diff --git a/auth/readme.md b/auth/readme.md index 16c96e9..49d6361 100644 --- a/auth/readme.md +++ b/auth/readme.md @@ -1,6 +1,6 @@ # Auth - Signal-CLI HTTP -This module handles the reading and parsing of the auth JSON file. It also acts as a verifier in relation to that information. The file is a JSON object. It acts as a whitelist for which bearer token can do what action. It is passed to the HTTP endpoint via the `Authorization: ` header. Nore that this is not `Authorization: Bearer ` +This module handles the reading and parsing of the auth JSON file. It also acts as a verifier in relation to that information. The file is a JSON object. It acts as a whitelist for which bearer token can do what action. It is passed to the HTTP endpoint via the `Authorization: ` header. Note that this is not `Authorization: Bearer ` Here's a sample auth JSON: @@ -35,7 +35,8 @@ Here's some examples for each case: 1. the request `{"method":"send","params":{"recipient":["+16028675309"],"message":"message"},"id":"SomeID"},` would not match the filter `["+5555555555"]` because one is a JSON map and the other a JSON array. 2. the request `{"method":"something","params":{"recipient":["+16028675309"],"message":"message"},"id":"SomeID"},` would not match the filter `{"method":"send","params":{"recipient":["+16028675309"],"message":"message"}}` because the "method" differs. This would also fail to match if the `method` key was missing in the request JSON. 3. `{"method":"send","params":{"recipient":["+16028675309","someBadNumber"]}}` would not match the filter `{"method":"send","params":{"recipient":["+16028675309",]}}` because of the `someBadNumber` number in the request. This rule exists so that a malicious request cant send a message to both a room/concact that it's whitelisted for, and one that it isn't. -4. `"+16028675309"` would not match the filter `"+15555555555"` because their values differ. +4. `{"method":"send","params":{"recipient":["+15555555555","someBadNumber"]}}` would not match the filter `{"method":"send","params":{"recipient":["+16028675309","someBadNumber"]}}` because of the difference in phone number + Here's what each filter JSON object in the above sample JSON does: `{"method":"send","params":{"recipient":["+16028675309"]}}` allows sending to `+16028675309` (any message, timestamp, etc.) diff --git a/readme.md b/readme.md index 432dd95..dbc42a4 100644 --- a/readme.md +++ b/readme.md @@ -1,7 +1,5 @@ # Signal-CLI HTTP -**Very** early in development. - Very simple HTTP frontend to [signal-cli](https://github.com/AsamK/signal-cli) JSON RPC. Please see the JSONRPC documentation for `signal-cli`: [https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc) diff --git a/subprocess/subprocess.go b/subprocess/subprocess.go index d8167ae..76469d7 100644 --- a/subprocess/subprocess.go +++ b/subprocess/subprocess.go @@ -21,6 +21,10 @@ var f *os.File; var fLock sync.RWMutex; var reader *bufio.Scanner; +// This is here to ignore lines written to STDIN echoed back through STDOUT +var ignoreEcho map[string]bool = make(map[string]bool); +var ignoreEchoMutex sync.RWMutex; + func SetupCMD(binaryLocation string) error { // Avoid double set-up if cmdStarted {return errors.New("cmd already started")}; @@ -64,6 +68,13 @@ func readCMD() { // Read the line line := reader.Text(); + // Check for echo + ignoreEchoMutex.Lock(); + _, exists := ignoreEcho[line]; + if exists {delete(ignoreEcho, line)} + ignoreEchoMutex.Unlock(); + if exists {continue} + // Unmarshal the JSON var unmarshaledJSON any; if err := json.Unmarshal([]byte(line), &unmarshaledJSON); err != nil {continue} @@ -74,22 +85,26 @@ func readCMD() { // Get method method, ok := unmarshaledJSONMap["method"]; - if !ok {continue} - - // Redirect to handlers based off method - if method == "receive" { + if ok && method == "receive" { handleIncoming(line, unmarshaledJSONMap); - } else { - handleResponse(line, unmarshaledJSONMap); + continue; } + + handleResponse(line, unmarshaledJSONMap); } } /* Write a line into the subprocess */ func writeCMD(line string) (ok bool) { + // Write into ignoreEcho map so reader can skip the echoed line + ignoreEchoMutex.Lock(); + ignoreEcho[line] = true; + ignoreEchoMutex.Unlock(); + fLock.Lock(); if line[len(line)-1] != '\n' {line += "\n"} f.WriteString(line); fLock.Unlock(); + return true; } \ No newline at end of file diff --git a/web/readme.md b/web/readme.md index 63c1e87..43ac7d0 100644 --- a/web/readme.md +++ b/web/readme.md @@ -12,7 +12,7 @@ Possible response codes: There is no body content with non-200 response codes. With 200 the response is a valid JSON map or array. -This program simply relays requests to the signal-cli program. **It will not prevent you from breaking anything, outside of not whitelisting certain requests. This program does not understand what requests mean.** Each request comes formatted as a JSON object outlined in the [JSON-RPC documentation](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc). +This program simply relays requests to the signal-cli program. **It will not prevent you from breaking anything, outside of not whitelisting certain requests. This program does not understand what requests mean.** Each request comes formatted as a JSON object outlined in the [JSON-RPC documentation](https://github.com/AsamK/signal-cli/blob/master/man/signal-cli-jsonrpc.5.adoc). The program will ensure that the request object is a JSON map, and that the `request` key is present. For any request type that is not `receive`, the program will generate an ID for your request (do not put on in the request, it will return an error) and return the program's response.