v/deskreen
1
0
Fork 0
mirror of https://github.com/pavlobu/deskreen.git synced 2025-05-19 08:50:17 -07:00
Code Issues Projects Releases Wiki Activity

Merge pull request #64 from pavlobu/secure

Browse Source 
security patch, update electron to 11.2.1, release v1.0.2
This commit is contained in:
Pavlo Buidenkov 2021-01-27 12:43:50 +02:00 committed by GitHub
commit 967dd30651
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 108 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/client/src/features/PeerConnection/ReceiveEncryptedMessagePayload.d.ts vendored
View File

@ -1,4 +1,5 @@
interface ReceiveEncryptedMessagePayload {
fromSocketID: string;
payload: string;
signature: string;
iv: string;

13
app/client/src/features/PeerConnection/peerConnectionHandleSocket.spec.ts
View File

@ -162,19 +162,6 @@ describe('peerConnectionHandleSocket callback', () => {
expect(peerConnection.UIHandler.setMyDeviceDetails).toBeCalled();
});
it('should call sendEncryptedMessage with ADD_USER type', () => {
peerConnectionHandleSocket(peerConnection);
peerConnection.socket.emit('USER_ENTER', {
users: [{ username: 'asdf', publicKey: '1234' }],
});
expect(peerConnection.sendEncryptedMessage).toBeCalledWith({
type: 'ADD_USER',
payload: expect.anything(),
});
});
it('should call sendEncryptedMessage with DEVICE_DETAILS type', () => {
peerConnectionHandleSocket(peerConnection);

12
app/client/src/features/PeerConnection/peerConnectionHandleSocket.ts
View File

@ -60,22 +60,10 @@ export default (peerConnection: PeerConnection) => {
if (!peerConnection.partner) return;
// TODO: ADD_USER is actually not used, so will remove this code from host and client, this is no use...
peerConnection.sendEncryptedMessage({
type: 'ADD_USER',
payload: {
username: peerConnection.user.username,
publicKey: peerConnection.user.publicKey,
isOwner: true,
id: peerConnection.user.username,
},
});
peerConnection.sendEncryptedMessage({
type: 'DEVICE_DETAILS',
// TODO: add deviceIP in this payload
payload: {
socketID: peerConnection.socket.io.engine.id, // TODO: maybe this socketID can be actually retrieved by host? so there will be no use for client to send it? need to check
os: peerConnection.myDeviceDetails.myOS,
deviceType: peerConnection.myDeviceDetails.myDeviceType,
browser: peerConnection.myDeviceDetails.myBrowser,

1
app/features/PeerConnection/ReceiveEncryptedMessagePayload.d.ts vendored
View File

@ -1,5 +1,6 @@
interface ReceiveEncryptedMessagePayload {
payload: string;
fromSocketID: string;
signature: string;
iv: string;
keys: { sessionKey: string; signingKey: string }[];

4
app/features/PeerConnection/handleRecieveEncryptedMessage.spec.ts
View File

@ -39,7 +39,9 @@ const TEST_DEVICE_DETAILS_PAYLOAD = {
deviceScreenHeight: 480,
};
const TEST_DUMMY_ENCRYPTED_MESSAGE_PAYLOAD = ({} as unknown) as ReceiveEncryptedMessagePayload;
const TEST_DUMMY_ENCRYPTED_MESSAGE_PAYLOAD = ({
fromSocketID: '2411',
} as unknown) as ReceiveEncryptedMessagePayload;
describe('handleRecieveEncryptedMessage.ts', () => {
let peerConnection: PeerConnection;

2
app/features/PeerConnection/handleRecieveEncryptedMessage.ts
View File

@ -32,7 +32,7 @@ export default async function handleRecieveEncryptedMessage(
if (message.type === 'DEVICE_DETAILS') {
peerConnection.socket.emit(
'GET_IP_BY_SOCKET_ID',
message.payload.socketID,
payload.fromSocketID,
(deviceIP: string) => {
// TODO: need to add myIP in client message.payload.myIP, then if retrieved deviceIP and myIP from client don't match, we were spoofed, then we can interrupt connection immediately!
handleDeviceIPMessage(deviceIP, peerConnection, message);

