Browserified chat web worker

This was done because previously, the worker used importscript
to load deps from a CDN, which was vulnerable to attacks like XSS
because it does not support SRI.
The web worker also cannot access deps from the global head.
This commit is contained in:
Rohan Sircar 2020-05-29 15:20:27 +05:30
parent 388d339c28
commit 1a7edaca3c
6 changed files with 93 additions and 14 deletions

1
chatto/.gitignore vendored
View File

@ -35,6 +35,7 @@ node_modules
config config
bundle.js bundle.js
bundle.min.js bundle.min.js
worker.js
src/main/javascript/node/ src/main/javascript/node/
dist dist
out out

View File

@ -12,8 +12,21 @@ module.exports = function(grunt) {
src: '../resources/static/js/bundle.js', src: '../resources/static/js/bundle.js',
dest: '../resources/static/js/bundle.min.js' dest: '../resources/static/js/bundle.min.js'
}, },
chat_worker: {
src: '../resources/static/js/worker.js',
dest: '../resources/static/js/worker.js'
},
}, },
browserify: { browserify: {
chat_worker_dev: {
src: 'workers/encryption-worker/main.ts',
dest: '../resources/static/js/worker.js',
options: {
browserifyOptions: {
debug: true
},
}
},
dev: { dev: {
src: 'ts/src/main.ts', src: 'ts/src/main.ts',
dest: '../resources/static/js/bundle.js', dest: '../resources/static/js/bundle.js',
@ -35,7 +48,7 @@ module.exports = function(grunt) {
}, },
options: { options: {
plugin: [ plugin: [
['tsify', { target: 'ES6', noImplicitAny: true }], // register plugin by name ['tsify', { target: 'ES6', noImplicitAny: true, esModuleInterop: true, allowSyntheticDefaultImports: true }], // register plugin by name
], ],
@ -51,10 +64,11 @@ module.exports = function(grunt) {
// grunt.registerTask('default', ['uglify']); // grunt.registerTask('default', ['uglify']);
grunt.loadNpmTasks('grunt-browserify') grunt.loadNpmTasks('grunt-browserify')
grunt.loadNpmTasks('grunt-banner');
grunt.registerTask('default', ['browserify:dev']) grunt.registerTask('default', ['browserify:dev','browserify:chat_worker_dev'])
grunt.registerTask('prod', ["browserify:prod", "terser"]) grunt.registerTask('prod', ["browserify:prod", 'browserify:chat_worker_dev', "terser"])
}; };

View File

@ -44,7 +44,6 @@
"handlebars": "global:Handlebars", "handlebars": "global:Handlebars",
"dompurify": "global:DOMPurify", "dompurify": "global:DOMPurify",
"fuse.js": "global:Fuse", "fuse.js": "global:Fuse",
"sjcl": "global:sjcl",
"sprintf-js": "global:sprintf", "sprintf-js": "global:sprintf",
"alertifyjs": "global:alertify", "alertifyjs": "global:alertify",
"bootbox": { "bootbox": {

View File

@ -0,0 +1,9 @@
import registerPromiseWorker from 'promise-worker/register';
import * as sjcl from 'sjcl'
registerPromiseWorker((payload) => {
// console.log(payload)
// console.log('decrypted = ' + sjcl.decrypt(payload.passphrase, JSON.stringify(payload.cipher)));
return sjcl.decrypt(payload.passphrase, JSON.stringify(payload.cipher))
});

View File

@ -0,0 +1,66 @@
{
"compilerOptions": {
/* Basic Options */
// "incremental": true, /* Enable incremental compilation */
"target": "es6", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
"module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
// "lib": [], /* Specify library files to be included in the compilation. */
// "allowJs": true, /* Allow javascript files to be compiled. */
// "checkJs": true, /* Report errors in .js files. */
// "jsx": "preserve", /* Specify JSX code generation: 'preserve', 'react-native', or 'react'. */
// "declaration": true, /* Generates corresponding '.d.ts' file. */
// "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */
// "sourceMap": true, /* Generates corresponding '.map' file. */
// "outFile": "./", /* Concatenate and emit output to single file. */
// "outDir": "./", /* Redirect output structure to the directory. */
// "rootDir": "./", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
// "composite": true, /* Enable project compilation */
// "tsBuildInfoFile": "./", /* Specify file to store incremental compilation information */
// "removeComments": true, /* Do not emit comments to output. */
// "noEmit": true, /* Do not emit outputs. */
// "importHelpers": true, /* Import emit helpers from 'tslib'. */
// "downlevelIteration": true, /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */
// "isolatedModules": true, /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */
/* Strict Type-Checking Options */
"strict": true, /* Enable all strict type-checking options. */
// "noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */
// "strictNullChecks": true, /* Enable strict null checks. */
// "strictFunctionTypes": true, /* Enable strict checking of function types. */
// "strictBindCallApply": true, /* Enable strict 'bind', 'call', and 'apply' methods on functions. */
// "strictPropertyInitialization": true, /* Enable strict checking of property initialization in classes. */
// "noImplicitThis": true, /* Raise error on 'this' expressions with an implied 'any' type. */
// "alwaysStrict": true, /* Parse in strict mode and emit "use strict" for each source file. */
/* Additional Checks */
// "noUnusedLocals": true, /* Report errors on unused locals. */
// "noUnusedParameters": true, /* Report errors on unused parameters. */
// "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */
// "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */
/* Module Resolution Options */
// "moduleResolution": "node", /* Specify module resolution strategy: 'node' (Node.js) or 'classic' (TypeScript pre-1.6). */
// "baseUrl": "./", /* Base directory to resolve non-absolute module names. */
// "paths": {}, /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */
// "rootDirs": [], /* List of root folders whose combined content represents the structure of the project at runtime. */
// "typeRoots": [], /* List of folders to include type definitions from. */
// "types": [], /* Type declaration files to be included in compilation. */
"allowSyntheticDefaultImports": true, /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */
"esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
// "preserveSymlinks": true, /* Do not resolve the real path of symlinks. */
// "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */
/* Source Map Options */
// "sourceRoot": "", /* Specify the location where debugger should locate TypeScript files instead of source locations. */
// "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */
// "inlineSourceMap": true, /* Emit a single file with source maps instead of having a separate file. */
// "inlineSources": true, /* Emit the source alongside the sourcemaps within a single file; requires '--inlineSourceMap' or '--sourceMap' to be set. */
/* Experimental Options */
// "experimentalDecorators": true, /* Enables experimental support for ES7 decorators. */
// "emitDecoratorMetadata": true, /* Enables experimental support for emitting type metadata for decorators. */
/* Advanced Options */
"forceConsistentCasingInFileNames": true /* Disallow inconsistently-cased references to the same file. */
}
}

View File

@ -1,10 +0,0 @@
// worker.js
importScripts('https://unpkg.com/promise-worker/dist/promise-worker.register.js');
// importScripts('https://unpkg.com/promise-worker@2.0.1/dist/promise-worker.register.js')
importScripts('https://cdnjs.cloudflare.com/ajax/libs/sjcl/1.0.8/sjcl.min.js');
registerPromiseWorker((payload) => {
// console.log(payload)
// console.log('decrypted = ' + sjcl.decrypt(payload.passphrase, JSON.stringify(payload.cipher)));
return sjcl.decrypt(payload.passphrase, JSON.stringify(payload.cipher))
});