Changeset View
Standalone View
source/ps/ModIo.cpp
Show First 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | struct DownloadCallbackData | ||||
FILE* fp; | FILE* fp; | ||||
MD5 md5; | MD5 md5; | ||||
crypto_generichash_state* hash_state; | crypto_generichash_state* hash_state; | ||||
}; | }; | ||||
ModIo::ModIo() | ModIo::ModIo() | ||||
: m_GamesRequest("/games"), m_CallbackData(nullptr) | : m_GamesRequest("/games"), m_CallbackData(nullptr) | ||||
{ | { | ||||
// Get config values from the sytem namespace, or below (default). | // Get config values from the default namespace. | ||||
// This can be overridden on the command line. | // This can be overridden on the command line. | ||||
// | // | ||||
// We do this so a malicious mod cannot change the base url and | // We do this so a malicious mod cannot change the base url and | ||||
// get the user to make connections to someone else's endpoint. | // get the user to make connections to someone else's endpoint. | ||||
// If another user of the engine wants to provide different values | // If another user of the engine wants to provide different values | ||||
// here, while still using the same engine version, they can just | // here, while still using the same engine version, they can just | ||||
// provide some shortcut/script that sets these using command line | // provide some shortcut/script that sets these using command line | ||||
// parameters. | // parameters. | ||||
std::string pk_str; | std::string pk_str; | ||||
g_ConfigDB.GetValue(CFG_SYSTEM, "modio.public_key", pk_str); | g_ConfigDB.GetValue(CFG_DEFAULT, "modio.public_key", pk_str); | ||||
g_ConfigDB.GetValue(CFG_SYSTEM, "modio.v1.baseurl", m_BaseUrl); | g_ConfigDB.GetValue(CFG_DEFAULT, "modio.v1.baseurl", m_BaseUrl); | ||||
elexis: Was this change accepted? | |||||
Done Inline ActionsThis isn't a change, really, it's a necessity if CFG_SYSTEM is removed. The fact is we can already override those on the command line, so a dev working on this and wanting to test something should just use that, there's no point in Local.cfg, and for other people DEFAULT is the only thing that makes sense if we are to follow the security-concern comment above. wraitii: This isn't a change, really, it's a necessity if CFG_SYSTEM is removed.
The fact is we can… | |||||
Not Done Inline ActionsIt is necessary to change the line if CFG_SYSTEM is removed. If I was to work with this line of code, I would wonder if the code comment is actually true.
If a GUI context runs Engine.ConfigDB_CreateValue("default", "modio.v1.baseurl", "broken"); (try for yourself with F9 in the mod page prior to opening the mod.io dialog) it can enable the MITM attack. elexis: It is necessary to change the line if CFG_SYSTEM is removed.
It is not inherently necessary to… | |||||
Done Inline ActionsGood point, thanks. wraitii: Good point, thanks.
It seems you added the functionality to prevent this in rP21867, so I'll… | |||||
{ | { | ||||
std::string api_key; | std::string api_key; | ||||
g_ConfigDB.GetValue(CFG_SYSTEM, "modio.v1.api_key", api_key); | g_ConfigDB.GetValue(CFG_DEFAULT, "modio.v1.api_key", api_key); | ||||
m_ApiKey = "api_key=" + api_key; | m_ApiKey = "api_key=" + api_key; | ||||
} | } | ||||
{ | { | ||||
std::string nameid; | std::string nameid; | ||||
g_ConfigDB.GetValue(CFG_SYSTEM, "modio.v1.name_id", nameid); | g_ConfigDB.GetValue(CFG_DEFAULT, "modio.v1.name_id", nameid); | ||||
m_IdQuery = "name_id="+nameid; | m_IdQuery = "name_id="+nameid; | ||||
} | } | ||||
m_CurlMulti = curl_multi_init(); | m_CurlMulti = curl_multi_init(); | ||||
ENSURE(m_CurlMulti); | ENSURE(m_CurlMulti); | ||||
m_Curl = curl_easy_init(); | m_Curl = curl_easy_init(); | ||||
ENSURE(m_Curl); | ENSURE(m_Curl); | ||||
▲ Show 20 Lines • Show All 736 Lines • Show Last 20 Lines |
Was this change accepted?