deblan-mirror/24eme-signaturepdf
1
0
Fork 0
mirror of https://github.com/24eme/signaturepdf synced 2024-06-03 14:32:13 +02:00
Code Activity

Pass the symmetric key through anchor in url

Browse source
This commit is contained in:
tale-fau 2023-11-06 18:22:28 +01:00
parent 80a0104a7c
commit 87000db098
3 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app.php
View file

@ -82,6 +82,7 @@ $f3->route('GET /signature',
$f3->set('noSharingMode', true); $f3->set('noSharingMode', true);
} }
$f3->set('activeTab', 'sign'); $f3->set('activeTab', 'sign');
echo View::instance()->render('signature.html.php'); echo View::instance()->render('signature.html.php');
} }
); );
@ -241,11 +242,12 @@ $f3->route('POST /share',
} }
if (!isset($_COOKIE[$hash])) { if (!isset($_COOKIE[$hash])) {
$symmetric_key = createSymmetricKey(); $symmetric_key = createSymmetricKey();
setcookie($hash, $symmetric_key, ['expires' => 0, 'samesite' => 'Strict', 'path' => "/"]); $keyCookieDate = strtotime('+1 year');
setcookie($hash, $symmetric_key, ['expires' => $keyCookieDate, 'samesite' => 'Strict', 'path' => "/"]);
} }
$encryptor = new CryptographyClass($symmetric_key); $encryptor = new CryptographyClass($symmetric_key);
$encryptor->encrypt($hash); $encryptor->encrypt($hash);
$f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#informations"); $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash."#sk:".$symmetric_key);
} }
); );
@ -256,7 +258,11 @@ $f3->route('GET /signature/@hash/pdf',
$hash = Web::instance()->slug($f3->get('PARAMS.hash')); $hash = Web::instance()->slug($f3->get('PARAMS.hash'));
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash; $sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
$cryptor = new CryptographyClass($_COOKIE[$hash]); if (substr($_COOKIE[$hash], 0, 4) !== '#sk:') {
echo "Error: Invalid prefix.";
exit;
}
$cryptor = new CryptographyClass(substr($_COOKIE[$hash], 4, 15));
$cryptor->decrypt($hash); $cryptor->decrypt($hash);
$files = scandir($sharingFolder); $files = scandir($sharingFolder);

20
public/js/signature.js
View file

@ -411,6 +411,7 @@ var displaysSVG = function() {
}); });
}; };
function dataURLtoBlob(dataurl) { function dataURLtoBlob(dataurl) {
let arr = dataurl.split(','), mime = arr[0].match(/:(.*?);/)[1], let arr = dataurl.split(','), mime = arr[0].match(/:(.*?);/)[1],
bstr = atob(arr[1]), n = bstr.length, u8arr = new Uint8Array(n); bstr = atob(arr[1]), n = bstr.length, u8arr = new Uint8Array(n);
@ -944,7 +945,7 @@ var createEventsListener = function() {
return true; return true;
}); });
if(hash) { if(pdfHash) {
updateNbLayers(); updateNbLayers();
setInterval(function() { setInterval(function() {
updateNbLayers(); updateNbLayers();
@ -1063,12 +1064,12 @@ var pageUpload = async function() {
var updateNbLayers = function() { var updateNbLayers = function() {
const xhr = new XMLHttpRequest(); const xhr = new XMLHttpRequest();
xhr.open('GET', '/signature/'+hash+'/nblayers', true); xhr.open('GET', '/signature/'+pdfHash+'/nblayers', true);
xhr.onload = function() { xhr.onload = function() {
if (xhr.status == 200) { if (xhr.status == 200) {
let newNblayers = xhr.response; let newNblayers = xhr.response;
if(nblayers !== null && nblayers != newNblayers) { if(nblayers !== null && nblayers != newNblayers) {
reloadPDF('/signature/'+hash+'/pdf'); reloadPDF('/signature/'+pdfHash+'/pdf');
} }
nblayers = newNblayers; nblayers = newNblayers;
document.querySelectorAll('.nblayers').forEach(function(item) { document.querySelectorAll('.nblayers').forEach(function(item) {
@ -1109,7 +1110,8 @@ var pageSignature = async function(url) {
let pdfBlob = null; let pdfBlob = null;
let filename = url.replace('/pdf/', ''); let filename = url.replace('/pdf/', '');
if(hash) { if(pdfHash) {
storeSymmetricKeyCookie();
let response = await fetch(url); let response = await fetch(url);
if(response.status != 200) { if(response.status != 200) {
return; return;
@ -1141,8 +1143,8 @@ var pageSignature = async function(url) {
if(sharingMode) { if(sharingMode) {
setTimeout(function() { runCron() }, 2000); setTimeout(function() { runCron() }, 2000);
} }
if(hash) { if(pdfHash) {
pageSignature('/signature/'+hash+'/pdf'); pageSignature('/signature/'+pdfHash+'/pdf');
window.addEventListener('hashchange', function() { window.addEventListener('hashchange', function() {
window.location.reload(); window.location.reload();
}) })
@ -1161,4 +1163,8 @@ var pageSignature = async function(url) {
window.addEventListener('hashchange', function() { window.addEventListener('hashchange', function() {
window.location.reload(); window.location.reload();
}) })
})(); })();
function storeSymmetricKeyCookie() {
document.cookie = pdfHash + "=" + window.location.hash + "; SameSite=Strict";
}

4
templates/signature.html.php
View file

@ -262,10 +262,10 @@
var maxSize = <?php echo $maxSize ?>; var maxSize = <?php echo $maxSize ?>;
var maxPage = <?php echo $maxPage ?>; var maxPage = <?php echo $maxPage ?>;
var sharingMode = <?php echo intval(!isset($noSharingMode)) ?>; var sharingMode = <?php echo intval(!isset($noSharingMode)) ?>;
var hash = null; var pdfHash = null;
var direction = '<?php echo $DIRECTION_LANGUAGE ?>'; var direction = '<?php echo $DIRECTION_LANGUAGE ?>';
<?php if(isset($hash)): ?> <?php if(isset($hash)): ?>
hash = "<?php echo $hash ?>"; pdfHash = "<?php echo $hash ?>";
<?php endif; ?> <?php endif; ?>
var trad = <?php echo json_encode([ var trad = <?php echo json_encode([