amark
Nodejs: gun.user().put(data) with escape character causes "Unverified data"
Observed in: Nodejs v14 Version: [email protected]
- Authenticate user
- Put data that contains a newline or backspace character:
gun
.user()
.get('testing')
.put(
{
description: `something something\nother thing`
},
ack => console.log(ack.err)
)
Result in console:
Signature did not match.
Unverified data.
Removing the \n results in data being written
It's also interesting to note that using the same version of gun in browser, I can not reproduce this bug
adding console.log({u, data, packed)) just before this line: https://github.com/amark/gun/blob/852b77f49a10d3105400e7057908eeca30c4b679/sea.js#L1437
{
u: undefined,
data: undefined,
packed: {
m: {
'#': '~4u6CF0hDCxli0LwUH_vidDL7PMEeV0Tsr3DLEuq0FEY.8uGPk-HtTjDC7TkbESqIexGSj0pStPoWv2shy-fXzWQ/testing',
'.': 'description',
':': 'something something\\nother thing',
'>': 1644010910932
},
s: '1Kji8apX04sI+2a5kLcvNiUxPeRY8Dc2HNlDMnYydCKjEN5pQkbnALZqaBrQnK5amb9V7Fa/dxRqZQWHBV4DXQ=='
}
}
With the \n removed I see:
{
u: undefined,
data: 'something somethingother thing',
packed: {
m: {
'#': '~4u6CF0hDCxli0LwUH_vidDL7PMEeV0Tsr3DLEuq0FEY.8uGPk-HtTjDC7TkbESqIexGSj0pStPoWv2shy-fXzWQ/testing',
'.': 'description',
':': 'something somethingother thing',
'>': 1644011104431
},
s: 'nS8jV5k8fk3e6BS7Xz8dHIaBgcBJbhARcVTFfKQTYHo3v08hM6IQR/+/ZXxSwCNbyVNRBgtHFRJTN/cidy3SCQ=='
}
}
This is fixed in the latest master branch but broken in the latest npm published version
@kengoldfarb yeah, sorry this was super embarrassing terrible mistake. I handled \ASCII but didn't notice this.
It gets worse tho, you're right somebody already fixed this, but that library they switched to is breaking on other data 😭 .
We can't do native because it blocks the thread for 0.25s which compounds on multiple requests.
Are you good at knowing what other utf8/etc. escapes/checks need to be handled? I'm scared to republish unless somebody smarter than me can peek at https://github.com/amark/gun/blob/master/test/common.js#L85-L94 .
