v0.9.2

wtvsec: use initial key for ticket signing update: initial work for future ability to update wtv-ticket to client update: wtv-flashrom: use zefie server only if file does not exist locally (allows both zefie server roms and local roms) update: wtv-flashrom:/get-lc2-path: experimental 'Cancel Update' button fix: wtv-tricks:/blastcache: return_to was not unescaped
2021-07-20 23:44:55 -04:00
parent b07d74d2db
commit 897bf10abb
9 changed files with 92 additions and 47 deletions
--- a/zefie_wtvp_minisrv/app.js
+++ b/zefie_wtvp_minisrv/app.js
@@ -453,6 +453,17 @@ async function sendToClient(socket, headers_obj, data) {
        headers_obj["Content-Length"] = data.byteLength;
    }

+    if (ssid_sessions[socket.ssid]) {
+        if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
+            if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64) {
+                if (ssid_sessions[socket.ssid].data_store.update_ticket) {
+                    headers_obj["wtv-ticket"] = ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64;
+                    headers_obj = moveObjectElement("wtv-ticket", "Connection", headers_obj);
+                    ssid_sessions[socket.ssid].data_store.update_ticket = false;
+                }
+            }
+        }
+    }

    // header object to string
    if (zshowheaders) console.log(" * Outgoing headers on socket ID", socket.id, (await filterSSID(headers_obj)));
@@ -604,6 +615,24 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
                });
            }

+            if (ssid_sessions[socket.ssid]) {
+                if (headers["wtv-ticket"]) {
+                    if (!ssid_sessions[socket.ssid].data_store.wtvsec_login) {
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login = new WTVSec();
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.IssueChallenge();
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
+                    } else {
+                        if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"]) {
+                            if (zdebug) console.log(" # New ticket from client");
+                            ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
+                            ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
+                        }
+                    }
+                }
+            }
+
            if (returnHeadersBeforeSecure) {
                headers = await checkForPostData(socket, headers, data, data_hex);
                return headers;