define([ 'jquery', '/common/cryptpad-common.js', '/bower_components/tweetnacl/nacl-fast.min.js' ], function ($, Cryptpad) { var Nacl = window.nacl; var signMsg = function (msg, privKey) { var signKey = Nacl.util.decodeBase64(privKey); var buffer = Nacl.util.decodeUTF8(msg); return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey)); }; // TODO: Allow authing for any domain as long as the user clicks an "accept" button // inside of the iframe. var AUTHORIZED_DOMAINS = [ /\.cryptpad\.fr$/, /^http(s)?:\/\/localhost\:/ ]; // Safari is weird about localStorage in iframes but seems to let sessionStorage slide. localStorage.User_hash = localStorage.User_hash || sessionStorage.User_hash; Cryptpad.ready(function () { console.log('IFRAME READY'); $(window).on("message", function (jqe) { var evt = jqe.originalEvent; var data = JSON.parse(evt.data); var domain = evt.origin; var srcWindow = evt.source; var ret = { txid: data.txid }; if (data.cmd === 'PING') { ret.res = 'PONG'; } else if (data.cmd === 'SIGN') { if (!AUTHORIZED_DOMAINS.filter(function (x) { return x.test(domain); }).length) { ret.error = "UNAUTH_DOMAIN"; } else if (!Cryptpad.isLoggedIn()) { ret.error = "NOT_LOGGED_IN"; } else { var proxy = Cryptpad.getStore().getProxy().proxy; var sig = signMsg(data.data, proxy.edPrivate); ret.res = { uname: proxy.login_name, edPublic: proxy.edPublic, sig: sig }; } } else if (data.cmd === 'UPDATE_LIMIT') { return Cryptpad.updatePinLimit(function (e, limit, plan, note) { ret.res = [limit, plan, note]; srcWindow.postMessage(JSON.stringify(ret), domain); }); } else { ret.error = "UNKNOWN_CMD"; } srcWindow.postMessage(JSON.stringify(ret), domain); }); }); });