search

titaniumnetwork-dev / Ultraviolet

A highly sophisticated proxy used for evading internet censorship or accessing websites in a controlled sandbox using the power of service-workers. Works by intercepting HTTP requests with a service worker script that follows the TompHTTP specifications.
https://docs.titaniumnetwork.org/proxies/ultraviolet
GNU Affero General Public License v3.0
441 stars 3.61k forks source link

__uv.db is not assigned a value and bug of saving cookies to IDB #39

Closed KaneOne closed 1 year ago

KaneOne commented 1 year ago

https://github.com/titaniumnetwork-dev/Ultraviolet/blob/3f920ee7b4ac35b429a7fa9c38baaec1615e2b1f/src/uv.handler.js#L297-L306 When there is a document.cookie written on the page, it will be overwritten and written into iDB by the code here. However, the uv.handler does not assign a value to uv.db, so it is always undefined and cannot be written into idb. Changing it to await uv.cookie.db() allows writing into idb.

 client.document.on('setCookie', async (event) => {
        Promise.resolve(
            __uv.cookie.setCookies(
                event.data.value,
                await __uv.cookie.db(),
                __uv.meta
            )
        ).then(() => {
            __uv.cookie.db().then((db) => {
                __uv.cookie.getCookies(db).then((cookies) => {
                    cookieStr = __uv.cookie.serialize(cookies, __uv.meta, true);
                });
            });
        });
        const cookie = __uv.cookie.setCookie(event.data.value)[0];

        if (!cookie.path) cookie.path = '/';
        if (!cookie.domain) cookie.domain = __uv.meta.url.hostname;

        if (__uv.cookie.validateCookie(cookie, __uv.meta, true)) {
            if (cookieStr.length) cookieStr += '; ';
            cookieStr += `${cookie.name}=${cookie.value}`;
        }

        event.respondWith(event.data.value);
    });

The following code is to store cookies from different websites in separate IDBs, and everything seems fine. https://github.com/titaniumnetwork-dev/Ultraviolet/blob/3f920ee7b4ac35b429a7fa9c38baaec1615e2b1f/src/uv.handler.js#L413-L415 But when uv.sw.js processes the injected cookie information in the HTML header, it does not modify the name of idb. Therefore, only the cookie of _op database can be retrieved here instead of the proxy website's cookie, which causes a bug. https://github.com/titaniumnetwork-dev/Ultraviolet/blob/3f920ee7b4ac35b429a7fa9c38baaec1615e2b1f/src/uv.sw.js#L108-L113

Finally, I had to comment out the code that modifies the IDB database name. This way, all cookies are saved in the _op database and now it seems to be working fine.

  client.idb.on('idbFactoryOpen', () => {
        //event.data.name = `${__uv.meta.url.origin}@${event.data.name}`;
    });
e9x commented 1 year ago

This looks right. Perhaps we can check the database name, and if it equals __op, don't rewrite it. This is rather hacky, but we can't modify the idb module.

e9x commented 1 year ago

Added in 5c7bb3257c77b130af4f89b7db19fc88fcc3485c Unless there's a better solution, I will be closing this

KaneOne commented 1 year ago

Added in 5c7bb32 Unless there's a better solution, I will be closing this

https://github.com/titaniumnetwork-dev/Ultraviolet/blob/3f920ee7b4ac35b429a7fa9c38baaec1615e2b1f/src/uv.handler.js#L299 This also needs to be fixed, otherwise document.cookie cannot write to idb.