keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

chore: fix critical yarn audit issues

Browse Source
pull/2620/head
Audric Ackermann 2 years ago
parent 796ccf0582
commit fe5eea4c8d
9 changed files with 70 additions and 84 deletions
Show Stats Download Patch File Download Diff File

7
package.json
Unescape Escape View File

@ -27,7 +27,10 @@
"@types/react": "17.0.2", "@types/react": "17.0.2",
"glob-parent": "^6.0.1", "glob-parent": "^6.0.1",
"got": "^11.8.5", "got": "^11.8.5",
"jpeg-js": "^0.4.4" "jpeg-js": "^0.4.4",
"json5": "^2.2.2",
"loader-utils": "^2.0.4",
"http-cache-semantics": "^4.1.1"
}, },
"scripts": { "scripts": {
"start-prod": "cross-env NODE_ENV=production NODE_APP_INSTANCE=devprod$MULTI electron .", "start-prod": "cross-env NODE_ENV=production NODE_APP_INSTANCE=devprod$MULTI electron .",
@ -90,7 +93,6 @@
"filesize": "3.6.1", "filesize": "3.6.1",
"firstline": "1.2.1", "firstline": "1.2.1",
"fs-extra": "9.0.0", "fs-extra": "9.0.0",
"git": "^0.1.5",
"glob": "7.1.2", "glob": "7.1.2",
"image-type": "^4.1.0", "image-type": "^4.1.0",
"ip2country": "1.0.1", "ip2country": "1.0.1",
@ -193,7 +195,6 @@
"eslint-plugin-mocha": "^10.0.4", "eslint-plugin-mocha": "^10.0.4",
"eslint-plugin-more": "^1.0.5", "eslint-plugin-more": "^1.0.5",
"events": "^3.3.0", "events": "^3.3.0",
"file-loader": "^6.2.0",
"jsdom": "^19.0.0", "jsdom": "^19.0.0",
"jsdom-global": "^3.0.2", "jsdom-global": "^3.0.2",
"mini-css-extract-plugin": "^2.7.5", "mini-css-extract-plugin": "^2.7.5",

1
ts/models/conversation.ts
Unescape Escape View File

@ -2184,7 +2184,6 @@ export async function commitConversationAndRefreshWrapper(id: string) {
} }
// write to DB // write to DB
// TODOLATER remove duplicates between db and wrapper (except nickname&name as we need them for search, or move search to wrapper too) // TODOLATER remove duplicates between db and wrapper (except nickname&name as we need them for search, or move search to wrapper too)
// TODO when deleting a contact from the ConversationController, we still need to keep it in the wrapper but mark it as hidden (and we might need to add an hidden convo model field for it)
const savedDetails = await Data.saveConversation(convo.attributes); const savedDetails = await Data.saveConversation(convo.attributes);
await convo.refreshInMemoryDetails(savedDetails); await convo.refreshInMemoryDetails(savedDetails);

