Merge pull request #781 from neuroscr/tls-fix

Clearnet fixes
5 years ago · 3f1294198f
parent d0cc5a57f8 569485f42a
commit 3f1294198f
11 changed files with 71 additions and 21 deletions
--- a/_locales/en/messages.json
+++ b/_locales/en/messages.json
@ -651,12 +651,14 @@
      "An error popup when the user has attempted to add an attachment"
  },
  "cannotMixImageAndNonImageAttachments": {
-    "message": "Sorry, you cannot mix images with other file types in one message",
+    "message":
+      "Sorry, you cannot mix images with other file types in one message",
    "description":
      "An error popup when the user has attempted to add an attachment"
  },
  "maximumAttachments": {
-    "message": "Maximum number of attachments reached. Please send remaining attachments in a separate message.",
+    "message":
+      "Maximum number of attachments reached. Please send remaining attachments in a separate message.",
    "description":
      "An error popup when the user has attempted to add an attachment"
  },
@ -1380,9 +1382,10 @@
    "message": "Warning"
  },
  "linkPreviewsConfirmMessage": {
-    "message": "You will not have full metadata protection when sending or receiving link previews."
+    "message":
+      "You will not have full metadata protection when sending or receiving link previews."
  },
-  
+
  "mediaPermissionsTitle": {
    "message": "Microphone and Camera"
  },
@ -1445,7 +1448,8 @@
    "description": "Title of the read receipts setting"
  },
  "typingIndicatorsSettingDescription": {
-    "message": "See and share when messages are being typed (applies to all sessions).",
+    "message":
+      "See and share when messages are being typed (applies to all sessions).",
    "description": "Description of the typing indicators setting"
  },
  "typingIndicatorsSettingTitle": {
@ -1658,7 +1662,8 @@
    "description": "Brief message shown when trying to message a blocked number"
  },
  "unblockGroupToSend": {
-    "message": "This group is blocked. Unlock it if you would like to send a message.",
+    "message":
+      "This group is blocked. Unlock it if you would like to send a message.",
    "description": "Brief message shown when trying to message a blocked group"
  },
  "youChangedTheTimer": {
--- a/js/expire.js
+++ b/js/expire.js
@ -47,6 +47,24 @@

  window.extension = window.extension || {};

+  // eslint-disable-next-line no-unused-vars
+  const resolveWhenReady = (res, rej) => {
+    if (expiredVersion !== null) {
+      return res(expiredVersion);
+    }
+    function waitForVersion() {
+      if (expiredVersion !== null) {
+        return res(expiredVersion);
+      }
+      log.info('Delaying sending checks for 1s, no version yet');
+      setTimeout(waitForVersion, 1000);
+      return true;
+    }
+    waitForVersion();
+    return true;
+  };
+
+  window.extension.expiredPromise = () => new Promise(resolveWhenReady);
  window.extension.expired = cb => {
    if (expiredVersion === null) {
      // just give it another second
--- a/js/modules/loki_app_dot_net_api.js
+++ b/js/modules/loki_app_dot_net_api.js
@ -464,7 +464,7 @@ class LokiAppDotNetServerAPI {
      fetchOptions.headers = headers;

      // domain ends in .loki
-      if (url.match(/\.loki\//)) {
+      if (endpoint.match(/\.loki\//)) {
        fetchOptions.agent = snodeHttpsAgent;
      }
    } catch (e) {
--- a/js/modules/loki_file_server_api.js
+++ b/js/modules/loki_file_server_api.js
@ -311,7 +311,7 @@ class LokiFileServerFactoryAPI {
    if (!thisServer) {
      thisServer = new LokiFileServerInstance(this.ourKey);
      log.info(`Registering FileServer ${serverUrl}`);
-      await thisServer.establishConnection(serverUrl, { skipToken: true } );
+      await thisServer.establishConnection(serverUrl, { skipToken: true });
      this.servers.push(thisServer);
    }
    return thisServer;
--- a/js/modules/loki_rpc.js
+++ b/js/modules/loki_rpc.js
@ -1,5 +1,5 @@
 /* global log, libloki, textsecure, getStoragePubKey, lokiSnodeAPI, StringView,
-  libsignal, window, TextDecoder, TextEncoder, dcodeIO */
+  libsignal, window, TextDecoder, TextEncoder, dcodeIO, process */

 const nodeFetch = require('node-fetch');
 const https = require('https');
@ -66,7 +66,11 @@ const sendToProxy = async (options = {}, targetNode) => {
    },
  };

+  // we only proxy to snodes...
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
  const response = await nodeFetch(url, firstHopOptions);
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1;
+
  const ciphertext = await response.text();

  const ciphertextBuffer = dcodeIO.ByteBuffer.wrap(
@ -130,7 +134,12 @@ const lokiFetch = async (url, options = {}, targetNode = null) => {
      return result.json();
    }

