Implemented FxA

Author: dannycoates

app/api.js

@@ -65,14 +65,6 @@ export async function fileInfo(id, owner_token) {
   throw new Error(response.status);
 }
 
-export async function hasPassword(id) {
-  const response = await fetch(`/api/exists/${id}`);
-  if (response.ok) {
-    return response.json();
-  }
-  throw new Error(response.status);
-}
-
 export async function metadata(id, keychain) {
   const result = await fetchWithAuthAndRetry(
     `/api/metadata/${id}`,
@@ -141,6 +133,7 @@ async function upload(
   metadata,
   verifierB64,
   timeLimit,
+  bearerToken,
   onprogress,
   canceller
 ) {
@@ -159,6 +152,7 @@ async function upload(
     const fileMeta = {
       fileMetadata: metadataHeader,
       authorization: `send-v1 ${verifierB64}`,
+      bearer: bearerToken,
       timeLimit
     };
 
@@ -200,8 +194,9 @@ export function uploadWs(
   encrypted,
   metadata,
   verifierB64,
-  onprogress,
-  timeLimit
+  timeLimit,
+  bearerToken,
+  onprogress
 ) {
   const canceller = { cancelled: false };
 
@@ -216,6 +211,7 @@ export function uploadWs(
       metadata,
       verifierB64,
       timeLimit,
+      bearerToken,
       onprogress,
       canceller
     )
@@ -332,3 +328,19 @@ export function downloadFile(id, keychain, onprogress) {
     result: tryDownload(id, keychain, onprogress, canceller, 2)
   };
 }
+
+export async function getFileList(bearerToken) {
+  const headers = new Headers({ Authorization: `Bearer ${bearerToken}` });
+  const response = await fetch('/api/filelist', { headers });
+  return response.body; // stream
+}
+
+export async function setFileList(bearerToken, data) {
+  const headers = new Headers({ Authorization: `Bearer ${bearerToken}` });
+  const response = await fetch('/api/filelist', {
+    headers,
+    method: 'POST',
+    body: data
+  });
+  return response.status === 200;
+}

app/archive.js

@@ -1,4 +1,4 @@
-/* global MAXFILESIZE */
+/* global LIMITS */
 import { blobStream, concatStream } from './streams';
 
 function isDupe(newFile, array) {
@@ -15,7 +15,7 @@ function isDupe(newFile, array) {
 }
 
 export default class Archive {
-  constructor(files) {
+  constructor(files = []) {
     this.files = Array.from(files);
   }
 
@@ -49,20 +49,19 @@ export default class Archive {
     return concatStream(this.files.map(file => blobStream(file)));
   }
 
-  addFiles(files) {
+  addFiles(files, maxSize) {
+    if (this.files.length + files.length > LIMITS.MAX_FILES_PER_ARCHIVE) {
+      throw new Error('tooManyFiles');
+    }
     const newFiles = files.filter(file => !isDupe(file, this.files));
     const newSize = newFiles.reduce((total, file) => total + file.size, 0);
-    if (this.size + newSize > MAXFILESIZE) {
-      return false;
+    if (this.size + newSize > maxSize) {
+      throw new Error('fileTooBig');
     }
     this.files = this.files.concat(newFiles);
     return true;
   }
 
-  checkSize() {
-    return this.size <= MAXFILESIZE;
-  }
-
   remove(index) {
     this.files.splice(index, 1);
   }

app/fileManager.js

@@ -1,12 +1,11 @@
-/* global MAXFILESIZE */
-/* global DEFAULT_EXPIRE_SECONDS */
+/* global DEFAULTS LIMITS */
 import FileSender from './fileSender';
 import FileReceiver from './fileReceiver';
 import { copyToClipboard, delay, openLinksInNewTab, percent } from './utils';
 import * as metrics from './metrics';
-import { hasPassword } from './api';
 import Archive from './archive';
 import { bytes } from './utils';
+import { prepareWrapKey } from './fxa';
 
 export default function(state, emitter) {
   let lastRender = 0;
@@ -17,19 +16,8 @@ export default function(state, emitter) {
   }
 
   async function checkFiles() {
-    const files = state.storage.files.slice();
-    let rerender = false;
-    for (const file of files) {
-      const oldLimit = file.dlimit;
-      const oldTotal = file.dtotal;
-      await file.updateDownloadCount();
-      if (file.dtotal === file.dlimit) {
-        state.storage.remove(file.id);
-        rerender = true;
-      } else if (oldLimit !== file.dlimit || oldTotal !== file.dtotal) {
-        rerender = true;
-      }
-    }
+    const changes = await state.user.syncFileList();
+    const rerender = changes.incoming || changes.downloadCount;
     if (rerender) {
       render();
     }
@@ -57,6 +45,16 @@ export default function(state, emitter) {
     lastRender = Date.now();
   });
 
