Merge branch 'staging' of github.com:xwiki-labs/cryptpad into newServer
This commit is contained in:
commit
646ed8f6b1
6 changed files with 61 additions and 25 deletions
|
@ -37,9 +37,17 @@ module.exports = {
|
|||
"style-src 'unsafe-inline' 'self'",
|
||||
// Unsafe inline, unsafe-eval are needed for ckeditor :(
|
||||
"script-src 'self' 'unsafe-eval' 'unsafe-inline'",
|
||||
"child-src 'self' cryptpad.fr *.cryptpad.fr",
|
||||
"font-src 'self'",
|
||||
"connect-src 'self' wss://cryptpad.fr",
|
||||
|
||||
/* child-src is used to restrict iframes to a set of allowed domains.
|
||||
* connect-src is used to restrict what domains can connect to the websocket.
|
||||
*
|
||||
* it is recommended that you configure these fields to match the
|
||||
* domain which will serve your cryptpad instance.
|
||||
*/
|
||||
// "child-src 'self' cryptpad.fr *.cryptpad.fr",
|
||||
// "connect-src 'self' wss://cryptpad.fr",
|
||||
|
||||
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
|
||||
"img-src *",
|
||||
].join('; '),
|
||||
|
|
12
rpc.js
12
rpc.js
|
@ -55,12 +55,17 @@ RPC.create = function (config, cb) {
|
|||
|
||||
switch (msg[0]) {
|
||||
case 'ECHO':
|
||||
respond(void 0, msg);
|
||||
break;
|
||||
return void respond(void 0, msg);
|
||||
case 'RESET':
|
||||
return void respond('NOT_IMPLEMENTED', msg);
|
||||
case 'PIN':
|
||||
return void respond('NOT_IMPLEMENTED', msg);
|
||||
case 'UNPIN':
|
||||
return void respond('NOT_IMPLEMENTED', msg);
|
||||
case 'GET_HASH':
|
||||
return void respond('NOT_IMPLEMENTED', msg);
|
||||
case 'GET_TOTAL_SIZE':
|
||||
return void respond('NOT_IMPLEMENTED', msg);
|
||||
case 'GET_FILE_SIZE':
|
||||
if (!isValidChannel(msg[1])) {
|
||||
return void respond('INVALID_CHAN');
|
||||
|
@ -71,8 +76,7 @@ RPC.create = function (config, cb) {
|
|||
respond(void 0, size);
|
||||
});
|
||||
default:
|
||||
respond('UNSUPPORTED_RPC_CALL', msg);
|
||||
break;
|
||||
return void respond('UNSUPPORTED_RPC_CALL', msg);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -1004,6 +1004,13 @@ define([
|
|||
var proxy = store.getProxy();
|
||||
var fo = proxy.fo;
|
||||
|
||||
// start with your userHash...
|
||||
var userHash = localStorage && localStorage.User_hash;
|
||||
if (!userHash) { return null; }
|
||||
|
||||
var userChannel = common.parseHash(userHash).channel;
|
||||
if (!userChannel) { return null; }
|
||||
|
||||
var list = fo.getFilesDataFiles().map(function (href) {
|
||||
var parsed = common.parsePadUrl(href);
|
||||
if (!parsed || !parsed.hash) { return; }
|
||||
|
@ -1015,7 +1022,10 @@ define([
|
|||
|
||||
var hex = common.base64ToHex(channel);
|
||||
return hex;
|
||||
}).filter(function (x) { return x; }).sort();
|
||||
}).filter(function (x) { return x; });
|
||||
|
||||
list.push(userChannel);
|
||||
list.sort();
|
||||
|
||||
return list;
|
||||
};
|
||||
|
|
|
@ -12,7 +12,8 @@ define([
|
|||
var rpc = Rpc.create(network, ed);
|
||||
|
||||
var checkHash = exp.checkHash = function (fileList) {
|
||||
//var fileList = fo.getFilesDataFiles();
|
||||
fileList = fileList || Cryptpad.getUserChannelList();
|
||||
|
||||
var channelIdList = [];
|
||||
fileList.forEach(function (href) {
|
||||
var parsedHref = Cryptpad.parsePadUrl(href);
|
||||
|
@ -31,12 +32,10 @@ define([
|
|||
AWESOME
|
||||
if they are not
|
||||
UNPIN all, send all
|
||||
|
||||
*/
|
||||
|
||||
