You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cryptpad/www/auth/main.js

60 lines
2.2 KiB
JavaScript

define([
'jquery',
'/common/cryptpad-common.js',
'/bower_components/tweetnacl/nacl-fast.min.js'
], function ($, Cryptpad) {
var Nacl = window.nacl;
var signMsg = function (msg, privKey) {
var signKey = Nacl.util.decodeBase64(privKey);
var buffer = Nacl.util.decodeUTF8(msg);
return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey));
};
// TODO: Allow authing for any domain as long as the user clicks an "accept" button
// inside of the iframe.
var AUTHORIZED_DOMAINS = [
/\.cryptpad\.fr$/,
/^http(s)?:\/\/localhost\:/
];
// Safari is weird about localStorage in iframes but seems to let sessionStorage slide.
localStorage.User_hash = localStorage.User_hash || sessionStorage.User_hash;
Cryptpad.ready(function () {
console.log('IFRAME READY');
$(window).on("message", function (jqe) {
var evt = jqe.originalEvent;
var data = JSON.parse(evt.data);
var domain = evt.origin;
var srcWindow = evt.source;
var ret = { txid: data.txid };
if (data.cmd === 'PING') {
ret.res = 'PONG';
} else if (data.cmd === 'SIGN') {
if (!AUTHORIZED_DOMAINS.filter(function (x) { return x.test(domain); }).length) {
ret.error = "UNAUTH_DOMAIN";
} else if (!Cryptpad.isLoggedIn()) {
ret.error = "NOT_LOGGED_IN";
} else {
var proxy = Cryptpad.getStore().getProxy().proxy;
var sig = signMsg(data.data, proxy.edPrivate);
ret.res = {
uname: proxy.login_name,
edPublic: proxy.edPublic,
sig: sig
};
}
} else if (data.cmd === 'UPDATE_LIMIT') {
return Cryptpad.updatePinLimit(function (e, limit, plan, note) {
ret.res = [limit, plan, note];
srcWindow.postMessage(JSON.stringify(ret), domain);
});
} else {
ret.error = "UNKNOWN_CMD";
}
srcWindow.postMessage(JSON.stringify(ret), domain);
});
});
});