From 0211322915bee0b8af9920280f2779addbf2bc72 Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Tue, 27 May 2014 13:56:03 +0200 Subject: [PATCH 1/3] remove avatar preview in postbox --- isso/js/app/api.js | 13 ------------- isso/js/app/isso.js | 32 -------------------------------- isso/js/app/text/postbox.jade | 3 --- 3 files changed, 48 deletions(-) diff --git a/isso/js/app/api.js b/isso/js/app/api.js index 1108c0a..573a327 100644 --- a/isso/js/app/api.js +++ b/isso/js/app/api.js @@ -183,22 +183,9 @@ define(["app/lib/promise", "app/globals"], function(Q, globals) { return deferred.promise; }; - var remote_addr = function() { - var deferred = Q.defer(); - curl("GET", endpoint + "/check-ip", null, function(rv) { - if (rv.status === 200) { - deferred.resolve(rv.body); - } else { - deferred.reject(rv.body); - } - }); - return deferred.promise; - }; - return { endpoint: endpoint, salt: salt, - remote_addr: remote_addr, create: create, modify: modify, diff --git a/isso/js/app/isso.js b/isso/js/app/isso.js index e3ca1b9..517fa10 100644 --- a/isso/js/app/isso.js +++ b/isso/js/app/isso.js @@ -9,38 +9,6 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n", var el = $.htmlify(jade.render("postbox")); - if (config["avatar"]) { - // add a default identicon to not waste CPU cycles - $(".avatar > svg", el).replace(lib.identicons.blank(4, 48)); - - // on text area focus, generate identicon from IP address - $(".textarea-wrapper > .textarea", el).on("focus", function() { - if ($(".avatar svg", el).getAttribute("className") === "blank") { - $(".avatar svg", el).replace( - lib.identicons.generate(lib.pbkdf2(api.remote_addr(), api.salt, 1000, 6), 4, 48)); - } - }); - - // update identicon on email input. Listens on keyup, after 200ms the - // new identicon is generated. - var active; - $(".input-wrapper > [type=email]", el).on("keyup", function() { - if (active) { - clearTimeout(active); - } - active = setTimeout(function() { - lib.pbkdf2($(".input-wrapper > [type=email]", el).value || api.remote_addr(), api.salt, 1000, 6) - .then(function(rv) { - $(".avatar svg", el).replace(lib.identicons.generate(rv, 4, 48)); - }); - }, 200); - }, false); - - $(".input-wrapper > [type=email]", el).on("keydown", function() { - clearTimeout(active); - }, false); - } - // callback on success (e.g. to toggle the reply button) el.onsuccess = function() {}; diff --git a/isso/js/app/text/postbox.jade b/isso/js/app/text/postbox.jade index 5740da0..bb4c2e8 100644 --- a/isso/js/app/text/postbox.jade +++ b/isso/js/app/text/postbox.jade @@ -1,7 +1,4 @@ div(class='postbox') - if conf.avatar - div(class='avatar') - svg(class='blank' data-hash='') div(class='form-wrapper') div(class='textarea-wrapper') div(class='textarea placeholder' contenteditable='true') From 16663d44f8d9f3958515ba4b4e9b43d0a6582d7c Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Tue, 27 May 2014 14:27:19 +0200 Subject: [PATCH 2/3] hide avatar during editing --- isso/js/app/dom.js | 18 +++++++++++++++--- isso/js/app/isso.js | 10 ++++++++++ 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/isso/js/app/dom.js b/isso/js/app/dom.js index fb8f5f1..364ece0 100644 --- a/isso/js/app/dom.js +++ b/isso/js/app/dom.js @@ -91,14 +91,26 @@ define(function() { this.parentNode.removeChild(this); }; - var DOM = function(query, root) { + window.Element.prototype.show = function() { + this.style.display = "block"; + }; + + window.Element.prototype.hide = function() { + this.style.display = "none"; + }; + + var DOM = function(query, root, single) { /* jQuery-like CSS selector which returns on :param query: either a - single node, a node list or null. + single node (unless single=false), a node list or null. :param root: only queries within the given element. */ + if (typeof single === "undefined") { + single = true; + } + if (! root) { root = window.document; } @@ -109,7 +121,7 @@ define(function() { return null; } - if (elements.length === 1) { + if (elements.length === 1 && single) { return elements[0]; } diff --git a/isso/js/app/isso.js b/isso/js/app/isso.js index 517fa10..f8659e6 100644 --- a/isso/js/app/isso.js +++ b/isso/js/app/isso.js @@ -176,6 +176,7 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n", $("a.edit", footer).toggle("click", function(toggler) { var edit = $("a.edit", footer); + var avatar = $(".avatar", el, false)[0]; edit.textContent = i18n.translate("comment-save"); edit.insertAfter($.new("a.cancel", i18n.translate("comment-cancel"))).on("click", function() { @@ -196,9 +197,14 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n", text.textContent = ""; text.append(textarea); }); + + if (avatar !