From 9b574e7a54b4f6dcc7c7ccae54839610dc7215bf Mon Sep 17 00:00:00 2001 From: Guilherme Gazzo Date: Thu, 24 Jun 2021 10:27:17 -0300 Subject: [PATCH 1/4] Remove Sodium from the main client --- app/lib/server/startup/settings.js | 6 ++++++ app/ui-master/server/scripts.ts | 4 ++-- client/types/global.d.ts | 2 ++ client/types/window.d.ts | 8 -------- ee/client/ecdh.ts | 15 ++++++++++----- packages/rocketchat-ddp/client/index.js | 12 ++++-------- 6 files changed, 24 insertions(+), 23 deletions(-) delete mode 100644 client/types/window.d.ts diff --git a/app/lib/server/startup/settings.js b/app/lib/server/startup/settings.js index 4e1153dd30768..1cd7eeb532196 100644 --- a/app/lib/server/startup/settings.js +++ b/app/lib/server/startup/settings.js @@ -1067,6 +1067,12 @@ settings.addGroup('General', function() { type: 'boolean', }); }); + + this.section('Security', function() { + this.add('ECDH_Enabled', false, { + type: 'boolean', + }); + }); }); settings.addGroup('Message', function() { diff --git a/app/ui-master/server/scripts.ts b/app/ui-master/server/scripts.ts index dab20a2b5bb74..88ee3f5000824 100644 --- a/app/ui-master/server/scripts.ts +++ b/app/ui-master/server/scripts.ts @@ -7,7 +7,7 @@ const getContent = (): string => ` ${ process.env.DISABLE_ANIMATION ? 'window.DISABLE_ANIMATION = true;\n' : '' } ${ settings.get('API_Use_REST_For_DDP_Calls') ? 'window.USE_REST_FOR_DDP_CALLS = true;\n' : '' } - +${ settings.get('ECDH_Enabled') ? 'window.ECDH_Enabled = true;\n' : '' } // Custom_Script_Logged_Out window.addEventListener('Custom_Script_Logged_Out', function() { ${ settings.get('Custom_Script_Logged_Out') } @@ -37,7 +37,7 @@ window.addEventListener('load', function() { }); ` : '' }`; -settings.get(/(API_Use_REST_For_DDP_Calls|Custom_Script_Logged_Out|Custom_Script_Logged_In|Custom_Script_On_Logout|Accounts_ForgetUserSessionOnWindowClose)/, debounce(() => { +settings.get(/(API_Use_REST_For_DDP_Calls|Custom_Script_Logged_Out|Custom_Script_Logged_In|Custom_Script_On_Logout|Accounts_ForgetUserSessionOnWindowClose|ECDH_Enabled)/, debounce(() => { const content = getContent(); addScript('scripts', content); }, 1000)); diff --git a/client/types/global.d.ts b/client/types/global.d.ts index 5d288bbe2a98a..d8c3855b52f60 100644 --- a/client/types/global.d.ts +++ b/client/types/global.d.ts @@ -12,4 +12,6 @@ interface Window { lastMessageWindow?: Record; lastMessageWindowHistory?: Record; favico?: any; + USE_REST_FOR_DDP_CALLS?: boolean; + ECDH_Enabled?: boolean; } diff --git a/client/types/window.d.ts b/client/types/window.d.ts deleted file mode 100644 index fec2a52813a7e..0000000000000 --- a/client/types/window.d.ts +++ /dev/null @@ -1,8 +0,0 @@ -export {}; - -declare global { - // eslint-disable-next-line @typescript-eslint/interface-name-prefix - interface Window { - USE_REST_FOR_DDP_CALLS?: boolean; - } -} diff --git a/ee/client/ecdh.ts b/ee/client/ecdh.ts index 039a938aab9a8..95ad751515bb4 100644 --- a/ee/client/ecdh.ts +++ b/ee/client/ecdh.ts @@ -1,7 +1,7 @@ import { Meteor } from 'meteor/meteor'; import { APIClient } from '../../app/utils/client'; -import { ClientSession } from '../app/ecdh/client/ClientSession'; +import type { ClientSession } from '../app/ecdh/client/ClientSession'; let resolveSession: (value: ClientSession | void) => void; const sessionPromise = new Promise((resolve) => { @@ -9,7 +9,7 @@ const sessionPromise = new Promise((resolve) => { }); function init(session: ClientSession): void { - Meteor.connection._stream.allowConnection(true); + Meteor.connection._stream.allowConnection(); const _didMessage = Meteor.connection._stream.socket._didMessage.bind( Meteor.connection._stream.socket, @@ -27,6 +27,11 @@ function init(session: ClientSession): void { } async function initEncryptedSession(): Promise { + if (window.ECDH_Enabled) { + Meteor.connection._stream.allowConnection(); + return resolveSession(); + } + const { ClientSession } = await import('../app/ecdh/client/ClientSession'); const session = new ClientSession(); const clientPublicKey = await session.init(); @@ -41,14 +46,14 @@ async function initEncryptedSession(): Promise { if (response.status !== 200) { resolveSession(); - return Meteor.connection._stream.allowConnection(true); + return Meteor.connection._stream.allowConnection(); } const data = await response.json(); if (data.success === false) { resolveSession(); - return Meteor.connection._stream.allowConnection(true); + return Meteor.connection._stream.allowConnection(); } await session.setServerKey(data.publicKeyString); @@ -57,7 +62,7 @@ async function initEncryptedSession(): Promise { } catch (e) { console.log(e); resolveSession(); - Meteor.connection._stream.allowConnection(true); + Meteor.connection._stream.allowConnection(); } } diff --git a/packages/rocketchat-ddp/client/index.js b/packages/rocketchat-ddp/client/index.js index 9cd1907d52d84..95586c457dcb8 100644 --- a/packages/rocketchat-ddp/client/index.js +++ b/packages/rocketchat-ddp/client/index.js @@ -1,15 +1,11 @@ import { ClientStream } from 'meteor/socket-stream-client'; ClientStream.prototype.connectionAllowed = false; -ClientStream.prototype.allowConnection = function(allow = true) { - this.connectionAllowed = allow; - this._launchConnection(); +const { _launchConnection } = ClientStream.prototype; +ClientStream.prototype.allowConnection = function() { + _launchConnection.call(this); + ClientStream.prototype._launchConnection = _launchConnection; }; -ClientStream.prototype._launchConnectionAsync = ClientStream.prototype._launchConnection; ClientStream.prototype._launchConnection = function() { - if (!this.connectionAllowed) { - return; - } - this._launchConnectionAsync(); }; From 121d4e862212ad7074ccc4bf814c0234ae423a09 Mon Sep 17 00:00:00 2001 From: Guilherme Gazzo Date: Thu, 24 Jun 2021 11:57:05 -0300 Subject: [PATCH 2/4] fix connection types --- client/types/meteor.d.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/types/meteor.d.ts b/client/types/meteor.d.ts index fe1c8037162e3..bc1b77f9bcc43 100644 --- a/client/types/meteor.d.ts +++ b/client/types/meteor.d.ts @@ -28,7 +28,7 @@ declare module 'meteor/meteor' { send: (data: string) => void; }; _launchConnectionAsync: () => void; - allowConnection: (allow: boolean) => void; + allowConnection: () => void; }; onMessage(message: string): void; From d192b2e4075d340863248f0ad77ce2d1d96c3bcd Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Wed, 30 Jun 2021 18:25:51 -0300 Subject: [PATCH 3/4] Improve setting --- app/lib/server/startup/settings.js | 10 ++++------ packages/rocketchat-i18n/i18n/en.i18n.json | 2 ++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/lib/server/startup/settings.js b/app/lib/server/startup/settings.js index 1cd7eeb532196..18720214f4ed5 100644 --- a/app/lib/server/startup/settings.js +++ b/app/lib/server/startup/settings.js @@ -995,6 +995,10 @@ settings.addGroup('General', function() { ], public: true, }); + this.add('ECDH_Enabled', false, { + type: 'boolean', + alert: 'This_feature_is_currently_in_alpha', + }); this.section('UTF8', function() { this.add('UTF8_Names_Validation', '[0-9a-zA-Z-_.]