14
ts/receiver/configMessage.ts
Unescape Escape View File

@ -68,7 +68,7 @@ async function mergeConfigsWithIncomingUpdates(
const groupedResults: Map<ConfigWrapperObjectTypes, IncomingConfResult> = new Map(); const groupedResults: Map<ConfigWrapperObjectTypes, IncomingConfResult> = new Map();
// TODO currently we only poll for user config messages, so this can be hardcoded // TODOLATER currently we only poll for user config messages, so this can be hardcoded
const publicKey = UserUtils.getOurPubKeyStrFromCache(); const publicKey = UserUtils.getOurPubKeyStrFromCache();
try { try {
@ -86,14 +86,11 @@ async function mergeConfigsWithIncomingUpdates(
await GenericWrapperActions.merge(variant, toMerge); await GenericWrapperActions.merge(variant, toMerge);
const needsPush = await GenericWrapperActions.needsPush(variant); const needsPush = await GenericWrapperActions.needsPush(variant);
const needsDump = await GenericWrapperActions.needsDump(variant); const needsDump = await GenericWrapperActions.needsDump(variant);
window.log.info(`${variant}: "${publicKey}" needsPush:${needsPush} needsDump:${needsDump} `);
// TODO do we need to keep track of the hashes or the library does in the end?
const messageHashes = toMerge.map(m => m.hash);
const latestEnvelopeTimestamp = Math.max(...sameVariant.map(m => m.envelopeTimestamp)); const latestEnvelopeTimestamp = Math.max(...sameVariant.map(m => m.envelopeTimestamp));
window.log.info(`${variant}: "${publicKey}" needsPush:${needsPush} needsDump:${needsDump} `);
const incomingConfResult: IncomingConfResult = { const incomingConfResult: IncomingConfResult = {
messageHashes,
needsDump, needsDump,
needsPush, needsPush,
kind: LibSessionUtil.variantToKind(variant), kind: LibSessionUtil.variantToKind(variant),
@ -311,7 +308,6 @@ async function handleLegacyGroupUpdate(latestEnvelopeTimestamp: number) {
const legacyGroupsToLeaveInDB = allLegacyGroupsInDb.filter(m => { const legacyGroupsToLeaveInDB = allLegacyGroupsInDb.filter(m => {
return !allLegacyGroupsIdsInWrapper.includes(m.id); return !allLegacyGroupsIdsInWrapper.includes(m.id);
}); });
// TODO we need to store the encryption keypair if needed
window.log.info( window.log.info(
`we have to join ${legacyGroupsToJoinInDB.length} legacy groups in DB compared to what is in the wrapper` `we have to join ${legacyGroupsToJoinInDB.length} legacy groups in DB compared to what is in the wrapper`
); );
@ -366,7 +362,7 @@ async function handleLegacyGroupUpdate(latestEnvelopeTimestamp: number) {
legacyGroupConvo.get('active_at') < latestEnvelopeTimestamp legacyGroupConvo.get('active_at') < latestEnvelopeTimestamp
? legacyGroupConvo.get('active_at') ? legacyGroupConvo.get('active_at')
: latestEnvelopeTimestamp, : latestEnvelopeTimestamp,
weWereJustAdded: false, // TODOLATER to remove weWereJustAdded: false, // TODOLATER to remove once legacy groups support is dropped
}; };
await ClosedGroup.updateOrCreateClosedGroup(groupDetails); await ClosedGroup.updateOrCreateClosedGroup(groupDetails);
@ -399,6 +395,8 @@ async function handleLegacyGroupUpdate(latestEnvelopeTimestamp: number) {
// save the encryption keypair if needed // save the encryption keypair if needed
if (!isEmpty(fromWrapper.encPubkey) && !isEmpty(fromWrapper.encSeckey)) { if (!isEmpty(fromWrapper.encPubkey) && !isEmpty(fromWrapper.encSeckey)) {
try { try {
// TODO we need to store the encryption keypair if needed
const inWrapperKeypair: HexKeyPair = { const inWrapperKeypair: HexKeyPair = {
publicHex: toHex(fromWrapper.encPubkey), publicHex: toHex(fromWrapper.encPubkey),
privateHex: toHex(fromWrapper.encSeckey), privateHex: toHex(fromWrapper.encSeckey),

2
ts/session/apis/open_group_api/sogsv3/sogsCapabilities.ts
Unescape Escape View File

@ -43,7 +43,7 @@ export const handleCapabilities = async (
} }
// get all v2OpenGroup rooms with the matching serverUrl and set the capabilities. // get all v2OpenGroup rooms with the matching serverUrl and set the capabilities.
// TODO: implement - update capabilities. Unsure whether to store in DB or save to instance of this obj. // TODOLATER: capabilities are shared accross a server, not a room. We should probably move this to the server but we do not a server level currently, just rooms
const rooms = OpenGroupData.getV2OpenGroupRoomsByServerUrl(serverUrl); const rooms = OpenGroupData.getV2OpenGroupRoomsByServerUrl(serverUrl);

