From 82eccc6d54ff45cf6766b3b4c0ca1653c897d820 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Tue, 30 May 2017 13:55:06 -0700 Subject: [PATCH 1/5] changed from using input fields for keys to getting from url --- app.js | 4 +-- public/download.html | 4 +-- public/file.js | 62 +++++++++++++++++++++++++++++++------------- 3 files changed, 48 insertions(+), 22 deletions(-) diff --git a/app.js b/app.js index 8d25ef06..1e10d923 100644 --- a/app.js +++ b/app.js @@ -38,7 +38,7 @@ app.get('/assets/download/:id', function(req, res) { }); -app.route('/upload') +app.route('/upload/:id') .post(function (req, res, next) { var fstream; @@ -50,7 +50,7 @@ app.route('/upload') fstream = fs.createWriteStream(__dirname + '/static/' + filename); file.pipe(fstream); fstream.on('close', function () { - let id = Math.floor(Math.random()*10000).toString(); + let id = req.params.id; client.hset(id, "filename", filename, redis.print); client.hset(id, "expiration", 0, redis.print); console.log("Upload Finished of " + filename); diff --git a/public/download.html b/public/download.html index 975be669..c03f6e3c 100644 --- a/public/download.html +++ b/public/download.html @@ -7,8 +7,8 @@ -
-
+ + diff --git a/public/file.js b/public/file.js index 06676718..6472534c 100644 --- a/public/file.js +++ b/public/file.js @@ -1,6 +1,13 @@ + function download() { + // console.log(location.pathname.slice(10, -1)); + +// var new_salt = ; +// console.log(new_salt); +// console.log(salt); + var xhr = new XMLHttpRequest(); - xhr.open('get', '/assets' + location.pathname, true); + xhr.open('get', '/assets' + location.pathname.slice(0, -1), true); xhr.responseType = 'blob'; // $.each(SERVER.authorization(), function(k, v) { // xhr.setRequestHeader(k, v); @@ -17,12 +24,15 @@ function download() { arrayBuffer = this.result; // console.log(arrayBuffer); var array = new Uint8Array(arrayBuffer); - salt = new Uint8Array(JSON.parse(document.getElementById('salt').value)); + salt = strToIv(location.pathname.slice(10, -1)); + // var new_salt = strToIv(location.pathname.slice(10, -1)); + // console.log(new_salt); + // console.log(salt); window.crypto.subtle.importKey( "jwk", //can be "jwk" or "raw" { //this is an example jwk key, "raw" would be an ArrayBuffer kty: "oct", - k: document.getElementById('keyhash').value, + k: location.hash.slice(1), alg: "A128CBC", ext: true, }, @@ -115,17 +125,21 @@ function onChange(event) { //returns an ArrayBuffer containing the encrypted data var dataView = new DataView(encrypted); var blob = new Blob([dataView], { type: file.type }); - window.data = encrypted; + // window.data = encrypted; var fd = new FormData(); fd.append('fname', file.name); fd.append('data', blob, file.name); // console.log(blob); var xhr = new XMLHttpRequest(); - - xhr.open('post', '/upload', true); + var hex = ivToStr(random_iv); + xhr.open('post', '/upload/' + hex, true); xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { - console.log('Go to this URL: http://localhost:3000/download/'+xhr.responseText); + window.crypto.subtle.exportKey("jwk", key).then(function(keydata){ + //returns the exported key data + console.log('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k); + console.log(keydata.k); + }) } }; @@ -136,17 +150,7 @@ function onChange(event) { }); - window.crypto.subtle.exportKey( - "jwk", //can be "jwk" or "raw" - key) - .then(function(keydata){ - //returns the exported key data - console.log('Send this key to a friend: ' + keydata.k); - - }) - .catch(function(err){ - console.error(err); - }); + }) .catch(function(err){ console.error(err); @@ -158,3 +162,25 @@ function onChange(event) { reader.readAsArrayBuffer(file); } +function