFetch. It will expose the user ip to the serverUrl (not onion routed) + log.info(`insecureNodeFetch => plaintext for ${url.toString()}`); - // this is safe (as long as node's in your trust model) - // because - const result = await window.tokenlessFileServerAdnAPI.serverRequest( - `loki/v1/getOpenGroupKey/${url.hostname}` - ); + // we probably have to check the response here + await insecureNodeFetch(serverUrl); + return true; + } + // This MUST be an onion routing call, no nodeFetch calls below here. + + /** + * this is safe (as long as node's in your trust model) + * + * First, we need to fetch the open group public key of this open group. + * The fileserver have all the open groups public keys. + * We need the open group public key because for onion routing we will need to encode + * our request with it. + * We can just ask the file-server to get the one for the open group we are trying to add. + */ + + const result = await window.tokenlessFileServerAdnAPI.serverRequest( + `loki/v1/getOpenGroupKey/${url.hostname}` + ); - if (result.response.meta.code === 200) { - // supports it - const obj = JSON.parse(result.response.data); - const pubKey = dcodeIO.ByteBuffer.wrap( - obj.data, - 'base64' - ).toArrayBuffer(); - // verify it works... - // get around the FILESERVER_HOSTS filter by not using serverRequest - const res = await LokiAppDotNetAPI.sendViaOnion( - pubKey, - url, - { method: 'GET' }, - { noJson: true } - ); - if (res.result && res.result.status === 200) { - log.info( - `loki_public_chat::validOpenGroupServer - onion routing enabled on ${url.toString()}` - ); - // save pubkey for use... - window.lokiPublicChatAPI.openGroupPubKeys[serverUrl] = pubKey; - return true; - } - // otherwise fall back - } else if (result.response.meta.code !== 404) { - // unknown error code - log.warn( - 'loki_public_chat::validOpenGroupServer - unknown error code', - result.response.meta + if (result.response.meta.code === 200) { + // we got the public key of the server we are trying to add. + // decode it. + const obj = JSON.parse(result.response.data); + const pubKey = dcodeIO.ByteBuffer.wrap( + obj.data, + 'base64' + ).toArrayBuffer(); + // verify we can make an onion routed call to that open group with the decoded public key + // get around the FILESERVER_HOSTS filter by not using serverRequest + const res = await LokiAppDotNetAPI.sendViaOnion( + pubKey, + url, + { method: 'GET' }, + { noJson: true } + ); + if (res.result && res.result.status === 200) { + log.info( + `loki_public_chat::validOpenGroupServer - onion routing enabled on ${url.toString()}` ); + // save pubkey for use... + window.lokiPublicChatAPI.openGroupPubKeys[serverUrl] = pubKey; + return true; } + // return here, just so we are sure adding some code below won't do a nodeFetch fallback + return false; + } else if (result.response.meta.code !== 404) { + // unknown error code + log.warn( + 'loki_public_chat::validOpenGroupServer - unknown error code', + result.response.meta + ); } - // doesn't support it, fallback - log.info( - `loki_public_chat::validOpenGroupServer - directly contacting ${url.toString()}` - ); - - // allow .loki (may only need an agent but not sure - // until we have a .loki to test with) - process.env.NODE_TLS_REJECT_UNAUTHORIZED = url.host.match(/\.loki$/i) - ? '0' - : '1'; - await nodeFetch(serverUrl); - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'; - // const txt = await res.text(); + return false; } catch (e) { - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'; log.warn( `loki_public_chat::validOpenGroupServer - failing to create ${serverUrl}`, e.code, e.message ); // bail out if not valid enough - return false; } - return true; + return false; }; class LokiPublicChatFactoryAPI extends EventEmitter { diff --git a/ts/components/session/LeftPaneContactSection.tsx b/ts/components/session/LeftPaneContactSection.tsx index 03c14e309..aef6f6f11 100644 --- a/ts/components/session/LeftPaneContactSection.tsx +++ b/ts/components/session/LeftPaneContactSection.tsx @@ -127,8 +127,7 @@ export class LeftPaneContactSection extends React.Component { if (error) { ToastUtils.pushToastError('addContact', error); } else { - // tslint:disable-next-line: no-floating-promises - ConversationController.getInstance() + void ConversationController.getInstance() .getOrCreateAndWait(sessionID, 'private') .then(() => { this.props.openConversationExternal(sessionID); diff --git a/ts/components/session/conversation/SessionStagedLinkPreview.tsx b/ts/components/session/conversation/SessionStagedLinkPreview.tsx index 63c627657..b11c0bf84 100644 --- a/ts/components/session/conversation/SessionStagedLinkPreview.tsx +++ b/ts/components/session/conversation/SessionStagedLinkPreview.tsx @@ -2,7 +2,7 @@ import React from 'react'; import { arrayBufferFromFile } from '../../../types/Attachment'; import { AttachmentUtil, LinkPreviewUtil } from '../../../util'; import { StagedLinkPreviewData } from './SessionCompositionBox'; -import fetch from 'node-fetch'; +import { default as insecureNodeFetch } from 'node-fetch'; import { fetchLinkPreviewImage } from '../../../util/linkPreviewFetch'; import { AbortSignal } from 'abort-controller'; import { StagedLinkPreview } from '../../conversation/StagedLinkPreview'; @@ -37,8 +37,10 @@ export const getPreview = async ( throw new Error('Link not safe for preview'); } + window.log.info('insecureNodeFetch => plaintext for getPreview()'); + const linkPreviewMetadata = await LinkPreviewUtil.fetchLinkPreviewMetadata( - fetch, + insecureNodeFetch, url, abortSignal ); @@ -51,8 +53,10 @@ export const getPreview = async ( if (imageHref && window.Signal.LinkPreviews.isLinkSafeToPreview(imageHref)) { let objectUrl: void | string; try { + window.log.info('insecureNodeFetch => plaintext for getPreview()'); + const fullSizeImage = await fetchLinkPreviewImage( - fetch, + insecureNodeFetch, imageHref, abortSignal ); diff --git a/ts/models/conversation.ts b/ts/models/conversation.ts index dec179e1e..05c258c56 100644 --- a/ts/models/conversation.ts +++ b/ts/models/conversation.ts @@ -437,9 +437,9 @@ export class ConversationModel extends Backbone.Model { const newAdmins = _.sortBy(groupAdmins); if (_.isEqual(existingAdmins, newAdmins)) { - window.log.info( - 'Skipping updates of groupAdmins/moderators. No change detected.' - ); + // window.log.info( + // 'Skipping updates of groupAdmins/moderators. No change detected.' + // ); return; } this.set({ groupAdmins }); diff --git a/ts/session/onions/index.ts b/ts/session/onions/index.ts index a3b5b6e4a..396c8c4eb 100644 --- a/ts/session/onions/index.ts +++ b/ts/session/onions/index.ts @@ -2,8 +2,9 @@ import { allowOnlyOneAtATime } from '../../../js/modules/loki_primitives'; import { getGuardNodes } from '../../../ts/data/data'; import * as SnodePool from '../snode_api/snodePool'; import _ from 'lodash'; -import fetch from 'node-fetch'; +import { default as insecureNodeFetch } from 'node-fetch'; import { UserUtils } from '../utils'; +import { snodeHttpsAgent } from '../snode_api/onions'; type Snode = SnodePool.Snode; @@ -155,23 +156,22 @@ export class OnionPaths { body: JSON.stringify(body), headers: { 'Content-Type': 'application/json' }, timeout: 10000, // 10s, we want a smaller timeout for testing + agent: snodeHttpsAgent, }; - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; - let response; try { // Log this line for testing // curl -k -X POST -H 'Content-Type: application/json' -d '"+fetchOptions.body.replace(/"/g, "\\'")+"'", url - response = await fetch(url, fetchOptions); + window.log.info('insecureNodeFetch => plaintext for testGuardNode'); + + response = await insecureNodeFetch(url, fetchOptions); } catch (e) { if (e.type === 'request-timeout') { log.warn('test timeout for node,', snode); } return false; - } finally { - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'; } if (!response.ok) { diff --git a/ts/session/snode_api/lokiRpc.ts b/ts/session/snode_api/lokiRpc.ts index 719547288..7cde6be15 100644 --- a/ts/session/snode_api/lokiRpc.ts +++ b/ts/session/snode_api/lokiRpc.ts @@ -1,48 +1,15 @@ -import fetch from 'node-fetch'; -import https from 'https'; +import { default as insecureNodeFetch } from 'node-fetch'; import { Snode } from './snodePool'; -import { lokiOnionFetch, SnodeResponse } from './onions'; - -const snodeHttpsAgent = new https.Agent({ - rejectUnauthorized: false, -}); - -async function lokiPlainFetch( - url: string, - fetchOptions: any -): Promise { - const { log } = window; - - if (url.match(/https:\/\//)) { - // import that this does not get set in lokiFetch fetchOptions - fetchOptions.agent = snodeHttpsAgent; - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; - } else { - log.debug('lokirpc:::lokiFetch - http communication', url); - } - const response = await fetch(url, fetchOptions); - // restore TLS checking - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'; - - if (!response.ok) { - throw new window.textsecure.HTTPError('Loki_rpc error', response); - } - const result = await response.text(); - - return { - body: result, - status: response.status, - }; -} +import { lokiOnionFetch, snodeHttpsAgent, SnodeResponse } from './onions'; interface FetchOptions { method: string; } // A small wrapper around node-fetch which deserializes response -// returns nodeFetch response or false +// returns insecureNodeFetch response or false async function lokiFetch( url: string, options: FetchOptions, @@ -64,7 +31,26 @@ async function lokiFetch( return await lokiOnionFetch(fetchOptions.body, targetNode); } - return await lokiPlainFetch(url, fetchOptions); + if (url.match(/https:\/\//)) { + // import that this does not get set in lokiFetch fetchOptions + fetchOptions.agent = snodeHttpsAgent; + } else { + window.log.warn( + 'lokirpc:::lokiFetch - insecureNodeFetch http communication', + url + ); + } + const response = await insecureNodeFetch(url, fetchOptions); + + if (!response.ok) { + throw new window.textsecure.HTTPError('Loki_rpc error', response); + } + const result = await response.text(); + + return { + body: result, + status: response.status, + }; } catch (e) { if (e.code === 'ENOTFOUND') { throw new window.textsecure.NotFoundError('Failed to resolve address', e); diff --git a/ts/session/snode_api/onions.ts b/ts/session/snode_api/onions.ts index 49efb13bc..b10c70f7c 100644 --- a/ts/session/snode_api/onions.ts +++ b/ts/session/snode_api/onions.ts @@ -1,4 +1,4 @@ -import fetch from 'node-fetch'; +import { default as insecureNodeFetch } from 'node-fetch'; import https from 'https'; import { Snode } from './snodePool'; @@ -353,7 +353,7 @@ const processOnionResponse = async ( } }; -const snodeHttpsAgent = new https.Agent({ +export const snodeHttpsAgent = new https.Agent({ rejectUnauthorized: false, }); @@ -457,7 +457,10 @@ const sendOnionRequest = async ( const target = useV2 ? '/onion_req/v2' : '/onion_req'; const guardUrl = `https://${nodePath[0].ip}:${nodePath[0].port}${target}`; - const response = await fetch(guardUrl, guardFetchOptions); + // no logs for that one as we do need to call insecureNodeFetch to our guardNode + // window.log.info('insecureNodeFetch => plaintext for sendOnionRequest'); + + const response = await insecureNodeFetch(guardUrl, guardFetchOptions); return processOnionResponse( reqIdx, diff --git a/ts/session/snode_api/serviceNodeAPI.ts b/ts/session/snode_api/serviceNodeAPI.ts index 31c0fa899..51d09ace4 100644 --- a/ts/session/snode_api/serviceNodeAPI.ts +++ b/ts/session/snode_api/serviceNodeAPI.ts @@ -1,10 +1,12 @@ // we don't throw or catch here - -import https from 'https'; -import fetch from 'node-fetch'; +import { default as insecureNodeFetch } from 'node-fetch'; import { snodeRpc } from './lokiRpc'; -import { sendOnionRequestLsrpcDest, SnodeResponse } from './onions'; +import { + sendOnionRequestLsrpcDest, + snodeHttpsAgent, + SnodeResponse, +} from './onions'; import { sleepFor } from '../../../js/modules/loki_primitives'; @@ -17,10 +19,6 @@ import { updateSnodesFor, } from './snodePool'; -const snodeHttpsAgent = new https.Agent({ - rejectUnauthorized: false, -}); - export async function getVersion( node: Snode, retries: number = 0 @@ -30,11 +28,14 @@ export async function getVersion( const { log } = window; try { - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; - const result = await fetch(`https://${node.ip}:${node.port}/get_stats/v1`, { - agent: snodeHttpsAgent, - }); - process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'; + // window.log.info('insecureNodeFetch => plaintext for getVersion'); + + const result = await insecureNodeFetch( + `https://${node.ip}:${node.port}/get_stats/v1`, + { + agent: snodeHttpsAgent, + } + ); const data = await result.json(); if (data.version) { return data.version; @@ -105,8 +106,9 @@ export async function getSnodesFromSeedUrl(urlObj: URL): Promise> { timeout: 10000, body: JSON.stringify(body), }; + window.log.info('insecureNodeFetch => plaintext for getSnodesFromSeedUrl'); - const response = await fetch(url, fetchOptions); + const response = await insecureNodeFetch(url, fetchOptions); if (response.status !== 200) { log.error( diff --git a/ts/session/snode_api/snodePool.ts b/ts/session/snode_api/snodePool.ts index c860351c1..9288466c5 100644 --- a/ts/session/snode_api/snodePool.ts +++ b/ts/session/snode_api/snodePool.ts @@ -108,8 +108,7 @@ export function markNodeUnreachable(snode: Snode): void { for (const [pubkey, nodes] of nodesForPubkey) { const edkeys = _.filter(nodes, edkey => edkey !== snode.pubkey_ed25519); - // tslint:disable-next-line no-floating-promises - internalUpdateSnodesFor(pubkey, edkeys); + void internalUpdateSnodesFor(pubkey, edkeys); } log.warn( @@ -180,7 +179,7 @@ export function getNodesMinVersion(minVersion: string): Array { // now get version for all snodes // also acts an early online test/purge of bad nodes -export async function getAllVerionsForRandomSnodePool(): Promise { +export async function getAllVersionsForRandomSnodePool(): Promise { const { log } = window; // let count = 0; @@ -192,7 +191,7 @@ export async function getAllVerionsForRandomSnodePool(): Promise { await