Merge pull request #393 from tableflip/feat/disable-window.ipfs-mfs

Temporarily disables access to MFS functions on window.ipfs
ipfs · Feb 22, 2018 · 52caaff · 52caaff
2 parents b968f01 + 14f8b0c
commit 52caaff
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/add-on/src/lib/ipfs-proxy/pre-acl.js b/add-on/src/lib/ipfs-proxy/pre-acl.js
@@ -2,6 +2,20 @@
 // All other IPFS functions require authorization.
 const ACL_WHITELIST = Object.freeze(require('./acl-whitelist.json'))
 
+// TEMPORARY blacklist of MFS functions that are automatically denied access
+// https://github.com/ipfs-shipyard/ipfs-companion/issues/330#issuecomment-367651787
+const MFS_BLACKLIST = Object.freeze([
+  'files.cp',
+  'files.mkdir',
+  'files.stat',
+  'files.rm',
+  'files.read',
+  'files.write',
+  'files.mv',
+  'files.flush',
+  'files.ls'
+])
+
 // Creates a "pre" function that is called prior to calling a real function
 // on the IPFS instance. It will throw if access is denied, and ask the user if
 // no access decision has been made yet.
@@ -10,6 +24,10 @@ function createPreAcl (getState, accessControl, getScope, permission, requestAcc
     // Check if all access to the IPFS node is disabled
     if (!getState().ipfsProxy) throw new Error('User disabled access to IPFS')
 
+    if (MFS_BLACKLIST.includes(permission)) {
+      throw new Error('MFS functions are temporarily disabled')
+    }
+
     // No need to verify access if permission is on the whitelist
     if (ACL_WHITELIST.includes(permission)) return args