From 6fdeca93b6c908f9396ca80ea1f1e6d89048f028 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Thu, 9 Apr 2020 16:21:52 +0100 Subject: [PATCH] Make the riot-desktop callback args more generic and encrypt the args Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- electron_app/src/electron-main.js | 8 +++--- electron_app/src/protocol.js | 35 ++++++++++++++++++++++--- src/vector/platform/ElectronPlatform.js | 8 +++--- 3 files changed, 39 insertions(+), 12 deletions(-) diff --git a/electron_app/src/electron-main.js b/electron_app/src/electron-main.js index b112fe1bdb..d1a6dd85ea 100644 --- a/electron_app/src/electron-main.js +++ b/electron_app/src/electron-main.js @@ -35,7 +35,7 @@ const tray = require('./tray'); const vectorMenu = require('./vectormenu'); const webContentsHandler = require('./webcontents-handler'); const updater = require('./updater'); -const {getProfileFromDeeplink, protocolInit} = require('./protocol'); +const {getProfileFromDeeplink, protocolInit, getArgs} = require('./protocol'); const windowStateKeeper = require('electron-window-state'); const Store = require('electron-store'); @@ -237,10 +237,8 @@ ipcMain.on('ipcCall', async function(ev, payload) { case 'getConfig': ret = vectorConfig; break; - case 'getUserDataPath': - if (argv['profile-dir'] || argv['profile']) { - ret = app.getPath('userData'); - } + case 'getRiotDesktopSsoArgs': + ret = getArgs(argv); break; default: diff --git a/electron_app/src/protocol.js b/electron_app/src/protocol.js index 9a3d3286ba..5049745ae9 100644 --- a/electron_app/src/protocol.js +++ b/electron_app/src/protocol.js @@ -14,10 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */ -const {app} = require('electron'); +const {app} = require("electron"); +const crypto = require("crypto"); const PROTOCOL = "riot://"; -const SEARCH_PARAM = "riot-desktop-user-data-path"; +const SEARCH_PARAM = "riot-desktop-args"; const processUrl = (url) => { if (!global.mainWindow) return; @@ -25,7 +26,35 @@ const processUrl = (url) => { global.mainWindow.loadURL(url.replace(PROTOCOL, "vector://")); }; +const algorithm = "aes-192-cbc"; + +const getKeyIv = () => ({ + key: crypto.scryptSync(app.getPath("exe"), "salt", 24), + iv: Buffer.alloc(16, 0), +}); + +const encrypt = (plaintext) => { + const {key, iv} = getKeyIv(); + const cipher = crypto.createCipheriv(algorithm, key, iv); + let ciphertext = cipher.update(plaintext, "utf8", "hex"); + ciphertext += cipher.final("hex"); + return ciphertext; +}; + +const decrypt = (ciphertext) => { + const {key, iv} = getKeyIv(); + const decipher = crypto.createDecipheriv(algorithm, key, iv); + let plaintext = decipher.update(ciphertext, "hex", "utf8"); + plaintext += decipher.final("utf8"); + return plaintext; +}; + module.exports = { + getArgs: (argv) => { + if (argv['profile-dir'] || argv['profile']) { + return encrypt(app.getPath('userData')); + } + }, getProfileFromDeeplink: (args) => { // check if we are passed a profile in the SSO callback url const deeplinkUrl = args.find(arg => arg.startsWith('riot://')); @@ -34,7 +63,7 @@ module.exports = { if (parsedUrl.protocol === 'riot:') { const profile = parsedUrl.searchParams.get(SEARCH_PARAM); console.log("Forwarding to profile: ", profile); - return profile; + return decrypt(profile); } } }, diff --git a/src/vector/platform/ElectronPlatform.js b/src/vector/platform/ElectronPlatform.js index 09312480c4..6cb2aada69 100644 --- a/src/vector/platform/ElectronPlatform.js +++ b/src/vector/platform/ElectronPlatform.js @@ -230,8 +230,8 @@ export default class ElectronPlatform extends VectorBasePlatform { } // we assume this happens before any SSO actions occur but do not block. - this._ipcCall('getUserDataPath').then(userDataPath => { - this.userDataPath = userDataPath; + this._ipcCall('getRiotDesktopSsoArgs').then(riotDesktopSsoArgs => { + this.riotDesktopSsoArgs = riotDesktopSsoArgs; }); } @@ -429,8 +429,8 @@ export default class ElectronPlatform extends VectorBasePlatform { getSSOCallbackUrl(hsUrl: string, isUrl: string): URL { const url = super.getSSOCallbackUrl(hsUrl, isUrl); url.protocol = "riot"; - if (this.userDataPath) { - url.searchParams.set("riot-desktop-user-data-path", this.userDataPath); + if (this.riotDesktopSsoArgs) { + url.searchParams.set("riot-desktop-args", this.riotDesktopSsoArgs); } return url; }