19
app/features/PeerConnection/handleSocketUserEnter.spec.ts
View File

@ -81,25 +81,6 @@ describe('handleSocketUserEnter callback', () => {
expect(peerConnection.partner).toBe(TEST_PARTNER_USER);
});
it('should set .sendEncryptedMessage with proper payload as it is an owner of room', () => {
const TEST_SEND_MESSAGE_PAYLOAD = {
type: 'ADD_USER',
payload: {
username: peerConnection.user.username,
publicKey: peerConnection.user.publicKey,
isOwner: true,
id: peerConnection.user.username,
},
};
peerConnection.sendEncryptedMessage = jest.fn();
handleSocketUserEnter(peerConnection, TEST_PAYLOAD);
expect(peerConnection.sendEncryptedMessage).toBeCalledWith(
TEST_SEND_MESSAGE_PAYLOAD
);
});
it('should call toggleLockRoom with true', () => {
peerConnection.toggleLockRoom = jest.fn();

11
app/features/PeerConnection/handleSocketUserEnter.ts
View File

@ -10,17 +10,6 @@ export default (
[peerConnection.partner] = filteredPartner;
// TODO: ADD_USER is actually not used, so will remove this code from host and client, this is no use...
peerConnection.sendEncryptedMessage({
type: 'ADD_USER',
payload: {
username: peerConnection.user.username,
publicKey: peerConnection.user.publicKey,
isOwner: true,
id: peerConnection.user.username,
},
});
if (peerConnection.partner.publicKey !== '') {
// peerConnection.socket.emit('TOGGLE_LOCK_ROOM', null, () => {});
// peerConnection.isSocketRoomLocked = true;

2
app/package-lock.json generated
View File

@ -1,5 +1,5 @@
{
"name": "Deskreen",
"version": "1.0.1",
"version": "1.0.2",
"lockfileVersion": 1
}

4
app/package.json
View File

@ -1,8 +1,8 @@
{
"name": "deskreen",
"productName": "Deskreen",
"version": "1.0.1",
"description": "Deskreen makes any device a second screen for your computer",
"version": "1.0.2",
"description": "Deskreen turns any device into a second screen for your computer",
"main": "./main.prod.js",
"author": {
"name": "Pavlo (Paul) Buidenkov",

36
app/server/darkwireSocket.spec.ts
View File

@ -393,25 +393,53 @@ describe('DarkwireSocket tests', () => {
});
describe('when socket.on("GET_IP_BY_SOCKET_ID" callback occured', () => {
describe('when it was called by localhost(127.0.0.1) socket IP', () => {
it('should call acknowledgeFunction with proper ip', () => {
const testIP = '123.231.121.111';
// @ts-ignore
socketsIPService.getSocketIPByID.mockImplementationOnce(() => testIP);
socketsIPService.getSocketIPByID.mockImplementationOnce(
() => testIP
);
const darkwireSocket = new DarkwireSocket(
makeTestDarkwireSocketOPTS()
);
darkwireSocket.socket.request.connection.remoteAddress =
'127.0.0.1';
darkwireSocket.handleSocket();
const getMyIpBySocketIdCallback =
const getIpBySocketIdCallback =
// @ts-ignore
darkwireSocket.socket.on.mock.calls[1][1];
const acknowledgeFunctionMock = jest.fn();
getMyIpBySocketIdCallback(undefined, acknowledgeFunctionMock);
getIpBySocketIdCallback(undefined, acknowledgeFunctionMock);
expect(acknowledgeFunctionMock).toBeCalledWith(testIP);
});
});
describe('when it was called by NOT localhost(127.0.0.1) socket IP', () => {
it('should NOT call acknowledgeFunction with proper ip', () => {
const testIP = '123.231.121.111';
// @ts-ignore
socketsIPService.getSocketIPByID.mockImplementationOnce(
() => testIP
);
const darkwireSocket = new DarkwireSocket(
makeTestDarkwireSocketOPTS()
);
darkwireSocket.socket.request.connection.remoteAddress =
'192.168.45.123';
darkwireSocket.handleSocket();
const getIpBySocketIdCallback =
// @ts-ignore
darkwireSocket.socket.on.mock.calls[1][1];
const acknowledgeFunctionMock = jest.fn();
getIpBySocketIdCallback(undefined, acknowledgeFunctionMock);
expect(acknowledgeFunctionMock).not.toBeCalledWith(testIP);
});
});
});
describe('when socket.on("IS_ROOM_LOCKED" callback occured', () => {
it('should call acknowledgeFunction with room.isLocked', async () => {
const darkwireSocket = new DarkwireSocket(