+', { type: 'string', @@ -1067,12 +1071,6 @@ settings.addGroup('General', function() { type: 'boolean', }); }); - - this.section('Security', function() { - this.add('ECDH_Enabled', false, { - type: 'boolean', - }); - }); }); settings.addGroup('Message', function() { diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json index 0af8fcbd01b47..f2b6a074c8b37 100644 --- a/packages/rocketchat-i18n/i18n/en.i18n.json +++ b/packages/rocketchat-i18n/i18n/en.i18n.json @@ -1473,6 +1473,7 @@ "E2E_Reset_Email_Content": "You've been automatically logged out. When you login again, Rocket.Chat will generate a new key and restore your access to any encrypted room that has one or more members online. Due to the nature of the E2E encryption, Rocket.Chat will not be able to restore access to any encrypted room that has no member online.", "E2E_Reset_Key_Explanation": "This option will remove your current E2E key and log you out.
When you login again, Rocket.Chat will generate you a new key and restore your access to any encrypted room that has one or more members online.
Due to the nature of the E2E encryption, Rocket.Chat will not be able to restore access to any encrypted room that has no member online.", "E2E_Reset_Other_Key_Warning": "Reset the current E2E key will log out the user. When the user login again, Rocket.Chat will generate a new key and restore the user access to any encrypted room that has one or more members online. Due to the nature of the E2E encryption, Rocket.Chat will not be able to restore access to any encrypted room that has no member online.", + "ECDH_Enabled": "Enable second layer encryption for data transport", "Edit": "Edit", "Edit_Business_Hour": "Edit Business Hour", "Edit_Canned_Responses": "Edit Canned Responses", @@ -4038,6 +4039,7 @@ "This_cant_be_undone": "This can't be undone.", "This_conversation_is_already_closed": "This conversation is already closed.", "This_email_has_already_been_used_and_has_not_been_verified__Please_change_your_password": "This email has already been used and has not been verified. Please change your password.", + "This_feature_is_currently_in_alpha": "This feature is currently in alpha!", "This_is_a_desktop_notification": "This is a desktop notification", "This_is_a_push_test_messsage": "This is a push test message", "This_message_was_rejected_by__peer__peer": "This message was rejected by __peer__ peer.", From ca6923547daddcb20958240e24a21b973d18aefe Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Wed, 30 Jun 2021 18:33:05 -0300 Subject: [PATCH 4/4] Fix condition --- ee/client/ecdh.ts | 2 +- packages/rocketchat-ddp/client/index.js | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ee/client/ecdh.ts b/ee/client/ecdh.ts index 95ad751515bb4..6838aa91b884a 100644 --- a/ee/client/ecdh.ts +++ b/ee/client/ecdh.ts @@ -27,7 +27,7 @@ function init(session: ClientSession): void { } async function initEncryptedSession(): Promise { - if (window.ECDH_Enabled) { + if (!window.ECDH_Enabled) { Meteor.connection._stream.allowConnection(); return resolveSession(); } diff --git a/packages/rocketchat-ddp/client/index.js b/packages/rocketchat-ddp/client/index.js index 95586c457dcb8..309e4e1580309 100644 --- a/packages/rocketchat-ddp/client/index.js +++ b/packages/rocketchat-ddp/client/index.js @@ -1,6 +1,5 @@ import { ClientStream } from 'meteor/socket-stream-client'; -ClientStream.prototype.connectionAllowed = false; const { _launchConnection } = ClientStream.prototype; ClientStream.prototype.allowConnection = function() { _launchConnection.call(this);