requestVersion(node); } catch (e) { log.error( - 'LokiSnodeAPI::_getAllVerionsForRandomSnodePool - error', + 'LokiSnodeAPI::_getAllVersionsForRandomSnodePool - error', e.code, e.message ); @@ -211,7 +210,7 @@ export async function getAllVerionsForRandomSnodePool(): Promise { return curVal; }, []); log.debug( - `LokiSnodeAPI::_getAllVerionsForRandomSnodePool - ${versions.length} versions retrieved from network!:`, + `LokiSnodeAPI::_getAllVersionsForRandomSnodePool - ${versions.length} versions retrieved from network!:`, versions.join(',') ); } @@ -248,8 +247,7 @@ async function getSnodeListFromLokidSeednode( 'seed nodes total', seedNodes.length ); - // tslint:disable-next-line:no-floating-promises - getSnodeListFromLokidSeednode(seedNodes, retries + 1); + void getSnodeListFromLokidSeednode(seedNodes, retries + 1); }, retries * retries * 5000); } else { log.error('loki_snode_api::getSnodeListFromLokidSeednode - failing'); @@ -262,7 +260,7 @@ async function getSnodeListFromLokidSeednode( async function refreshRandomPoolDetail(seedNodes: Array): Promise { const { log } = window; - // are we running any _getAllVerionsForRandomSnodePool + // are we running any _getAllVersionsForRandomSnodePool if (stopGetAllVersionPromiseControl !== false) { // we are, stop them stopGetAllVersionPromiseControl(); @@ -286,8 +284,7 @@ async function refreshRandomPoolDetail(seedNodes: Array): Promise { randomSnodePool.length, 'snodes' ); - // tslint:disable-next-line:no-floating-promises - getAllVerionsForRandomSnodePool(); + void getAllVersionsForRandomSnodePool(); } catch (e) { log.warn('LokiSnodeAPI::refreshRandomPool - error', e.code, e.message); /* @@ -358,8 +355,7 @@ export async function getSnodesFor(pubkey: string): Promise> { const freshNodes = _.shuffle(await requestSnodesForPubkey(pubkey)); const edkeys = freshNodes.map((n: Snode) => n.pubkey_ed25519); - // tslint:disable-next-line no-floating-promises - internalUpdateSnodesFor(pubkey, edkeys); + void internalUpdateSnodesFor(pubkey, edkeys); // TODO: We could probably check that the retuned sndoes are not "unreachable" return freshNodes; diff --git a/ts/session/snode_api/swarmPolling.ts b/ts/session/snode_api/swarmPolling.ts index b31e3341c..e65e2bca7 100644 --- a/ts/session/snode_api/swarmPolling.ts +++ b/ts/session/snode_api/swarmPolling.ts @@ -29,7 +29,6 @@ export function processMessage(message: string, options: any = {}) { const dataPlaintext = new Uint8Array(StringUtils.encode(message, 'base64')); const messageBuf = SignalService.WebSocketMessage.decode(dataPlaintext); if (messageBuf.type === SignalService.WebSocketMessage.Type.REQUEST) { - // tslint:disable-next-line no-floating-promises Receiver.handleRequest(messageBuf.request?.body, options); } } catch (error) { diff --git a/ts/session/snode_api/swarmPollingStub.ts b/ts/session/snode_api/swarmPollingStub.ts index 90e9b3fd6..29c908814 100644 --- a/ts/session/snode_api/swarmPollingStub.ts +++ b/ts/session/snode_api/swarmPollingStub.ts @@ -1,5 +1,5 @@ import { processMessage, SwarmPolling } from './swarmPolling'; -import fetch from 'node-fetch'; +import { default as insecureNodeFetch } from 'node-fetch'; import { PubKey } from '../types'; export class SwarmPollingStub extends SwarmPolling { @@ -12,7 +12,7 @@ export class SwarmPollingStub extends SwarmPolling { method: 'GET', }; - const res = await fetch( + const res = await insecureNodeFetch( `${this.baseUrl}/messages?pubkey=${pubkeyStr}`, get ); diff --git a/ts/test/session/integration/stubs/stub_message_api.ts