== null) { + avatar.hide(); + } }, function(toggler) { var textarea = $(".textarea", text); + var avatar = $(".avatar", el, false)[0]; if (! toggler.canceled && textarea !== null) { if (utils.text(textarea.innerHTML).length < 3) { @@ -218,6 +224,10 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n", text.classList.remove("textarea-wrapper"); text.classList.add("text"); + if (avatar !== null) { + avatar.show(); + } + $("a.cancel", footer).remove(); $("a.edit", footer).textContent = i18n.translate("comment-edit"); } From e1b4ddb123dc5288293845f35a75130b205e9493 Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Tue, 27 May 2014 14:35:13 +0200 Subject: [PATCH 3/3] remove sha1.js and pbkdf2.js, part of #51 --- isso/js/app/lib.js | 4 +- isso/js/app/lib/pbkdf2.js | 201 ----------------------- isso/js/app/lib/sha1.js | 337 -------------------------------------- 3 files changed, 1 insertion(+), 541 deletions(-) delete mode 100644 isso/js/app/lib/pbkdf2.js delete mode 100644 isso/js/app/lib/sha1.js diff --git a/isso/js/app/lib.js b/isso/js/app/lib.js index 4214131..98eaa0a 100644 --- a/isso/js/app/lib.js +++ b/isso/js/app/lib.js @@ -1,8 +1,6 @@ define(function (require) { return { editorify: require("app/lib/editor"), - identicons: require("app/lib/identicons"), - pbkdf2: require("app/lib/pbkdf2"), - sha1: require("app/lib/sha1") + identicons: require("app/lib/identicons") }; }); diff --git a/isso/js/app/lib/pbkdf2.js b/isso/js/app/lib/pbkdf2.js deleted file mode 100644 index db15c1f..0000000 --- a/isso/js/app/lib/pbkdf2.js +++ /dev/null @@ -1,201 +0,0 @@ -define(["app/lib/promise", "app/lib/sha1"], function(Q, sha1) { - /* - * JavaScript implementation of Password-Based Key Derivation Function 2 - * (PBKDF2) as defined in RFC 2898. - * Version 1.5 - * Copyright (c) 2007, 2008, 2009, 2010, 2011, 2012, 2013 Parvez Anandam - * parvez@anandam.com - * http://anandam.com/pbkdf2 - * - * Distributed under the BSD license - * - * Uses Paul Johnston's excellent SHA-1 JavaScript library sha1.js: - * http://pajhome.org.uk/crypt/md5/sha1.html - * (uses the binb_sha1(), rstr2binb(), binb2str(), rstr2hex() functions from that libary) - * - * Thanks to Felix Gartsman for pointing out a bug in version 1.0 - * Thanks to Thijs Van der Schaeghe for pointing out a bug in version 1.1 - * Thanks to Richard Gautier for asking to clarify dependencies in version 1.2 - * Updated contact information from version 1.3 - * Thanks to Stuart Heinrich for pointing out updates to PAJ's SHA-1 library in version 1.4 - */ - - - /* - * The four arguments to the constructor of the PBKDF2 object are - * the password, salt, number of iterations and number of bytes in - * generated key. This follows the RFC 2898 definition: PBKDF2 (P, S, c, dkLen) - * - * The method deriveKey takes two parameters, both callback functions: - * the first is used to provide status on the computation, the second - * is called with the result of the computation (the generated key in hex). - * - * Example of use: - * - * - * - * - *
- * - */ - - var PBKDF2 = function(password, salt, num_iterations, num_bytes) - { - // Remember the password and salt - var m_bpassword = sha1.rstr2binb(password); - var m_salt = salt; - - // Total number of iterations - var m_total_iterations = num_iterations; - - // Run iterations in chunks instead of all at once, so as to not block. - // Define size of chunk here; adjust for slower or faster machines if necessary. - var m_iterations_in_chunk = 10; - - // Iteration counter - var m_iterations_done = 0; - - // Key length, as number of bytes - var m_key_length = num_bytes; - - // The hash cache - var m_hash = null; - - // The length (number of bytes) of the output of the pseudo-random function. - // Since HMAC-SHA1 is the standard, and what is used here, it's 20 bytes. - var m_hash_length = 20; - - // Number of hash-sized blocks in the derived key (called 'l' in RFC2898) - var m_total_blocks = Math.ceil(m_key_length/m_hash_length); - - // Start computation with the first block - var