fix #143: hash email client-side before scanning
This commit is contained in:
groovecoder
Родитель
89107e024e
Коммит
da5a2e41c9
4
hibp.js
4
hibp.js
|
|
@ -5,17 +5,15 @@ const got = require("got");
|
|||
const AppConstants = require("./app-constants");
|
||||
const DBUtils = require("./db/utils");
|
||||
const pkg = require("./package.json");
|
||||
const getSha1 = require("./sha1-utils");
|
||||
|
||||
|
||||
const HIBP_USER_AGENT = `${pkg.name}/${pkg.version}`;
|
||||
|
||||
|
||||
const HIBP = {
|
||||
async getBreachesForEmail(email) {
|
||||
async getBreachesForEmail(sha1) {
|
||||
let foundBreaches = [];
|
||||
|
||||
const sha1 = getSha1(email);
|
||||
const sha1Prefix = sha1.slice(0, 6);
|
||||
const url = `${AppConstants.HIBP_STAGE_API_ROOT}/breachedaccount/range/${sha1Prefix}?code=${encodeURIComponent(AppConstants.HIBP_STAGE_API_TOKEN)}`;
|
||||
const headers = {
|
||||
|
|
|
|||
|
|
@ -25,26 +25,6 @@ function doXHR(aURL, aBodyObj, aAlertText, aDebug=true) {
|
|||
});
|
||||
}
|
||||
|
||||
// eslint-disable-next-line no-unused-vars
|
||||
function addUser() {
|
||||
doXHR("/user/add",
|
||||
{ email: document.getElementById("addUserField").value })
|
||||
.then(function() {
|
||||
alert("A verification link has been emailed to the specified address.");
|
||||
});
|
||||
}
|
||||
|
||||
// eslint-disable-next-line no-unused-vars
|
||||
function removeUser() {
|
||||
doXHR("/user/remove",
|
||||
{ email: document.getElementById("removeUserField").value });
|
||||
}
|
||||
|
||||
// eslint-disable-next-line no-unused-vars
|
||||
// function doOauth() {
|
||||
// window.open("/oauth/init");
|
||||
// }
|
||||
|
||||
// function isValidEmail(val) {
|
||||
// // https://stackoverflow.com/a/46181
|
||||
// const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
|
||||
|
|
@ -60,8 +40,6 @@ function removeUser() {
|
|||
// }
|
||||
// }
|
||||
|
||||
|
||||
|
||||
function showFalseDoor(){
|
||||
const falseDoorBlurb = "<div class='section-container'><h4>Thank you for trying Firefox Monitor</h4><p>FireFox Monitor is a concept we are testing. We hope to provide the service to everyone soon.</p><p>Stay up-to-date with Firefox Monitor and other new features when you sign up for the <a href='https://www.mozilla.org/newsletter/firefox/'>Firefox newsletter.</a></p><button class='button' id='close-false-door'>Close</button></div>";
|
||||
const falseDoor = document.createElement("div");
|
||||
|
|
@ -75,9 +53,24 @@ function showFalseDoor(){
|
|||
|
||||
}
|
||||
|
||||
async function sha1(message) {
|
||||
const msgBuffer = new TextEncoder("utf-8").encode(message);
|
||||
const hashBuffer = await crypto.subtle.digest("SHA-1", msgBuffer);
|
||||
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
||||
const hashHex = hashArray.map(b => ("00" + b.toString(16)).slice(-2)).join("");
|
||||
return hashHex;
|
||||
}
|
||||
|
||||
async function hashEmailAndSend(emailFormSubmitEvent) {
|
||||
emailFormSubmitEvent.preventDefault();
|
||||
const emailForm = emailFormSubmitEvent.target;
|
||||
for (const emailInput of emailForm.querySelectorAll("input[type=email]")) {
|
||||
emailInput.value = await sha1(emailInput.value);
|
||||
}
|
||||
emailForm.submit();
|
||||
}
|
||||
|
||||
|
||||
document.querySelector(".email-scan").addEventListener("submit", hashEmailAndSend);
|
||||
$(document).foundation();
|
||||
|
||||
document.querySelector("#sign-up").addEventListener("click", showFalseDoor);
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec volutpat hendrerit !nibus.
|
||||
</p>
|
||||
<br>
|
||||
<form action="/scan" method="post">
|
||||
<form action="/scan" class="email-scan" method="post">
|
||||
<div class="input-group">
|
||||
<input class="input-group-field email-to-hash" type="email" name="email">
|
||||
<div class="input-group-button">
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
{{else}}
|
||||
<p class="demi">The first step to keeping your online accounts safe is knowing what you’re up against. Enter your email to find out if your accounts have been compromised.</p>
|
||||
{{/if}}
|
||||
<form action="/scan" method="post">
|
||||
<form action="/scan" class="email-scan" method="post">
|
||||
<div class="input-group">
|
||||
<input class="input-group-field email-to-hash" type="email" name="email" placeholder="Enter Email Address">
|
||||
<div class="input-group-button">
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
<span class="bold">Subscribe</span> for alerts from Firefox Monitor to learn sooner about your compromised accounts.
|
||||
</li>
|
||||
<li>
|
||||
<form action="/scan" method="post">
|
||||
<form action="/scan" class="email-scan" method="post">
|
||||
<label class="medium">Scan another email address</label>
|
||||
<div class="input-group">
|
||||
<input class="input-group-field email-to-hash" type="email" name="email" placeholder="Enter Email">
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче