Merge branch 'develop'
This commit is contained in:
commit
fc1dea442c
|
@ -0,0 +1,3 @@
|
|||
.*
|
||||
docs
|
||||
*.tgz
|
|
@ -1,5 +1,28 @@
|
|||
# Security Policy
|
||||
|
||||
## Security Model
|
||||
|
||||
Oasis is experimental software, please don't trust it with your life.
|
||||
|
||||
If everything is working correctly, it's likely that:
|
||||
|
||||
- Only your computer can access Oasis.
|
||||
- Only you can publish a message to your feed.
|
||||
- Only the recipients of private messages can read the message.
|
||||
- Only basic HTML is supported in blobs, which can't access the rest of Oasis.
|
||||
|
||||
It's important to know that this is not a silver bullet:
|
||||
|
||||
- Your public messages can be read by anyone on the Secure Scuttlebutt network.
|
||||
- Your public messages can be read by anyone on the Secure Scuttlebutt network.
|
||||
- Your IP address can be seen by anyone that peers with you.
|
||||
- Your private messages can be read by anyone with access to your private key.
|
||||
|
||||
You should also know:
|
||||
|
||||
- Information that others can read can be saved, without your permission.
|
||||
- Encryption techniques that are unbreakable today may become compromised in the future; maybe in dozens or hundreds of years.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Only the latest release is supported.
|
||||
|
|
16
package.json
16
package.json
|
@ -8,7 +8,7 @@
|
|||
"@fraction/base16-css": "^1.1.0",
|
||||
"@fraction/flotilla": "^1.0.1",
|
||||
"debug": "^4.1.1",
|
||||
"highlight.js": "^9.15.8",
|
||||
"highlight.js": "^9.16.2",
|
||||
"hyperaxe": "^1.3.0",
|
||||
"koa": "^2.7.0",
|
||||
"koa-body": "^4.1.0",
|
||||
|
@ -23,13 +23,13 @@
|
|||
"require-style": "^1.1.0",
|
||||
"sharp": "^0.23.0",
|
||||
"ssb-client": "^4.7.7",
|
||||
"ssb-config": "^3.4.2",
|
||||
"ssb-markdown": "6.0.0",
|
||||
"ssb-config": "^3.4.3",
|
||||
"ssb-markdown": "^6.0.0",
|
||||
"ssb-mentions": "^0.5.0",
|
||||
"ssb-msgs": "^5.2.0",
|
||||
"ssb-ref": "^2.13.9",
|
||||
"ssb-thread-schema": "1.0.3",
|
||||
"yargs": "14.0.0"
|
||||
"ssb-thread-schema": "^1.1.1",
|
||||
"yargs": "^14.2.1"
|
||||
},
|
||||
"bin": {
|
||||
"oasis": "./index.js"
|
||||
|
@ -37,11 +37,11 @@
|
|||
"description": "friendly neighborhood scuttlebutt interface",
|
||||
"repository": "git@github.com:fraction/oasis.git",
|
||||
"devDependencies": {
|
||||
"cspell": "^4.0.23",
|
||||
"dependency-check": "4.1.0",
|
||||
"cspell": "^4.0.33",
|
||||
"dependency-check": "^4.1.0",
|
||||
"husky": "^3.0.5",
|
||||
"nodemon": "^1.19.1",
|
||||
"standard": "14.3.0",
|
||||
"standard": "^14.3.0",
|
||||
"stylelint": "^11.0.0",
|
||||
"stylelint-config-standard": "^19.0.0"
|
||||
},
|
||||
|
|
|
@ -58,7 +58,7 @@ module.exports = (config) => {
|
|||
'img-src \'self\'',
|
||||
'form-action \'self\'',
|
||||
'media-src \'self\'',
|
||||
'style-src \'self\''
|
||||
'style-src \'self\' \'unsafe-inline\''
|
||||
].join('; ')
|
||||
|
||||
// Disallow scripts.
|
||||
|
|
|
@ -1,20 +1,22 @@
|
|||
'use strict'
|
||||
|
||||
const lodash = require('lodash')
|
||||
const pull = require('pull-stream')
|
||||
const prettyMs = require('pretty-ms')
|
||||
const { isRoot, isNestedReply, isReply } = require('ssb-thread-schema')
|
||||
const debug = require('debug')('oasis:model-post')
|
||||
|
||||
const lodash = require('lodash')
|
||||
const parallelMap = require('pull-paramap')
|
||||
const prettyMs = require('pretty-ms')
|
||||
const pull = require('pull-stream')
|
||||
const { isRoot, isReply } = require('ssb-thread-schema')
|
||||
|
||||
// HACK: https://github.com/ssbc/ssb-thread-schema/issues/4
|
||||
const isNestedReply = require('ssb-thread-schema/post/nested-reply/validator')
|
||||
|
||||
const cooler = require('./lib/cooler')
|
||||
const configure = require('./lib/configure')
|
||||
const cooler = require('./lib/cooler')
|
||||
const markdown = require('./lib/markdown')
|
||||
|
||||
const maxMessages = 128
|
||||
|
||||
const getMessages = async ({ myFeedId, customOptions, ssb, query }) => {
|
||||
const getMessages = async ({ myFeedId, customOptions, ssb, query, filter }) => {
|
||||
const options = configure({ query, index: 'DTA' }, customOptions)
|
||||
|
||||
const source = await cooler.read(
|
||||
|
@ -27,7 +29,7 @@ const getMessages = async ({ myFeedId, customOptions, ssb, query }) => {
|
|||
pull.filter((msg) =>
|
||||
typeof msg.value.content !== 'string' &&
|
||||
msg.value.content.type === 'post' &&
|
||||
msg.value.author !== myFeedId
|
||||
(filter == null || filter(msg) === true)
|
||||
),
|
||||
pull.take(maxMessages),
|
||||
pull.collect((err, collectedMessages) => {
|
||||
|
@ -196,7 +198,13 @@ const post = {
|
|||
}
|
||||
}]
|
||||
|
||||
const messages = await getMessages({ myFeedId, customOptions, ssb, query })
|
||||
const messages = await getMessages({
|
||||
myFeedId,
|
||||
customOptions,
|
||||
ssb,
|
||||
query,
|
||||
filter: (msg) => msg.value.author !== myFeedId
|
||||
})
|
||||
|
||||
return messages
|
||||
},
|
||||
|
@ -330,6 +338,7 @@ const post = {
|
|||
}
|
||||
|
||||
if (msg.value.content.type !== 'post') {
|
||||
debug('not a post')
|
||||
resolve(msg)
|
||||
}
|
||||
|
||||
|
@ -369,7 +378,8 @@ const post = {
|
|||
} else {
|
||||
// type !== "post", probably
|
||||
// this should show up as JSON
|
||||
debug('got mysterious root ancestor')
|
||||
debug('got mysterious root ancestor that fails all known schemas')
|
||||
debug('%O', msg)
|
||||
resolve(msg)
|
||||
}
|
||||
}
|
||||
|
@ -534,8 +544,7 @@ const post = {
|
|||
const myFeedId = whoami.id
|
||||
|
||||
const options = configure({
|
||||
type: 'post',
|
||||
private: true
|
||||
type: 'post'
|
||||
}, customOptions)
|
||||
|
||||
const source = await cooler.read(
|
||||
|
|
Loading…
Reference in New Issue