m_current_block = 1; - - // Used in the HMAC-SHA1 computations - var m_ipad = new Array(16); - var m_opad = new Array(16); - - // This is where the result of the iterations gets sotred - var m_buffer = new Array(0x0,0x0,0x0,0x0,0x0); - - // The result - var m_key = ""; - - // This object - var m_this_object = this; - - // The function to call with the result - var m_result_func; - - // The function to call with status after computing every chunk - var m_status_func; - - // Set up the HMAC-SHA1 computations - if (m_bpassword.length > 16) m_bpassword = sha1.binb_sha1(m_bpassword, password.length * chrsz); - for(var i = 0; i < 16; ++i) - { - m_ipad[i] = m_bpassword[i] ^ 0x36363636; - m_opad[i] = m_bpassword[i] ^ 0x5C5C5C5C; - } - - - // Starts the computation - this.deriveKey = function(status_callback, result_callback) - { - m_status_func = status_callback; - m_result_func = result_callback; - setTimeout(function() { m_this_object.do_PBKDF2_iterations() }, 0); - } - - - // The workhorse - this.do_PBKDF2_iterations = function() - { - var iterations = m_iterations_in_chunk; - if (m_total_iterations - m_iterations_done < m_iterations_in_chunk) - iterations = m_total_iterations - m_iterations_done; - - for(var i=0; i> 24 & 0xF) + - String.fromCharCode(m_current_block >> 16 & 0xF) + - String.fromCharCode(m_current_block >> 8 & 0xF) + - String.fromCharCode(m_current_block & 0xF); - - m_hash = sha1.binb_sha1(m_ipad.concat(sha1.rstr2binb(salt_block)), - 512 + salt_block.length * 8); - m_hash = sha1.binb_sha1(m_opad.concat(m_hash), 512 + 160); - } - else - { - m_hash = sha1.binb_sha1(m_ipad.concat(m_hash), - 512 + m_hash.length * 32); - m_hash = sha1.binb_sha1(m_opad.concat(m_hash), 512 + 160); - } - - for(var j=0; j 16) bkey = binb_sha1(bkey, key.length * 8); - - var ipad = Array(16), opad = Array(16); - for(var i = 0; i < 16; i++) - { - ipad[i] = bkey[i] ^ 0x36363636; - opad[i] = bkey[i] ^ 0x5C5C5C5C; - } - - var hash = binb_sha1(ipad.concat(rstr2binb(data)), 512 + data.length * 8); - return binb2rstr(binb_sha1(opad.concat(hash), 512 + 160)); - } - - /* - * Convert a raw string to a hex string - */ - function rstr2hex(input) - { - try { hexcase } catch(e) { hexcase=0; } - var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; - var output = ""; - var x; - for(var i = 0; i < input.length; i++) - { - x = input.charCodeAt(i); - output += hex_tab.charAt((x >>> 4) & 0x0F) - + hex_tab.charAt( x & 0x0F); - } - return output; - } - - /* - * Convert a raw string to a base-64 string - */ - function rstr2b64(input) - { - try { b64pad } catch(e) { b64pad=''; } - var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - var output = ""; - var len = input.length; - for(var i = 0; i < len; i += 3) - { - var triplet = (input.charCodeAt(i) << 16) - | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) - | (i + 2 < len ? input.charCodeAt(i+2) : 0); - for(var j = 0; j < 4; j++) - { - if(i * 8 + j * 6 > input.length * 8) output += b64pad; - else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); - } - } - return output; - } - - /* - * Convert a raw string to an arbitrary string encoding - */ - function rstr2any(input, encoding) - { - var divisor = encoding.length; - var remainders = Array(); - var i, q, x, quotient; - - /* Convert to an array of 16-bit big-endian values, forming the dividend */ - var dividend = Array(Math.ceil(input.length / 2)); - for(i = 0; i < dividend.length; i++) - { - dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); - } - - /* - * Repeatedly perform a long division. The binary array forms the dividend, - * the length of the encoding is the divisor. Once computed, the quotient - * forms the dividend for the next step. We stop when the dividend is zero. - * All remainders are stored for later use. - */ - while(dividend.length > 0) - { - quotient = Array(); - x = 0; - for(i = 0; i < dividend.length; i++) - { - x = (x << 16) + dividend[i]; - q = Math.floor(x / divisor); - x -= q * divisor; - if(quotient.length > 0 || q > 0) - quotient[quotient.length] = q; - } - remainders[remainders.length] = x; - dividend = quotient; - } - - /* Convert the remainders to the output string */ - var output = ""; - for(i = remainders.length - 1; i >= 0; i--) - output += encoding.charAt(remainders[i]); - - /* Append leading zero equivalents */ - var