From 0e8b55edc0e19e6f40e70e3a70125bcd90ce84b1 Mon Sep 17 00:00:00 2001
From: Caleb James DeLisle <cjd@cjdns.fr>
Date: Thu, 20 Apr 2017 10:15:07 +0200
Subject: [PATCH] Added an authentication page to allow getting the user pubkey

---
 www/auth/index.html |  9 ++++++++
 www/auth/main.js    | 51 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 www/auth/index.html
 create mode 100644 www/auth/main.js

diff --git a/www/auth/index.html b/www/auth/index.html
new file mode 100644
index 000000000..685ca37c4
--- /dev/null
+++ b/www/auth/index.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html class="cp">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
+</head>
+<body class="html">
+</body>
+</html>
diff --git a/www/auth/main.js b/www/auth/main.js
new file mode 100644
index 000000000..032f406ba
--- /dev/null
+++ b/www/auth/main.js
@@ -0,0 +1,51 @@
+define([
+    'jquery',
+    '/common/cryptpad-common.js',
+    '/bower_components/tweetnacl/nacl-fast.min.js'
+], function ($, Cryptpad) {
+    var Nacl = window.nacl;
+
+    var signMsg = function (msg, privKey) {
+        var signKey = Nacl.util.decodeBase64(privKey);
+        var buffer = Nacl.util.decodeUTF8(msg);
+        return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
+    };
+
+    // TODO: Allow authing for any domain as long as the user clicks an "accept" button
+    //       inside of the iframe.
+    var AUTHORIZED_DOMAINS = [
+        /\.cryptpad\.fr$/,
+        /^http(s)?:\/\/localhost\:/
+    ];
+
+    Cryptpad.ready(function () {
+        console.log('IFRAME READY');
+        $(window).on("message", function (jqe) {
+            var evt = jqe.originalEvent;
+            var data = JSON.parse(evt.data);
+            var domain = evt.origin;
+            var srcWindow = evt.source;
+            var ret = { txid: data.txid };
+            if (data.cmd === 'PING') {
+                ret.res = 'PONG';
+            } else if (data.cmd === 'SIGN') {
+                if (!AUTHORIZED_DOMAINS.filter(function (x) { return x.test(domain); }).length) {
+                    ret.error = "UNAUTH_DOMAIN";
+                } else if (!Cryptpad.isLoggedIn()) {
+                    ret.error = "NOT_LOGGED_IN";
+                } else {
+                    var proxy = Cryptpad.getStore().getProxy().proxy;
+                    var sig = signMsg(data.data, proxy.edPrivate);
+                    ret.res = {
+                        uname: proxy.login_name,
+                        edPublic: proxy.edPublic,
+                        sig: sig
+                    };
+                }
+            } else {
+                ret.error = "UNKNOWN_CMD";
+            }
+            srcWindow.postMessage(JSON.stringify(ret), domain);
+        });
+    });
+});