b/ts/test/session/integration/stubs/stub_message_api.ts index 30aa72b56..0229f8d9e 100644 --- a/ts/test/session/integration/stubs/stub_message_api.ts +++ b/ts/test/session/integration/stubs/stub_message_api.ts @@ -1,6 +1,6 @@ import { StringUtils } from '../../../../session/utils'; -import fetch from 'node-fetch'; +import { default as insecureNodeFetch } from 'node-fetch'; class StubMessageAPI { public ourKey: string; @@ -23,7 +23,7 @@ class StubMessageAPI { }; const data64 = StringUtils.decode(data, 'base64'); - await fetch( + await insecureNodeFetch( `${ this.baseUrl }/messages?pubkey=${pubKey}×tamp=${messageTimeStamp}&data=${encodeURIComponent( diff --git a/ts/util/linkPreviewFetch.ts b/ts/util/linkPreviewFetch.ts index 6193db7b0..2f3900247 100644 --- a/ts/util/linkPreviewFetch.ts +++ b/ts/util/linkPreviewFetch.ts @@ -9,7 +9,6 @@ import { IMAGE_WEBP, MIMEType, } from '../types/MIME'; -import { PromiseUtils } from '../session/utils'; const MAX_REQUEST_COUNT_WITH_REDIRECTS = 20; // tslint:disable: prefer-for-of diff --git a/ts/util/lint/exceptions.json b/ts/util/lint/exceptions.json index b69a58524..c5d939843 100644 --- a/ts/util/lint/exceptions.json +++ b/ts/util/lint/exceptions.json @@ -4239,14 +4239,6 @@ "reasonCategory": "falseMatch", "updated": "2018-09-19T18:13:29.628Z" }, - { - "rule": "jQuery-append(", - "path": "node_modules/node-fetch/lib/headers.js", - "line": "\t\t\t\tself.append(prop, item.toString());", - "lineNumber": 40, - "reasonCategory": "falseMatch", - "updated": "2018-09-19T18:13:29.628Z" - }, { "rule": "jQuery-$(", "path": "node_modules/node-forge/dist/forge.all.min.js", From 2132395afbcc2f4381bfb676c98ec7b0253eae0b Mon Sep 17 00:00:00 2001 From: Audric Ackermann Date: Wed, 24 Mar 2021 10:42:35 +1100 Subject: [PATCH 2/2] disable getVersion to snodes calls as we don't need it anymore --- js/modules/debuglogs.js | 1 + ts/session/snode_api/lokiRpc.ts | 7 ++--- ts/session/snode_api/serviceNodeAPI.ts | 7 +++-- ts/session/snode_api/snodePool.ts | 26 ++++++++++++++----- ts/session/snode_api/swarmPollingStub.ts | 1 + .../integration/stubs/stub_message_api.ts | 2 ++ 6 files changed, 30 insertions(+), 14 deletions(-) diff --git a/js/modules/debuglogs.js b/js/modules/debuglogs.js index eb26aea5a..3fd76dd29 100644 --- a/js/modules/debuglogs.js +++ b/js/modules/debuglogs.js @@ -10,6 +10,7 @@ const USER_AGENT = `Session ${VERSION}`; // upload :: String -> Promise URL exports.upload = async content => { + window.log.warn('insecureNodeFetch => upload debugLogs'); const signedForm = await insecureNodeFetch(BASE_URL, { headers: { 'user-agent': USER_AGENT, diff --git a/ts/session/snode_api/lokiRpc.ts b/ts/session/snode_api/lokiRpc.ts index 7cde6be15..9376917c2 100644 --- a/ts/session/snode_api/lokiRpc.ts +++ b/ts/session/snode_api/lokiRpc.ts @@ -34,12 +34,9 @@ async function lokiFetch( if (url.match(/https:\/\//)) { // import that this does not get set in lokiFetch fetchOptions fetchOptions.agent = snodeHttpsAgent; - } else { - window.log.warn( - 'lokirpc:::lokiFetch - insecureNodeFetch http communication', - url - ); } + window.log.warn(`insecureNodeFetch => lokiFetch of ${url}`); + const response = await insecureNodeFetch(url, fetchOptions); if (!response.ok) { diff --git a/ts/session/snode_api/serviceNodeAPI.ts b/ts/session/snode_api/serviceNodeAPI.ts index 51d09ace4..95aa4dfe7 100644 --- a/ts/session/snode_api/serviceNodeAPI.ts +++ b/ts/session/snode_api/serviceNodeAPI.ts @@ -19,6 +19,10 @@ import { updateSnodesFor, } from './snodePool'; +/** + * Currently unused. If we