MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Much shorter guest sharing URLs.

This commit is contained in:
Ylian Saint-Hilaire 2021-09-11 22:58:44 -07:00
parent c0a61b4ec1
commit dc1c89ee93
2 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
meshuser.js
View File

@ -4694,9 +4694,10 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
expireTime = command.end * 1000;
}
var cookie = { a: 5, p: command.p, uid: user._id, gn: command.guestname, nid: node._id, cf: command.consent, pid: publicid };
if ((startTime != null) && (expireTime != null)) { command.start = cookie.start = startTime; command.expire = cookie.expire = expireTime; }
if (command.viewOnly === true) { cookie.vo = 1; }
//var cookie = { a: 5, p: command.p, uid: user._id, gn: command.guestname, nid: node._id, cf: command.consent, pid: publicid };
var cookie = { a: 6, pid: publicid };
//if ((startTime != null) && (expireTime != null)) { command.start = cookie.start = startTime; command.expire = cookie.expire = expireTime; }
//if (command.viewOnly === true) { cookie.vo = 1; }
const inviteCookie = parent.parent.encodeCookie(cookie, parent.parent.invitationLinkEncryptionKey);
if (inviteCookie == null) { if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'createDeviceShareLink', responseid: command.responseid, result: 'Unable to generate shareing cookie' })); } catch (ex) { } } return; }

29
webserver.js
View File

@ -3477,8 +3477,35 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Check the inbound guest sharing cookie
var c = obj.parent.decodeCookie(req.query.c, obj.parent.invitationLinkEncryptionKey, 9999999999); // Decode cookies with unlimited time.
if ((c == null) || (c.a !== 5) || (typeof c.p !== 'number') || (c.p < 1) || (c.p > 7) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
if (c == null) { res.sendStatus(404); return; }
if (c.a === 5) {
// This is the older style sharing cookie with everything encoded within it.
// This cookie style gives a very large URL, so it's not used anymore.
if ((typeof c.p !== 'number') || (c.p < 1) || (c.p > 7) || (typeof c.uid != 'string') || (typeof c.nid != 'string') || (typeof c.gn != 'string') || (typeof c.cf != 'number') || (typeof c.pid != 'string')) { res.sendStatus(404); return; }
handleSharingRequestEx(req, res, domain, c);
return;
}
if (c.a === 6) {
// This is the new style sharing cookie, just encodes the pointer to the sharing information in the database.
// Gives a much more compact URL.
if (typeof c.pid != 'string') { res.sendStatus(404); return; }
obj.db.Get('deviceshare-' + c.pid, function (err, docs) {
if ((err != null) || (docs == null) || (docs.length != 1)) { res.sendStatus(404); return; }
const doc = docs[0];
// Generate an old style cookie from the information in the database
var cookie = { a: 5, p: doc.p, uid: doc.userid, gn: doc.guestName, nid: doc.nodeid, cf: doc.consent, pid: doc.publicid };
if ((doc.startTime != null) && (doc.expireTime != null)) { cookie.start = doc.startTime; cookie.expire = doc.expireTime; }
if (doc.viewOnly === true) { cookie.vo = 1; }
handleSharingRequestEx(req, res, domain, cookie);
});
return;
}
res.sendStatus(404); return;
}
// Serve the guest sharing page
function handleSharingRequestEx(req, res, domain, c) {
// Check the expired time, expire message.
if ((c.expire != null) && (c.expire <= Date.now())) { render(req, res, getRenderPage((domain.sitestyle == 2) ? 'message2' : 'message', req, domain), getRenderArgs({ titleid: 2, msgid: 12, domainurl: encodeURIComponent(domain.url).replace(/'/g, '%27') }, req, domain)); return; }