From 437f50fd4ab0542b4a75854e53f17dd5cef22ff9 Mon Sep 17 00:00:00 2001 From: yflory Date: Tue, 12 Sep 2017 18:40:11 +0200 Subject: [PATCH] Migrate the file to a sandboxed iframe --- customize.dist/src/less2/include/toolbar.less | 3 +- customize.dist/src/less2/main.less | 1 + www/common/cryptpad-common.js | 1 + www/common/sframe-common-outer.js | 22 +- www/common/sframe-common-title.js | 8 +- www/common/sframe-common.js | 23 +- www/common/toolbar3.js | 67 +- www/file/app-file.less | 130 +++ www/file/index.html | 10 +- www/file/inner.html | 36 +- www/file/inner.js | 801 +++++++++++++++++- www/file/main.js | 302 +------ .../assets/image.png-encrypted | Bin www/oldfile/file-crypto.js | 271 ++++++ www/{file => oldfile}/file.less | 0 www/oldfile/index.html | 30 + www/oldfile/inner.html | 30 + www/oldfile/inner.js | 14 + www/oldfile/main.js | 269 ++++++ www/{file => oldfile}/test/index.html | 0 www/{file => oldfile}/test/main.js | 0 21 files changed, 1699 insertions(+), 319 deletions(-) create mode 100644 www/file/app-file.less rename www/{file => oldfile}/assets/image.png-encrypted (100%) create mode 100644 www/oldfile/file-crypto.js rename www/{file => oldfile}/file.less (100%) create mode 100644 www/oldfile/index.html create mode 100644 www/oldfile/inner.html create mode 100644 www/oldfile/inner.js create mode 100644 www/oldfile/main.js rename www/{file => oldfile}/test/index.html (100%) rename www/{file => oldfile}/test/main.js (100%) diff --git a/customize.dist/src/less2/include/toolbar.less b/customize.dist/src/less2/include/toolbar.less index c623145f6..b928deb18 100644 --- a/customize.dist/src/less2/include/toolbar.less +++ b/customize.dist/src/less2/include/toolbar.less @@ -293,7 +293,7 @@ &.cp-toolbar-hidden { display: none; } - .cp-toolbar-drawer { + .cp-toolbar-drawer-element { display: none; } // Bootstrap 4 colors (btn-secondary) @@ -447,6 +447,7 @@ .cp-toolbar-title-value-page { border: 1px solid transparent; padding: 0 5px; + line-height: 48px; } .cp-toolbar-title-edit, .cp-toolbar-title-save { display: flex; diff --git a/customize.dist/src/less2/main.less b/customize.dist/src/less2/main.less index 7b7f8229a..1fcd30815 100644 --- a/customize.dist/src/less2/main.less +++ b/customize.dist/src/less2/main.less @@ -25,5 +25,6 @@ html.cp-app-print { body.cp-app-pad { @import "../../../pad/app-pad.less"; } body.cp-app-code { @import "../../../code/app-code.less"; } body.cp-app-slide { @import "../../../slide/app-slide.less"; } +body.cp-app-file { @import "../../../file/app-file.less"; } body.cp-app-filepicker { @import "../../../filepicker/app-filepicker.less"; } diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index a3cd707a0..9ff1bddac 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -2024,6 +2024,7 @@ define([ common.getRecentPads(function (err, recent) { var parsed = parsePadUrl(window.location.href); if (!parsed.type || !parsed.hashData) { return void cb('E_INVALID_HREF'); } + if (parsed.type === 'file') { secret.channel = Util.base64ToHex(secret.channel); } var hashes = common.getHashes(secret.channel, secret); if (!hashes.editHash && !hashes.viewHash && parsed.hashData && !parsed.hashData.mode) { diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index 6b6528f79..32143cb8f 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -6,7 +6,9 @@ define([ ], function (nThen, ApiConfig, $) { var common = {}; - common.start = function () { + common.start = function (cfg) { + cfg = cfg || {}; + var realtime = !cfg.noRealtime; var secret; var hashes; var CpNfOuter; @@ -60,7 +62,7 @@ define([ name = n; })); }).nThen(function (/*waitFor*/) { - sframeChan.event('EV_METADATA_UPDATE', { + var metaObj = { doc: { defaultTitle: defaultTitle, type: parsed.type @@ -77,6 +79,7 @@ define([ accountName: Cryptpad.getAccountName(), origin: window.location.origin, pathname: window.location.pathname, + fileHost: ApiConfig.fileHost, readOnly: readOnly, availableHashes: hashes, isTemplate: Cryptpad.isTemplate(window.location.href), @@ -86,7 +89,11 @@ define([ isPresent: parsed.hashData && parsed.hashData.present, isEmbed: parsed.hashData && parsed.hashData.embed, } - }); + }; + if (cfg.addData) { + cfg.addData(metaObj.priv, Cryptpad); + } + sframeChan.event('EV_METADATA_UPDATE', metaObj); }); }; Cryptpad.onDisplayNameChanged(updateMeta); @@ -341,8 +348,16 @@ define([ } }); + if (cfg.addRpc) { + cfg.addRpc(sframeChan, Cryptpad); + } + sframeChan.ready(); + Cryptpad.reportAppUsage(); + + if (!realtime) { return; } + CpNfOuter.start({ sframeChan: sframeChan, channel: secret.channel, @@ -362,7 +377,6 @@ define([ Cryptpad.replaceHash(Cryptpad.getEditHashFromKeys(wc.id, secret.keys)); } }); - Cryptpad.reportAppUsage(); }); }; diff --git a/www/common/sframe-common-title.js b/www/common/sframe-common-title.js index 3df144b0e..f07da43fa 100644 --- a/www/common/sframe-common-title.js +++ b/www/common/sframe-common-title.js @@ -16,7 +16,7 @@ define(['jquery'], function ($) { var $title; exp.setToolbar = function (toolbar) { - $title = toolbar && toolbar.title; + $title = toolbar && (toolbar.title || toolbar.pageTitle); }; exp.getTitle = function () { return exp.title; }; @@ -41,8 +41,10 @@ define(['jquery'], function ($) { metadataMgr.onChange(function () { var md = metadataMgr.getMetadata(); - $title.find('span.cp-toolbar-title-value').text(md.title || md.defaultTitle); - $title.find('input').val(md.title || md.defaultTitle); + if ($title) { + $title.find('span.cp-toolbar-title-value').text(md.title || md.defaultTitle); + $title.find('input').val(md.title || md.defaultTitle); + } exp.title = md.title; }); metadataMgr.onTitleChange(function (title) { diff --git a/www/common/sframe-common.js b/www/common/sframe-common.js index 3e6cb48d1..3c0741ad8 100644 --- a/www/common/sframe-common.js +++ b/www/common/sframe-common.js @@ -57,8 +57,7 @@ define([ funcs.getAppConfig = function () { return AppConfig; }; funcs.isLoggedIn = function () { - if (!ctx.cpNfInner) { throw new Error("cpNfInner is not ready!"); } - return ctx.cpNfInner.metadataMgr.getPrivateData().accountName; + return ctx.metadataMgr.getPrivateData().accountName; }; // MISC @@ -78,6 +77,7 @@ define([ funcs.openTemplatePicker = callWithCommon(UI.openTemplatePicker); funcs.displayAvatar = callWithCommon(UI.displayAvatar); funcs.createButton = callWithCommon(UI.createButton); + funcs.getFileSize = callWithCommon(UI.getFileSize); // History funcs.getHistory = callWithCommon(History.create); @@ -88,6 +88,24 @@ define([ // Files funcs.uploadFile = callWithCommon(File.uploadFile); funcs.createFileManager = callWithCommon(File.create); + funcs.getMediatagScript = function () { + var origin = ctx.metadataMgr.getPrivateData().origin; + return ''; + }; + funcs.getMediatagFromHref = function (href) { + var parsed = Cryptpad.parsePadUrl(href); + var secret = Cryptpad.getSecrets('file', parsed.hash); + var data = ctx.metadataMgr.getPrivateData(); + if (secret.keys && secret.channel) { + var cryptKey = secret.keys && secret.keys.fileKeyStr; + var hexFileName = Cryptpad.base64ToHex(secret.channel); + var origin = data.fileHost || data.origin; + var src = origin + Cryptpad.getBlobPathFromHex(hexFileName); + return '' + + ''; + } + return; + }; // CodeMirror funcs.initCodeMirrorApp = callWithCommon(CodeMirror.create); @@ -171,6 +189,7 @@ define([ funcs.isStrongestStored = function () { var data = ctx.metadataMgr.getPrivateData(); + if (data.availableHashes.fileHash) { return true; } return !data.readOnly || !data.availableHashes.editHash; }; diff --git a/www/common/toolbar3.js b/www/common/toolbar3.js index 58e4e1eec..034873a34 100644 --- a/www/common/toolbar3.js +++ b/www/common/toolbar3.js @@ -345,6 +345,7 @@ define([ show(); }); + initUserList(toolbar, config); return $container; }; @@ -473,22 +474,59 @@ define([ return "Loading share button"; }; - var createFileShare = function (toolbar) { - if (true) { throw new Error('TODO: Update createFileShare to add "embed" and work in secure iframes'); } - if (!window.location.hash) { - throw new Error("Unable to display the share button: hash required in the URL"); + var createFileShare = function (toolbar, config) { + if (!config.metadataMgr) { + throw new Error("You must provide a `metadataMgr` to display the userlist"); } + var metadataMgr = config.metadataMgr; + var origin = config.metadataMgr.getPrivateData().origin; + var pathname = config.metadataMgr.getPrivateData().pathname; + var hashes = metadataMgr.getPrivateData().availableHashes; + var url = origin + pathname + '#' + hashes.fileHash; + + var $shareIcon = $('', {'class': 'fa fa-share-alt'}); - var $button = $('