From f1981b24093414bc55461be0b86673b4ee6e696f Mon Sep 17 00:00:00 2001 From: James Gibson Date: Sat, 10 Jun 2023 17:47:21 -0500 Subject: [PATCH 1/2] add opt.validate functions peerIn, peerOut and dataIn --- gun.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/gun.js b/gun.js index b1f3680e6..d2f4ad611 100644 --- a/gun.js +++ b/gun.js @@ -306,7 +306,7 @@ } function put(msg){ if(!msg){ return } - var ctx = msg._||'', root = ctx.root = ((ctx.$ = msg.$||'')._||'').root; + var ctx = msg._||'', root = ctx.root = ((ctx.$ = msg.$||'')._||'').root, opt = root.opt; if(msg['@'] && ctx.faith && !ctx.miss){ // TODO: AXE may split/route based on 'put' what should we do here? Detect @ in AXE? I think we don't have to worry, as DAM will route it on @. msg.out = universe; root.on('out', msg); @@ -350,6 +350,9 @@ if(u === state){ err = ERR+cut(key)+"on"+cut(soul)+"no state."; break } if(!valid(val)){ err = ERR+cut(key)+"on"+cut(soul)+"bad "+(typeof val)+cut(val); break } //ctx.all++; //ctx.ack[soul+key] = ''; + if( opt.validate && opt.validate.dataIn && !opt.validate.dataIn( val, key, soul, state, msg) ){ + err = ERR+`Invalid data: ${cut(soul)}.${cut(key)}:${cut(val)}`; break + } ham(val, key, soul, state, msg); ++C; // courtesy count; } @@ -1410,6 +1413,10 @@ var S = peer.SH = +new Date; var tmp = raw[0], msg; //raw && raw.slice && console.log("hear:", ((peer.wire||'').headers||'').origin, raw.length, raw.slice && raw.slice(0,50)); //tc-iamunique-tc-package-ds1 + if( opt.validate && opt.validate.peerIn && !opt.validate.peerIn( raw, peer, root ) ){ + return mesh.say({ dam: '!', err: "Message invalid."}, peer) + } + if('[' === tmp){ parse(raw, function(err, msg){ if(err || !msg){ return mesh.say({dam: '!', err: "DAM JSON parse error."}, peer) } @@ -1548,6 +1555,9 @@ if(id === peer.last){ return } peer.last = id; // was it just sent? if(peer === meta.via){ return false } // don't send back to self. if((tmp = meta.yo) && (tmp[peer.url] || tmp[peer.pid] || tmp[peer.id]) /*&& !o*/){ return false } + if( opt.validate && opt.validate.peerOut && !opt.validate.peerOut( raw, peer, msg ) ){ + return false + } console.STAT && console.STAT(S, ((DBG||meta).yp = +new Date) - (meta.y || S), 'say prep'); !loop && ack && dup_track(ack); // streaming long responses needs to keep alive the ack. if(peer.batch){ From 26b1a1cacef3442626b05b71d9dba28555889383 Mon Sep 17 00:00:00 2001 From: James Gibson Date: Wed, 14 Jun 2023 21:39:45 -0500 Subject: [PATCH 2/2] remove validate.dataIn,since events work just as well --- gun.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/gun.js b/gun.js index d2f4ad611..5f9af573e 100644 --- a/gun.js +++ b/gun.js @@ -306,7 +306,7 @@ } function put(msg){ if(!msg){ return } - var ctx = msg._||'', root = ctx.root = ((ctx.$ = msg.$||'')._||'').root, opt = root.opt; + var ctx = msg._||'', root = ctx.root = ((ctx.$ = msg.$||'')._||'').root; if(msg['@'] && ctx.faith && !ctx.miss){ // TODO: AXE may split/route based on 'put' what should we do here? Detect @ in AXE? I think we don't have to worry, as DAM will route it on @. msg.out = universe; root.on('out', msg); @@ -350,9 +350,6 @@ if(u === state){ err = ERR+cut(key)+"on"+cut(soul)+"no state."; break } if(!valid(val)){ err = ERR+cut(key)+"on"+cut(soul)+"bad "+(typeof val)+cut(val); break } //ctx.all++; //ctx.ack[soul+key] = ''; - if( opt.validate && opt.validate.dataIn && !opt.validate.dataIn( val, key, soul, state, msg) ){ - err = ERR+`Invalid data: ${cut(soul)}.${cut(key)}:${cut(val)}`; break - } ham(val, key, soul, state, msg); ++C; // courtesy count; }