From 7b841e949886a50e27f0d68e53f455c6b1d9cabd Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Tue, 30 May 2017 14:45:15 -0700 Subject: [PATCH] changed from using input fields for keys to getting from url (#17) * changed from using input fields for keys to getting from url * cleaned --- app.js | 9 ++-- public/download.html | 6 --- public/file.js | 111 +++++++++++++++++++------------------------ 3 files changed, 53 insertions(+), 73 deletions(-) diff --git a/app.js b/app.js index 8d25ef06..143a5012 100644 --- a/app.js +++ b/app.js @@ -29,7 +29,6 @@ app.get('/assets/download/:id', function(req, res) { res.send('error'); } else { res.setHeader('Content-Disposition', 'attachment; filename=' + reply); - // res.setHeader('Content-Transfer-Encoding', 'binary'); res.setHeader('Content-Type', 'application/octet-stream'); res.download(__dirname + '/static/' + reply); @@ -38,7 +37,7 @@ app.get('/assets/download/:id', function(req, res) { }); -app.route('/upload') +app.route('/upload/:id') .post(function (req, res, next) { var fstream; @@ -50,11 +49,11 @@ app.route('/upload') fstream = fs.createWriteStream(__dirname + '/static/' + filename); file.pipe(fstream); fstream.on('close', function () { - let id = Math.floor(Math.random()*10000).toString(); + let id = req.params.id; client.hset(id, "filename", filename, redis.print); client.hset(id, "expiration", 0, redis.print); console.log("Upload Finished of " + filename); - res.send(id); //where to go next + res.send(id); }); }); }); @@ -62,6 +61,6 @@ app.route('/upload') app.listen(3000, function () { - console.log('Example app listening on port 3000!') + console.log('Portal app listening on port 3000!') }) diff --git a/public/download.html b/public/download.html index 975be669..57c6b6bf 100644 --- a/public/download.html +++ b/public/download.html @@ -3,16 +3,10 @@ Page Title - -
-
- - - diff --git a/public/file.js b/public/file.js index 06676718..ba4fe29f 100644 --- a/public/file.js +++ b/public/file.js @@ -1,11 +1,8 @@ function download() { + var xhr = new XMLHttpRequest(); - xhr.open('get', '/assets' + location.pathname, true); + xhr.open('get', '/assets' + location.pathname.slice(0, -1), true); xhr.responseType = 'blob'; - // $.each(SERVER.authorization(), function(k, v) { - // xhr.setRequestHeader(k, v); - // }); - // xhr.setRequestHeader('Content-type', 'application/json; charset=utf-8'); xhr.onload = function(e) { if (this.status == 200) { @@ -15,36 +12,33 @@ function download() { var fileReader = new FileReader(); fileReader.onload = function() { arrayBuffer = this.result; - // console.log(arrayBuffer); var array = new Uint8Array(arrayBuffer); - salt = new Uint8Array(JSON.parse(document.getElementById('salt').value)); + salt = strToIv(location.pathname.slice(10, -1)); + window.crypto.subtle.importKey( - "jwk", //can be "jwk" or "raw" - { //this is an example jwk key, "raw" would be an ArrayBuffer + "jwk", + { kty: "oct", - k: document.getElementById('keyhash').value, + k: location.hash.slice(1), alg: "A128CBC", ext: true, }, - { //this is the algorithm options + { name: "AES-CBC", }, - true, //whether the key is extractable (i.e. can be used in exportKey) - ["encrypt", "decrypt"] //can be "encrypt", "decrypt", "wrapKey", or "unwrapKey" + true, + ["encrypt", "decrypt"] ) - .then(function(key){ - //returns the symmetric key + .then(function(key){ window.crypto.subtle.decrypt( { name: "AES-CBC", - iv: salt, //The initialization vector you used to encrypt + iv: salt, }, - key, //from generateKey or importKey above - array //ArrayBuffer of the data + key, + array ) .then(function(decrypted){ - //returns an ArrayBuffer containing the decrypted data - // let original = new Uint8Array(decrypted); var dataView = new DataView(decrypted); var blob = new Blob([dataView]); var downloadUrl = URL.createObjectURL(blob); @@ -57,20 +51,12 @@ function download() { .catch(function(err){ console.error(err); }); - // console.log(key); }) .catch(function(err){ console.error(err); }); }; fileReader.readAsArrayBuffer(blob); - // console.log(blob); - // var downloadUrl = URL.createObjectURL(blob); - // var a = document.createElement("a"); - // a.href = downloadUrl; - // // a.download = "feheroes.png"; - // document.body.appendChild(a); - // a.click(); } else { alert('Unable to download excel.') } @@ -82,50 +68,44 @@ function onChange(event) { var file = event.target.files[0]; var reader = new FileReader(); reader.onload = function(event) { - // The file's text will be printed here let self = this; window.crypto.subtle.generateKey({ name: "AES-CBC", length: 128 }, - true, //whether the key is extractable (i.e. can be used in exportKey) + true, ["encrypt", "decrypt"]) .then(function(key){ - //returns a key object var arrayBuffer = self.result; var array = new Uint8Array(arrayBuffer); - // binaryString = String.fromCharCode.apply(null, array); - - // console.log(binaryString); - // console.log(file); var random_iv = window.crypto.getRandomValues(new Uint8Array(16)); window.crypto.subtle.encrypt({ name: "AES-CBC", - //Don't re-use initialization vectors! - //Always generate a new iv every time your encrypt! - iv: random_iv}, - key, //from generateKey or importKey above - array //ArrayBuffer of data you want to encrypt - ) + iv: random_iv }, + key, + array) .then(function(encrypted){ console.log('Send this salt to a friend: [' + random_iv.toString() + ']'); - // console.log(arrayBuffer); - //returns an ArrayBuffer containing the encrypted data + var dataView = new DataView(encrypted); var blob = new Blob([dataView], { type: file.type }); - window.data = encrypted; + var fd = new FormData(); fd.append('fname', file.name); fd.append('data', blob, file.name); - // console.log(blob); - var xhr = new XMLHttpRequest(); - xhr.open('post', '/upload', true); + var xhr = new XMLHttpRequest(); + var hex = ivToStr(random_iv); + xhr.open('post', '/upload/' + hex, true); xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { - console.log('Go to this URL: http://localhost:3000/download/'+xhr.responseText); + window.crypto.subtle.exportKey("jwk", key).then(function(keydata){ + console.log('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k); + alert('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k); + + }) } }; @@ -135,26 +115,33 @@ function onChange(event) { console.error(err); }); - - window.crypto.subtle.exportKey( - "jwk", //can be "jwk" or "raw" - key) - .then(function(keydata){ - //returns the exported key data - console.log('Send this key to a friend: ' + keydata.k); - - }) - .catch(function(err){ - console.error(err); - }); }) .catch(function(err){ console.error(err); }); - }; - reader.readAsArrayBuffer(file); } +function ivToStr(iv) { + let hexStr = ''; + for (var i in iv) { + if (iv[i] < 16) { + hexStr += '0' + iv[i].toString(16); + } else { + hexStr += iv[i].toString(16); + } + } + window.hexStr = hexStr; + return hexStr; +} + +function strToIv(str) { + var iv = new Uint8Array(16); + for (var i = 0; i < str.length; i += 2) { + iv[i/2] = parseInt((str.charAt(i) + str.charAt(i + 1)), 16); + } + + return iv; +} \ No newline at end of file