|
|
|
@ -0,0 +1,51 @@ |
|
|
|
define([ |
|
|
|
'jquery', |
|
|
|
'/common/cryptpad-common.js', |
|
|
|
'/bower_components/tweetnacl/nacl-fast.min.js' |
|
|
|
], function ($, Cryptpad) { |
|
|
|
var Nacl = window.nacl; |
|
|
|
|
|
|
|
var signMsg = function (msg, privKey) { |
|
|
|
var signKey = Nacl.util.decodeBase64(privKey); |
|
|
|
var buffer = Nacl.util.decodeUTF8(msg); |
|
|
|
return Nacl.util.encodeBase64(Nacl.sign(buffer, signKey)); |
|
|
|
}; |
|
|
|
|
|
|
|
// TODO: Allow authing for any domain as long as the user clicks an "accept" button
|
|
|
|
// inside of the iframe.
|
|
|
|
var AUTHORIZED_DOMAINS = [ |
|
|
|
/\.cryptpad\.fr$/, |
|
|
|
/^http(s)?:\/\/localhost\:/ |
|
|
|
]; |
|
|
|
|
|
|
|
Cryptpad.ready(function () { |
|
|
|
console.log('IFRAME READY'); |
|
|
|
$(window).on("message", function (jqe) { |
|
|
|
var evt = jqe.originalEvent; |
|
|
|
var data = JSON.parse(evt.data); |
|
|
|
var domain = evt.origin; |
|
|
|
var srcWindow = evt.source; |
|
|
|
var ret = { txid: data.txid }; |
|
|
|
if (data.cmd === 'PING') { |
|
|
|
ret.res = 'PONG'; |
|
|
|
} else if (data.cmd === 'SIGN') { |
|
|
|
if (!AUTHORIZED_DOMAINS.filter(function (x) { return x.test(domain); }).length) { |
|
|
|
ret.error = "UNAUTH_DOMAIN"; |
|
|
|
} else if (!Cryptpad.isLoggedIn()) { |
|
|
|
ret.error = "NOT_LOGGED_IN"; |
|
|
|
} else { |
|
|
|
var proxy = Cryptpad.getStore().getProxy().proxy; |
|
|
|
var sig = signMsg(data.data, proxy.edPrivate); |
|
|
|
ret.res = { |
|
|
|
uname: proxy.login_name, |
|
|
|
edPublic: proxy.edPublic, |
|
|
|
sig: sig |
|
|
|
}; |
|
|
|
} |
|
|
|
} else { |
|
|
|
ret.error = "UNKNOWN_CMD"; |
|
|
|
} |
|
|
|
srcWindow.postMessage(JSON.stringify(ret), domain); |
|
|
|
}); |
|
|
|
}); |
|
|
|
}); |