4
ts/session/apis/snode_api/retrieveRequest.ts
Unescape Escape View File

@ -68,7 +68,6 @@ async function buildRetrieveRequest(
return retrieveRequestsParams; return retrieveRequestsParams;
} }
/** */
async function retrieveNextMessages( async function retrieveNextMessages(
targetNode: Snode, targetNode: Snode,
lastHashes: Array<string>, lastHashes: Array<string>,
@ -106,10 +105,9 @@ async function retrieveNextMessages(
); );
} }
// do a basic check to know if we have something kind of looking right (status 200 should always be there for a retrieve)
const firstResult = results[0]; const firstResult = results[0];
// TODO we should probably check for status code of all the results (when polling for a few namespaces at a time)
if (firstResult.code !== 200) { if (firstResult.code !== 200) {
window?.log?.warn(`retrieveNextMessages result is not 200 but ${firstResult.code}`); window?.log?.warn(`retrieveNextMessages result is not 200 but ${firstResult.code}`);
throw new Error( throw new Error(

101
ts/session/conversations/ConversationController.ts
Unescape Escape View File

@ -17,6 +17,7 @@ import { SessionUtilUserGroups } from '../utils/libsession/libsession_utils_user
import { ConfigurationDumpSync } from '../utils/job_runners/jobs/ConfigurationSyncDumpJob'; import { ConfigurationDumpSync } from '../utils/job_runners/jobs/ConfigurationSyncDumpJob';
import { LibSessionUtil } from '../utils/libsession/libsession_utils'; import { LibSessionUtil } from '../utils/libsession/libsession_utils';
import { assertUnreachable } from '../../types/sqlSharedTypes'; import { assertUnreachable } from '../../types/sqlSharedTypes';
import { ConvoVolatileType } from 'session_util_wrapper';
let instance: ConversationController | null; let instance: ConversationController | null;
@ -210,51 +211,63 @@ export class ConversationController {
await deleteAllMessagesByConvoIdNoConfirmation(id); await deleteAllMessagesByConvoIdNoConfirmation(id);
window.log.info(`deleteContact messages destroyed: ${id}`); window.log.info(`deleteContact messages destroyed: ${id}`);
// Legacy group leaving const convoType: ConvoVolatileType = conversation.isClosedGroup()
if (conversation.isClosedGroup()) { ? 'LegacyGroup'
window.log.info(`deleteContact ClosedGroup case: ${id}`); : conversation.isPublic()
await leaveClosedGroup(conversation.id); ? 'Community'
await SessionUtilConvoInfoVolatile.removeLegacyGroupFromWrapper(conversation.id); : '1o1';
await SessionUtilUserGroups.removeLegacyGroupFromWrapper(conversation.id);
} else if (conversation.isPublic()) { switch (convoType) {
window?.log?.info('leaving open group v2', conversation.id); case '1o1':
// remove from the wrapper the entries before we remove the roomInfos, as we won't have the required community pubkey afterwards // if this conversation is a private conversation it's in fact a `contact` for desktop.
try { // we just set the hidden field to true
await SessionUtilUserGroups.removeCommunityFromWrapper(conversation.id, conversation.id); // so the conversation still exists (needed for that user's profile in groups) but is not shown on the list of conversation.
await SessionUtilConvoInfoVolatile.removeCommunityFromWrapper( // We also keep the messages for now, as turning a contact as hidden might just be a temporary thing
conversation.id, window.log.info(`deleteContact isPrivate, marking as hidden: ${id}`);
conversation.id
); conversation.set({
} catch (e) { hidden: true,
window?.log?.info('SessionUtilUserGroups.removeCommunityFromWrapper failed:', e); });
} // we currently do not wish to reset the approved/approvedMe state when marking a private conversation as hidden
// await conversation.setIsApproved(false, false);
await conversation.commit(); // this updates the wrappers content to reflect the hidden state
// We don't remove entries from the contacts wrapper, so better keep corresponding convo volatile info for now (it will be pruned if needed)
break;
case 'Community':
window?.log?.info('leaving open group v2', conversation.id);
// remove from the wrapper the entries before we remove the roomInfos, as we won't have the required community pubkey afterwards
try {
await SessionUtilUserGroups.removeCommunityFromWrapper(conversation.id, conversation.id);
await SessionUtilConvoInfoVolatile.removeCommunityFromWrapper(
conversation.id,
conversation.id
);
} catch (e) {
window?.log?.info('SessionUtilUserGroups.removeCommunityFromWrapper failed:', e);
}
const roomInfos = OpenGroupData.getV2OpenGroupRoom(conversation.id); const roomInfos = OpenGroupData.getV2OpenGroupRoom(conversation.id);
if (roomInfos) { if (roomInfos) {
getOpenGroupManager().removeRoomFromPolledRooms(roomInfos); getOpenGroupManager().removeRoomFromPolledRooms(roomInfos);
} }
// remove the roomInfos locally for this open group room including the pubkey // remove the roomInfos locally for this open group room including the pubkey
try { try {
await OpenGroupData.removeV2OpenGroupRoom(conversation.id); await OpenGroupData.removeV2OpenGroupRoom(conversation.id);
} catch (e) { } catch (e) {
window?.log?.info('removeV2OpenGroupRoom failed:', e); window?.log?.info('removeV2OpenGroupRoom failed:', e);
} }
} else if (conversation.isPrivate()) { break;
// if this conversation is a private conversation it's in fact a `contact` for desktop. case 'LegacyGroup':
// we just want to remove everything related to it and set the hidden field to true window.log.info(`deleteContact ClosedGroup case: ${id}`);
// so the conversation still exists (needed for that user's profile in groups) but is not shown on the list of conversation await leaveClosedGroup(conversation.id);
window.log.info(`deleteContact isPrivate, marking as hidden: ${id}`); await SessionUtilUserGroups.removeLegacyGroupFromWrapper(conversation.id);
await SessionUtilConvoInfoVolatile.removeLegacyGroupFromWrapper(conversation.id);
conversation.set({
hidden: true, break;
}); default:
// we currently do not wish to reset the approved/approvedMe state when marking a private conversation as hidden assertUnreachable(convoType, `deleteContact: convoType ${convoType} not handled`);
// await conversation.setIsApproved(false, false);
await conversation.commit(); // this updates the wrappers content to reflect the hidden state
// We don't remove entries from the contacts wrapper, so better keep corresponding convo volatile info for now (it will be pruned if needed)
// TODO the call above won't mark the conversation as hidden in the wrapper, it will just stop being updated (which is a bad thing)
} }
if (conversation.isGroup()) { if (conversation.isGroup()) {
@ -263,8 +276,6 @@ export class ConversationController {
await Data.removeConversation(id); await Data.removeConversation(id);
window.log.info(`deleteContact isGroup, convo removed from DB: ${id}`); window.log.info(`deleteContact isGroup, convo removed from DB: ${id}`);
// TODO remove group related entries from their corresponding wrappers here
this.conversations.remove(conversation); this.conversations.remove(conversation);
window?.inboxStore?.dispatch( window?.inboxStore?.dispatch(