+    if (url.match(/https:\/\//)) {
+      process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
+    }
    const response = await nodeFetch(url, fetchOptions);
+    // restore TLS checking
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1;

    let result;
    // Wrong swarm
--- a/js/modules/loki_rss_api.js
+++ b/js/modules/loki_rss_api.js
@ -63,14 +63,25 @@ class LokiRssAPI extends EventEmitter {
      log.warn('LokiRssAPI unsupported rss feed', this.feedUrl);
      return;
    }
-    const response = await window.lokiFileServerAPI._server.serverRequest(
+    const result = await window.lokiFileServerAPI._server.serverRequest(
      map[this.feedUrl]
    );
-    if (!response) {
+    if (!result) {
      log.error('LokiRssAPI empty rss proxy response');
      return;
    }
-    const responseXML = response.response.data;
+    if (!result.response) {
+      log.error('LokiRssAPI rss proxy error, no response', result);
+      return;
+    }
+    if (!result.response.data) {
+      log.error(
+        'LokiRssAPI rss proxy error, no data, response',
+        result.response
+      );
+      return;
+    }
+    const responseXML = result.response.data;
    let feedDOM = {};
    try {
      feedDOM = await new window.DOMParser().parseFromString(
--- a/js/views/conversation_view.js
+++ b/js/views/conversation_view.js
@ -1859,7 +1859,8 @@
      message = window.Signal.Emoji.replaceColons(message).trim();

      const toastOptions = { type: 'info' };
-      if (extension.expired()) {
+      const expiredVersion = await extension.expiredPromise();
+      if (expiredVersion) {
        toastOptions.title = i18n('expiredWarning');
        toastOptions.id = 'expiredWarning';
      }
--- a/js/views/file_input_view.js
+++ b/js/views/file_input_view.js
@ -236,7 +236,7 @@
        id: 'maximumAttachments',
      });
    },
-    
+
    // Housekeeping
    addAttachment(attachment) {
      if (attachment.isVoiceNote && this.attachments.length > 0) {
--- a/js/views/inbox_view.js
+++ b/js/views/inbox_view.js
@ -156,7 +156,7 @@
        .find('.network-status-container')
        .append(this.networkStatusView.render().el);

-      extension.expired((expired) => {
+      extension.expired(expired => {
        if (expired) {
          const banner = new Whisper.ExpiredAlertBanner().render();
          banner.$el.prependTo(this.$el);
--- a/libtextsecure/message_receiver.js
+++ b/libtextsecure/message_receiver.js
@ -702,8 +702,6 @@ MessageReceiver.prototype.extend({
      this.activeSessionBaseKey = await getCurrentSessionBaseKey(sessionCipher);
    };

-    const handleSessionReset = async result => result;
-
    switch (envelope.type) {
      case textsecure.protobuf.Envelope.Type.CIPHERTEXT:
        window.log.info('message from', this.getEnvelopeId(envelope));
@ -745,7 +743,7 @@ MessageReceiver.prototype.extend({
          );
        });
        break;
-      case textsecure.protobuf.Envelope.Type.UNIDENTIFIED_SENDER:
+      case textsecure.protobuf.Envelope.Type.UNIDENTIFIED_SENDER: {
        window.log.info('received unidentified sender message');

        const secretSessionCipher = new window.Signal.Metadata.SecretSessionCipher(
@ -823,6 +821,7 @@ MessageReceiver.prototype.extend({
            }
          );
        break;
+      }
      default:
        promise = Promise.reject(new Error('Unknown message type'));
    }
@ -845,12 +844,18 @@ MessageReceiver.prototype.extend({
          window.log.info('Error getting conversation: ', envelope.source);
        }

-        /// *** BEGIN: session reset ***
+        // lint hates anything after // (so /// is no good)
+        // *** BEGIN: session reset ***

+        // we have address in scope from parent scope
+        // seems to be the same input parameters
+        // going to comment out due to lint complaints
+        /*
        const address = new libsignal.SignalProtocolAddress(
          envelope.source,
          envelope.sourceDevice
        );
+        */

        const restoreActiveSession = async () => {
          const record = await sessionCipher.getRecord(address.toString());
@ -902,7 +907,8 @@ MessageReceiver.prototype.extend({
          }
        }

-        /// *** END ***
+        // lint hates anything after // (so /// is no good)
+        // *** END ***

        // Type here can actually be UNIDENTIFIED_SENDER even if
        // the underlying message is FRIEND_REQUEST
--- a/stylesheets/_session_left_pane.scss
+++ b/stylesheets/_session_left_pane.scss
@ -626,7 +626,7 @@ $session-compose-margin: 20px;
    background-color: $session-background;
    color: $session-color-light-grey;
    border: 1px solid $session-color-dark-grey;
-    font-family: "SF Pro Text";
+    font-family: 'SF Pro Text';
    font-size: $session-font-sm;
  }
 }