Merge branch 'develop' into 'develop'

Fix use of wrong library for CBOR authentication object

Co-authored-by: PrivateGER <privateger@privateger.me>

See merge request firefish/firefish!10629
This commit is contained in:
Kainoa Kanter 2023-10-27 17:57:23 +00:00
commit abceee2823
3 changed files with 102 additions and 47 deletions

View File

@ -51,6 +51,7 @@
"blurhash": "2.0.5", "blurhash": "2.0.5",
"bull": "4.11.3", "bull": "4.11.3",
"cacheable-lookup": "TheEssem/cacheable-lookup", "cacheable-lookup": "TheEssem/cacheable-lookup",
"cbor-x": "^1.5.4",
"chalk": "5.3.0", "chalk": "5.3.0",
"chalk-template": "0.4.0", "chalk-template": "0.4.0",
"chokidar": "^3.5.3", "chokidar": "^3.5.3",
@ -91,7 +92,7 @@
"meilisearch": "0.34.1", "meilisearch": "0.34.1",
"mfm-js": "0.23.3", "mfm-js": "0.23.3",
"mime-types": "2.1.35", "mime-types": "2.1.35",
"msgpackr": "1.9.7", "msgpackr": "^1.9.9",
"multer": "1.4.4-lts.1", "multer": "1.4.4-lts.1",
"native-utils": "link:native-utils", "native-utils": "link:native-utils",
"nested-property": "4.0.0", "nested-property": "4.0.0",

View File

@ -1,4 +1,4 @@
import { decode } from "msgpackr"; import { decode } from "cbor-x";
import define from "../../../define.js"; import define from "../../../define.js";
import { import {
UserProfiles, UserProfiles,
@ -62,7 +62,7 @@ export default define(meta, paramDef, async (ps, user) => {
const clientDataJSONHash = hash(Buffer.from(ps.clientDataJSON, "utf-8")); const clientDataJSONHash = hash(Buffer.from(ps.clientDataJSON, "utf-8"));
const attestation = decode(Buffer.from(ps.attestationObject, "utf-8")); const attestation = decode(Buffer.from(ps.attestationObject, "hex"));
const rpIdHash = attestation.authData.slice(0, 32); const rpIdHash = attestation.authData.slice(0, 32);
if (!rpIdHashReal.equals(rpIdHash)) { if (!rpIdHashReal.equals(rpIdHash)) {
@ -79,7 +79,13 @@ export default define(meta, paramDef, async (ps, user) => {
const credentialIdLength = authData.readUInt16BE(53); const credentialIdLength = authData.readUInt16BE(53);
const credentialId = authData.slice(55, 55 + credentialIdLength); const credentialId = authData.slice(55, 55 + credentialIdLength);
const publicKeyData = authData.slice(55 + credentialIdLength); const publicKeyData = authData.slice(55 + credentialIdLength);
const publicKey: Map<number, any> = decode(publicKeyData); const publicKey: Map<Number, any> = new Map(
Object.entries(decode(publicKeyData)).map(([key, value]) => [
Number(key),
value,
]),
);
if (publicKey.get(3) !== -7) { if (publicKey.get(3) !== -7) {
throw new Error("alg mismatch"); throw new Error("alg mismatch");
} }

