From 29735ff6174c5bc74cb7384c76c6a7a70ef8f35b Mon Sep 17 00:00:00 2001
From: schlagmichdoch <schlagmichdoch@users.noreply.github.com>
Date: Wed, 18 Jan 2023 15:34:11 +0100
Subject: [PATCH] add alert if corruption of files can not be checked and add
 optional nginx config for http to https redirect; always show preview of
 first file if image;

---
 docker-compose.yml                            |  4 +-
 docker/nginx/development.conf                 | 46 +++++++++++++++++++
 .../nginx/{default.conf => production.conf}   |  0
 public/scripts/network.js                     | 28 ++++++-----
 4 files changed, 66 insertions(+), 12 deletions(-)
 create mode 100644 docker/nginx/development.conf
 rename docker/nginx/{default.conf => production.conf} (100%)

diff --git a/docker-compose.yml b/docker-compose.yml
index 532c605..8a5b4d9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,9 +15,11 @@ services:
     image: "nginx-with-openssl"
     volumes:
       - ./public:/usr/share/nginx/html
-      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
       - ./docker/certs:/etc/ssl/certs
       - ./docker/openssl:/mnt/openssl
+      # Use production.conf instead of development.conf to redirect http to https (/ca.crt still available)
+      - ./docker/nginx/development.conf:/etc/nginx/conf.d/default.conf
+#      - ./docker/nginx/production.conf:/etc/nginx/conf.d/default.conf
     ports:
       - "8080:80"
       - "8443:443"
diff --git a/docker/nginx/development.conf b/docker/nginx/development.conf
new file mode 100644
index 0000000..c5aef38
--- /dev/null
+++ b/docker/nginx/development.conf
@@ -0,0 +1,46 @@
+server {
+    listen       80;
+
+    expires epoch;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /server {
+        proxy_connect_timeout 300;
+        proxy_pass http://node:3000;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+    }
+
+    location /ca.crt {
+        alias /etc/ssl/certs/snapdropCA.crt;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
+    ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
+
+    expires epoch;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /server {
+        proxy_connect_timeout 300;
+        proxy_pass http://node:3000;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+    }
+
+    location /ca.crt {
+        alias /etc/ssl/certs/snapdropCA.crt;
+    }
+}
+
diff --git a/docker/nginx/default.conf b/docker/nginx/production.conf
similarity index 100%
rename from docker/nginx/default.conf
rename to docker/nginx/production.conf
diff --git a/public/scripts/network.js b/public/scripts/network.js
index 95608ab..f6ef172 100644
--- a/public/scripts/network.js
+++ b/public/scripts/network.js
@@ -1,5 +1,10 @@
 window.URL = window.URL || window.webkitURL;
 window.isRtcSupported = !!(window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection);
+if (!crypto.subtle && localStorage.getItem('unsecure_warning') !== 'received') {
+    // Warn once per session
+    alert("PairDrops functionality to compare received with requested files works in secure contexts only (https or localhost).")
+    localStorage.setItem('unsecure_warning', 'received')
+}
 
 class ServerConnection {
 
@@ -201,7 +206,8 @@ class Peer {
 
     async getHashHex(file) {
         if (!crypto.subtle) {
-            console.error("PairDrop only works in secure contexts.")
+            console.warn("PairDrops functionality to compare received with requested files works in secure contexts only (https or localhost).")
+            return;
         }
         const hashBuffer = await crypto.subtle.digest('SHA-256', await file.arrayBuffer());
         // Convert hex to hash, see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string
@@ -249,13 +255,9 @@ class Peer {
         Events.fire('set-progress', {peerId: this._peerId, progress: 0, status: 'prepare'})
 
         let header = [];
-        let allFilesAreImages = true;
         let combinedSize = 0;
         for (let i=0; i<files.length; i++) {
             header.push(await this.createHeader(files[i]));
-            if (files[i].type.split('/')[0] !== 'image') {
-                allFilesAreImages = false;
-            }
             combinedSize += files[i].size;
         }
         this._fileHeaderRequested = header;
@@ -275,7 +277,7 @@ class Peer {
         }
         this.zipFileRequested = await zipper.getZipFile();
 
-        if (allFilesAreImages) {
+        if (files[0].type.split('/')[0] === 'image') {
             this.getResizedImageDataUrl(files[0], 400, null, 0.9).then(dataUrl => {
                 this.sendJSON({type: 'request',
                     header: header,
@@ -425,20 +427,24 @@ class Peer {
 
     async _onFileReceived(zipBlob, fileHeader) {
         Events.fire('set-progress', {peerId: this._peerId, progress: 0, status: 'wait'});
-
         this._busy = false;
         this.sendJSON({type: 'file-transfer-complete'});
+
         let zipEntries = await zipper.getEntries(zipBlob);
         let files = [];
-        let hashHexs = [];
         for (let i=0; i<zipEntries.length; i++) {
             let fileBlob = await zipper.getData(zipEntries[i]);
-            let hashHex = await this.getHashHex(fileBlob)
-            if (hashHex !== fileHeader[i].hashHex) {
+            let hashHex = await this.getHashHex(fileBlob);
+
+            let sameHex = hashHex === fileHeader[i].hashHex;
+            let sameSize = fileBlob.size === fileHeader[i].size;
+            let sameName = zipEntries[i].filename === fileHeader[i].name
+            if (!sameHex || !sameSize || !sameName) {
                 Events.fire('notify-user', 'Files are malformed.');
                 Events.fire('set-progress', {peerId: this._peerId, progress: 1, status: 'wait'});
-                throw new Error("Hash of received file differs from hash of requested file. Abort!");
+                throw new Error("Received files differ from requested files. Abort!");
             }
+
             files.push(new File([fileBlob], zipEntries[i].filename, {
                 type: fileHeader[i].mime,
                 lastModified: new Date().getTime()