add check on IR data cid

95cdec7b · Hugo Trentesaux · 42fedf0a · 95cdec7b · 95cdec7b
Commit 95cdec7b authored 6 months ago by Hugo Trentesaux
--- a/src/collector.ts
+++ b/src/collector.ts
@@ -105,24 +105,27 @@ export function getPubSubHandler(
 // build index request from dag or throw error
 function dagAsIndexRequest(dag: any): IndexRequest {
+  // check fields
+  // 1. kind must be a string with a length lower than 64
+  assert(typeof dag.kind === "string")
+  assert(dag.kind.length <= 64)
+  // 2. time must be not too old (one minute for example)
+  // should not be in the future
+  // (prevents too much control on the storage key)
+  assert(typeof dag.time === "number")
+  assert(Date.now() - dag.time < MAX_IR_TIME_DIFF)
+  // 3. data must be null or a cid
+  if(dag.data != null) {
+    assert(!!CID.asCID(dag.data))
+  }
+  // all checks passed, pubkey and signature are checked later on
  // extracts fields of interest from dag
  // note: extra fields are theoretically allowed but will not be taken into account and not saved
-  const ir: IndexRequest = {
+  return {
    kind: dag.kind,
    time: dag.time,
    data: dag.data,
    pubkey: dag.pubkey,
    sig: dag.sig
  }
-  // check fields
-  // 1. kind must be a string with a lenght lower than 64
-  assert(typeof ir.kind === "string")
-  assert(ir.kind.length <= 64)
-  // 2. time must be not too old (one minute for example)
-  // should not be in the future
-  // prevents too much control on the storage key
-  assert(typeof ir.time === "number")
-  assert(Date.now() - ir.time < MAX_IR_TIME_DIFF)
-  // all checks passed
-  return ir
 }
\ No newline at end of file
--- a/src/indexer/handlers.ts
+++ b/src/indexer/handlers.ts
@@ -57,7 +57,7 @@ export enum evtype {
 /// ----- pubsub message handler -----
 export async function validMessageHandler(_cid: CID, ir: IndexRequest): Promise<void> {
-  // store the index request locally
+  // store the index request locally (it is safe because of checks in collector)
  kubo.dag
    .put(ir)
    .then((cid) => {
@@ -65,7 +65,7 @@ export async function validMessageHandler(_cid: CID, ir: IndexRequest): Promise<
      // however, only the final index request cid is taken into account for safety
      if (cid.toString() != _cid.toString()) console.log('👾 ', cid, '!=', _cid)
      console.log('adding valid index request to process queue')
-      // pin the index request we just added
+      // asynchronously pin the index request we just added (non recursive at this point)
      kubo.pin.add(cid).catch(() => console.log(`📌📌 could not pin index request that we just added ${cid}`))
      // add index request to the process list
      GLOB_processQueue.push([cid, ir])
@@ -222,6 +222,7 @@ export async function takeFromMergeQueue() {
  const awaitedItems = await Promise.all(items)
  // awaitedItems.forEach(([c, _ir]) => {
  //   // make sure to pin the index request to be able to serve its content later
+  //   // note: pubsub IRs are already pinned but peers IRs might not be
  //   kubo.pin.add(c, { recursive: true }).catch((_e) => console.log(`📌 could not pin remote index request ${c}`))
  // })
  // add index requests to process queue