add alert if corruption of files can not be checked and add optional nginx config for http to https redirect; always show preview of first file if image;

2025-04-20 15:06:15 -04:00 · 2023-01-18 15:34:11 +01:00 · 2023-01-18 15:34:11 +01:00 · 29735ff617
commit 29735ff617
parent bdb9cb42d9
4 changed files with 66 additions and 12 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -15,9 +15,11 @@ services:
    image: "nginx-with-openssl"
    volumes:
      - ./public:/usr/share/nginx/html
-      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
      - ./docker/certs:/etc/ssl/certs
      - ./docker/openssl:/mnt/openssl
+      # Use production.conf instead of development.conf to redirect http to https (/ca.crt still available)
+      - ./docker/nginx/development.conf:/etc/nginx/conf.d/default.conf
+#      - ./docker/nginx/production.conf:/etc/nginx/conf.d/default.conf
    ports:
      - "8080:80"
      - "8443:443"
--- a/docker/nginx/development.conf
+++ b/docker/nginx/development.conf
@ -0,0 +1,46 @@
+server {
+    listen       80;
+
+    expires epoch;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /server {
+        proxy_connect_timeout 300;
+        proxy_pass http://node:3000;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+    }
+
+    location /ca.crt {
+        alias /etc/ssl/certs/snapdropCA.crt;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
+    ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
+
+    expires epoch;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /server {
+        proxy_connect_timeout 300;
+        proxy_pass http://node:3000;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+    }
+
+    location /ca.crt {
+        alias /etc/ssl/certs/snapdropCA.crt;
+    }
+}
+
--- a/docker/nginx/production.conf
+++ b/docker/nginx/production.conf
--- a/public/scripts/network.js
+++ b/public/scripts/network.js
@ -1,5 +1,10 @@
 window.URL = window.URL || window.webkitURL;
 window.isRtcSupported = !!(window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection);
+if (!crypto.subtle && localStorage.getItem('unsecure_warning') !== 'received') {
+    // Warn once per session
+    alert("PairDrops functionality to compare received with requested files works in secure contexts only (https or localhost).")
+    localStorage.setItem('unsecure_warning', 'received')
+}

 class ServerConnection {

@ -201,7 +206,8 @@ class Peer {

    async getHashHex(file) {
        if (!crypto.subtle) {
-            console.error("PairDrop only works in secure contexts.")
+            console.warn("PairDrops functionality to compare received with requested files works in secure contexts only (https or localhost).")
+            return;
        }
        const hashBuffer = await crypto.subtle.digest('SHA-256', await file.arrayBuffer());
        // Convert hex to hash, see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string
@ -249,13 +255,9 @@ class Peer {
        Events.fire('set-progress', {peerId: this._peerId, progress: 0, status: 'prepare'})

        let header = [];
-        let allFilesAreImages = true;
        let combinedSize = 0;
        for (let i=0; i<files.length; i++) {
            header.push(await this.createHeader(files[i]));
-            if (files[i].type.split('/')[0] !== 'image') {
-                allFilesAreImages = false;
-            }
            combinedSize += files[i].size;
        }
        this._fileHeaderRequested = header;
@ -275,7 +277,7 @@ class Peer {
        }
        this.zipFileRequested = await zipper.getZipFile();

-        if (allFilesAreImages) {
+        if (files[0].type.split('/')[0] === 'image') {
            this.getResizedImageDataUrl(files[0], 400, null, 0.9).then(dataUrl => {
                this.sendJSON({type: 'request',
                    header: header,
@ -425,20 +427,24 @@ class Peer {

    async _onFileReceived(zipBlob, fileHeader) {
        Events.fire('set-progress', {peerId: this._peerId, progress: 0, status: 'wait'});
-
        this._busy = false;
        this.sendJSON({type: 'file-transfer-complete'});
+
        let zipEntries = await zipper.getEntries(zipBlob);
        let files = [];
-        let hashHexs = [];
        for (let i=0; i<zipEntries.length; i++) {
            let fileBlob = await zipper.getData(zipEntries[i]);
-            let hashHex = await this.getHashHex(fileBlob)
-            if (hashHex !== fileHeader[i].hashHex) {
+            let hashHex = await this.getHashHex(fileBlob);
+
+            let sameHex = hashHex === fileHeader[i].hashHex;
+            let sameSize = fileBlob.size === fileHeader[i].size;
+            let sameName = zipEntries[i].filename === fileHeader[i].name
+            if (!sameHex || !sameSize || !sameName) {
                Events.fire('notify-user', 'Files are malformed.');
                Events.fire('set-progress', {peerId: this._peerId, progress: 1, status: 'wait'});
-                throw new Error("Hash of received file differs from hash of requested file. Abort!");
+                throw new Error("Received files differ from requested files. Abort!");
            }
+
            files.push(new File([fileBlob], zipEntries[i].filename, {
                type: fileHeader[i].mime,
                lastModified: new Date().getTime()