Merge pull request #189 from mozilla/csp

Add CSP directives
mozilla · Jul 12, 2017 · 52173bf · 52173bf
2 parents ee8ff3d + 9234bce
commit 52173bf
Show file tree

Hide file tree

Showing 9 changed files with 171 additions and 125 deletions.
diff --git a/frontend/src/download.js b/frontend/src/download.js
@@ -9,7 +9,8 @@ $(document).ready(function() {
   $('#send-file').click(() => {
     window.location.replace(`${window.location.origin}`);
   });
-  const download = () => {
+  $('#download-btn').click(download);
+  function download() {
     const fileReceiver = new FileReceiver();
     const name = document.createElement('p');
     const $btn = $('#download-btn');
@@ -37,20 +38,20 @@ $(document).ready(function() {
     fileReceiver.on('decrypting', isStillDecrypting => {
       // The file is being decrypted
       if (isStillDecrypting) {
-        console.log('Decrypting')
+        console.log('Decrypting');
       } else {
-        console.log('Done decrypting')
+        console.log('Done decrypting');
       }
-    })
+    });
 
     fileReceiver.on('hashing', isStillHashing => {
       // The file is being hashed to make sure a malicious user hasn't tampered with it
       if (isStillHashing) {
-        console.log('Checking file integrity')
+        console.log('Checking file integrity');
       } else {
-        console.log('Integrity check done')
+        console.log('Integrity check done');
       }
-    })
+    });
 
     fileReceiver
       .download()
@@ -84,7 +85,5 @@ $(document).ready(function() {
         Raven.captureException(err);
         return Promise.reject(err);
       });
-  };
-
-  window.download = download;
+  }
 });
diff --git a/frontend/src/fileReceiver.js b/frontend/src/fileReceiver.js
@@ -61,52 +61,60 @@ class FileReceiver extends EventEmitter {
         true,
         ['encrypt', 'decrypt']
       )
-    ]).then(([fdata, key]) => {
-      this.emit('decrypting', true);
-      return Promise.all([
-        window.crypto.subtle.decrypt(
-          {
-            name: 'AES-GCM',
-            iv: hexToArray(fdata.iv),
-            additionalData: hexToArray(fdata.aad)
-          },
-          key,
-          fdata.data
-        ).then(decrypted => {
-          this.emit('decrypting', false);
-          return new Promise((resolve, reject) => {
-            resolve(decrypted);
-          })
-        }),
-        new Promise((resolve, reject) => {
-          resolve(fdata.filename);
-        }),
-        new Promise((resolve, reject) => {
-          resolve(hexToArray(fdata.aad));
-        })
-      ]);
-    }).then(([decrypted, fname, proposedHash]) => {
-      this.emit('hashing', true);
-      return window.crypto.subtle.digest('SHA-256', decrypted).then(calculatedHash => {
-        this.emit('hashing', false);
-        const integrity = new Uint8Array(calculatedHash).toString() === proposedHash.toString();
-        if (!integrity) {
-          return new Promise((resolve, reject) => {
-            console.log('This file has been tampered with.')
-            reject();
-          })
-        }
-
+    ])
+      .then(([fdata, key]) => {
+        this.emit('decrypting', true);
         return Promise.all([
+          window.crypto.subtle
+            .decrypt(
+              {
+                name: 'AES-GCM',
+                iv: hexToArray(fdata.iv),
+                additionalData: hexToArray(fdata.aad)
+              },
+              key,
+              fdata.data
+            )
+            .then(decrypted => {
+              this.emit('decrypting', false);
+              return new Promise((resolve, reject) => {
+                resolve(decrypted);
+              });
+            }),
           new Promise((resolve, reject) => {
-            resolve(decrypted);
+            resolve(fdata.filename);
           }),
           new Promise((resolve, reject) => {
-            resolve(fname);
+            resolve(hexToArray(fdata.aad));
           })
         ]);
       })
-    })
+      .then(([decrypted, fname, proposedHash]) => {
+        this.emit('hashing', true);
+        return window.crypto.subtle
+          .digest('SHA-256', decrypted)
+          .then(calculatedHash => {
+            this.emit('hashing', false);
+            const integrity =
+              new Uint8Array(calculatedHash).toString() ===
+              proposedHash.toString();
+            if (!integrity) {
+              return new Promise((resolve, reject) => {
+                console.log('This file has been tampered with.');
+                reject();
+              });
+            }
+
+            return Promise.all([
+              new Promise((resolve, reject) => {
+                resolve(decrypted);
+              }),
+              new Promise((resolve, reject) => {
+                resolve(fname);
+              })
+            ]);
+          });
+      });
   }
 }
 

