web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'staging' of github.com:xwiki-labs/cryptpad into newServer

Browse Source
This commit is contained in:
yflory 2017-03-16 15:57:26 +01:00
commit 646ed8f6b1
6 changed files with 61 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config.js.dist
View File

@ -37,9 +37,17 @@ module.exports = {
"style-src 'unsafe-inline' 'self'", "style-src 'unsafe-inline' 'self'",
// Unsafe inline, unsafe-eval are needed for ckeditor :( // Unsafe inline, unsafe-eval are needed for ckeditor :(
"script-src 'self' 'unsafe-eval' 'unsafe-inline'", "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
"child-src 'self' cryptpad.fr *.cryptpad.fr",
"font-src 'self'", "font-src 'self'",
"connect-src 'self' wss://cryptpad.fr",
/* child-src is used to restrict iframes to a set of allowed domains.
* connect-src is used to restrict what domains can connect to the websocket.
*
* it is recommended that you configure these fields to match the
* domain which will serve your cryptpad instance.
*/
// "child-src 'self' cryptpad.fr *.cryptpad.fr",
// "connect-src 'self' wss://cryptpad.fr",
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
"img-src *", "img-src *",
].join('; '), ].join('; '),

12
rpc.js
View File

@ -55,12 +55,17 @@ RPC.create = function (config, cb) {
switch (msg[0]) { switch (msg[0]) {
case 'ECHO': case 'ECHO':
respond(void 0, msg); return void respond(void 0, msg);
break; case 'RESET':
return void respond('NOT_IMPLEMENTED', msg);
case 'PIN': case 'PIN':
return void respond('NOT_IMPLEMENTED', msg);
case 'UNPIN': case 'UNPIN':
return void respond('NOT_IMPLEMENTED', msg);
case 'GET_HASH': case 'GET_HASH':
return void respond('NOT_IMPLEMENTED', msg);
case 'GET_TOTAL_SIZE': case 'GET_TOTAL_SIZE':
return void respond('NOT_IMPLEMENTED', msg);
case 'GET_FILE_SIZE': case 'GET_FILE_SIZE':
if (!isValidChannel(msg[1])) { if (!isValidChannel(msg[1])) {
return void respond('INVALID_CHAN'); return void respond('INVALID_CHAN');
@ -71,8 +76,7 @@ RPC.create = function (config, cb) {
respond(void 0, size); respond(void 0, size);
}); });
default: default:
respond('UNSUPPORTED_RPC_CALL', msg); return void respond('UNSUPPORTED_RPC_CALL', msg);
break;
} }
}; };

12
www/common/cryptpad-common.js
View File

@ -1004,6 +1004,13 @@ define([
var proxy = store.getProxy(); var proxy = store.getProxy();
var fo = proxy.fo; var fo = proxy.fo;
// start with your userHash...
var userHash = localStorage && localStorage.User_hash;
if (!userHash) { return null; }
var userChannel = common.parseHash(userHash).channel;
if (!userChannel) { return null; }
var list = fo.getFilesDataFiles().map(function (href) { var list = fo.getFilesDataFiles().map(function (href) {
var parsed = common.parsePadUrl(href); var parsed = common.parsePadUrl(href);
if (!parsed || !parsed.hash) { return; } if (!parsed || !parsed.hash) { return; }
@ -1015,7 +1022,10 @@ define([
var hex = common.base64ToHex(channel); var hex = common.base64ToHex(channel);
return hex; return hex;
}).filter(function (x) { return x; }).sort(); }).filter(function (x) { return x; });
list.push(userChannel);
list.sort();
return list; return list;
}; };

5
www/common/pinpad.js
View File

@ -12,7 +12,8 @@ define([
var rpc = Rpc.create(network, ed); var rpc = Rpc.create(network, ed);
var checkHash = exp.checkHash = function (fileList) { var checkHash = exp.checkHash = function (fileList) {
//var fileList = fo.getFilesDataFiles(); fileList = fileList || Cryptpad.getUserChannelList();
var channelIdList = []; var channelIdList = [];
fileList.forEach(function (href) { fileList.forEach(function (href) {
var parsedHref = Cryptpad.parsePadUrl(href); var parsedHref = Cryptpad.parsePadUrl(href);
@ -31,12 +32,10 @@ define([
AWESOME AWESOME
if they are not if they are not
UNPIN all, send all UNPIN all, send all
*/ */
var hash = Nacl.util.encodeBase64(Nacl.hash(Nacl.util.decodeUTF8( JSON.stringify(uniqueList) ))); var hash = Nacl.util.encodeBase64(Nacl.hash(Nacl.util.decodeUTF8( JSON.stringify(uniqueList) )));
console.log(hash);
return hash; return hash;
}; };

