matrix-public-archive

Commit Graph

Author	SHA1	Message	Date
Eric Eastwood	f796afe55e	Sanity check that we are not leaking the access token to the client (#82 ) This isn't spawning from any previous security issue. Just adding an extra check to help ensure we don't ever regress this in the future. ``` AssertionError [ERR_ASSERTION]: We should not be leaking the `config.matrixAccessToken` to the Hydrogen render function because this will reach the client! at renderHydrogenToString (matrix-public-archive\server\hydrogen-render\render-hydrogen-to-string.js:24:3) at renderHydrogenVmRenderScriptToPageHtml (matrix-public-archive\server\hydrogen-render\render-hydrogen-vm-render-script-to-page-html.js:22:36) at matrix-public-archive\server\routes\room-directory-routes.js:53:28 at processTicksAndRejections (node:internal/process/task_queues:96:5) ```	2022-10-18 02:40:40 -05:00
Eric Eastwood	02b86a8405	Render pipeline separation of concerns (#64 ) Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/36 Render pipeline separation of concerns: 1. Run in `child_process` 2. Hydrogen render It's now just a generic `child_process` runner that runs the Hydrogen render in it. This eliminates the windy path of the 1-4 steps that was only held together by the file names themselves.	2022-09-02 20:49:06 -05:00

Author

SHA1

Message

Date

Eric Eastwood

f796afe55e

Sanity check that we are not leaking the access token to the client (#82 )

This isn't spawning from any previous security issue. Just adding an extra check to help ensure we don't ever regress this in the future.

```
AssertionError [ERR_ASSERTION]: We should not be leaking the `config.matrixAccessToken` to the Hydrogen render function because this will reach the client!
    at renderHydrogenToString (matrix-public-archive\server\hydrogen-render\render-hydrogen-to-string.js:24:3)
    at renderHydrogenVmRenderScriptToPageHtml (matrix-public-archive\server\hydrogen-render\render-hydrogen-vm-render-script-to-page-html.js:22:36)
    at matrix-public-archive\server\routes\room-directory-routes.js:53:28
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
```

2022-10-18 02:40:40 -05:00

Eric Eastwood

02b86a8405

Render pipeline separation of concerns (#64 )

Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/36

Render pipeline separation of concerns:

 1. Run in `child_process`
 2. Hydrogen render
 
It's now just a generic `child_process` runner that runs the Hydrogen render in it. This eliminates the windy path of the 1-4 steps that was only held together by the file names themselves.

2022-09-02 20:49:06 -05:00

2 Commits