View File

@ -171,6 +171,9 @@ importers:
cacheable-lookup: cacheable-lookup:
specifier: TheEssem/cacheable-lookup specifier: TheEssem/cacheable-lookup
version: github.com/TheEssem/cacheable-lookup/dd2fb616366a3c68dcf321a57a67295967b204bf version: github.com/TheEssem/cacheable-lookup/dd2fb616366a3c68dcf321a57a67295967b204bf
cbor-x:
specifier: ^1.5.4
version: 1.5.4
chalk: chalk:
specifier: 5.3.0 specifier: 5.3.0
version: 5.3.0 version: 5.3.0
@ -292,8 +295,8 @@ importers:
specifier: 2.1.35 specifier: 2.1.35
version: 2.1.35 version: 2.1.35
msgpackr: msgpackr:
specifier: 1.9.7 specifier: ^1.9.9
version: 1.9.7 version: 1.9.9
multer: multer:
specifier: 1.4.4-lts.1 specifier: 1.4.4-lts.1
version: 1.4.4-lts.1 version: 1.4.4-lts.1
@ -906,7 +909,7 @@ importers:
devDependencies: devDependencies:
'@swc/cli': '@swc/cli':
specifier: ^0.1.62 specifier: ^0.1.62
version: 0.1.62(@swc/core@1.3.78) version: 0.1.62(@swc/core@1.3.78)(chokidar@3.3.1)
'@swc/core': '@swc/core':
specifier: 1.3.78 specifier: 1.3.78
version: 1.3.78 version: 1.3.78
@ -1140,7 +1143,7 @@ packages:
'@babel/traverse': 7.22.10 '@babel/traverse': 7.22.10
'@babel/types': 7.22.10 '@babel/types': 7.22.10
convert-source-map: 1.9.0 convert-source-map: 1.9.0
debug: 4.3.4 debug: 4.3.4(supports-color@8.1.1)
gensync: 1.0.0-beta.2 gensync: 1.0.0-beta.2
json5: 2.2.3 json5: 2.2.3
semver: 6.3.1 semver: 6.3.1
@ -1162,7 +1165,7 @@ packages:
'@babel/traverse': 7.23.2 '@babel/traverse': 7.23.2
'@babel/types': 7.23.0 '@babel/types': 7.23.0
convert-source-map: 2.0.0 convert-source-map: 2.0.0
debug: 4.3.4 debug: 4.3.4(supports-color@8.1.1)
gensync: 1.0.0-beta.2 gensync: 1.0.0-beta.2
json5: 2.2.3 json5: 2.2.3
semver: 6.3.1 semver: 6.3.1
@ -1581,7 +1584,7 @@ packages:
'@babel/helper-split-export-declaration': 7.22.6 '@babel/helper-split-export-declaration': 7.22.6
'@babel/parser': 7.22.10 '@babel/parser': 7.22.10
'@babel/types': 7.22.10 '@babel/types': 7.22.10
debug: 4.3.4 debug: 4.3.4(supports-color@8.1.1)
globals: 11.12.0 globals: 11.12.0
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -1598,7 +1601,7 @@ packages:
'@babel/helper-split-export-declaration': 7.22.6 '@babel/helper-split-export-declaration': 7.22.6
'@babel/parser': 7.23.0 '@babel/parser': 7.23.0
'@babel/types': 7.23.0 '@babel/types': 7.23.0
debug: 4.3.4 debug: 4.3.4(supports-color@8.1.1)
globals: 11.12.0 globals: 11.12.0
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -1804,6 +1807,54 @@ packages:
'@bull-board/api': 5.8.0(@bull-board/ui@5.8.0) '@bull-board/api': 5.8.0(@bull-board/ui@5.8.0)
dev: false dev: false
/@cbor-extract/cbor-extract-darwin-arm64@2.1.1:
resolution: {integrity: sha512-blVBy5MXz6m36Vx0DfLd7PChOQKEs8lK2bD1WJn/vVgG4FXZiZmZb2GECHFvVPA5T7OnODd9xZiL3nMCv6QUhA==}
cpu: [arm64]
os: [darwin]
requiresBuild: true
dev: false
optional: true
/@cbor-extract/cbor-extract-darwin-x64@2.1.1:
resolution: {integrity: sha512-h6KFOzqk8jXTvkOftyRIWGrd7sKQzQv2jVdTL9nKSf3D2drCvQB/LHUxAOpPXo3pv2clDtKs3xnHalpEh3rDsw==}
cpu: [x64]
os: [darwin]
requiresBuild: true
dev: false
optional: true
/@cbor-extract/cbor-extract-linux-arm64@2.1.1:
