diff --git a/customize.dist/login.js b/customize.dist/login.js index 21668140f..0bf36b7ce 100644 --- a/customize.dist/login.js +++ b/customize.dist/login.js @@ -4,7 +4,7 @@ define([ '/bower_components/chainpad-crypto/crypto.js', '/common/common-util.js', '/common/outer/network-config.js', - '/customize/credential.js', + '/common/common-credential.js', '/bower_components/chainpad/chainpad.dist.js', '/common/common-realtime.js', '/common/common-constants.js', diff --git a/lib/metadata.js b/lib/metadata.js index 6231ea224..de40043af 100644 --- a/lib/metadata.js +++ b/lib/metadata.js @@ -15,6 +15,10 @@ var deduplicate = require("./deduplicate"); var commands = {}; +var isValidOwner = function (owner) { + return typeof(owner) === 'string' && owner.length === 44; +}; + // ["ADD_OWNERS", ["7eEqelGso3EBr5jHlei6av4r9w2B9XZiGGwA1EgZ-5I="], 1561623438989] commands.ADD_OWNERS = function (meta, args) { // bail out if args isn't an array @@ -30,6 +34,7 @@ commands.ADD_OWNERS = function (meta, args) { var changed = false; args.forEach(function (owner) { + if (!isValidOwner(owner)) { return; } if (meta.owners.indexOf(owner) >= 0) { return; } meta.owners.push(owner); changed = true; @@ -90,6 +95,7 @@ commands.ADD_PENDING_OWNERS = function (meta, args) { } // or fill it args.forEach(function (owner) { + if (!isValidOwner(owner)) { return; } if (meta.pending_owners.indexOf(owner) >= 0) { return; } meta.pending_owners.push(owner); changed = true; @@ -134,7 +140,7 @@ commands.RESET_OWNERS = function (meta, args) { } // overwrite the existing owners with the new one - meta.owners = deduplicate(args); + meta.owners = deduplicate(args.filter(isValidOwner)); return true; }; diff --git a/customize.dist/credential.js b/www/common/common-credential.js similarity index 80% rename from customize.dist/credential.js rename to www/common/common-credential.js index cdbd835c5..ffbc482d6 100644 --- a/customize.dist/credential.js +++ b/www/common/common-credential.js @@ -1,9 +1,6 @@ -define([ - '/customize/application_config.js', - '/bower_components/scrypt-async/scrypt-async.min.js', -], function (AppConfig) { +(function () { +var factory = function (AppConfig, Scrypt) { var Cred = {}; - var Scrypt = window.scrypt; Cred.MINIMUM_PASSWORD_LENGTH = typeof(AppConfig.minimumPasswordLength) === 'number'? AppConfig.minimumPasswordLength: 8; @@ -86,4 +83,19 @@ define([ }; return Cred; -}); +}; + + if (typeof(module) !== 'undefined' && module.exports) { + module.exports = factory( + {}, //require("../../customize.dist/application_config.js"), + require("../bower_components/scrypt-async/scrypt-async.min.js") + ); + } else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) { + define([ + '/customize/application_config.js', + '/bower_components/scrypt-async/scrypt-async.min.js', + ], function (AppConfig) { + return factory(AppConfig, window.scrypt); + }); + } +}()); diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 0516bf057..3be8ed032 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -1017,7 +1017,7 @@ define([ var Cred, Block, Login; Nthen(function (waitFor) { require([ - '/customize/credential.js', + '/common/common-credential.js', '/common/outer/login-block.js', '/customize/login.js' ], waitFor(function (_Cred, _Block, _Login) { diff --git a/www/common/outer/invitation.js b/www/common/outer/invitation.js new file mode 100644 index 000000000..c6199bf4c --- /dev/null +++ b/www/common/outer/invitation.js @@ -0,0 +1,95 @@ +(function () { +var factory = function (Util, Cred, nThen) { + nThen = nThen; // XXX + var Invite = {}; + +/* + TODO key derivation + + scrypt(seed, passwd) => { + curve: { + private, + public, + }, + ed: { + private, + public, + } + cryptKey, + channel + } +*/ + + var BYTES_REQUIRED = 256; + + Invite.deriveKeys = function (seed, passwd, cb) { + cb = cb; // XXX + // TODO validate has cb + // TODO onceAsync the cb + // TODO cb with err if !(seed && passwd) + + Cred.deriveFromPassphrase(seed, passwd, BYTES_REQUIRED, function (bytes) { + var dispense = Cred.dispenser(bytes); + dispense = dispense; // XXX + + // edPriv => edPub + // curvePriv => curvePub + // channel + // cryptKey + }); + }; + + Invite.createSeed = function () { + // XXX + // return a seed + }; + + Invite.create = function (cb) { + cb = cb; // XXX + // TODO validate has cb + // TODO onceAsync the cb + // TODO cb with err if !(seed && passwd) + + + + // required + // password + // validateKey + // creatorEdPublic + // for owner + // ephemeral + // signingKey + // for owner to write invitation + // derived + // edPriv + // edPublic + // for invitee ownership + // curvePriv + // curvePub + // for acceptance OR + // authenticated decline message via mailbox + // channel + // for owned deletion + // for team pinning + // cryptKey + // for protecting channel content + }; + + return Invite; +}; + if (typeof(module) !== 'undefined' && module.exports) { + module.exports = factory( + require("../common-util"), + require("../common-credential.js"), + require("nthen") + ); + } else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) { + define([ + '/common/common-util.js', + '/common/common-credential.js', + '/bower_components/nthen/index.js', + ], function (Util, Cred, nThen) { + return factory(Util, nThen); + }); + } +}()); diff --git a/www/register/main.js b/www/register/main.js index 63324f810..d052f88b0 100644 --- a/www/register/main.js +++ b/www/register/main.js @@ -3,7 +3,7 @@ define([ '/customize/login.js', '/common/cryptpad-common.js', '/common/test.js', - '/customize/credential.js', // preloaded for login.js + '/common/common-credential.js', '/common/common-interface.js', '/common/common-util.js', '/common/common-realtime.js', diff --git a/www/settings/inner.js b/www/settings/inner.js index 6fe07e3fe..416f99bb8 100644 --- a/www/settings/inner.js +++ b/www/settings/inner.js @@ -9,7 +9,7 @@ define([ '/common/common-hash.js', '/customize/messages.js', '/common/hyperscript.js', - '/customize/credential.js', + '/common/common-credential.js', '/customize/application_config.js', '/api/config', '/common/make-backup.js',