From deb14c412f1ac6e6ac25df334253a49cb4e38ad8 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 13 Jul 2023 14:12:47 +0200 Subject: [PATCH] Fix XXX --- customize.dist/login.js | 6 ------ lib/decrees.js | 2 +- lib/hk-util.js | 11 +++++++---- lib/http-worker.js | 2 +- lib/storage/basic.js | 2 +- lib/storage/block.js | 2 +- lib/storage/sessions.js | 6 ------ scripts/translations/lint-translations.js | 2 +- server.js | 4 ++-- www/auth/main.js | 6 +++--- www/checkup/main.js | 4 ++-- www/common/cryptpad-common.js | 4 ++-- www/common/inner/share.js | 6 ++---- www/common/media-tag.js | 2 +- www/common/outer/async-store.js | 1 - www/integration/main.js | 2 -- www/nextcloud/main.js | 6 +++++- www/recovery/main.js | 3 +-- www/secureiframe/main.js | 1 + 19 files changed, 31 insertions(+), 41 deletions(-) diff --git a/customize.dist/login.js b/customize.dist/login.js index 2dfc41fa4..cc3ae191a 100644 --- a/customize.dist/login.js +++ b/customize.dist/login.js @@ -499,12 +499,6 @@ define([ // Finally, create the login block for the object you just created. var toPublish = {}; -// XXX I did some basic testing and searching and could not find this attribute -// actually being used anywhere. Including it means either supporting arbitrarily -// large blocks (a DoS vector) or having registration fail for large usernames. -// Can someone please double-check that removing this doesn't break anything? -// --Aaron - //toPublish[Constants.userNameKey] = uname; toPublish[Constants.userHashKey] = userHash; toPublish.edPublic = RT.proxy.edPublic; diff --git a/lib/decrees.js b/lib/decrees.js index 8f4b53ad8..ddeea084d 100644 --- a/lib/decrees.js +++ b/lib/decrees.js @@ -374,7 +374,7 @@ var handleCommand = Decrees.handleCommand = function (Env, line) { var outcome = commands[command](Env, args); if (outcome) { // trigger Env change event... - Env.envUpdated.fire(); // XXX + Env.envUpdated.fire(); } return outcome; }; diff --git a/lib/hk-util.js b/lib/hk-util.js index 9d0f65433..455964ccb 100644 --- a/lib/hk-util.js +++ b/lib/hk-util.js @@ -40,6 +40,9 @@ const ADMIN_CHANNEL_LENGTH = HK.ADMIN_CHANNEL_LENGTH = 33; // with a 34 character id const EPHEMERAL_CHANNEL_LENGTH = HK.EPHEMERAL_CHANNEL_LENGTH = 34; +// Temporary channels are archived X ms after everyone has left them +const TEMPORARY_CHANNEL_LIFETIME = 30 * 1000; + const tryParse = HK.tryParse = function (Env, str) { try { return JSON.parse(str); @@ -138,8 +141,8 @@ const dropChannel = HK.dropChannel = function (Env, chanName) { delete Env.channel_cache[chanName]; if (meta && meta.selfdestruct && Env.selfDestructTo) { Env.selfDestructTo[chanName] = setTimeout(function () { - expireChannel(Env, chanName); // XXX add new function? - }, 30*1000); // XXX CONSTANT XXX XXX XXX + expireChannel(Env, chanName); + }, TEMPORARY_CHANNEL_LIFETIME); } }; @@ -484,8 +487,8 @@ const getHistoryOffset = (Env, channelName, lastKnownHash, _cb) => { cb(null, lkh); })); }).nThen((w) => { - // XXX entire block and getHashOffset to remove? - + // If we're here it means we asked for a lastKnownHash but it is old (not in the index) + // and this is not a "chainpad" channel so we can't recover from a checkpoint. // skip past this block if the offset is anything other than -1 // this basically makes these first two nThen blocks behave like if-else diff --git a/lib/http-worker.js b/lib/http-worker.js index 023d0cf3f..a8ac7605e 100644 --- a/lib/http-worker.js +++ b/lib/http-worker.js @@ -91,7 +91,7 @@ process.on('message', msg => { return void ev(msg.data, () => {}); } } - console.error("UNHANDLED_MESSAGE", msg); // XXX + //console.error("UNHANDLED_MESSAGE", msg); }); diff --git a/lib/storage/basic.js b/lib/storage/basic.js index 92854a0fa..c164cceae 100644 --- a/lib/storage/basic.js +++ b/lib/storage/basic.js @@ -52,7 +52,7 @@ Basic.write = function (Env, path, data, cb) { }); }; -// XXX I didn't bother implementing the usual "archive/restore/delete-from-archives" methods +// TODO I didn't bother implementing the usual "archive/restore/delete-from-archives" methods // because they didn't seem particularly important for the data implemented with this module. // They're still worth considering, though, so don't let my ommission stop you. // Login blocks could probably be implemented