From 1de54209d022143b62f5fbd340edc8dd9c1b01ba Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 4 Jan 2017 15:27:25 +0900 Subject: Update dependency :rocket: --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package.json') diff --git a/package.json b/package.json index 13cf6dcaa1..5c75030774 100644 --- a/package.json +++ b/package.json @@ -98,7 +98,7 @@ "livescript": "1.5.0", "mime-types": "2.1.13", "mocha": "3.2.0", - "mongodb": "2.2.16", + "mongodb": "2.2.19", "ms": "0.7.2", "multer": "1.2.1", "nprogress": "0.2.0", -- cgit v1.2.3-freya From 39eabbd2c0413f14d5b5472e651f9c34abaff2b4 Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 4 Jan 2017 15:32:04 +0900 Subject: Use nyaize package for nya filter :package: --- gulpfile.ts | 1 + package.json | 1 + src/web/app/common/scripts/text-compiler.js | 6 ++---- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'package.json') diff --git a/gulpfile.ts b/gulpfile.ts index 1c5516801a..5ae2652c62 100644 --- a/gulpfile.ts +++ b/gulpfile.ts @@ -149,6 +149,7 @@ const aliasifyConfig = { 'chart.js': './node_modules/chart.js/src/chart.js', 'textarea-caret-position': './node_modules/textarea-caret/index.js', 'misskey-text': './src/common/text/index.js', + 'nyaize': './node_modules/nyaize/built/index.js', 'strength.js': './node_modules/syuilo-password-strength/strength.js', 'cropper': './node_modules/cropperjs/dist/cropper.js', 'Sortable': './node_modules/sortablejs/Sortable.js', diff --git a/package.json b/package.json index 5c75030774..360025749f 100644 --- a/package.json +++ b/package.json @@ -102,6 +102,7 @@ "ms": "0.7.2", "multer": "1.2.1", "nprogress": "0.2.0", + "nyaize": "0.0.2", "page": "1.7.1", "prominence": "0.2.0", "pug": "2.0.0-beta6", diff --git a/src/web/app/common/scripts/text-compiler.js b/src/web/app/common/scripts/text-compiler.js index f6c531c6ce..8ea2361b87 100644 --- a/src/web/app/common/scripts/text-compiler.js +++ b/src/web/app/common/scripts/text-compiler.js @@ -1,4 +1,5 @@ const riot = require('riot'); +const nyaize = require('nyaize').default; module.exports = function(tokens, shouldBreak, escape) { if (shouldBreak == null) { @@ -34,10 +35,7 @@ module.exports = function(tokens, shouldBreak, escape) { }).join(''); if (me && me.data && me.data.nya) { - text = text.replace(/な/g, 'にゃ') - .replace(/ニャ/g, 'にゃ') - .replace(/にゃでにゃで/g, 'なでなで') - .replace(/ニャデニャデ/g, 'ナデナデ'); + text = nyaize(text); } return text; -- cgit v1.2.3-freya From 257f1ecdcf66eebb3ac35bad8db3c3be110de475 Mon Sep 17 00:00:00 2001 From: Aya Morisawa Date: Thu, 5 Jan 2017 07:02:52 +0900 Subject: Update type definition --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package.json') diff --git a/package.json b/package.json index 360025749f..b60fb51230 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "@types/browserify": "12.0.30", "@types/chalk": "0.4.31", "@types/compression": "0.0.33", - "@types/cors": "0.0.33", + "@types/cors": "2.8.0", "@types/elasticsearch": "5.0.9", "@types/escape-html": "0.0.19", "@types/event-stream": "3.3.30", -- cgit v1.2.3-freya From 07834db0364d07f66e458fdcc1f5a93fdd8f5e9b Mon Sep 17 00:00:00 2001 From: Aya Morisawa Date: Thu, 5 Jan 2017 07:04:00 +0900 Subject: Update browserify --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package.json') diff --git a/package.json b/package.json index b60fb51230..423103c75d 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "babel-preset-stage-3": "6.17.0", "bcrypt": "1.0.2", "body-parser": "1.15.2", - "browserify": "13.1.1", + "browserify": "13.3.0", "browserify-livescript": "0.2.3", "chalk": "1.1.3", "chart.js": "2.4.0", -- cgit v1.2.3-freya From 94582453820655d11cb6dff8ad62148742591103 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 6 Jan 2017 11:50:46 +0900 Subject: [BREAKING CHANGE] Improve security --- docs/api/getting-started.pug | 2 ++ package.json | 1 + src/api/authenticate.ts | 2 +- src/api/endpoints/auth/accept.js | 15 ++++++++++++++- src/api/streaming.ts | 2 +- 5 files changed, 19 insertions(+), 3 deletions(-) (limited to 'package.json') diff --git a/docs/api/getting-started.pug b/docs/api/getting-started.pug index f565745232..e255a5e935 100644 --- a/docs/api/getting-started.pug +++ b/docs/api/getting-started.pug @@ -70,5 +70,7 @@ block content | 次に、#{api_url}/auth/session/userkeyapp_secretとしてApp Secretを、tokenとしてセッションのトークンをパラメータとして付与したリクエストを送信してください。 br | 上手くいけば、認証したユーザーのアクセストークンがレスポンスとして取得できます。おめでとうございます! + p + | 以降アクセストークンは、ユーザーのアクセストークン+アプリのシークレットキーをsha512したものとして扱います。 p アクセストークンを取得できたら、あとは簡単です。REST APIなら、リクエストにアクセストークンをiとしてパラメータに含めるだけです。 diff --git a/package.json b/package.json index 423103c75d..1debc88538 100644 --- a/package.json +++ b/package.json @@ -69,6 +69,7 @@ "compression": "1.6.2", "cors": "2.8.1", "cropperjs": "1.0.0-beta", + "crypto": "0.0.3", "deepcopy": "0.6.3", "del": "2.2.2", "elasticsearch": "12.1.3", diff --git a/src/api/authenticate.ts b/src/api/authenticate.ts index 832517379f..0a888e72d3 100644 --- a/src/api/authenticate.ts +++ b/src/api/authenticate.ts @@ -43,7 +43,7 @@ export default (req: express.Request) => new Promise(async (resolv }); } else { const userkeyDoc = await Userkey.findOne({ - key: token + hash: token }); if (userkeyDoc === null) { diff --git a/src/api/endpoints/auth/accept.js b/src/api/endpoints/auth/accept.js index 7c45650c6b..9eb5d2e7e2 100644 --- a/src/api/endpoints/auth/accept.js +++ b/src/api/endpoints/auth/accept.js @@ -4,6 +4,8 @@ * Module dependencies */ import rndstr from 'rndstr'; +const crypto = require('crypto'); +import App from '../../models/app'; import AuthSess from '../../models/auth-session'; import Userkey from '../../models/userkey'; @@ -41,12 +43,23 @@ module.exports = (params, user) => }); if (exist === null) { + // Lookup app + const app = await App.findOne({ + app_id: session.app_id + }); + + // Generate Hash + const sha512 = crypto.createHash('sha512'); + sha512.update(key + app.secret); + const hash = sha512.digest('hex'); + // Insert userkey doc await Userkey.insert({ created_at: new Date(), app_id: session.app_id, user_id: user._id, - key: key + key: key, + hash: hash }); } diff --git a/src/api/streaming.ts b/src/api/streaming.ts index 84a0f9ddf4..dd28a0bc1e 100644 --- a/src/api/streaming.ts +++ b/src/api/streaming.ts @@ -64,7 +64,7 @@ function authenticate(connection: websocket.connection, token: string): Promise< resolve(user); } else { const userkey = await Userkey.findOne({ - key: token + hash: token }); if (userkey == null) { -- cgit v1.2.3-freya