Prevent anybody to flood a key with signatures

Ask for key owner's permission to add signatures to key. Doesn't manage well any key.
2020-06-11 17:51:16 +02:00 · 2020-06-11 17:51:16 +02:00 · 2496094432
parent 87b6ca326f
commit 2496094432
2 changed files with 95 additions and 0 deletions
--- a/src/static/js/verify-cert.js
+++ b/src/static/js/verify-cert.js
@ -0,0 +1,47 @@
+/* eslint-disable */
+
+;(function($) {
+  'use strict';
+
+  // POST signatures form
+  $('#signatures form').submit(function(e) {
+    e.preventDefault();
+    $('#signatures .alert').addClass('hidden');
+    var elements = $('#signatures form')[0];
+    var obj = {sig: []};
+    for(var elem of elements){
+      switch(elem.name) {
+        case "op":
+        case "keyId":
+        case "nonce":
+          obj[elem.name] = elem.value;
+          break;
+        case "sig":
+          if(elem.checked)
+            obj["sig"].push(elem.value);
+          break;
+      }
+    }
+    $.ajax({
+      method: 'POST',
+      url: '/api/v1/key',
+      data: JSON.stringify(obj),
+      contentType: 'application/json',
+    }).done(function(data, textStatus, xhr) {
+      if (xhr.status === 304) {
+        alert('signatures', 'danger', 'Key already exists!');
+      } else {
+        alert('signatures', 'success', xhr.responseText);
+      }
+    })
+    .fail(function(xhr) {
+      alert('signatures', 'danger', xhr.responseText);
+    });
+  });
+
+  function alert(region, outcome, text) {
+    $('#' + region + ' .alert-' + outcome + ' span').html(text);
+    $('#' + region + ' .alert-' + outcome).removeClass('hidden');
+  }
+
+}(jQuery));
--- a/src/view/verify-certs.html
+++ b/src/view/verify-certs.html
@ -0,0 +1,48 @@
+<style type="text/css">
+ 
+ .uid { color: green; text-decoration: underline; }
+ .warn { color: red; font-weight: bold; }
+ 
+</style>
+<div class="container">
+
+  <div class="header clearfix">
+    <nav>
+      <ul class="nav nav-pills pull-right">
+        <li role="presentation"><a href="/">Home</a></li>
+        <li role="presentation"><a href="/manage.html">Manage Keys</a></li>
+        <li role="presentation"><a href="https://github.com/mailvelope/keyserver" target="_blank">GitHub</a></li>
+      </ul>
+    </nav>
+    <h3 class="text-muted">Mailvelope Key Server</h3>
+  </div>
+
+  <div class="row marketing">
+    <div id="signatures" class="col-lg-12">
+      <h2>Select the signatures you want to add to your key</h2>
+      <div class="alert alert-success hidden" role="alert">
+        <strong>Success!</strong> <span></span>
+      </div>
+      <div class="alert alert-danger hidden" role="alert">
+        <strong>Error!</strong> <span></span>
+      </div>
+      <form id="sigForm" action="/api/v1/key" method="post"> <!-- <%= link %> -->
+<hr /><pre><strong>pub</strong> <a href="/pks/lookup?op=get&search=0x<%= keyId %>">0x<%= keyId %></a><input type="hidden" id="op" name="op" value="confirmSignatures"><input type="hidden" id="keyId" name="keyId" value="<%= keyId %>"><input type="hidden" id="nonce" name="nonce" value="<%= nonce %>"> 
+<% for(const [userid, signatures] of sigs) { %>
+<strong>uid</strong> <span class="uid"><%= userid %></span>
+<% for(sig of signatures) { %>
+&emsp;<input type="checkbox" id="<%= sig.hash %>" name="sig" value="<%= sig.hash %>"> <label for="<%= sig.hash %>"> <a href="/pks/lookup?op=get&search=0x<%= sig.issuerFingerprint %>">0x<%= sig.issuerFingerprint %></a> <%= sig.created %> <%= sig.userId %></label><br>
+<% } %>
+<% } %>
+</pre>
+        <input class="btn btn-primary btn-lg" type="submit" value="Confirm selected signatures (and delete unselected ones)">
+      </form>
+    </div> <!-- /col-lg-12 -->
+  </div> <!-- /row marketing -->
+
+  <%- include('footer') %>
+
+</div> <!-- /container -->
+
+<script src="/js/jquery.min.js"></script>
+<script src="/js/verify-certs.js"></script>