with this module if these methods were supported. diff --git a/lib/storage/block.js b/lib/storage/block.js index 9f02fc02b..d0bd29cbf 100644 --- a/lib/storage/block.js +++ b/lib/storage/block.js @@ -116,7 +116,7 @@ Block.check = function (Env, publicKey, _cb) { // 'check' because 'exists' impli Fs.access(path, Fs.constants.F_OK, cb); }; -Block.MAX_SIZE = 256; // XXX confirm that this is sufficient, prevent user inputs that would result in larger blocks +Block.MAX_SIZE = 256; Block.write = function (Env, publicKey, buffer, _cb) { var cb = Util.once(Util.mkAsync(_cb)); diff --git a/lib/storage/sessions.js b/lib/storage/sessions.js index f31151ec8..b5f494447 100644 --- a/lib/storage/sessions.js +++ b/lib/storage/sessions.js @@ -56,9 +56,3 @@ Sessions.deleteUser = function (Env, id, cb) { }); }; -// XXX All of a user's sessions should be removed When a user deletes their account -// The fact that each user is given their own publicKey-scoped directory makes them easy -// to remove all at once. Nodejs provides an easy way to `rm -rf` since 14.14.0: -// Fs.rm(dir, { recursive: true, force: true }, console.log) -// just be careful to validate the directory's path -// --Aaron diff --git a/scripts/translations/lint-translations.js b/scripts/translations/lint-translations.js index 6cdea090c..0c93ea9f2 100644 --- a/scripts/translations/lint-translations.js +++ b/scripts/translations/lint-translations.js @@ -170,7 +170,7 @@ var processLang = function (map, lang, primary) { console.log(); } - //if (mismatchedTags.length) { console.log(mismatchedTags); } // XXX + //if (mismatchedTags.length) { console.log(mismatchedTags); } // TODO } }); }; diff --git a/server.js b/server.js index b8d23922a..8c295fef9 100644 --- a/server.js +++ b/server.js @@ -154,7 +154,7 @@ nThen(function (w) { }; var broadcast = (command, data, cb) => { - cb = cb; // XXX nThen/concurrency + cb = cb; // TODO nThen/concurrency for (const worker of Object.values(Cluster.workers)) { sendCommand(worker, command, data /*, cb */); } @@ -187,7 +187,7 @@ nThen(function (w) { }); } if (Env.OFFLINE_MODE) { return; } - //if (Env.websocketPath) { return; } // XXX + if (Env.websocketPath) { return; } require("./lib/api").create(Env); }); diff --git a/www/auth/main.js b/www/auth/main.js index 6407c4546..168718cdb 100644 --- a/www/auth/main.js +++ b/www/auth/main.js @@ -63,7 +63,7 @@ Note: The login process performs many checks, confirming that crentials point to h('div.bordered#totp-app-config', [ h('h2#app', "TOTP app configuration"), - h('blockquote', `// XXX TOTP app configuration notes + h('blockquote', `// TOTP app configuration notes Time-based One-Time Passwords are generated using a relatively simple algorithm which uses: 1. a hash function @@ -126,7 +126,7 @@ Scan the generated code with your preferred app so that you can generate a code h('div.bordered', [ h('h2#setup', "MFA account settings"), h('blockquote', -`// XXX MFA account settings notes +`// MFA account settings notes Once you have: @@ -158,7 +158,7 @@ Note: This must currently be reversed manually (by deleting the mfa config file) document.body.appendChild(main); - // XXX hack to make the page jump to a given element once the content has been rendered + // hack to make the page jump to a given element once the content has been rendered window.location.hash = window.location.hash; // Key derivation diff --git a/www/checkup/main.js b/www/checkup/main.js index daec5d50b..a49e90df5 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -1192,7 +1192,7 @@ define([ assert(function (cb, msg) { var url = new URL(relativeURL, trimmedUnsafe).href; Tools.common_xhr(url, xhr => { - var span = h('span', h('p', '// XXX DEBUGGING DUPLICATED HEADERS')); + var span = h('span', h('p', '// DEBUGGING DUPLICATED HEADERS')); var duplicated = false; var pre = []; @@ -1270,7 +1270,7 @@ define([ // check if they provide legal data assert(function (cb, msg) { - if (true) { return void cb(true); } // XXX stubbed while we determine whether this is necessary + if (true) { return void cb(true); } // FIXME stubbed while we determine whether this is necessary if (ApiConfig.restrictRegistration) { return void cb(true); } var url = Pages.customURLs.imprint; diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index