cryptpad/www/auth/main.js

define([
    'jquery',
    '/common/cryptpad-common.js',
    '/common/common-constants.js',
    '/common/outer/local-store.js',
    '/common/test.js',
    '/bower_components/nthen/index.js',
    '/bower_components/tweetnacl/nacl-fast.min.js'
], function ($, Cryptpad, Constants, LocalStore, Test, nThen) {
    var Nacl = window.nacl;

    var signMsg = function (msg, privKey) {
        var signKey = Nacl.util.decodeBase64(privKey);
        var buffer = Nacl.util.decodeUTF8(msg);
        return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
    };

    // TODO: Allow authing for any domain as long as the user clicks an "accept" button
    //       inside of the iframe.
    var AUTHORIZED_DOMAINS = [
        /\.cryptpad\.fr$/,
        /^http(s)?:\/\/localhost\:/
    ];

    // Safari is weird about localStorage in iframes but seems to let sessionStorage slide.
    localStorage[Constants.userHashKey] = localStorage[Constants.userHashKey] ||
                                          sessionStorage[Constants.userHashKey];

    var proxy;
    nThen(function (waitFor) {
        Cryptpad.ready(waitFor());
    }).nThen(function (waitFor) {
        Cryptpad.getUserObject(waitFor(function (obj) {
            proxy = obj;
        }));
    }).nThen(function () {
        console.log('IFRAME READY');
        Test(function () {
            // This is only here to maybe trigger an error.
            window.drive = proxy['drive'];
            Test.passed();
        });
        $(window).on("message", function (jqe) {
            var evt = jqe.originalEvent;
            var data = JSON.parse(evt.data);
            var domain = evt.origin;
            var srcWindow = evt.source;
            var ret = { txid: data.txid };
            if (data.cmd === 'PING') {
                ret.res = 'PONG';
            } else if (data.cmd === 'SIGN') {
                if (!AUTHORIZED_DOMAINS.filter(function (x) { return x.test(domain); }).length) {
                    ret.error = "UNAUTH_DOMAIN";
                } else if (!LocalStore.isLoggedIn()) {
                    ret.error = "NOT_LOGGED_IN";
                } else {
                    var sig = signMsg(data.data, proxy.edPrivate);
                    ret.res = {
                        uname: proxy.login_name,
                        edPublic: proxy.edPublic,
                        sig: sig
                    };
                }
            } else if (data.cmd === 'UPDATE_LIMIT') {
                return Cryptpad.updatePinLimit(function (e, limit, plan, note) {
                    ret.res = [limit, plan, note];
                    srcWindow.postMessage(JSON.stringify(ret), domain);
                });
            } else {
                ret.error = "UNKNOWN_CMD";
            }
            srcWindow.postMessage(JSON.stringify(ret), domain);
        });
    });
});
Added an authentication page to allow getting the user pubkey 8 years ago			`define([`
			`'jquery',`
			`'/common/cryptpad-common.js',`
Clean cryptpad-common 7 years ago			`'/common/common-constants.js',`
			`'/common/outer/local-store.js',`
Delicious testing 8 years ago			`'/common/test.js',`
Async store part 1 7 years ago			`'/bower_components/nthen/index.js',`
Added an authentication page to allow getting the user pubkey 8 years ago			`'/bower_components/tweetnacl/nacl-fast.min.js'`
Async store part 1 7 years ago			`], function ($, Cryptpad, Constants, LocalStore, Test, nThen) {`
Added an authentication page to allow getting the user pubkey 8 years ago			`var Nacl = window.nacl;`

			`var signMsg = function (msg, privKey) {`
			`var signKey = Nacl.util.decodeBase64(privKey);`
			`var buffer = Nacl.util.decodeUTF8(msg);`
			`return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));`
			`};`

			`// TODO: Allow authing for any domain as long as the user clicks an "accept" button`
			`// inside of the iframe.`
			`var AUTHORIZED_DOMAINS = [`
			`/\.cryptpad\.fr$/,`
			`/^http(s)?:\/\/localhost\:/`
			`];`

Sync localStorage with sessionStorage in auth because safari... 8 years ago			`// Safari is weird about localStorage in iframes but seems to let sessionStorage slide.`
Clean cryptpad-common 7 years ago			`localStorage[Constants.userHashKey] = localStorage[Constants.userHashKey] \|\|`
			`sessionStorage[Constants.userHashKey];`
Sync localStorage with sessionStorage in auth because safari... 8 years ago
Async store part 1 7 years ago			`var proxy;`
			`nThen(function (waitFor) {`
			`Cryptpad.ready(waitFor());`
			`}).nThen(function (waitFor) {`
			`Cryptpad.getUserObject(waitFor(function (obj) {`
			`proxy = obj;`
			`}));`
			`}).nThen(function () {`
Added an authentication page to allow getting the user pubkey 8 years ago			`console.log('IFRAME READY');`
Delicious testing 8 years ago			`Test(function () {`
			`// This is only here to maybe trigger an error.`
Async store part 1 7 years ago			`window.drive = proxy['drive'];`
Delicious testing 8 years ago			`Test.passed();`
			`});`
Added an authentication page to allow getting the user pubkey 8 years ago			`$(window).on("message", function (jqe) {`
			`var evt = jqe.originalEvent;`
			`var data = JSON.parse(evt.data);`
			`var domain = evt.origin;`
			`var srcWindow = evt.source;`
			`var ret = { txid: data.txid };`
			`if (data.cmd === 'PING') {`
			`ret.res = 'PONG';`
			`} else if (data.cmd === 'SIGN') {`
			`if (!AUTHORIZED_DOMAINS.filter(function (x) { return x.test(domain); }).length) {`
			`ret.error = "UNAUTH_DOMAIN";`
Clean cryptpad-common 7 years ago			`} else if (!LocalStore.isLoggedIn()) {`
Added an authentication page to allow getting the user pubkey 8 years ago			`ret.error = "NOT_LOGGED_IN";`
			`} else {`
			`var sig = signMsg(data.data, proxy.edPrivate);`
			`ret.res = {`
			`uname: proxy.login_name,`
			`edPublic: proxy.edPublic,`
			`sig: sig`
			`};`
			`}`
bump server after paying for an account 8 years ago			`} else if (data.cmd === 'UPDATE_LIMIT') {`
			`return Cryptpad.updatePinLimit(function (e, limit, plan, note) {`
			`ret.res = [limit, plan, note];`
			`srcWindow.postMessage(JSON.stringify(ret), domain);`
			`});`
Added an authentication page to allow getting the user pubkey 8 years ago			`} else {`
			`ret.error = "UNKNOWN_CMD";`
			`}`
			`srcWindow.postMessage(JSON.stringify(ret), domain);`
			`});`
			`});`
			`});`