cloud: add a nonce to prevent anything from sending push

2026-06-26 11:20:25 +01:00 · 2022-12-20 11:27:09 -08:00
parent 4abadf5cfd
commit bd9720ec95
3 changed files with 20 additions and 7 deletions
--- a/plugins/cloud/package-lock.json
+++ b/plugins/cloud/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@scrypted/cloud",
-   "version": "0.0.36",
+   "version": "0.0.37",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
      "": {
         "name": "@scrypted/cloud",
-         "version": "0.0.36",
+         "version": "0.0.37",
         "dependencies": {
            "@eneris/push-receiver": "../../external/push-receiver",
            "axios": "^0.25.0",
--- a/plugins/cloud/package.json
+++ b/plugins/cloud/package.json
@@ -47,5 +47,5 @@
      "@types/debug": "^4.1.5",
      "@types/http-proxy": "^1.17.5"
   },
-   "version": "0.0.36"
+   "version": "0.0.37"
 }
--- a/plugins/cloud/src/main.ts
+++ b/plugins/cloud/src/main.ts
@@ -62,6 +62,10 @@ class ScryptedCloud extends ScryptedDeviceBase implements OauthClient, Settings,
        },
        registrationSecret: {
            hide: true,
+        },
+        cloudMessageToken: {
+            hide: true,
+            persistedDefaultValue: crypto.randomBytes(8).toString('hex'),
        }
    });

@@ -199,7 +203,16 @@ class ScryptedCloud extends ScryptedDeviceBase implements OauthClient, Settings,
    }

    async onRequest(request: HttpRequest, response: HttpResponse): Promise<void> {
-        response.send('ok');
+        response.send('', {
+            headers: {
+                'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
+                'Access-Control-Allow-Origin': request.headers?.origin,
+                'Access-Control-Allow-Headers': 'Content-Type, Authorization, Content-Length, X-Requested-With'            
+            },
+        });
+
+        if (request.method.toLowerCase() === 'options')
+            return;

        const cm = await this.getCloudMessagePath();
        const { url } = request;
@@ -214,7 +227,7 @@ class ScryptedCloud extends ScryptedDeviceBase implements OauthClient, Settings,
        return this.push;
    }

-    async releaseDevice(id: string, nativeId: string, device: any): Promise<void> {
+    async releaseDevice(id: string, nativeId: string): Promise<void> {
    }

    getHostname() {
@@ -237,7 +250,7 @@ class ScryptedCloud extends ScryptedDeviceBase implements OauthClient, Settings,

    async getCloudMessagePath() {
        const url = new URL(await endpointManager.getPublicLocalEndpoint());
-        return path.join(url.pathname, 'cloudmessage');
+        return path.join(url.pathname, this.storageSettings.values.cloudMessageToken);
    }

    async deliverPush(endpoint: string, request: HttpRequest) {
@@ -247,7 +260,7 @@ class ScryptedCloud extends ScryptedDeviceBase implements OauthClient, Settings,
            return;
        }
        if (!handler.interfaces.includes(ScryptedInterface.PushHandler)) {
-            this.console.error('deive not a push handler', endpoint);
+            this.console.error('device not a push handler', endpoint);
            return;
        }