diff --git a/frontend/src/fileSender.js b/frontend/src/fileSender.js
@@ -61,8 +61,8 @@ class FileSender extends EventEmitter {
           window.crypto.subtle.digest('SHA-256', plaintext).then(hash => {
             self.emit('hashing', false);
             self.emit('encrypting', true);
-            resolve({plaintext: plaintext, hash: new Uint8Array(hash)});
-          })
+            resolve({ plaintext: plaintext, hash: new Uint8Array(hash) });
+          });
         };
         reader.onerror = function(err) {
           reject(err);
@@ -81,14 +81,17 @@ class FileSender extends EventEmitter {
               },
               secretKey,
               file.plaintext
-            ).then(encrypted => {
+            )
+            .then(encrypted => {
               self.emit('encrypting', false);
               return new Promise((resolve, reject) => {
                 resolve(encrypted);
-              })
+              });
             }),
           window.crypto.subtle.exportKey('jwk', secretKey),
-          new Promise((resolve, reject) => { resolve(file.hash) })
+          new Promise((resolve, reject) => {
+            resolve(file.hash);
+          })
         ]);
       })
       .then(([encrypted, keydata, hash]) => {

diff --git a/frontend/src/upload.js b/frontend/src/upload.js
@@ -8,8 +8,10 @@ $(document).ready(function() {
   gcmCompliant().catch(err => {
     $('#page-one').hide();
     $('#compliance-error').show();
-  })
+  });
 
+  $('#file-upload').change(onUpload);
+  $('#page-one').on('dragover', allowDrop).on('drop', onUpload);
   // reset copy button
   const $copyBtn = $('#copy-btn');
   $copyBtn.attr('disabled', false);
@@ -61,11 +63,11 @@ $(document).ready(function() {
   });
 
   // on file upload by browse or drag & drop
-  window.onUpload = event => {
+  function onUpload(event) {
     event.preventDefault();
     let file = '';
     if (event.type === 'drop') {
-      file = event.dataTransfer.files[0];
+      file = event.originalEvent.dataTransfer.files[0];
     } else {
       file = event.target.files[0];
     }
@@ -88,29 +90,29 @@ $(document).ready(function() {
     fileSender.on('loading', isStillLoading => {
       // The file is loading into Firefox at this stage
       if (isStillLoading) {
-        console.log('Processing')
+        console.log('Processing');
       } else {
-        console.log('Finished processing')
+        console.log('Finished processing');
       }
-    })
+    });
 
     fileSender.on('hashing', isStillHashing => {
       // The file is being hashed
       if (isStillHashing) {
         console.log('Hashing');
       } else {
-        console.log('Finished hashing')
+        console.log('Finished hashing');
       }
-    })
+    });
 
     fileSender.on('encrypting', isStillEncrypting => {
       // The file is being encrypted
       if (isStillEncrypting) {
         console.log('Encrypting');
       } else {
-        console.log('Finished encrypting')
+        console.log('Finished encrypting');
       }
-    })
+    });
 
     fileSender
       .upload()
@@ -143,11 +145,11 @@ $(document).ready(function() {
         $('#page-one').hide();
         $('#upload-error').show();
       });
-  };
+  }
 
-  window.allowDrop = function(ev) {
+  function allowDrop(ev) {
     ev.preventDefault();
-  };
+  }
 
   function checkExistence(id, populate) {
     const xhr = new XMLHttpRequest();

diff --git a/frontend/src/utils.js b/frontend/src/utils.js
@@ -34,34 +34,38 @@ function notify(str) {
 
 function gcmCompliant() {
   try {
-    return window.crypto.subtle.generateKey(
-      {
-        name: 'AES-GCM',
-        length: 128
-      },
-      true,
-      ['encrypt', 'decrypt']
-    ).then(key => {
-      return window.crypto.subtle.encrypt(
+    return window.crypto.subtle
+      .generateKey(
         {
           name: 'AES-GCM',
-          iv: window.crypto.getRandomValues(new Uint8Array(12)),
-          additionalData: window.crypto.getRandomValues(new Uint8Array(6)),
-          tagLength: 128
+          length: 128
         },
-        key,
-        new ArrayBuffer(8)
+        true,
+        ['encrypt', 'decrypt']
       )
-      .then(() => {
-        return Promise.resolve()
+      .then(key => {
+        return window.crypto.subtle
+          .encrypt(
+            {
+              name: 'AES-GCM',
+              iv: window.crypto.getRandomValues(new Uint8Array(12)),
+              additionalData: window.crypto.getRandomValues(new Uint8Array(6)),
+              tagLength: 128
+            },
+            key,
+            new ArrayBuffer(8)
+          )
+          .then(() => {
+            return Promise.resolve();
+          })
+          .catch(err => {
+            return Promise.reject();
+          });
       })
       .catch(err => {
-        return Promise.reject()
-      })
-    }).catch(err => {
-      return Promise.reject();
-    })
-  } catch(err) {
+        return Promise.reject();
+      });
+  } catch (err) {
     return Promise.reject();
   }
 }