deblan-mirror/24eme-signaturepdf
1
0
Fork 0
mirror of https://github.com/24eme/signaturepdf synced 2024-05-21 15:16:37 +02:00
Code Activity

Pass the symmetric key through anchor in url

Browse source
This commit is contained in:
tale-fau 2023-11-06 18:22:28 +01:00
parent 80a0104a7c
commit 87000db098
3 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app.php
View file

@ -82,6 +82,7 @@ $f3->route('GET /signature',
$f3->set('noSharingMode', true);
}
$f3->set('activeTab', 'sign');
echo View::instance()->render('signature.html.php');
}
);
@ -241,11 +242,12 @@ $f3->route('POST /share',
}
if (!isset($_COOKIE[$hash])) {
$symmetric_key = createSymmetricKey();
setcookie($hash, $symmetric_key, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]);
$keyCookieDate = strtotime('+1 year');
setcookie($hash, $symmetric_key, ['expires' => $keyCookieDate, 'samesite' => 'Strict', 'path' => "/"]);
}
$encryptor = new CryptographyClass($symmetric_key);
$encryptor->encrypt($hash);
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#informations");
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetric_key);
}
);
@ -256,7 +258,11 @@ $f3->route('GET /signature/@hash/pdf',
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
$cryptor = new CryptographyClass($_COOKIE[$hash]);
if (substr($_COOKIE[$hash], 0, 4) !== '#sk:') {
echo "Error: Invalid prefix.";
exit;
}
$cryptor = new CryptographyClass(substr($_COOKIE[$hash], 4, 15));
$cryptor->decrypt($hash);
$files = scandir($sharingFolder);

20
public/js/signature.js
View file

@ -411,6 +411,7 @@ var displaysSVG = function() {
});
};
function dataURLtoBlob(dataurl) {
let arr = dataurl.split(','), mime = arr[0].match(/:(.*?);/)[1],
bstr = atob(arr[1]), n = bstr.length, u8arr = new Uint8Array(n);
@ -944,7 +945,7 @@ var createEventsListener = function() {
return true;
});
if(hash) {
if(pdfHash) {
updateNbLayers();
setInterval(function() {
updateNbLayers();
@ -1063,12 +1064,12 @@ var pageUpload = async function() {
var updateNbLayers = function() {
const xhr = new XMLHttpRequest();
xhr.open('GET', '/signature/'+hash+'/nblayers', true);
xhr.open('GET', '/signature/'+pdfHash+'/nblayers', true);
xhr.onload = function() {
if (xhr.status == 200) {
let newNblayers = xhr.response;
if(nblayers !== null && nblayers != newNblayers) {
reloadPDF('/signature/'+hash+'/pdf');
reloadPDF('/signature/'+pdfHash+'/pdf');
}
nblayers = newNblayers;
document.querySelectorAll('.nblayers').forEach(function(item) {
@ -1109,7 +1110,8 @@ var pageSignature = async function(url) {
let pdfBlob = null;
let filename = url.replace('/pdf/', '');
if(hash) {
if(pdfHash) {
storeSymmetricKeyCookie();
let response = await fetch(url);
if(response.status != 200) {
return;
@ -1141,8 +1143,8 @@ var pageSignature = async function(url) {
if(sharingMode) {
setTimeout(function() { runCron() }, 2000);
}
if(hash) {
pageSignature('/signature/'+hash+'/pdf');
if(pdfHash) {
pageSignature('/signature/'+pdfHash+'/pdf');
window.addEventListener('hashchange', function() {
window.location.reload();
})
@ -1161,4 +1163,8 @@ var pageSignature = async function(url) {
window.addEventListener('hashchange', function() {
window.location.reload();
})
})();
})();
function storeSymmetricKeyCookie() {
document.cookie = pdfHash + "=" + window.location.hash + "; SameSite=Strict";
}

4
templates/signature.html.php
View file

@ -262,10 +262,10 @@
var maxSize = <?php echo $maxSize ?>;
var maxPage = <?php echo $maxPage ?>;
var sharingMode = <?php echo intval(!isset($noSharingMode)) ?>;
var hash = null;
var pdfHash = null;
var direction = '<?php echo $DIRECTION_LANGUAGE ?>';
<?php if(isset($hash)): ?>
hash = "<?php echo $hash ?>";
pdfHash = "<?php echo $hash ?>";
<?php endif; ?>
var trad = <?php echo json_encode([