blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'staging' of github.com:xwiki-labs/cryptpad into newServer

Browse source
This commit is contained in:
yflory 2017-03-16 15:57:26 +01:00
commit 646ed8f6b1
6 changed files with 61 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config.js.dist
View file

@ -37,9 +37,17 @@ module.exports = {
"style-src 'unsafe-inline' 'self'",
// Unsafe inline, unsafe-eval are needed for ckeditor :(
"script-src 'self' 'unsafe-eval' 'unsafe-inline'",
"child-src 'self' cryptpad.fr *.cryptpad.fr",
"font-src 'self'",
"connect-src 'self' wss://cryptpad.fr",
/* child-src is used to restrict iframes to a set of allowed domains.
* connect-src is used to restrict what domains can connect to the websocket.
*
* it is recommended that you configure these fields to match the
* domain which will serve your cryptpad instance.
*/
// "child-src 'self' cryptpad.fr *.cryptpad.fr",
// "connect-src 'self' wss://cryptpad.fr",
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
"img-src *",
].join('; '),

12
rpc.js
View file

@ -55,12 +55,17 @@ RPC.create = function (config, cb) {
switch (msg[0]) {
case 'ECHO':
respond(void 0, msg);
break;
return void respond(void 0, msg);
case 'RESET':
return void respond('NOT_IMPLEMENTED', msg);
case 'PIN':
return void respond('NOT_IMPLEMENTED', msg);
case 'UNPIN':
return void respond('NOT_IMPLEMENTED', msg);
case 'GET_HASH':
return void respond('NOT_IMPLEMENTED', msg);
case 'GET_TOTAL_SIZE':
return void respond('NOT_IMPLEMENTED', msg);
case 'GET_FILE_SIZE':
if (!isValidChannel(msg[1])) {
return void respond('INVALID_CHAN');
@ -71,8 +76,7 @@ RPC.create = function (config, cb) {
respond(void 0, size);
});
default:
respond('UNSUPPORTED_RPC_CALL', msg);
break;
return void respond('UNSUPPORTED_RPC_CALL', msg);
}
};

12
www/common/cryptpad-common.js
View file

@ -1004,6 +1004,13 @@ define([
var proxy = store.getProxy();
var fo = proxy.fo;
// start with your userHash...
var userHash = localStorage && localStorage.User_hash;
if (!userHash) { return null; }
var userChannel = common.parseHash(userHash).channel;
if (!userChannel) { return null; }
var list = fo.getFilesDataFiles().map(function (href) {
var parsed = common.parsePadUrl(href);
if (!parsed || !parsed.hash) { return; }
@ -1015,7 +1022,10 @@ define([
var hex = common.base64ToHex(channel);
return hex;
}).filter(function (x) { return x; }).sort();
}).filter(function (x) { return x; });
list.push(userChannel);
list.sort();
return list;
};

5
www/common/pinpad.js
View file

@ -12,7 +12,8 @@ define([
var rpc = Rpc.create(network, ed);
var checkHash = exp.checkHash = function (fileList) {
//var fileList = fo.getFilesDataFiles();
fileList = fileList || Cryptpad.getUserChannelList();
var channelIdList = [];
fileList.forEach(function (href) {
var parsedHref = Cryptpad.parsePadUrl(href);
@ -31,12 +32,10 @@ define([
AWESOME
if they are not
UNPIN all, send all
*/
var hash = Nacl.util.encodeBase64(Nacl.hash(Nacl.util.decodeUTF8( JSON.stringify(uniqueList) )));
console.log(hash);
return hash;
};

38
www/common/rpc.js
View file

@ -4,12 +4,19 @@ define([
'/bower_components/tweetnacl/nacl-fast.min.js',
], function (Encode) {
var MAX_LAG_BEFORE_TIMEOUT = 30000;
var Nacl = window.nacl;
var uid = function () {
return Number(Math.floor(Math.random() * Number.MAX_SAFE_INTEGER))
.toString(32).replace(/\./g, '');
};
var signMsg = function (type, msg, signKey) {
var toSign = JSON.stringify([type, msg]);
var buffer = Nacl.util.decodeUTF8(toSign);
return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
};
/*
types of messages:
pin -> hash
@ -24,14 +31,14 @@ types of messages:
messages have the format:
[TYPE, txid, msg]
*/
var sendMsg = function (ctx, type, msg, cb) {
var sendMsg = function (ctx, type, signed, id, cb) {
var network = ctx.network;
var hkn = network.historyKeeper;
var txid = uid();
ctx.pending[txid] = cb;
return network.sendto(hkn, JSON.stringify([txid, type, msg]));
return network.sendto(hkn, JSON.stringify([txid, signed, id]));
};
var parse = function (msg) {
@ -68,18 +75,19 @@ types of messages:
}
};
var cookie = function (ctx, cb) {
// TODO txid
};
var create = function (network, edPrivateKey, edPublicKey) {
var signKey = Nacl.util.decodeBase64(edPrivateKey);
var signMsg = function (msg, secKey) {
// TODO
};
var create = function (network, edPrivateKey) {
if (!/[0-9a-f]{64}/.test(edPrivateKey)) {
//throw new Error("private signing key is not valid");
try {
if (signKey.length !== 64) {
throw new Error('private key did not match expected length of 64');
}
} catch (err) {
throw new Error("private signing key is not valid");
}
// TODO validate public key as well
var ctx = {
//privateKey: Encode.hexToUint8Array(edPrivateKey),
seq: new Date().getTime(),
@ -91,13 +99,15 @@ types of messages:
var pin = function (channel, cb) { };
var send = function (type, msg, cb) {
return sendMsg(ctx, type, msg, cb);
// construct a signed message...
var signed = signMsg(type, msg, signKey);
return sendMsg(ctx, type, signed, edPublicKey, cb);
};
network.on('message', function (msg, sender) {
onMsg(ctx, msg);
});
return {
cookie: function (cb) { cookie(ctx, cb); },
send: send,
};
};

7
www/examples/rpc/main.js
View file

@ -12,7 +12,12 @@ define([
$(function () {
Cryptpad.ready(function (err, env) {
var network = Cryptpad.getNetwork();
var rpc = RPC.create(network); // TODO signing key
var proxy = Cryptpad.getStore().getProxy().proxy;
var edPrivate = proxy.edPrivate;
var edPublic = proxy.edPublic;
var rpc = RPC.create(network, edPrivate, edPublic);
var payload = {
a: Math.floor(Math.random() * 1000),