diff --git a/backend/api/controllers/result.js b/backend/api/controllers/result.js index 06d88d41c..64c1f34a4 100644 --- a/backend/api/controllers/result.js +++ b/backend/api/controllers/result.js @@ -4,7 +4,7 @@ const PublicStatsDAO = require("../../dao/public-stats"); const BotDAO = require("../../dao/bot"); const { validateObjectValues } = require("../../handlers/validation"); const { stdDev, roundTo2 } = require("../../handlers/misc"); -const objecthash = require("object-hash"); +const objecthash = require("node-object-hash")().hash; const Logger = require("../../handlers/logger"); const path = require("path"); const { config } = require("dotenv"); @@ -113,18 +113,20 @@ class ResultController { let resulthash = result.hash; delete result.hash; - const serverhash = objecthash(result); - if (serverhash !== resulthash) { - Logger.log( - "incorrect_result_hash", - { - serverhash, - resulthash, - result, - }, - uid - ); - return res.status(400).json({ message: "Incorrect result hash" }); + if (req.context.configuration.resultObjectHashCheck.enabled) { + const serverhash = objecthash(result); + if (serverhash !== resulthash) { + Logger.log( + "incorrect_result_hash", + { + serverhash, + resulthash, + result, + }, + uid + ); + return res.status(400).json({ message: "Incorrect result hash" }); + } } if (validateResult) { diff --git a/backend/constants/base-configuration.js b/backend/constants/base-configuration.js index 1ad105094..dc4e751c2 100644 --- a/backend/constants/base-configuration.js +++ b/backend/constants/base-configuration.js @@ -13,6 +13,9 @@ const BASE_CONFIGURATION = { quoteSubmit: { enabled: false, }, + resultObjectHashCheck: { + enabled: false, + }, }; module.exports = BASE_CONFIGURATION; diff --git a/package-lock.json b/package-lock.json index 6139bce3a..0dca21030 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8842,6 +8842,11 @@ "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz", "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==" }, + "node-object-hash": { + "version": "2.3.10", + "resolved": "https://registry.npmjs.org/node-object-hash/-/node-object-hash-2.3.10.tgz", + "integrity": "sha512-jY5dPJzw6NHd/KPSfPKJ+IHoFS81/tJ43r34ZeNMXGzCOM8jwQDCD12HYayKIB6MuznrnqIYy2e891NA2g0ibA==" + }, "node-releases": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.0.tgz", @@ -8981,7 +8986,8 @@ "object-hash": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", - "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", + "optional": true }, "object-inspect": { "version": "1.11.0", diff --git a/package.json b/package.json index 0a2049a39..90479bd3e 100644 --- a/package.json +++ b/package.json @@ -69,8 +69,8 @@ "moment-timezone": "^0.5.33", "mongodb": "^3.6.9", "node-fetch": "^2.6.7", + "node-object-hash": "^2.3.10", "nodemon": "^2.0.7", - "object-hash": "2.2.0", "path": "^0.12.7", "simple-git": "^2.45.1", "string-similarity": "^4.0.4", diff --git a/src/js/test/test-logic.js b/src/js/test/test-logic.js index 02261ed67..73b3436f9 100644 --- a/src/js/test/test-logic.js +++ b/src/js/test/test-logic.js @@ -39,7 +39,7 @@ import * as BritishEnglish from "./british-english"; import * as LazyMode from "./lazy-mode"; import * as Result from "./result"; -const objecthash = require("object-hash"); +const objecthash = require("node-object-hash")().hash; export let glarsesMode = false;