taler/wallet-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

check for contract freshness

Browse Source
This commit is contained in:
Florian Dold 2017-02-13 03:28:36 +01:00
parent 08d4a5b625
commit d143ba9500
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/content_scripts/notify.ts
View File

@ -173,7 +173,9 @@ namespace TalerNotify {
(detail: any, sendResponse: (msg: any) => void): void;
}
function downloadContract(url: string): Promise<any> {
function downloadContract(url: string, nonce: string): Promise<any> {
let parsed_url = URI(url);
url = parsed_url.setQuery({nonce}).href();
// FIXME: include and check nonce!
return new Promise((resolve, reject) => {
const contract_request = new XMLHttpRequest();
@ -356,7 +358,11 @@ namespace TalerNotify {
return;
}
if (msg.contract_url) {
let proposal = await downloadContract(msg.contract_url);
let nonce = Math.round(Math.random() * 0xFFFF).toString()
let proposal = await downloadContract(msg.contract_url, nonce);
if (proposal.data.nonce != nonce) {
console.error("stale contract");
}
await processProposal(proposal);
return;
}

3
src/types.ts
View File

@ -444,6 +444,9 @@ export class Contract {
@Checkable.Optional(Checkable.String)
summary?: string;
@Checkable.Optional(Checkable.String)
nonce?: string;
@Checkable.Value(AmountJson)
amount: AmountJson;