resolution: {integrity: sha512-SxAaRcYf8S0QHaMc7gvRSiTSr7nUYMqbUdErBEu+HYA4Q6UNydx1VwFE68hGcp1qvxcy9yT5U7gA+a5XikfwSQ==}
cpu: [arm64]
os: [linux]
requiresBuild: true
dev: false
optional: true
/@cbor-extract/cbor-extract-linux-arm@2.1.1:
resolution: {integrity: sha512-ds0uikdcIGUjPyraV4oJqyVE5gl/qYBpa/Wnh6l6xLE2lj/hwnjT2XcZCChdXwW/YFZ1LUHs6waoYN8PmK0nKQ==}
cpu: [arm]
os: [linux]
requiresBuild: true
dev: false
optional: true
/@cbor-extract/cbor-extract-linux-x64@2.1.1:
resolution: {integrity: sha512-GVK+8fNIE9lJQHAlhOROYiI0Yd4bAZ4u++C2ZjlkS3YmO6hi+FUxe6Dqm+OKWTcMpL/l71N6CQAmaRcb4zyJuA==}
cpu: [x64]
os: [linux]
requiresBuild: true
dev: false
optional: true
/@cbor-extract/cbor-extract-win32-x64@2.1.1:
resolution: {integrity: sha512-2Niq1C41dCRIDeD8LddiH+mxGlO7HJ612Ll3D/E73ZWBmycued+8ghTr/Ho3CMOWPUEr08XtyBMVXAjqF+TcKw==}
cpu: [x64]
os: [win32]
requiresBuild: true
dev: false
optional: true
/@chainsafe/is-ip@2.0.2: /@chainsafe/is-ip@2.0.2:
resolution: {integrity: sha512-ndGqEMG1W5WkGagaqOZHpPU172AGdxr+LD15sv3WIUvT5oCFUrG1Y0CW/v2Egwj4JXEvSibaIIIqImsm98y1nA==} resolution: {integrity: sha512-ndGqEMG1W5WkGagaqOZHpPU172AGdxr+LD15sv3WIUvT5oCFUrG1Y0CW/v2Egwj4JXEvSibaIIIqImsm98y1nA==}
dev: false dev: false
@ -3239,33 +3290,13 @@ packages:
resolution: {integrity: sha512-Uy0+khmZqUrUGm5dmMqVlnvufZRSK0FbYzVgp0UMstm+F5+W2/jnEEQyc9vo1ZR/E5ZI/B1WjjoTqBqwJL6Krw==} resolution: {integrity: sha512-Uy0+khmZqUrUGm5dmMqVlnvufZRSK0FbYzVgp0UMstm+F5+W2/jnEEQyc9vo1ZR/E5ZI/B1WjjoTqBqwJL6Krw==}
dev: false dev: false
/@swc/cli@0.1.62(@swc/core@1.3.78):
resolution: {integrity: sha512-kOFLjKY3XH1DWLfXL1/B5MizeNorHR8wHKEi92S/Zi9Md/AK17KSqR8MgyRJ6C1fhKHvbBCl8wboyKAFXStkYw==}
engines: {node: '>= 12.13'}
hasBin: true
peerDependencies:
'@swc/core': ^1.2.66
chokidar: ^3.3.1
peerDependenciesMeta:
chokidar:
optional: true
dependencies:
'@mole-inc/bin-wrapper': 8.0.1
'@swc/core': 1.3.78
commander: 7.2.0
fast-glob: 3.3.1
semver: 7.5.4
slash: 3.0.0
source-map: 0.7.4
dev: true
/@swc/cli@0.1.62(@swc/core@1.3.78)(chokidar@3.3.1): /@swc/cli@0.1.62(@swc/core@1.3.78)(chokidar@3.3.1):
resolution: {integrity: sha512-kOFLjKY3XH1DWLfXL1/B5MizeNorHR8wHKEi92S/Zi9Md/AK17KSqR8MgyRJ6C1fhKHvbBCl8wboyKAFXStkYw==} resolution: {integrity: sha512-kOFLjKY3XH1DWLfXL1/B5MizeNorHR8wHKEi92S/Zi9Md/AK17KSqR8MgyRJ6C1fhKHvbBCl8wboyKAFXStkYw==}
engines: {node: '>= 12.13'} engines: {node: '>= 12.13'}
hasBin: true hasBin: true
peerDependencies: peerDependencies:
'@swc/core': ^1.2.66 '@swc/core': ^1.2.66
chokidar: ^3.3.1 chokidar: ^3.5.1
peerDependenciesMeta: peerDependenciesMeta:
chokidar: chokidar:
optional: true optional: true
@ -6229,7 +6260,7 @@ packages:
get-port: 5.1.1 get-port: 5.1.1
ioredis: 5.3.2 ioredis: 5.3.2
lodash: 4.17.21 lodash: 4.17.21
msgpackr: 1.9.7 msgpackr: 1.9.9
semver: 7.5.4 semver: 7.5.4
uuid: 8.3.2 uuid: 8.3.2
transitivePeerDependencies: transitivePeerDependencies:
@ -6401,6 +6432,28 @@ packages:
/caseless@0.12.0: /caseless@0.12.0:
resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==} resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==}
/cbor-extract@2.1.1:
resolution: {integrity: sha512-1UX977+L+zOJHsp0mWFG13GLwO6ucKgSmSW6JTl8B9GUvACvHeIVpFqhU92299Z6PfD09aTXDell5p+lp1rUFA==}