2
ts/session/utils/job_runners/jobs/ConfigurationSyncJob.ts
Unescape Escape View File

@ -182,7 +182,7 @@ class ConfigurationSyncJob extends PersistedJob<ConfigurationSyncPersistedData>
} }
} }
// TODO add a way to have a few configuration sync jobs running at the same time, but only a single one per pubkey // TODOLATER add a way to have a few configuration sync jobs running at the same time, but only a single one per pubkey
const thisJobDestination = us; const thisJobDestination = us;
const singleDestChanges = await retrieveSingleDestinationChanges(thisJobDestination); const singleDestChanges = await retrieveSingleDestinationChanges(thisJobDestination);

1
ts/session/utils/libsession/libsession_utils.ts
Unescape Escape View File

@ -25,7 +25,6 @@ const requiredUserVariants: Array<ConfigWrapperObjectTypes> = [
export type IncomingConfResult = { export type IncomingConfResult = {
needsPush: boolean; needsPush: boolean;
needsDump: boolean; needsDump: boolean;
messageHashes: Array<string>;
kind: SignalService.SharedConfigMessage.Kind; kind: SignalService.SharedConfigMessage.Kind;
publicKey: string; publicKey: string;
latestEnvelopeTimestamp: number; latestEnvelopeTimestamp: number;

