bittorrent-dht - npm Package Compare versions

Comparing version 4.0.0 to 4.0.1

client.js

@@ -484,2 +484,9 @@ module.exports = DHT
   if (isMutable) {
+    hash = msg.salt
+      ? sha1(Buffer.concat([ msg.salt, msg.k ]))
+      : sha1(msg.k)
+  } else {
+    hash = sha1(data.v)
+  }
+  if (isMutable) {
     if (!self._verify) {
@@ -493,4 +500,4 @@ return self._sendError(addr, message.t, 400, 'verification not supported')
     var prev = self.nodes.get(hash)
-    if (prev && prev.seq !== undefined && msg.cas) {
-      if (msg.cas !== prev.seq) {
+    if (prev && prev.data.seq !== undefined && msg.cas) {
+      if (msg.cas !== prev.data.seq) {
         return self._sendError(addr, message.t, 301,
@@ -500,4 +507,4 @@ 'CAS mismatch, re-read and try again')
     }
-    if (prev && prev.seq !== undefined) {
-      if (msg.seq === undefined || msg.seq <= prev.seq) {
+    if (prev && prev.data.seq !== undefined) {
+      if (msg.seq === undefined || msg.seq <= prev.data.seq) {
         return self._sendError(addr, message.t, 302,
@@ -516,7 +523,2 @@ 'sequence number less than current')
     if (msg.salt) data.salt = msg.salt
-    hash = data.salt
-      ? sha1(Buffer.concat([ data.salt, data.k ]))
-      : sha1(data.k)
-  } else {
-    hash = sha1(data.v)
   }
@@ -523,0 +525,0 @@

package.json

 {
   "name": "bittorrent-dht",
   "description": "Simple, robust, BitTorrent DHT implementation",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "author": {
@@ -6,0 +6,0 @@ "name": "Feross Aboukhadijeh",

test/dht_store_mutable.js

@@ -449,2 +449,120 @@ var common = require('./common')
 
+test('invalid sequence', function (t) {
+  t.plan(4)
+
+  var keypair = ed.createKeyPair(ed.createSeed())
+
+  var dht0 = new DHT({ bootstrap: false, verify: ed.verify })
+  var dht1 = new DHT({ bootstrap: false, verify: ed.verify })
+  dht0.listen(0, function () {
+    dht1.addNode('127.0.0.1:' + dht0.address().port)
+  })
+  dht1.listen(0, function () {
+    dht0.addNode('127.0.0.1:' + dht1.address().port)
+  })
+  t.once('end', function () {
+    dht0.destroy()
+    dht1.destroy()
+  })
+  common.failOnWarningOrError(t, dht0)
+  common.failOnWarningOrError(t, dht1)
+
+  dht0.on('node', function () {
+    var opts0 = {
+      k: keypair.publicKey,
+      sign: sign(keypair),
+      seq: 5,
+      v: fill(500, '5')
+    }
+    var opts1 = {
+      k: keypair.publicKey,
+      sign: sign(keypair),
+      seq: 4,
+      v: fill(500, '4')
+    }
+    var hash0
+
+    dht0.put(opts0, function (errors, hash) {
+      errors.forEach(t.error.bind(t))
+      hash0 = hash
+      dht0.put(opts1, function (errors, hash) {
+        t.ok(errors.length, 'caught expected error: ' + errors[0])
+        check()
+      })
+    })
+
+    function check () {
+      dht1.get(hash0, function (err, res) {
+        t.ifError(err)
+        t.deepEqual(
+          res.v.toString('utf8'),
+          fill(500, '5').toString('utf8'),
+          'greater sequence expected'
+        )
+        t.equal(res.seq, 5)
+      })
+    }
+  })
+})
+
+test('valid sequence', function (t) {
+  t.plan(4)
+
+  var keypair = ed.createKeyPair(ed.createSeed())
+
+  var dht0 = new DHT({ bootstrap: false, verify: ed.verify })
+  var dht1 = new DHT({ bootstrap: false, verify: ed.verify })
+  dht0.listen(0, function () {
+    dht1.addNode('127.0.0.1:' + dht0.address().port)
+  })
+  dht1.listen(0, function () {
+    dht0.addNode('127.0.0.1:' + dht1.address().port)
+  })
+  t.once('end', function () {
+    dht0.destroy()
+    dht1.destroy()
+  })
+  common.failOnWarningOrError(t, dht0)
+  common.failOnWarningOrError(t, dht1)
+
+  dht0.on('node', function () {
+    var opts0 = {
+      k: keypair.publicKey,
+      sign: sign(keypair),
+      seq: 4,
+      v: fill(500, '4')
+    }
+    var opts1 = {
+      k: keypair.publicKey,
+      sign: sign(keypair),
+      seq: 5,
+      v: fill(500, '5')
+    }
+    var hash0, hash1
+
+    dht0.put(opts0, function (errors, hash) {
+      errors.forEach(t.error.bind(t))
+      hash0 = hash
+      dht0.put(opts1, function (errors, hash) {
+        errors.forEach(t.error.bind(t))
+        hash1 = hash
+        t.deepEqual(hash0, hash1)
+        check()
+      })
+    })
+
+    function check () {
+      dht1.get(hash0, function (err, res) {
+        t.ifError(err)
+        t.deepEqual(
+          res.v.toString('utf8'),
+          fill(500, '5').toString('utf8'),
+          'greater sequence expected'
+        )
+        t.equal(res.seq, 5)
+      })
+    }
+  })
+})
+
 function fill (n, s) {
@@ -451,0 +569,0 @@ var bs = Buffer(s)

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

94312

increased by3.09%

Lines of code

2637

increased by4.27%

Number of medium supply chain risk alerts

3

decreased by-25%

No dependency changes