hasBin: true
requiresBuild: true
dependencies:
node-gyp-build-optional-packages: 5.0.3
optionalDependencies:
'@cbor-extract/cbor-extract-darwin-arm64': 2.1.1
'@cbor-extract/cbor-extract-darwin-x64': 2.1.1
'@cbor-extract/cbor-extract-linux-arm': 2.1.1
'@cbor-extract/cbor-extract-linux-arm64': 2.1.1
'@cbor-extract/cbor-extract-linux-x64': 2.1.1
'@cbor-extract/cbor-extract-win32-x64': 2.1.1
dev: false
optional: true
/cbor-x@1.5.4:
resolution: {integrity: sha512-PVKILDn+Rf6MRhhcyzGXi5eizn1i0i3F8Fe6UMMxXBnWkalq9+C5+VTmlIjAYM4iF2IYF2N+zToqAfYOp+3rfw==}
optionalDependencies:
cbor-extract: 2.1.1
dev: false
/cbor@8.1.0: /cbor@8.1.0:
resolution: {integrity: sha512-DwGjNW9omn6EwP70aXsn7FQJx5kO12tX0bZkaTjzdVFM6/7nhA4t0EENocKGx6D2Bch9PE2KzCUf5SceBdeijg==} resolution: {integrity: sha512-DwGjNW9omn6EwP70aXsn7FQJx5kO12tX0bZkaTjzdVFM6/7nhA4t0EENocKGx6D2Bch9PE2KzCUf5SceBdeijg==}
engines: {node: '>=12.19'} engines: {node: '>=12.19'}
@ -7592,17 +7645,6 @@ packages:
ms: 2.1.2 ms: 2.1.2
dev: false dev: false
/debug@4.3.4:
resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==}
engines: {node: '>=6.0'}
peerDependencies:
supports-color: '*'
peerDependenciesMeta:
supports-color:
optional: true
dependencies:
ms: 2.1.2
/debug@4.3.4(supports-color@8.1.1): /debug@4.3.4(supports-color@8.1.1):
resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==} resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==}
engines: {node: '>=6.0'} engines: {node: '>=6.0'}
@ -11475,7 +11517,7 @@ packages:
resolution: {integrity: sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==} resolution: {integrity: sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==}
engines: {node: '>=10'} engines: {node: '>=10'}
dependencies: dependencies:
debug: 4.3.4 debug: 4.3.4(supports-color@8.1.1)
istanbul-lib-coverage: 3.2.0 istanbul-lib-coverage: 3.2.0
source-map: 0.6.1 source-map: 0.6.1
transitivePeerDependencies: transitivePeerDependencies:
@ -13440,8 +13482,8 @@ packages:
dev: false dev: false
optional: true optional: true
/msgpackr@1.9.7: /msgpackr@1.9.9:
resolution: {integrity: sha512-baUNaLvKQvVhzfWTNO07njwbZK1Lxjtb0P1JL6/EhXdLTHzR57/mZqqJC39TtQKvOmkJA4pcejS4dbk7BDgLLA==} resolution: {integrity: sha512-sbn6mioS2w0lq1O6PpGtsv6Gy8roWM+o3o4Sqjd6DudrL/nOugY+KyJUimoWzHnf9OkO0T6broHFnYE/R05t9A==}
optionalDependencies: optionalDependencies:
msgpackr-extract: 3.0.2 msgpackr-extract: 3.0.2
dev: false dev: false
@ -13629,6 +13671,12 @@ packages:
fetch-blob: 3.2.0 fetch-blob: 3.2.0
formdata-polyfill: 4.0.10 formdata-polyfill: 4.0.10
/node-gyp-build-optional-packages@5.0.3:
resolution: {integrity: sha512-k75jcVzk5wnnc/FMxsf4udAoTEUv2jY3ycfdSd3yWu6Cnd1oee6/CfZJApyscA4FJOmdoixWwiwOyf16RzD5JA==}
hasBin: true
dev: false
optional: true
/node-gyp-build-optional-packages@5.0.7: /node-gyp-build-optional-packages@5.0.7:
resolution: {integrity: sha512-YlCCc6Wffkx0kHkmam79GKvDQ6x+QZkMjFGrIMxgFNILFvGSbCp2fCBC55pGTT9gVaz8Na5CLmxt/urtzRv36w==} resolution: {integrity: sha512-YlCCc6Wffkx0kHkmam79GKvDQ6x+QZkMjFGrIMxgFNILFvGSbCp2fCBC55pGTT9gVaz8Na5CLmxt/urtzRv36w==}
hasBin: true hasBin: true