13
app/server/darkwireSocket.ts
View File

@ -20,6 +20,10 @@ interface SocketOPTS {
roomIdOriginal: string;
}
function isLocalhostSocket(socket: Io.Socket) {
return socket.request.connection.remoteAddress.includes(LOCALHOST_SOCKET_IP);
}
export default class Socket implements SocketOPTS {
roomId: string;
@ -90,7 +94,9 @@ export default class Socket implements SocketOPTS {
});
this.socket.on('GET_IP_BY_SOCKET_ID', (socketID, acknowledgeFunction) => {
// TODO: for security only allow localhost to use this socket event! right now it may be emitted by client which may be not secure. The purpose of this event is for host to get the actual IP of connected client socket and compare them with what was sent by client in DEVICE_DETAILS.
if (!isLocalhostSocket(this.socket)) {
return;
}
acknowledgeFunction(socketsIPService.getSocketIPByID(socketID));
});
@ -100,6 +106,7 @@ export default class Socket implements SocketOPTS {
});
this.socket.on('ENCRYPTED_MESSAGE', (payload) => {
payload.fromSocketID = this.socket.id;
this.socket.to(this.roomId).emit('ENCRYPTED_MESSAGE', payload);
});
@ -140,9 +147,7 @@ export default class Socket implements SocketOPTS {
{
socketId: this.socket.id,
publicKey: payload.publicKey,
isOwner: this.socket.request.connection.remoteAddress.includes(
LOCALHOST_SOCKET_IP
),
isOwner: isLocalhostSocket(this.socket),
ip: payload.ip ? payload.ip : '', // TODO: remove as it is not used
},
],

1
app/utils/ProcessedMessage.d.ts vendored
View File

@ -8,7 +8,6 @@ type CallAcceptedMessageWithPayload = {
type DeviceDetailsMessageWithPayload = {
type: 'DEVICE_DETAILS';
payload: {
socketID: string;
deviceType: string;
os: string;
browser: string;

8
package.json
View File

@ -1,8 +1,8 @@
{
"name": "deskreen",
"productName": "Deskreen",
"version": "1.0.1",
"description": "Deskreen makes any device a second screen for your computer",
"version": "1.0.2",
"description": "Deskreen turns any device into a second screen for your computer",
"scripts": {
"build": "yarn build-client && yarn build-main && yarn build-renderer",
"build-test": "yarn build-main-test && yarn build-renderer-test && yarn build-client",
@ -327,7 +327,7 @@
"classnames": "^2.2.6",
"clsx": "^1.1.1",
"connected-react-router": "^6.6.1",
"electron": "^10.1.5",
"electron": "^11.2.1",
"electron-debug": "^3.1.0",
"electron-log": "^4.2.2",
"electron-settings": "^4.0.2",
@ -376,7 +376,7 @@
"yarn": ">=0.21.3"
},
"collective": {
"url": "TODO: add collective page"
"url": "https://opencollective.com/deskreen"
},
"browserslist": [],
"prettier": {

