changed from using input fields for keys to getting from url (#17)
* changed from using input fields for keys to getting from url * cleaned
This commit is contained in:
parent
a45bcf3d35
commit
7b841e9498
3 changed files with 53 additions and 73 deletions
9
app.js
9
app.js
|
@ -29,7 +29,6 @@ app.get('/assets/download/:id', function(req, res) {
|
|||
res.send('error');
|
||||
} else {
|
||||
res.setHeader('Content-Disposition', 'attachment; filename=' + reply);
|
||||
// res.setHeader('Content-Transfer-Encoding', 'binary');
|
||||
res.setHeader('Content-Type', 'application/octet-stream');
|
||||
|
||||
res.download(__dirname + '/static/' + reply);
|
||||
|
@ -38,7 +37,7 @@ app.get('/assets/download/:id', function(req, res) {
|
|||
|
||||
});
|
||||
|
||||
app.route('/upload')
|
||||
app.route('/upload/:id')
|
||||
.post(function (req, res, next) {
|
||||
|
||||
var fstream;
|
||||
|
@ -50,11 +49,11 @@ app.route('/upload')
|
|||
fstream = fs.createWriteStream(__dirname + '/static/' + filename);
|
||||
file.pipe(fstream);
|
||||
fstream.on('close', function () {
|
||||
let id = Math.floor(Math.random()*10000).toString();
|
||||
let id = req.params.id;
|
||||
client.hset(id, "filename", filename, redis.print);
|
||||
client.hset(id, "expiration", 0, redis.print);
|
||||
console.log("Upload Finished of " + filename);
|
||||
res.send(id); //where to go next
|
||||
res.send(id);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
@ -62,6 +61,6 @@ app.route('/upload')
|
|||
|
||||
|
||||
app.listen(3000, function () {
|
||||
console.log('Example app listening on port 3000!')
|
||||
console.log('Portal app listening on port 3000!')
|
||||
})
|
||||
|
||||
|
|
|
@ -3,16 +3,10 @@
|
|||
<head>
|
||||
<title>Page Title</title>
|
||||
<script type="text/javascript" src="/file.js"></script>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<input id="keyhash" placeholder="Paste the key your friend sent you."/><br />
|
||||
<input id="salt" placeholder="Paste the salt your friend sent you."/><br />
|
||||
|
||||
<button onclick="download()">DOWNLOAD</button>
|
||||
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
111
public/file.js
111
public/file.js
|
@ -1,11 +1,8 @@
|
|||
function download() {
|
||||
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open('get', '/assets' + location.pathname, true);
|
||||
xhr.open('get', '/assets' + location.pathname.slice(0, -1), true);
|
||||
xhr.responseType = 'blob';
|
||||
// $.each(SERVER.authorization(), function(k, v) {
|
||||
// xhr.setRequestHeader(k, v);
|
||||
// });
|
||||
// xhr.setRequestHeader('Content-type', 'application/json; charset=utf-8');
|
||||
|
||||
xhr.onload = function(e) {
|
||||
if (this.status == 200) {
|
||||
|
@ -15,36 +12,33 @@ function download() {
|
|||
var fileReader = new FileReader();
|
||||
fileReader.onload = function() {
|
||||
arrayBuffer = this.result;
|
||||
// console.log(arrayBuffer);
|
||||
var array = new Uint8Array(arrayBuffer);
|
||||
salt = new Uint8Array(JSON.parse(document.getElementById('salt').value));
|
||||
salt = strToIv(location.pathname.slice(10, -1));
|
||||
|
||||
window.crypto.subtle.importKey(
|
||||
"jwk", //can be "jwk" or "raw"
|
||||
{ //this is an example jwk key, "raw" would be an ArrayBuffer
|
||||
"jwk",
|
||||
{
|
||||
kty: "oct",
|
||||
k: document.getElementById('keyhash').value,
|
||||
k: location.hash.slice(1),
|
||||
alg: "A128CBC",
|
||||
ext: true,
|
||||
},
|
||||
{ //this is the algorithm options
|
||||
{
|
||||
name: "AES-CBC",
|
||||
},
|
||||
true, //whether the key is extractable (i.e. can be used in exportKey)
|
||||
["encrypt", "decrypt"] //can be "encrypt", "decrypt", "wrapKey", or "unwrapKey"
|
||||
true,
|
||||
["encrypt", "decrypt"]
|
||||
)
|
||||
.then(function(key){
|
||||
//returns the symmetric key
|
||||
.then(function(key){
|
||||
window.crypto.subtle.decrypt(
|
||||
{
|
||||
name: "AES-CBC",
|
||||
iv: salt, //The initialization vector you used to encrypt
|
||||
iv: salt,
|
||||
},
|
||||
key, //from generateKey or importKey above
|
||||
array //ArrayBuffer of the data
|
||||
key,
|
||||
array
|
||||
)
|
||||
.then(function(decrypted){
|
||||
//returns an ArrayBuffer containing the decrypted data
|
||||
// let original = new Uint8Array(decrypted);
|
||||
var dataView = new DataView(decrypted);
|
||||
var blob = new Blob([dataView]);
|
||||
var downloadUrl = URL.createObjectURL(blob);
|
||||
|
@ -57,20 +51,12 @@ function download() {
|
|||
.catch(function(err){
|
||||
console.error(err);
|
||||
});
|
||||
// console.log(key);
|
||||
})
|
||||
.catch(function(err){
|
||||
console.error(err);
|
||||
});
|
||||
};
|
||||
fileReader.readAsArrayBuffer(blob);
|
||||
// console.log(blob);
|
||||
// var downloadUrl = URL.createObjectURL(blob);
|
||||
// var a = document.createElement("a");
|
||||
// a.href = downloadUrl;
|
||||
// // a.download = "feheroes.png";
|
||||
// document.body.appendChild(a);
|
||||
// a.click();
|
||||
} else {
|
||||
alert('Unable to download excel.')
