npm - querysub - Versions diffs - 0.411.0 → 0.412.0 - Mend

querysub 0.411.0 → 0.412.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/-c-identity/IdentityController.ts +10 -7

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "querysub",
-  "version": "0.411.0",
+  "version": "0.412.0",
   "main": "index.js",
   "license": "MIT",
   "note1": "note on node-forge fork, see https://github.com/digitalbazaar/forge/issues/744 for details",

package/src/-c-identity/IdentityController.ts CHANGED Viewed

@@ -147,13 +147,16 @@ class IdentityControllerBase {
         if (!areNodeIdsEqual(payload.serverId, localNodeId)) {
             throw new Error(`Identity is for another server! The connection is calling us ${localNodeId}, but signature is for ${payload.serverId}`);
         }
-        let calledMachineId = getMachineId(payload.serverId);
-        if (calledMachineId !== "127-0-0-1" && calledMachineId !== getOwnMachineId()) {
-            throw new Error(`Tried to call a different machine. We are ${getOwnMachineId()}, they called ${calledMachineId}`);
-        }
-        let calledThreadId = decodeNodeId(payload.serverId)?.threadId;
-        if (calledThreadId && calledThreadId !== "127-0-0-1" && calledThreadId !== getOwnThreadId()) {
-            throw new Error(`Tried to call a different thread. We are ${getOwnThreadId()}, they called ${calledThreadId}`);
+        // If they're calling from the browser, then they're not going to be able to use our machine ID, etc. However, they should be calling an actual https node, so it should still be secure for them.
+        if (payload.clientIsNode) {
+            let calledMachineId = getMachineId(payload.serverId);
+            if (calledMachineId !== "127-0-0-1" && calledMachineId !== getOwnMachineId()) {
+                throw new Error(`Tried to call a different machine. We are ${getOwnMachineId()}, they called ${calledMachineId}`);
+            }
+            let calledThreadId = decodeNodeId(payload.serverId)?.threadId;
+            if (calledThreadId && calledThreadId !== "127-0-0-1" && calledThreadId !== getOwnThreadId()) {
+                throw new Error(`Tried to call a different thread. We are ${getOwnThreadId()}, they called ${calledThreadId}`);
+            }
         }