Simplify page secret handling.

t-doc-org · Dec 6, 2024 · 9e0c1a9 · 9e0c1a9
1 parent 15e9b9b
commit 9e0c1a9
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/tdoc/common/static/tdoc/core.js b/tdoc/common/static/tdoc/core.js
@@ -65,6 +65,30 @@ export async function fromBase64(data) {
     }
 }
 
+// Perform a fetch on a JSON API.
+export async function fetchJson(url, opts) {
+    const resp = await fetch(url, {
+        method: 'POST',
+        cache: 'no-cache',
+        referrer: '',
+        ...opts,
+        headers: {
+            'Content-Type': 'application/json',
+            ...opts.headers || {},
+        },
+        ...opts.body ? {body: JSON.stringify(opts.body)} : {},
+    });
+    if (resp.status !== 200) {
+        throw Error(`Request failed: ${resp.status} ${resp.statusText}`);
+    }
+    return await resp.json();
+}
+
+// Return an Authorization header with the given bearer token.
+export function bearerAuthorization(token) {
+    return token ? {'Authorization': `Bearer ${token}`} : {};
+}
+
 // Return a promise that resolves after the given number of milliseconds.
 export function sleep(ms) {
     return new Promise(resolve => setTimeout(resolve, ms));

diff --git a/tdoc/common/static/tdoc/crypto.js b/tdoc/common/static/tdoc/crypto.js
@@ -36,8 +36,7 @@ export async function decrypt(key, iv, data) {
 export async function pageKey(name, salt) {
     const params = new URLSearchParams(document.location.search);
     const value = params.get(name);
-    if (value === null) throw new Error(`Missing page key: ${name}`);
-    return await deriveKey(value, salt);
+    return value !== null ? await deriveKey(value, salt) : null;
 }
 
 // Encrypt a string secret.
@@ -48,6 +47,7 @@ export async function encryptSecret(key, secret) {
 
 // Decrypt a string secret.
 export async function decryptSecret(key, msg) {
+    if (!key) return null;
     return dec.decode(await decrypt(key, await fromBase64(msg.iv),
                                     await fromBase64(msg.data)));
 }
diff --git a/tdoc/common/store.py b/tdoc/common/store.py
@@ -7,10 +7,13 @@
 import pathlib
 import sqlite3
 import threading
+import time
 from wsgiref import util
 
 from . import wsgi
 
+# TODO: Handle OPTIONS method, maybe as a separate WSGI middleware
+
 
 class ThreadLocal(threading.local):
     def __init__(self, **kwargs):
@@ -113,8 +116,8 @@ def handle_log(self, env, respond):
                 return wsgi.error(respond, HTTPStatus.BAD_REQUEST)
             db.execute("""
                 insert into log (time, location, session, data)
-                    values (cast(unixepoch('subsec') * 1000 as integer), ?, ?,
-                            json(?));
-            """, (req['location'], req.get('session'),
+                    values (?, ?, ?, json(?));
+            """, (int(req.get('time', time.time_ns() // 1000000)),
+                  req['location'], req.get('session'),
                   json.dumps(req['data'], separators=(',', ':'))))
         return wsgi.respond_json(respond, {})