|
||||
}
|
||||
|
@ -82,50 +68,44 @@ function onChange(event) {
|
|||
var file = event.target.files[0];
|
||||
var reader = new FileReader();
|
||||
reader.onload = function(event) {
|
||||
// The file's text will be printed here
|
||||
let self = this;
|
||||
window.crypto.subtle.generateKey({
|
||||
name: "AES-CBC",
|
||||
length: 128
|
||||
},
|
||||
true, //whether the key is extractable (i.e. can be used in exportKey)
|
||||
true,
|
||||
["encrypt", "decrypt"])
|
||||
.then(function(key){
|
||||
//returns a key object
|
||||
var arrayBuffer = self.result;
|
||||
var array = new Uint8Array(arrayBuffer);
|
||||
// binaryString = String.fromCharCode.apply(null, array);
|
||||
|
||||
// console.log(binaryString);
|
||||
// console.log(file);
|
||||
|
||||
var random_iv = window.crypto.getRandomValues(new Uint8Array(16));
|
||||
|
||||
window.crypto.subtle.encrypt({
|
||||
name: "AES-CBC",
|
||||
//Don't re-use initialization vectors!
|
||||
//Always generate a new iv every time your encrypt!
|
||||
iv: random_iv},
|
||||
key, //from generateKey or importKey above
|
||||
array //ArrayBuffer of data you want to encrypt
|
||||
)
|
||||
iv: random_iv },
|
||||
key,
|
||||
array)
|
||||
.then(function(encrypted){
|
||||
console.log('Send this salt to a friend: [' + random_iv.toString() + ']');
|
||||
// console.log(arrayBuffer);
|
||||
//returns an ArrayBuffer containing the encrypted data
|
||||
|
||||
var dataView = new DataView(encrypted);
|
||||
var blob = new Blob([dataView], { type: file.type });
|
||||
window.data = encrypted;
|
||||
|
||||
var fd = new FormData();
|
||||
fd.append('fname', file.name);
|
||||
fd.append('data', blob, file.name);
|
||||
// console.log(blob);
|
||||
var xhr = new XMLHttpRequest();
|
||||
|
||||
xhr.open('post', '/upload', true);
|
||||
var xhr = new XMLHttpRequest();
|
||||
var hex = ivToStr(random_iv);
|
||||
xhr.open('post', '/upload/' + hex, true);
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
console.log('Go to this URL: http://localhost:3000/download/'+xhr.responseText);
|
||||
window.crypto.subtle.exportKey("jwk", key).then(function(keydata){
|
||||
console.log('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k);
|
||||
alert('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k);
|
||||
|
||||
})
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -135,26 +115,33 @@ function onChange(event) {
|
|||
console.error(err);
|
||||
});
|
||||
|
||||
|
||||
window.crypto.subtle.exportKey(
|
||||
"jwk", //can be "jwk" or "raw"
|
||||
key)
|
||||
.then(function(keydata){
|
||||
//returns the exported key data
|
||||
console.log('Send this key to a friend: ' + keydata.k);
|
||||
|
||||
})
|
||||
.catch(function(err){
|
||||
console.error(err);
|
||||
});
|
||||
})
|
||||
.catch(function(err){
|
||||
console.error(err);
|
||||
});
|
||||
|
||||
|
||||
};
|
||||
|
||||
reader.readAsArrayBuffer(file);
|
||||
}
|
||||
|
||||
function ivToStr(iv) {
|
||||
let hexStr = '';
|
||||
for (var i in iv) {
|
||||
if (iv[i] < 16) {
|
||||
hexStr += '0' + iv[i].toString(16);
|
||||
} else {
|
||||
hexStr += iv[i].toString(16);
|
||||
}
|
||||
}
|
||||
window.hexStr = hexStr;
|
||||
return hexStr;
|
||||
}
|
||||
|
||||
function strToIv(str) {
|
||||
var iv = new Uint8Array(16);
|
||||
for (var i = 0; i < str.length; i += 2) {
|
||||
iv[i/2] = parseInt((str.charAt(i) + str.charAt(i + 1)), 16);
|
||||
}
|
||||
|
||||
return iv;
|
||||
}
|
Loading…
Reference in a new issue