v0.9.2

- wtvsec: use initial key for ticket signing - update: initial work for future ability to update wtv-ticket to client - update: wtv-flashrom: use zefie server only if file does not exist locally (allows both zefie server roms and local roms) - update: wtv-flashrom:/get-lc2-path: experimental 'Cancel Update' button - fix: wtv-tricks:/blastcache: return_to was not unescaped - wtvsec: use initial key for tickets
2021-07-20 21:02:04 -04:00
parent 6c479782e9
commit e18be0d9d7
12 changed files with 104 additions and 63 deletions
--- a/zefie_wtvp_minisrv/app.js
+++ b/zefie_wtvp_minisrv/app.js
@@ -453,6 +453,17 @@ async function sendToClient(socket, headers_obj, data) {
        headers_obj["Content-Length"] = data.byteLength;
    }

+    if (ssid_sessions[socket.ssid]) {
+        if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
+            if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64) {
+                if (ssid_sessions[socket.ssid].data_store.update_ticket) {
+                    headers_obj["wtv-ticket"] = ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64;
+                    headers_obj = moveObjectElement("wtv-ticket", "Connection", headers_obj);
+                    ssid_sessions[socket.ssid].data_store.update_ticket = false;
+                }
+            }
+        }
+    }

    // header object to string
    if (zshowheaders) console.log(" * Outgoing headers on socket ID", socket.id, (await filterSSID(headers_obj)));
@@ -604,6 +615,24 @@ async function processRequest(socket, data_hex, returnHeadersBeforeSecure = fals
                });
            }

+            if (ssid_sessions[socket.ssid]) {
+                if (headers["wtv-ticket"]) {
+                    if (!ssid_sessions[socket.ssid].data_store.wtvsec_login) {
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login = new WTVSec();
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.IssueChallenge();
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
+                        ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
+                    } else {
+                        if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"]) {
+                            if (zdebug) console.log(" # New ticket from client");
+                            ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
+                            ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
+                        }
+                    }
+                }
+            }
+
            if (returnHeadersBeforeSecure) {
                headers = await checkForPostData(socket, headers, data, data_hex);
                return headers;
@@ -789,10 +818,9 @@ async function handleSocket(socket) {

 function integrateConfig(main, user) {
    Object.keys(user).forEach(function (k) {
-        if (typeof (user[k]) == 'object') {
+        if (typeof (user[k]) == 'object' && user[k] != null) {
            // new entry
            if (!main[k]) main[k] = new Array();
-
            // go down the rabbit hole
            main[k] = integrateConfig(main[k], user[k]);
        } else {