22
yarn.lock
Unescape Escape View File

@ -3769,14 +3769,6 @@ file-entry-cache@^6.0.1:
dependencies: dependencies:
flat-cache "^3.0.4" flat-cache "^3.0.4"
file-loader@^6.2.0:
version "6.2.0"
resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-6.2.0.tgz#baef7cf8e1840df325e4390b4484879480eebe4d"
integrity sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==
dependencies:
loader-utils "^2.0.0"
schema-utils "^3.0.0"
file-type@^10.10.0: file-type@^10.10.0:
version "10.11.0" version "10.11.0"
resolved "https://registry.yarnpkg.com/file-type/-/file-type-10.11.0.tgz#2961d09e4675b9fb9a3ee6b69e9cd23f43fd1890" resolved "https://registry.yarnpkg.com/file-type/-/file-type-10.11.0.tgz#2961d09e4675b9fb9a3ee6b69e9cd23f43fd1890"
@ -4051,13 +4043,6 @@ getobject@^1.0.0:
resolved "https://registry.yarnpkg.com/getobject/-/getobject-1.1.1.tgz#29f7858609fee7ef1c58d062f1b2335e425bdb45" resolved "https://registry.yarnpkg.com/getobject/-/getobject-1.1.1.tgz#29f7858609fee7ef1c58d062f1b2335e425bdb45"
integrity sha512-Rftr+NsUMxFcCmFopFmyCCfsJPaqUmf7TW61CtKMu0aE93ir62I6VjXt2koiCQgcunGgVog/U6g24tBPq67rlg== integrity sha512-Rftr+NsUMxFcCmFopFmyCCfsJPaqUmf7TW61CtKMu0aE93ir62I6VjXt2koiCQgcunGgVog/U6g24tBPq67rlg==
git@^0.1.5:
version "0.1.5"
resolved "https://registry.yarnpkg.com/git/-/git-0.1.5.tgz#9ef62df93f851c27542143bf52d1c68b1017ca15"
integrity sha512-N+bfOrXyKMU/fQtCj6D/U9MQOEN0DAA8TLHSLdUQRSWBOkeRvsjJHdrdkvcq05xO7GSDKWc3nDEGoTZ4DfCCSg==
dependencies:
mime "1.2.9"
glob-parent@^6.0.1, glob-parent@~5.1.2: glob-parent@^6.0.1, glob-parent@~5.1.2:
version "6.0.2" version "6.0.2"
resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3"
@ -5317,11 +5302,6 @@ mime-types@^2.1.12, mime-types@^2.1.27:
dependencies: dependencies:
mime-db "1.52.0" mime-db "1.52.0"
mime@1.2.9:
version "1.2.9"
resolved "https://registry.yarnpkg.com/mime/-/mime-1.2.9.tgz#009cd40867bd35de521b3b966f04e2f8d4d13d09"
integrity sha512-WiLgbHTIq5AYUvU/Luli4mZ1bUcHpGNHyCsbl+KPMg4zt+XUDpQehWjuBjdLaEvDTinvKj/FgfQt3fPoT7j08g==
mime@^2.4.6: mime@^2.4.6:
version "2.6.0" version "2.6.0"
resolved "https://registry.yarnpkg.com/mime/-/mime-2.6.0.tgz#a2a682a95cd4d0cb1d6257e28f83da7e35800367" resolved "https://registry.yarnpkg.com/mime/-/mime-2.6.0.tgz#a2a682a95cd4d0cb1d6257e28f83da7e35800367"
@ -6940,7 +6920,7 @@ scheduler@^0.20.2:
loose-envify "^1.1.0" loose-envify "^1.1.0"
object-assign "^4.1.1" object-assign "^4.1.1"
schema-utils@^3.0.0, schema-utils@^3.1.0, schema-utils@^3.1.1: schema-utils@^3.1.0, schema-utils@^3.1.1:
version "3.1.1" version "3.1.1"
resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.1.tgz#bc74c4b6b6995c1d88f76a8b77bea7219e0c8281" resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.1.tgz#bc74c4b6b6995c1d88f76a8b77bea7219e0c8281"
integrity sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw== integrity sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==

Write Preview
Loading…
Cancel
Save