Add objectHash, isObject - backend utils and encodeHTMLEntities to fr…

…ontend utils and object check in API key checker.
TekMonksGitHub · Dec 4, 2023 · 2aacefa · 2aacefa
1 parent c618a0e
commit 2aacefa
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 4 deletions.
diff --git a/backend/server/lib/apiregistry_extensions/apikeychecker.js b/backend/server/lib/apiregistry_extensions/apikeychecker.js
@@ -13,7 +13,7 @@ function checkSecurity(apiregentry, _url, req, headers, _servObject, reason) {
     const keysExpected = apiregentry.query.keys?utils.escapedSplit(apiregentry.query.keys, ","):[];
     if (!keysExpected.length) return true; 
     for (const apiKeyHeaderName of APIKEYS) if (keysExpected.includes(headers[apiKeyHeaderName])) return true;
-    for (const [key, value] of Object.entries(req)) 
+    if (utils.isObject(req)) for (const [key, value] of Object.entries(req)) 
         if (APIKEYS.includes(key.toLowerCase()) && keysExpected.includes(value)) return true;
 
     reason.reason = "API Key Error"; reason.code = 403; return false;   // key not found in the headers

diff --git a/backend/server/lib/utils.js b/backend/server/lib/utils.js
@@ -7,6 +7,7 @@ const fs = require("fs");
 const os = require("os");
 const path = require("path");
 const http2 = require("http2");
+const crypto = require("crypto");
 const mkdirAsync = require("util").promisify(fs.mkdir);
 const lstatAsync = require("util").promisify(fs.lstat);
 const readdirAsync = require("util").promisify(fs.readdir);
@@ -496,8 +497,33 @@ const convertToUnixPathEndings = (pathIn, normalize) => {
     return parts.join(path.posix.sep);
 }
 
+/**
+ * Returns true if the given argument is a Javascript object.
+ * @param {*} obj Argument to test
+ * @returns true if the given argument is a Javascript object, false otherwise.
+ */
+function isObject(obj) {
+    const isNotNative = obj === Object(obj);
+    const isNotFunction = typeof obj !== "function";
+    const isNotArray = !Array.isArray(obj);
+    return isNotArray && isNotFunction && isNotNative;
+}
+
+/**
+ * Returns a hash for the object. Same object properties should hash the 
+ * same.
+ * @param {Object} obj The object to hash.
+ * @returns The MD5 hash.
+ */
+function hashObject(obj) { 
+    let combinedString = "";
+    for (const key of Object.keys(obj).sort()) combinedString += `${key}:${obj[key]}`;
+    return crypto.createHash("md5").update(combinedString).digest("hex");
+}
+
 module.exports = { parseBoolean, getDateTime, queryToObject, escapedSplit, getTimeStamp, getUnixEpoch, 
     getObjectKeyValueCaseInsensitive, getObjectKeyNameCaseInsensitive, getTempFile, copyFileOrFolder, getClientIP, 
     getServerHost, getClientPort, getEmbeddedIPV4, setIntervalImmediately, expandIPv6Address, analyzeIPAddr, 
     watchFile, clone, walkFolder, rmrf, getObjProperty, setObjProperty, requireWithDebug, generateUUID, 
-    createAsyncFunction, getLocalIPs, promiseExceptionToBoolean, createDirectory, exists, convertToUnixPathEndings };
+    createAsyncFunction, getLocalIPs, promiseExceptionToBoolean, createDirectory, exists, convertToUnixPathEndings,
+    isObject, hashObject };
diff --git a/build_number b/build_number
@@ -1 +1 @@
-769
+770
diff --git a/frontend/framework/js/util.mjs b/frontend/framework/js/util.mjs
@@ -254,6 +254,17 @@ function base64ToString(base64) {
     return new TextDecoder().decode(bytes);
 }
 
+/**
+ * Encodes HTML entities in the given text.
+ * @param {string} text The text to encode
+ * @returns The encoded text
+ */
+function encodeHTMLEntities(text) {
+    const textArea = document.createElement('textarea'); textArea.innerText = text;
+    return textArea.innerHTML;
+}
+
 export const util = {getCSSRule, getFunctionFromString, replaceURLParamValue, parseBoolean, escapeHTML, getModulePath,
     downloadFile, uploadAFile, getFileData, clone, resolveURL, baseURL, safeURIDecode, getChildByID, getChildrenByTagName,
-    removeAllChildElements, setIntervalImmediately, generateUUID, createAsyncFunction, stringToBase64, base64ToString};
+    removeAllChildElements, setIntervalImmediately, generateUUID, createAsyncFunction, stringToBase64, base64ToString,
+    encodeHTMLEntities};