56
yarn.lock
View File

@ -1160,16 +1160,17 @@
ajv-keywords "^3.4.1"
"@electron/get@^1.0.1":
version "1.12.2"
resolved "https://registry.npmjs.org/@electron/get/-/get-1.12.2.tgz#6442066afb99be08cefb9a281e4b4692b33764f3"
integrity sha512-vAuHUbfvBQpYTJ5wB7uVIDq5c/Ry0fiTBMs7lnEYAo/qXXppIVcWdfBr57u6eRnKdVso7KSiH6p/LbQAG6Izrg==
version "1.12.3"
resolved "https://registry.npmjs.org/@electron/get/-/get-1.12.3.tgz#fa2723385c4b565a34c4c82f46087aa2a5fbf6d0"
integrity sha512-NFwSnVZQK7dhOYF1NQCt+HGqgL1aNdj0LUSx75uCqnZJqyiWCVdAMFV4b4/kC8HjUJAnsvdSEmjEt4G2qNQ9+Q==
dependencies:
debug "^4.1.1"
env-paths "^2.2.0"
filenamify "^4.1.0"
fs-extra "^8.1.0"
got "^9.6.0"
progress "^2.0.3"
sanitize-filename "^1.6.2"
semver "^6.2.0"
sumchecker "^3.0.1"
optionalDependencies:
global-agent "^2.0.2"
@ -2019,7 +2020,7 @@
resolved "https://registry.npmjs.org/@types/node/-/node-14.14.16.tgz#3cc351f8d48101deadfed4c9e4f116048d437b4b"
integrity sha512-naXYePhweTi+BMv11TgioE2/FXU4fSl29HAH1ffxVciNsH3rYXjNP2yM8wqmSm7jS20gM8TIklKiTen+1iVncw==
"@types/node@12", "@types/node@^12.0.12":
"@types/node@12":
version "12.19.11"
resolved "https://registry.npmjs.org/@types/node/-/node-12.19.11.tgz#9220ab4b20d91169eb78f456dbfcbabee89dfb50"
integrity sha512-bwVfNTFZOrGXyiQ6t4B9sZerMSShWNsGRw8tC5DY1qImUNczS9SjT4G6PnzjCnxsu5Ubj6xjL2lgwddkxtQl5w==
@ -2029,6 +2030,11 @@
resolved "https://registry.npmjs.org/@types/node/-/node-10.17.50.tgz#7a20902af591282aa9176baefc37d4372131c32d"
integrity sha512-vwX+/ija9xKc/z9VqMCdbf4WYcMTGsI0I/L/6shIF3qXURxZOhPQlPRHtjTpiNhAwn0paMJzlOQqw6mAGEQnTA==
"@types/node@^12.0.12":
version "12.19.15"
resolved "https://registry.npmjs.org/@types/node/-/node-12.19.15.tgz#0de7e978fb43db62da369db18ea088a63673c182"
integrity sha512-lowukE3GUI+VSYSu6VcBXl14d61Rp5hA1D+61r16qnwC0lYNSqdxcvRh0pswejorHfS+HgwBasM8jLXz0/aOsw==
"@types/normalize-package-data@^2.4.0":
version "2.4.0"
resolved "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.0.tgz#e486d0d97396d79beedd0a6e33f4534ff6b4973e"
@ -5501,10 +5507,10 @@ electron-updater@^4.3.1:
lodash.isequal "^4.5.0"
semver "^7.3.2"
electron@^10.1.5:
version "10.2.0"
resolved "https://registry.npmjs.org/electron/-/electron-10.2.0.tgz#4b00f0907b28aca4b93661bb53ce9a4f8ad32201"
integrity sha512-GBUyq8dwUqXPkCTkoID+eZ5Pm9GFlLUd2eSoGe8UOaHeW68SgCf5t75/uGHraQ1OIz/0qniyH5M4ebWEHGppyQ==
electron@^11.2.1:
version "11.2.1"
resolved "https://registry.npmjs.org/electron/-/electron-11.2.1.tgz#8641dd1a62911a1144e0c73c34fd9f37ccc65c2b"
integrity sha512-Im1y29Bnil+Nzs+FCTq01J1OtLbs+2ZGLLllaqX/9n5GgpdtDmZhS/++JHBsYZ+4+0n7asO+JKQgJD+CqPClzg==
dependencies:
"@electron/get" "^1.0.1"
"@types/node" "^12.0.12"