38
www/common/rpc.js
View File

@ -4,12 +4,19 @@ define([
'/bower_components/tweetnacl/nacl-fast.min.js', '/bower_components/tweetnacl/nacl-fast.min.js',
], function (Encode) { ], function (Encode) {
var MAX_LAG_BEFORE_TIMEOUT = 30000; var MAX_LAG_BEFORE_TIMEOUT = 30000;
var Nacl = window.nacl;
var uid = function () { var uid = function () {
return Number(Math.floor(Math.random() * Number.MAX_SAFE_INTEGER)) return Number(Math.floor(Math.random() * Number.MAX_SAFE_INTEGER))
.toString(32).replace(/\./g, ''); .toString(32).replace(/\./g, '');
}; };
var signMsg = function (type, msg, signKey) {
var toSign = JSON.stringify([type, msg]);
var buffer = Nacl.util.decodeUTF8(toSign);
return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
};
/* /*
types of messages: types of messages:
pin -> hash pin -> hash
@ -24,14 +31,14 @@ types of messages:
messages have the format: messages have the format:
[TYPE, txid, msg] [TYPE, txid, msg]
*/ */
var sendMsg = function (ctx, type, msg, cb) { var sendMsg = function (ctx, type, signed, id, cb) {
var network = ctx.network; var network = ctx.network;
var hkn = network.historyKeeper; var hkn = network.historyKeeper;
var txid = uid(); var txid = uid();
ctx.pending[txid] = cb; ctx.pending[txid] = cb;
return network.sendto(hkn, JSON.stringify([txid, type, msg])); return network.sendto(hkn, JSON.stringify([txid, signed, id]));
}; };
var parse = function (msg) { var parse = function (msg) {
@ -68,18 +75,19 @@ types of messages:
} }
}; };
var cookie = function (ctx, cb) { var create = function (network, edPrivateKey, edPublicKey) {
// TODO txid var signKey = Nacl.util.decodeBase64(edPrivateKey);
};
var signMsg = function (msg, secKey) { try {
// TODO if (signKey.length !== 64) {
}; throw new Error('private key did not match expected length of 64');
}
var create = function (network, edPrivateKey) { } catch (err) {
if (!/[0-9a-f]{64}/.test(edPrivateKey)) { throw new Error("private signing key is not valid");
//throw new Error("private signing key is not valid");
} }
// TODO validate public key as well
var ctx = { var ctx = {
//privateKey: Encode.hexToUint8Array(edPrivateKey), //privateKey: Encode.hexToUint8Array(edPrivateKey),
seq: new Date().getTime(), seq: new Date().getTime(),
@ -91,13 +99,15 @@ types of messages:
var pin = function (channel, cb) { }; var pin = function (channel, cb) { };
var send = function (type, msg, cb) { var send = function (type, msg, cb) {
return sendMsg(ctx, type, msg, cb); // construct a signed message...
var signed = signMsg(type, msg, signKey);
return sendMsg(ctx, type, signed, edPublicKey, cb);
}; };
network.on('message', function (msg, sender) { network.on('message', function (msg, sender) {
onMsg(ctx, msg); onMsg(ctx, msg);
}); });
return { return {
cookie: function (cb) { cookie(ctx, cb); },
send: send, send: send,
}; };
}; };

7
www/examples/rpc/main.js
View File

@ -12,7 +12,12 @@ define([
$(function () { $(function () {
Cryptpad.ready(function (err, env) { Cryptpad.ready(function (err, env) {
var network = Cryptpad.getNetwork(); var network = Cryptpad.getNetwork();
var rpc = RPC.create(network); // TODO signing key var proxy = Cryptpad.getStore().getProxy().proxy;
var edPrivate = proxy.edPrivate;
var edPublic = proxy.edPublic;
var rpc = RPC.create(network, edPrivate, edPublic);
var payload = { var payload = {
a: Math.floor(Math.random() * 1000), a: Math.floor(Math.random() * 1000),