fix(security): verify dest_node uid matches signature

KernelDeimos · KernelDeimos · commit e208b99d211e · 2024-12-13T15:53:12.000-05:00
diff --git a/src/backend/src/helpers.js b/src/backend/src/helpers.js
@@ -1511,7 +1511,7 @@ async function get_taskbar_items(user) {
     return taskbar_items;
 }
 
-function validate_signature_auth(url, action) {
+function validate_signature_auth(url, action, options = {}) {
     const query = new URL(url).searchParams;
 
     if(!query.get('uid'))
@@ -1522,6 +1522,12 @@ function validate_signature_auth(url, action) {
         throw {message: '`expires` is required for signature-based authentication.'}
     else if(!query.get('signature'))
         throw {message: '`signature` is required for signature-based authentication.'}
+    
+    if ( options.uid ) {
+        if ( query.get('uid') !== options.uid ) {
+            throw {message: 'Authentication failed. `uid` does not match.'}
+        }
+    }
 
     const expired = query.get('expires') && (query.get('expires') < Date.now() / 1000);
 
diff --git a/src/backend/src/routers/writeFile.js b/src/backend/src/routers/writeFile.js
@@ -96,7 +96,9 @@ module.exports = eggspress('/writeFile', {
                 return;
             }
             try{
-                validate_signature_auth(req.body.destination_write_url, 'write');
+                validate_signature_auth(req.body.destination_write_url, 'write', {
+                    uid: req.body.destination_uid,
+                });
             }catch(e){
                 res.status(403).send(e);
                 return;