@ -5831,7 +5837,7 @@ escape-html@^1.0.3, escape-html@~1.0.3:
resolved "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
escape-string-regexp@^1.0.5:
escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
version "1.0.5"
resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=
@ -6504,6 +6510,20 @@ filelist@^1.0.1:
dependencies:
minimatch "^3.0.4"
filename-reserved-regex@^2.0.0:
version "2.0.0"
resolved "https://registry.npmjs.org/filename-reserved-regex/-/filename-reserved-regex-2.0.0.tgz#abf73dfab735d045440abfea2d91f389ebbfa229"
integrity sha1-q/c9+rc10EVECr/qLZHzieu/oik=
filenamify@^4.1.0:
version "4.2.0"
resolved "https://registry.npmjs.org/filenamify/-/filenamify-4.2.0.tgz#c99716d676869585b3b5d328b3f06590d032e89f"
integrity sha512-pkgE+4p7N1n7QieOopmn3TqJaefjdWXwEkj2XLZJLKfOgcQKkn11ahvGNgTD8mLggexLiDFQxeTs14xVU22XPA==
dependencies:
filename-reserved-regex "^2.0.0"
strip-outer "^1.0.1"
trim-repeated "^1.0.0"
filesize@^3.6.1:
version "3.6.1"
resolved "https://registry.npmjs.org/filesize/-/filesize-3.6.1.tgz#090bb3ee01b6f801a8a8be99d31710b3422bb317"
@ -12486,7 +12506,7 @@ sane@^4.0.3:
minimist "^1.1.1"
walker "~1.0.5"
sanitize-filename@^1.6.0, sanitize-filename@^1.6.2, sanitize-filename@^1.6.3:
sanitize-filename@^1.6.0, sanitize-filename@^1.6.3:
version "1.6.3"
resolved "https://registry.npmjs.org/sanitize-filename/-/sanitize-filename-1.6.3.tgz#755ebd752045931977e30b2025d340d7c9090378"
integrity sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==
@ -13383,6 +13403,13 @@ strip-json-comments@~2.0.1:
resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=
strip-outer@^1.0.1:
version "1.0.1"
resolved "https://registry.npmjs.org/strip-outer/-/strip-outer-1.0.1.tgz#b2fd2abf6604b9d1e6013057195df836b8a9d631"
integrity sha512-k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg==
dependencies:
escape-string-regexp "^1.0.2"
style-loader@^1.2.1:
version "1.3.0"
resolved "https://registry.npmjs.org/style-loader/-/style-loader-1.3.0.tgz#828b4a3b3b7e7aa5847ce7bae9e874512114249e"
@ -14066,6 +14093,13 @@ trim-newlines@^3.0.0:
resolved "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.0.tgz#79726304a6a898aa8373427298d54c2ee8b1cb30"
integrity sha512-C4+gOpvmxaSMKuEf9Qc134F1ZuOHVXKRbtEflf4NTtuuJDEIJ9p5PXsalL8SkeRw+qit1Mo+yuvMPAKwWg/1hA==
trim-repeated@^1.0.0:
version "1.0.0"
resolved "https://registry.npmjs.org/trim-repeated/-/trim-repeated-1.0.0.tgz#e3646a2ea4e891312bf7eace6cfb05380bc01c21"
integrity sha1-42RqLqTokTEr9+rObPsFOAvAHCE=
dependencies:
escape-string-regexp "^1.0.2"
triple-beam@^1.2.0, triple-beam@^1.3.0:
version "1.3.0"
resolved "https://registry.npmjs.org/triple-beam/-/triple-beam-1.3.0.tgz#a595214c7298db8339eeeee083e4d10bd8cb8dd9"