schmidt1024/kashilo
1
0
Fork 0
Code Issues Pull Requests Releases Activity

feat: TOFU key-pinning warning, restrict chat permissions to authenticated users

Browse Source
This commit is contained in:
Schmidt
2026-02-10 07:27:46 +01:00
parent 531c32140a
commit f99178f7e3
11 changed files with 213 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
js/services/directus/conversations.js
View File

@@ -1,3 +1,5 @@
// Security: Directus permissions filter by user_created=$CURRENT_USER server-side.
// Client-side participant_hash filters remain for hash-based identity matching.
import { client } from './client.js'
export async function getConversations(participantHash) {
@@ -31,6 +33,7 @@ export async function getConversation(id) {
return response.data
}
// Messages access restricted server-side to conversations owned by $CURRENT_USER
export async function getConversationMessages(conversationId) {
const response = await client.get('/items/messages', {
fields: ['*'],
@@ -51,6 +54,7 @@ export async function sendMessage(conversationId, senderHash, encryptedContent,
return response.data
}
// Directus sets user_created automatically for authenticated requests
export async function startConversation(listingId, participantHash1, participantHash2, publicKey1, publicKey2) {
const response = await client.post('/items/conversations', {
listing_id: listingId,