quic-issues/427e7578-d7bf-49c8-aee9-2dd999e25316
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+ create user with public/private key

Browse Source 
+ sign and verify votes and prevent unverified updates
This commit is contained in:
1ynx
2026-04-04 22:36:17 +02:00
parent b5cb0e83e3
commit bc5e2eead8
15 changed files with 10672 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
server/api/polls/[id].ts
View File

@@ -1,3 +1,4 @@
import * as Y from 'yjs';
// server/api/polls/[id].ts
export default defineEventHandler(async (event) => {
const method = event.node.req.method;
@@ -23,6 +24,40 @@ export default defineEventHandler(async (event) => {
const body = await readBody(event);
if (body.update && Array.isArray(body.update)) {
// create a temp Y.Doc to encode the Data
const tempDoc = new Y.Doc();
Y.applyUpdate(tempDoc, new Uint8Array(body.update));
const yMap = tempDoc.getMap('shared-poll');
const pollData = yMap.toJSON();
// verify pollData
for(var option in pollData){
const votes = pollData[option] || [];
var pubKeys: CryptoKey[] = [];
const verifyAllVotesForOption = async (votes: SignedData<VoteData>[]) => {
console.log("verifying votes for option " + option,votes);
// check last votes first. if there is something wrong, its likely in the last vote.
for (let i = votes.length-1; i >= 0 ; i--) {
const userStorage = useStorage('users');
const votePubKeyString = await userStorage.getItem(`user:${votes[i]?.data.userid}`);
//console.log("Using public key: "+votePubKeyString)
const votePubKey = await stringToCryptoKey(String(votePubKeyString),'public')
const isValid = await verifyChainedVote(votes, i,votePubKey);
if(!isValid){
console.error("Error! Invalid Vote at: " + i,votes)
return false;
}
}
return true;
};
const verified = await verifyAllVotesForOption(votes);
if(!verified){
console.error("Failed to verify option: "+option)
throw createError({ statusCode: 400, statusMessage: 'PollData contains unverifyable content!' });
}
}
// Save the binary update (sent as an array of numbers) to storage
await storage.setItem(`poll:${pollId}`, body.update);
return { success: true };

41
server/api/users/[id].ts Normal file
View File

@@ -0,0 +1,41 @@
// server/api/users/[id].ts
export default defineEventHandler(async (event) => {
const method = event.node.req.method;
const userId = getRouterParam(event, 'id');
// We use Nitro's built-in storage.
// 'polls' is the storage namespace.
const storage = useStorage('users');
if (!userId) {
throw createError({ statusCode: 400, statusMessage: 'User ID required' });
}
// GET: Fetch the saved Yjs document state
if (method === 'GET') {
const data = await storage.getItem(`user:${userId}`);
// Return the array of numbers (or null if it doesn't exist yet)
return { public_key: data };
}
// POST: Save a new Yjs document state
if (method === 'POST') {
const body = await readBody(event);
if (body.public_key) {
const data = await storage.getItem(`user:${userId}`);
if (data == undefined || data == null) {
// Save the binary update (sent as an array of numbers) to storage
await storage.setItem(`user:${userId}`, body.public_key);
console.log("New User created: " + userId)
console.log("Public Key: " + body.public_key);
return { success: true };
}
throw createError({ statusCode: 400, statusMessage: 'User already exists.' });
}
throw createError({ statusCode: 400, statusMessage: 'Invalid update payload' });
}
});