full_length = Math.ceil(input.length * 8 / - (Math.log(encoding.length) / Math.log(2))) - for(i = output.length; i < full_length; i++) - output = encoding[0] + output; - - return output; - } - - /* - * Encode a string as utf-8. - * For efficiency, this assumes the input is valid utf-16. - */ - function str2rstr_utf8(input) - { - var output = ""; - var i = -1; - var x, y; - - while(++i < input.length) - { - /* Decode utf-16 surrogate pairs */ - x = input.charCodeAt(i); - y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; - if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) - { - x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); - i++; - } - - /* Encode output as utf-8 */ - if(x <= 0x7F) - output += String.fromCharCode(x); - else if(x <= 0x7FF) - output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), - 0x80 | ( x & 0x3F)); - else if(x <= 0xFFFF) - output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), - 0x80 | ((x >>> 6 ) & 0x3F), - 0x80 | ( x & 0x3F)); - else if(x <= 0x1FFFFF) - output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), - 0x80 | ((x >>> 12) & 0x3F), - 0x80 | ((x >>> 6 ) & 0x3F), - 0x80 | ( x & 0x3F)); - } - return output; - } - - /* - * Encode a string as utf-16 - */ - function str2rstr_utf16le(input) - { - var output = ""; - for(var i = 0; i < input.length; i++) - output += String.fromCharCode( input.charCodeAt(i) & 0xFF, - (input.charCodeAt(i) >>> 8) & 0xFF); - return output; - } - - function str2rstr_utf16be(input) - { - var output = ""; - for(var i = 0; i < input.length; i++) - output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, - input.charCodeAt(i) & 0xFF); - return output; - } - - /* - * Convert a raw string to an array of big-endian words - * Characters >255 have their high-byte silently ignored. - */ - function rstr2binb(input) - { - var output = Array(input.length >> 2); - for(var i = 0; i < output.length; i++) - output[i] = 0; - for(var i = 0; i < input.length * 8; i += 8) - output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32); - return output; - } - - /* - * Convert an array of big-endian words to a string - */ - function binb2rstr(input) - { - var output = ""; - for(var i = 0; i < input.length * 32; i += 8) - output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF); - return output; - } - - /* - * Calculate the SHA-1 of an array of big-endian words, and a bit length - */ - function binb_sha1(x, len) - { - /* append padding */ - x[len >> 5] |= 0x80 << (24 - len % 32); - x[((len + 64 >> 9) << 4) + 15] = len; - - var w = Array(80); - var a = 1732584193; - var b = -271733879; - var c = -1732584194; - var d = 271733878; - var e = -1009589776; - - for(var i = 0; i < x.length; i += 16) - { - var olda = a; - var oldb = b; - var oldc = c; - var oldd = d; - var olde = e; - - for(var j = 0; j < 80; j++) - { - if(j < 16) w[j] = x[i + j]; - else w[j] = bit_rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); - var t = safe_add(safe_add(bit_rol(a, 5), sha1_ft(j, b, c, d)), - safe_add(safe_add(e, w[j]), sha1_kt(j))); - e = d; - d = c; - c = bit_rol(b, 30); - b = a; - a = t; - } - - a = safe_add(a, olda); - b = safe_add(b, oldb); - c = safe_add(c, oldc); - d = safe_add(d, oldd); - e = safe_add(e, olde); - } - return Array(a, b, c, d, e); - - } - - /* - * Perform the appropriate triplet combination function for the current - * iteration - */ - function sha1_ft(t, b, c, d) - { - if(t < 20) return (b & c) | ((~b) & d); - if(t < 40) return b ^ c ^ d; - if(t < 60) return (b & c) | (b & d) | (c & d); - return b ^ c ^ d; - } - - /* - * Determine the appropriate additive constant for the current iteration - */ - function sha1_kt(t) - { - return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 : - (t < 60) ? -1894007588 : -899497514; - } - - /* - * Add integers, wrapping at 2^32. This uses 16-bit operations internally - * to work around bugs in some JS interpreters. - */ - function safe_add(x, y) - { - var lsw = (x & 0xFFFF) + (y & 0xFFFF); - var msw = (x >> 16) + (y >> 16) + (lsw >> 16); - return (msw << 16) | (lsw & 0xFFFF); - } - - /* - * Bitwise rotate a 32-bit number to the left. - */ - function bit_rol(num, cnt) - { - return (num << cnt) | (num >>> (32 - cnt)); - } - - return { - rstr2hex: rstr2hex, binb2rstr: binb2rstr, - binb_sha1: binb_sha1, rstr2binb: rstr2binb - } -})