need it again, be sure to update it to onion routing rather + * than using a plain nodeFetch + */ export async function getVersion( node: Snode, retries: number = 0 @@ -28,8 +32,7 @@ export async function getVersion( const { log } = window; try { - // window.log.info('insecureNodeFetch => plaintext for getVersion'); - + window.log.warn('insecureNodeFetch => plaintext for getVersion'); const result = await insecureNodeFetch( `https://${node.ip}:${node.port}/get_stats/v1`, { diff --git a/ts/session/snode_api/snodePool.ts b/ts/session/snode_api/snodePool.ts index 9288466c5..4bd6a21c3 100644 --- a/ts/session/snode_api/snodePool.ts +++ b/ts/session/snode_api/snodePool.ts @@ -136,13 +136,18 @@ function compareSnodes(lhs: any, rhs: any): boolean { return lhs.pubkey_ed25519 === rhs.pubkey_ed25519; } -// WARNING: this leaks our IP to all snodes but with no other identifying information -// except "that a client started up" or "ran out of random pool snodes" -// and the order of the list is randomized, so a snode can't tell if it just started or not +/** + * Request the version of the snode. + * THIS IS AN INSECURE NODE FETCH and leaks our IP to all snodes but with no other identifying information + * except "that a client started up" or "ran out of random pool snodes" + * and the order of the list is randomized, so a snode can't tell if it just started or not + */ async function requestVersion(node: any): Promise { const { log } = window; - const result = await getVersion(node); + // WARNING: getVersion is doing an insecure node fetch. + // be sure to update getVersion to onion routing if we need this call again. + const result = false; // await getVersion(node); if (result === false) { return; @@ -177,8 +182,13 @@ export function getNodesMinVersion(minVersion: string): Array { ); } -// now get version for all snodes -// also acts an early online test/purge of bad nodes +/** + * Currently unused as it makes call over insecure node fetch and we don't need + * to filter out nodes by versions anymore. + * + * now get version for all snodes + * also acts an early online test/purge of bad nodes + */ export async function getAllVersionsForRandomSnodePool(): Promise { const { log } = window; @@ -284,7 +294,9 @@ async function refreshRandomPoolDetail(seedNodes: Array): Promise { randomSnodePool.length, 'snodes' ); - void getAllVersionsForRandomSnodePool(); + // Warning: the call below will call getVersions to all existing nodes. + // And not with onion routing + // void getAllVersionsForRandomSnodePool(); } catch (e) { log.warn('LokiSnodeAPI::refreshRandomPool - error', e.code, e.message); /* diff --git a/ts/session/snode_api/swarmPollingStub.ts b/ts/session/snode_api/swarmPollingStub.ts index 29c908814..ae55a0c8b 100644 --- a/ts/session/snode_api/swarmPollingStub.ts +++ b/ts/session/snode_api/swarmPollingStub.ts @@ -12,6 +12,7 @@ export class SwarmPollingStub extends SwarmPolling { method: 'GET', }; + // insecureNodeFetch but this is a stub const res = await insecureNodeFetch( `${this.baseUrl}/messages?pubkey=${pubkeyStr}`, get diff --git a/ts/test/session/integration/stubs/stub_message_api.ts b/ts/test/session/integration/stubs/stub_message_api.ts index 0229f8d9e..352b9a328 100644 --- a/ts/test/session/integration/stubs/stub_message_api.ts +++ b/ts/test/session/integration/stubs/stub_message_api.ts @@ -23,6 +23,8 @@ class StubMessageAPI { }; const data64 = StringUtils.decode(data, 'base64'); + // insecureNodeFetch but this is a stub + await insecureNodeFetch( `${ this.baseUrl