fbb26ddeb..867d59e9a 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -2447,8 +2447,8 @@ define([ // the login page, where they will be able to authenticate // and request a new JWT - // XXX We may only require them to provid a new TOTP code here - // instead of redirecting them to the login page + // TODO Re-authenticate without user password? We'd need another way + // to send the OTP code to the server waitFor.abort(); return void LocalStore.logout(function () { diff --git a/www/common/inner/share.js b/www/common/inner/share.js index 765985d9e..938f412f3 100644 --- a/www/common/inner/share.js +++ b/www/common/inner/share.js @@ -848,13 +848,11 @@ define([ title: Messages.share_linkCategory, icon: "fa fa-link", active: !contactsActive, - /* XXX QR-code tab - }, { + }, window.CP_DEV_MODE ? { // XXX enable for all getTab: getQRTab, title: Messages.share_QRCategory, icon: 'fa fa-qrcode', - */ - }]; + } : undefined].filter(Boolean); if (!opts.static && ApiConfig.enableEmbedding && embeddableApps.includes(pathname)) { tabs.push({ getTab: getEmbedTab, diff --git a/www/common/media-tag.js b/www/common/media-tag.js index 1e76cfc0b..ffc024857 100644 --- a/www/common/media-tag.js +++ b/www/common/media-tag.js @@ -3,7 +3,7 @@ var factory = function () { var Promise = window.Promise; var cache; var cypherChunkLength = 131088; - var sendCredentials = window.sendCredentials || false; // XXX find a logical place to infer whether this should be set + var sendCredentials = window.sendCredentials || false; // XXX SSO find a logical place to infer whether this should be set // Save a blob on the file system var saveFile = function (blob, url, fileName) { diff --git a/www/common/outer/async-store.js b/www/common/outer/async-store.js index eabcebcf8..48b332039 100644 --- a/www/common/outer/async-store.js +++ b/www/common/outer/async-store.js @@ -739,7 +739,6 @@ define([ list.push(m.channel); }); } - // XXX calendars } else { list = store.manager.getChannelsList('owned'); /* diff --git a/www/integration/main.js b/www/integration/main.js index feee1dd45..c36c6869f 100644 --- a/www/integration/main.js +++ b/www/integration/main.js @@ -69,8 +69,6 @@ define([ var chan = makeChan(); var isNew = false; - // Make a HEAD request to the servre to check if a file exists in datastore - // XXX update nginx config var checkSession = function (oldKey, cb) { var channel = Hash.hrefToHexChannelId(Hash.hashToHref(oldKey)); var prefix = channel.slice(0,2); diff --git a/www/nextcloud/main.js b/www/nextcloud/main.js index c562ee922..96042e5bf 100644 --- a/www/nextcloud/main.js +++ b/www/nextcloud/main.js @@ -6,8 +6,12 @@ define([ if (window.top !== window) { return; } $(function () { + // TODO + // This is a test application + // It can be used to embed another cryptpad instance using the new API + console.log(Api); - var permaKey = localStorage.CP_test_API_key || '/2/integration/edit/X3RlrgR2JhA0rI+PJ3rXufsQ/'; // XXX + var permaKey = localStorage.CP_test_API_key || '/2/integration/edit/X3RlrgR2JhA0rI+PJ3rXufsQ/'; var key = window.location.hash ? window.location.hash.slice(1) : permaKey; window.location.hash = key; diff --git a/www/recovery/main.js b/www/recovery/main.js index 4f236a03b..fc620052c 100644 --- a/www/recovery/main.js +++ b/www/recovery/main.js @@ -94,7 +94,7 @@ define([ var revokeTOTP = function () { var recoveryKey = $recoveryKey.val().trim(); if (!recoveryKey || recoveryKey.length !== 32) { - return void UI.warn(Messages.error); // XXX error message? + return void UI.warn(Messages.error); } ServerCommand(blockKeys.sign, { command: 'TOTP_REVOKE', @@ -105,7 +105,6 @@ define([ console.error(err, response); return void UI.warn(Messages.error); } - // XXX redirect to login? UI.log(Messages.ui_success); LocalStore.login(undefined, blockHash, uname, function () { Login.redirect(); diff --git a/www/secureiframe/main.js b/www/secureiframe/main.js index cce4a6ae6..b5d717753 100644 --- a/www/secureiframe/main.js +++ b/www/secureiframe/main.js @@ -108,6 +108,7 @@ define([ propChannels: config.data.getPropChannels(), isTemplate: isTemplate, file: config.data.file, + devMode: localStorage.CryptPad_dev === '1', secureIframe: true, }; for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; }