lukechilds
/
functions-samples
mirror of https://github.com/lukechilds/functions-samples.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #102 from sean-nicholas/timing-attacks 

Prevent timing attacks on keys / signatures
master
Nicolas Garnier 8 years ago
committed by GitHub
parent
583b74d9bc 0bfc7d50e9
commit
4cdcab7283
4 changed files with 8 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      delete-unused-accounts-cron/functions/index.js
  2. 3
      delete-unused-accounts-cron/functions/package.json
  3. 3
      github-to-slack/functions/index.js
  4. 3
      github-to-slack/functions/package.json

3
delete-unused-accounts-cron/functions/index.js
View File

@ -21,6 +21,7 @@ admin.initializeApp(functions.config().firebase);
const rp = require('request-promise'); const rp = require('request-promise');
const promisePool = require('es6-promise-pool'); const promisePool = require('es6-promise-pool');
const PromisePool = promisePool.PromisePool; const PromisePool = promisePool.PromisePool;
const secureCompare = require('secure-compare');
// Maximum concurrent account deletions. // Maximum concurrent account deletions.
const MAX_CONCURRENT = 3; const MAX_CONCURRENT = 3;
@ -33,7 +34,7 @@ exports.accountcleanup = functions.https.onRequest((req, res) => {
const key = req.query.key; const key = req.query.key;
// Exit if the keys don't match // Exit if the keys don't match
if (key !== functions.config().cron.key) { if (!secureCompare(key, functions.config().cron.key)) {
console.log('The key provided in the request does not match the key set in the environment. Check that', key, console.log('The key provided in the request does not match the key set in the environment. Check that', key,
'matches the cron.key attribute in `firebase env:get`'); 'matches the cron.key attribute in `firebase env:get`');
res.status(403).send('Security key does not match. Make sure your "key" URL query parameter matches the ' + res.status(403).send('Security key does not match. Make sure your "key" URL query parameter matches the ' +

3
delete-unused-accounts-cron/functions/package.json
View File

@ -8,6 +8,7 @@
"googleapis": "^16.1.0", "googleapis": "^16.1.0",
"request": "^2.79.0", "request": "^2.79.0",
"request-promise": "^4.1.1", "request-promise": "^4.1.1",
"request-promise-native": "^1.0.3" "request-promise-native": "^1.0.3",
"secure-compare": "^3.0.1"
} }
} }

3
github-to-slack/functions/index.js
View File

@ -18,6 +18,7 @@
const functions = require('firebase-functions'); const functions = require('firebase-functions');
const rp = require('request-promise'); const rp = require('request-promise');
const crypto = require('crypto'); const crypto = require('crypto');
const secureCompare = require('secure-compare');
/** /**
* Webhook that will be called each time there is a new GitHub commit and will post a message to * Webhook that will be called each time there is a new GitHub commit and will post a message to
@ -35,7 +36,7 @@ exports.githubWebhook = functions.https.onRequest((req, res) => {
const expectedSignature = `${cipher}=${hmac}`; const expectedSignature = `${cipher}=${hmac}`;
// Check that the body of the request has been signed with the GitHub Secret. // Check that the body of the request has been signed with the GitHub Secret.
if (signature === expectedSignature) { if (secureCompare(signature, expectedSignature)) {
postToSlack(req.body.compare, req.body.commits.length, req.body.repository).then(() => { postToSlack(req.body.compare, req.body.commits.length, req.body.repository).then(() => {
res.end(); res.end();
}).catch(error => { }).catch(error => {

3
github-to-slack/functions/package.json
View File

@ -6,6 +6,7 @@
"firebase-admin": "^4.1.2", "firebase-admin": "^4.1.2",
"firebase-functions": "^0.5.1", "firebase-functions": "^0.5.1",
"request": "^2.80.0", "request": "^2.80.0",
"request-promise": "^4.1.1" "request-promise": "^4.1.1",
"secure-compare": "^3.0.1"
} }
} }

Write Preview
Loading…
Cancel
Save