Make the riot-desktop callback args more generic and encrypt the args

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
This commit is contained in:
Michael Telatynski 2020-04-09 16:21:52 +01:00
parent 67cf1e7536
commit 6fdeca93b6
3 changed files with 39 additions and 12 deletions

View File

@ -35,7 +35,7 @@ const tray = require('./tray');
const vectorMenu = require('./vectormenu'); const vectorMenu = require('./vectormenu');
const webContentsHandler = require('./webcontents-handler'); const webContentsHandler = require('./webcontents-handler');
const updater = require('./updater'); const updater = require('./updater');
const {getProfileFromDeeplink, protocolInit} = require('./protocol'); const {getProfileFromDeeplink, protocolInit, getArgs} = require('./protocol');
const windowStateKeeper = require('electron-window-state'); const windowStateKeeper = require('electron-window-state');
const Store = require('electron-store'); const Store = require('electron-store');
@ -237,10 +237,8 @@ ipcMain.on('ipcCall', async function(ev, payload) {
case 'getConfig': case 'getConfig':
ret = vectorConfig; ret = vectorConfig;
break; break;
case 'getUserDataPath': case 'getRiotDesktopSsoArgs':
if (argv['profile-dir'] || argv['profile']) { ret = getArgs(argv);
ret = app.getPath('userData');
}
break; break;
default: default:

View File

@ -14,10 +14,11 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
const {app} = require('electron'); const {app} = require("electron");
const crypto = require("crypto");
const PROTOCOL = "riot://"; const PROTOCOL = "riot://";
const SEARCH_PARAM = "riot-desktop-user-data-path"; const SEARCH_PARAM = "riot-desktop-args";
const processUrl = (url) => { const processUrl = (url) => {
if (!global.mainWindow) return; if (!global.mainWindow) return;
@ -25,7 +26,35 @@ const processUrl = (url) => {
global.mainWindow.loadURL(url.replace(PROTOCOL, "vector://")); global.mainWindow.loadURL(url.replace(PROTOCOL, "vector://"));
}; };
const algorithm = "aes-192-cbc";
const getKeyIv = () => ({
key: crypto.scryptSync(app.getPath("exe"), "salt", 24),
iv: Buffer.alloc(16, 0),
});
const encrypt = (plaintext) => {
const {key, iv} = getKeyIv();
const cipher = crypto.createCipheriv(algorithm, key, iv);
let ciphertext = cipher.update(plaintext, "utf8", "hex");
ciphertext += cipher.final("hex");
return ciphertext;
};
const decrypt = (ciphertext) => {
const {key, iv} = getKeyIv();
const decipher = crypto.createDecipheriv(algorithm, key, iv);
let plaintext = decipher.update(ciphertext, "hex", "utf8");
plaintext += decipher.final("utf8");
return plaintext;
};
module.exports = { module.exports = {
getArgs: (argv) => {
if (argv['profile-dir'] || argv['profile']) {
return encrypt(app.getPath('userData'));
}
},
getProfileFromDeeplink: (args) => { getProfileFromDeeplink: (args) => {
// check if we are passed a profile in the SSO callback url // check if we are passed a profile in the SSO callback url
const deeplinkUrl = args.find(arg => arg.startsWith('riot://')); const deeplinkUrl = args.find(arg => arg.startsWith('riot://'));
@ -34,7 +63,7 @@ module.exports = {
if (parsedUrl.protocol === 'riot:') { if (parsedUrl.protocol === 'riot:') {
const profile = parsedUrl.searchParams.get(SEARCH_PARAM); const profile = parsedUrl.searchParams.get(SEARCH_PARAM);
console.log("Forwarding to profile: ", profile); console.log("Forwarding to profile: ", profile);
return profile; return decrypt(profile);
} }
} }
}, },

View File

@ -230,8 +230,8 @@ export default class ElectronPlatform extends VectorBasePlatform {
} }
// we assume this happens before any SSO actions occur but do not block. // we assume this happens before any SSO actions occur but do not block.
this._ipcCall('getUserDataPath').then(userDataPath => { this._ipcCall('getRiotDesktopSsoArgs').then(riotDesktopSsoArgs => {
this.userDataPath = userDataPath; this.riotDesktopSsoArgs = riotDesktopSsoArgs;
}); });
} }
@ -429,8 +429,8 @@ export default class ElectronPlatform extends VectorBasePlatform {
getSSOCallbackUrl(hsUrl: string, isUrl: string): URL { getSSOCallbackUrl(hsUrl: string, isUrl: string): URL {
const url = super.getSSOCallbackUrl(hsUrl, isUrl); const url = super.getSSOCallbackUrl(hsUrl, isUrl);
url.protocol = "riot"; url.protocol = "riot";
if (this.userDataPath) { if (this.riotDesktopSsoArgs) {
url.searchParams.set("riot-desktop-user-data-path", this.userDataPath); url.searchParams.set("riot-desktop-args", this.riotDesktopSsoArgs);
} }
return url; return url;
} }