ivToStr(iv) { + let hexStr = ''; + for (var i in iv) { + if (iv[i] < 16) { + hexStr += '0' + iv[i].toString(16); + } else { + hexStr += iv[i].toString(16); + } + } + window.hexStr = hexStr; + return hexStr; +} + +function strToIv(str) { + var iv = new Uint8Array(16); + for (var i = 0; i < str.length; i += 2) { + // console.log(str.charAt(i) + str.charAt(i+1)); + iv[i/2] = parseInt((str.charAt(i) + str.charAt(i + 1)), 16); + } + + return iv; +} \ No newline at end of file From 1800f870656a0832d23177e7869ac8c6854f61ac Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Tue, 30 May 2017 14:41:31 -0700 Subject: [PATCH 2/5] cleaned --- app.js | 5 ++- public/download.html | 6 ---- public/file.js | 77 +++++++++++--------------------------------- 3 files changed, 21 insertions(+), 67 deletions(-) diff --git a/app.js b/app.js index 1e10d923..143a5012 100644 --- a/app.js +++ b/app.js @@ -29,7 +29,6 @@ app.get('/assets/download/:id', function(req, res) { res.send('error'); } else { res.setHeader('Content-Disposition', 'attachment; filename=' + reply); - // res.setHeader('Content-Transfer-Encoding', 'binary'); res.setHeader('Content-Type', 'application/octet-stream'); res.download(__dirname + '/static/' + reply); @@ -54,7 +53,7 @@ app.route('/upload/:id') client.hset(id, "filename", filename, redis.print); client.hset(id, "expiration", 0, redis.print); console.log("Upload Finished of " + filename); - res.send(id); //where to go next + res.send(id); }); }); }); @@ -62,6 +61,6 @@ app.route('/upload/:id') app.listen(3000, function () { - console.log('Example app listening on port 3000!') + console.log('Portal app listening on port 3000!') }) diff --git a/public/download.html b/public/download.html index c03f6e3c..57c6b6bf 100644 --- a/public/download.html +++ b/public/download.html @@ -3,16 +3,10 @@ Page Title - - - - - - diff --git a/public/file.js b/public/file.js index 6472534c..ba4fe29f 100644 --- a/public/file.js +++ b/public/file.js @@ -1,18 +1,8 @@ - function download() { - // console.log(location.pathname.slice(10, -1)); - -// var new_salt = ; -// console.log(new_salt); -// console.log(salt); var xhr = new XMLHttpRequest(); xhr.open('get', '/assets' + location.pathname.slice(0, -1), true); xhr.responseType = 'blob'; - // $.each(SERVER.authorization(), function(k, v) { - // xhr.setRequestHeader(k, v); - // }); - // xhr.setRequestHeader('Content-type', 'application/json; charset=utf-8'); xhr.onload = function(e) { if (this.status == 200) { @@ -22,39 +12,33 @@ function download() { var fileReader = new FileReader(); fileReader.onload = function() { arrayBuffer = this.result; - // console.log(arrayBuffer); var array = new Uint8Array(arrayBuffer); salt = strToIv(location.pathname.slice(10, -1)); - // var new_salt = strToIv(location.pathname.slice(10, -1)); - // console.log(new_salt); - // console.log(salt); + window.crypto.subtle.importKey( - "jwk", //can be "jwk" or "raw" - { //this is an example jwk key, "raw" would be an ArrayBuffer + "jwk", + { kty: "oct", k: location.hash.slice(1), alg: "A128CBC", ext: true, }, - { //this is the algorithm options + { name: "AES-CBC", }, - true, //whether the key is extractable (i.e. can be used in exportKey) - ["encrypt", "decrypt"] //can be "encrypt", "decrypt", "wrapKey", or "unwrapKey" + true, + ["encrypt", "decrypt"] ) - .then(function(key){ - //returns the symmetric key + .then(function(key){ window.crypto.subtle.decrypt( { name: "AES-CBC", - iv: salt, //The initialization vector you used to encrypt + iv: salt, }, - key, //from generateKey or importKey above - array //ArrayBuffer of the data + key, + array ) .then(function(decrypted){ - //returns an ArrayBuffer containing the decrypted data - // let original = new Uint8Array(decrypted); var dataView = new DataView(decrypted); var blob = new Blob([dataView]); var downloadUrl = URL.createObjectURL(blob); @@ -67,20 +51,12 @@ function download() { .catch(function(err){ console.error(err); }); - // console.log(key); }) .catch(function(err){ console.error(err); }); }; fileReader.readAsArrayBuffer(blob); - // console.log(blob); - // var downloadUrl = URL.createObjectURL(blob); - // var a = document.createElement("a"); - // a.href = downloadUrl; - // // a.download = "feheroes.png"; - // document.body.appendChild(a); - // a.click(); } else { alert('Unable to download excel.') } @@ -92,53 +68,43 @@ function onChange(event) { var file = event.target.files[0]; var reader = new FileReader(); reader.onload = function(event) { - // The file's text will be printed here let self = this; window.crypto.subtle.generateKey({ name: "AES-CBC", length: 128 }, - true, //whether the key is extractable (i.e. can be used in exportKey) + true, ["encrypt", "decrypt"]) .then(function(key){ - //returns a key object var arrayBuffer = self.result; var array = new Uint8Array(arrayBuffer); - // binaryString = String.fromCharCode.apply(null, array); - - // console.log(binaryString); - // console.log(file); var random_iv = window.crypto.getRandomValues(new Uint8Array(16)); window.crypto.subtle.encrypt({ name: "AES-CBC", - //Don't re-use initialization vectors! - //Always generate a new iv every time your encrypt! - iv: random_iv}, - key, //from generateKey or importKey above - array //ArrayBuffer of data you want to encrypt - ) + iv: random_iv }, + key, + array) .then(function(encrypted){ console.log('Send this salt to a friend: [' + random_iv.toString() + ']'); - // console.log(arrayBuffer); - //returns an ArrayBuffer containing the encrypted data + var dataView = new DataView(encrypted); var blob = new Blob([dataView], { type: file.type }); - // window.data = encrypted; + var fd = new FormData(); fd.append('fname', file.name); fd.append('data', blob, file.name); - // console.log(blob); + var xhr = new XMLHttpRequest(); var hex = ivToStr(random_iv); xhr.open('post', '/upload/' + hex, true); xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { window.crypto.subtle.exportKey("jwk", key).then(function(keydata){ - //returns the exported key data console.log('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k); - console.log(keydata.k); + alert('Go to this URL: http://localhost:3000/download/' + hex + '/#' + keydata.k); + }) } }; @@ -149,16 +115,12 @@ function onChange(event) { console.error(err); }); - - }) .catch(function(err){ console.error(err); }); - }; - reader.readAsArrayBuffer(file); } @@ -178,7 +140,6 @@ function ivToStr(iv) { function strToIv(str) { var iv = new Uint8Array(16); for (var i = 0; i < str.length; i += 2) { - // console.log(str.charAt(i) + str.charAt(i+1)); iv[i/2] = parseInt((str.charAt(i) + str.charAt(i + 1)), 16); } From 2d2f2efe91a545c8934f047729d57a5e0546d644 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Tue, 30 May 2017 16:34:00 -0700 Subject: [PATCH 3/5] naming improvements, stopped storing files by name on server --- app.js | 11 ++++++----- public/download.html | 2 +- public/file.js | 4 +++- public/index.html | 2 +- static/info.txt | 2 +- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/app.js b/app.js index 143a5012..ca02cf51 100644 --- a/app.js +++ b/app.js @@ -26,12 +26,12 @@ app.get('/assets/download/:id', function(req, res) { let id = req.params.id; client.hget(id, "filename", function(err, reply) { // maybe some expiration logic too if (!reply) { - res.send('error'); + res.send('This link has expired!'); } else { res.setHeader('Content-Disposition', 'attachment; filename=' + reply); res.setHeader('Content-Type', 'application/octet-stream'); - - res.download(__dirname + '/static/' + reply); + client.del(id); + res.download(__dirname + '/static/' + id, reply); } }) @@ -46,13 +46,14 @@ app.route('/upload/:id') console.log("Uploading: " + filename); //Path where image will be uploaded - fstream = fs.createWriteStream(__dirname + '/static/' + filename); + fstream = fs.createWriteStream(__dirname + '/static/' + req.params.id); file.pipe(fstream); fstream.on('close', function () { let id = req.params.id; client.hset(id, "filename", filename, redis.print); client.hset(id, "expiration", 0, redis.print); - console.log("Upload Finished of " + filename); + client.expire(id, 86400000); + console.log("Upload Finished of " + filename); res.send(id); }); }); diff --git a/public/download.html b/public/download.html index 57c6b6bf..c301659f 100644 --- a/public/download.html +++ b/public/download.html @@ -1,7 +1,7 @@ -Page Title +Download your file diff --git a/public/file.js b/public/file.js index ba4fe29f..8ac3ac63 100644 --- a/public/file.js +++ b/public/file.js @@ -44,11 +44,13 @@ function download() { var downloadUrl = URL.createObjectURL(blob); var a = document.createElement("a"); a.href = downloadUrl; - a.download = xhr.getResponseHeader('Content-Disposition').match(/filename="(.+)"/)[1];; + a.download = xhr.getResponseHeader('Content-Disposition').match(/filename="(.+)"/)[1]; + console.log(xhr.getResponseHeader('Content-Disposition')); document.body.appendChild(a); a.click(); }) .catch(function(err){ + alert('This link is either invalid or has expired.'); console.error(err); }); }) diff --git a/public/index.html b/public/index.html index c2df9da1..8de58241 100644 --- a/public/index.html +++ b/public/index.html @@ -1,7 +1,7 @@ -Page Title +Firefox Fileshare diff --git a/static/info.txt b/static/info.txt index 30d83303..b3119bbf 100644 --- a/static/info.txt +++ b/static/info.txt @@ -1 +1 @@ -This is where files will go. +This is where downloaded files are stored. From ab86ecf90e5376c529163975f949ef1fcd30dd92 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Wed, 31 May 2017 09:57:02 -0700 Subject: [PATCH 4/5] pull request changes --- app.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/app.js b/app.js index ca02cf51..c2140a08 100644 --- a/app.js +++ b/app.js @@ -26,12 +26,17 @@ app.get('/assets/download/:id', function(req, res) { let id = req.params.id; client.hget(id, "filename", function(err, reply) { // maybe some expiration logic too if (!reply) { - res.send('This link has expired!'); + res.sendStatus(404); } else { res.setHeader('Content-Disposition', 'attachment; filename=' + reply); res.setHeader('Content-Type', 'application/octet-stream'); - client.del(id); - res.download(__dirname + '/static/' + id, reply); + + res.download(__dirname + '/static/' + id, reply, function(err) { + if (!err) { + client.del(id); + fs.unlink(__dirname + '/static/' + id); + } + }); } }) From aad54b34b907428da307dda70bfa74366089f027 Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Wed, 31 May 2017 10:11:00 -0700 Subject: [PATCH 5/5] changed to unlinkSync --- app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.js b/app.js index c2140a08..43cad4bf 100644 --- a/app.js +++ b/app.js @@ -34,7 +34,7 @@ app.get('/assets/download/:id', function(req, res) { res.download(__dirname + '/static/' + id, reply, function(err) { if (!err) { client.del(id); - fs.unlink(__dirname + '/static/' + id); + fs.unlinkSync(__dirname + '/static/' + id); } }); }