var hash = Nacl.util.encodeBase64(Nacl.hash(Nacl.util.decodeUTF8( JSON.stringify(uniqueList) )));
|
||||
|
||||
console.log(hash);
|
||||
return hash;
|
||||
};
|
||||
|
||||
|
|
|
@ -4,12 +4,19 @@ define([
|
|||
'/bower_components/tweetnacl/nacl-fast.min.js',
|
||||
], function (Encode) {
|
||||
var MAX_LAG_BEFORE_TIMEOUT = 30000;
|
||||
var Nacl = window.nacl;
|
||||
|
||||
var uid = function () {
|
||||
return Number(Math.floor(Math.random() * Number.MAX_SAFE_INTEGER))
|
||||
.toString(32).replace(/\./g, '');
|
||||
};
|
||||
|
||||
var signMsg = function (type, msg, signKey) {
|
||||
var toSign = JSON.stringify([type, msg]);
|
||||
var buffer = Nacl.util.decodeUTF8(toSign);
|
||||
return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
|
||||
};
|
||||
|
||||
/*
|
||||
types of messages:
|
||||
pin -> hash
|
||||
|
@ -24,14 +31,14 @@ types of messages:
|
|||
messages have the format:
|
||||
[TYPE, txid, msg]
|
||||
*/
|
||||
var sendMsg = function (ctx, type, msg, cb) {
|
||||
var sendMsg = function (ctx, type, signed, id, cb) {
|
||||
var network = ctx.network;
|
||||
var hkn = network.historyKeeper;
|
||||
var txid = uid();
|
||||
|
||||
ctx.pending[txid] = cb;
|
||||
|
||||
return network.sendto(hkn, JSON.stringify([txid, type, msg]));
|
||||
return network.sendto(hkn, JSON.stringify([txid, signed, id]));
|
||||
};
|
||||
|
||||
var parse = function (msg) {
|
||||
|
@ -68,18 +75,19 @@ types of messages:
|
|||
}
|
||||
};
|
||||
|
||||
var cookie = function (ctx, cb) {
|
||||
// TODO txid
|
||||
};
|
||||
var create = function (network, edPrivateKey, edPublicKey) {
|
||||
var signKey = Nacl.util.decodeBase64(edPrivateKey);
|
||||
|
||||
var signMsg = function (msg, secKey) {
|
||||
// TODO
|
||||
};
|
||||
|
||||
var create = function (network, edPrivateKey) {
|
||||
if (!/[0-9a-f]{64}/.test(edPrivateKey)) {
|
||||
//throw new Error("private signing key is not valid");
|
||||
try {
|
||||
if (signKey.length !== 64) {
|
||||
throw new Error('private key did not match expected length of 64');
|
||||
}
|
||||
} catch (err) {
|
||||
throw new Error("private signing key is not valid");
|
||||
}
|
||||
|
||||
// TODO validate public key as well
|
||||
|
||||
var ctx = {
|
||||
//privateKey: Encode.hexToUint8Array(edPrivateKey),
|
||||
seq: new Date().getTime(),
|
||||
|
@ -91,13 +99,15 @@ types of messages:
|
|||
var pin = function (channel, cb) { };
|
||||
|
||||
var send = function (type, msg, cb) {
|
||||
return sendMsg(ctx, type, msg, cb);
|
||||
// construct a signed message...
|
||||
var signed = signMsg(type, msg, signKey);
|
||||
|
||||
return sendMsg(ctx, type, signed, edPublicKey, cb);
|
||||
};
|
||||
network.on('message', function (msg, sender) {
|
||||
onMsg(ctx, msg);
|
||||
});
|
||||
return {
|
||||
cookie: function (cb) { cookie(ctx, cb); },
|
||||
send: send,
|
||||
};
|
||||
};
|
||||
|
|
|
@ -12,7 +12,12 @@ define([
|
|||
$(function () {
|
||||
Cryptpad.ready(function (err, env) {
|
||||
var network = Cryptpad.getNetwork();
|
||||
var rpc = RPC.create(network); // TODO signing key
|
||||
var proxy = Cryptpad.getStore().getProxy().proxy;
|
||||
|
||||
var edPrivate = proxy.edPrivate;
|
||||
var edPublic = proxy.edPublic;
|
||||
|
||||
var rpc = RPC.create(network, edPrivate, edPublic);
|
||||
|
||||
var payload = {
|
||||
a: Math.floor(Math.random() * 1000),
|
||||
|
|
Loading…
Reference in a new issue