+  emitter.on('login', async () => {
+    const k = await prepareWrapKey(state.storage);
+    location.assign(`/api/fxa/login?keys_jwk=${k}`);
+  });
+
+  emitter.on('logout', () => {
+    state.user.logout();
+    render();
+  });
+
   emitter.on('changeLimit', async ({ file, value }) => {
     await file.changeLimit(value);
     state.storage.writeFile(file);
@@ -90,29 +88,37 @@ export default function(state, emitter) {
   });
 
   emitter.on('addFiles', async ({ files }) => {
-    if (state.archive) {
-      if (!state.archive.addFiles(files)) {
-        // eslint-disable-next-line no-alert
-        alert(state.translate('fileTooBig', { size: bytes(MAXFILESIZE) }));
-        return;
-      }
-    } else {
-      const archive = new Archive(files);
-      if (!archive.checkSize()) {
-        // eslint-disable-next-line no-alert
-        alert(state.translate('fileTooBig', { size: bytes(MAXFILESIZE) }));
-        return;
-      }
-      state.archive = archive;
+    const maxSize = state.user.maxSize;
+    state.archive = state.archive || new Archive();
+    try {
+      state.archive.addFiles(files, maxSize);
+    } catch (e) {
+      alert(
+        state.translate(e.message, {
+          size: bytes(maxSize),
+          count: LIMITS.MAX_FILES_PER_ARCHIVE
+        })
+      );
     }
     render();
   });
 
   emitter.on('upload', async ({ type, dlCount, password }) => {
     if (!state.archive) return;
+    if (state.storage.files.length >= LIMITS.MAX_ARCHIVES_PER_USER) {
+      return alert(
+        state.translate('tooManyArchives', {
+          count: LIMITS.MAX_ARCHIVES_PER_USER
+        })
+      );
+    }
     const size = state.archive.size;
-    if (!state.timeLimit) state.timeLimit = DEFAULT_EXPIRE_SECONDS;
-    const sender = new FileSender(state.archive, state.timeLimit);
+    if (!state.timeLimit) state.timeLimit = DEFAULTS.EXPIRE_SECONDS;
+    const sender = new FileSender(
+      state.archive,
+      state.timeLimit,
+      state.user.bearerToken
+    );
 
     sender.on('progress', updateProgress);
     sender.on('encrypting', render);
@@ -132,7 +138,6 @@ export default function(state, emitter) {
       metrics.completedUpload(ownedFile);
 
       state.storage.addFile(ownedFile);
-
       if (password) {
         emitter.emit('password', { password, file: ownedFile });
       }
@@ -185,17 +190,6 @@ export default function(state, emitter) {
     render();
   });
 
-  emitter.on('getPasswordExist', async ({ id }) => {
-    try {
-      state.fileInfo = await hasPassword(id);
-      render();
-    } catch (e) {
-      if (e.message === '404') {
-        return emitter.emit('pushState', '/404');
-      }
-    }
-  });
-
   emitter.on('getMetadata', async () => {
     const file = state.fileInfo;
 
@@ -204,7 +198,7 @@ export default function(state, emitter) {
       await receiver.getMetadata();
       state.transfer = receiver;
     } catch (e) {
-      if (e.message === '401') {
+      if (e.message === '401' || e.message === '404') {
         file.password = null;
         if (!file.requiresPassword) {
           return emitter.emit('pushState', '/404');

app/fileReceiver.js

@@ -1,6 +1,6 @@
 import Nanobus from 'nanobus';
 import Keychain from './keychain';
-import { delay, bytes } from './utils';
+import { delay, bytes, streamToArrayBuffer } from './utils';
 import { downloadFile, metadata } from './api';
 import { blobStream } from './streams';
 import Zip from './zip';
@@ -191,20 +191,6 @@ export default class FileReceiver extends Nanobus {
   }
 }
 
-async function streamToArrayBuffer(stream, size) {
-  const result = new Uint8Array(size);
-  let offset = 0;
-  const reader = stream.getReader();
-  let state = await reader.read();
-  while (!state.done) {
-    result.set(state.value, offset);
-    offset += state.value.length;
-    state = await reader.read();
-  }
-
-  return result.buffer;
-}
-
 async function saveFile(file) {
   return new Promise(function(resolve, reject) {
     const dataView = new DataView(file.plaintext);

app/fileSender.js

@@ -1,4 +1,4 @@
-/* global DEFAULT_EXPIRE_SECONDS */
+/* global DEFAULTS */
 import Nanobus from 'nanobus';
 import OwnedFile from './ownedFile';
 import Keychain from './keychain';
@@ -7,9 +7,10 @@ import { uploadWs } from './api';
 import { encryptedSize } from './ece';
 
 export default class FileSender extends Nanobus {
-  constructor(file, timeLimit) {
+  constructor(file, timeLimit, bearerToken) {
     super('FileSender');
-    this.timeLimit = timeLimit || DEFAULT_EXPIRE_SECONDS;
+    this.timeLimit = timeLimit || DEFAULTS.EXPIRE_SECONDS;
+    this.bearerToken = bearerToken;
     this.file = file;
     this.keychain = new Keychain();
     this.reset();
@@ -75,11 +76,12 @@ export default class FileSender extends Nanobus {
       encStream,
       metadata,
       authKeyB64,
+      this.timeLimit,
+      this.bearerToken,
       p => {
         this.progress = [p, totalSize];
         this.emit('progress');
-      },
-      this.timeLimit
+      }
     );
 
     if (this.cancelled) {

app/fxa.js

@@ -0,0 +1,44 @@
+import jose from 'node-jose';
+import { arrayToB64, b64ToArray } from './utils';
+
+const encoder = new TextEncoder();
+
+export async function prepareWrapKey(storage) {
+  const keystore = jose.JWK.createKeyStore();
+  const keypair = await keystore.generate('EC', 'P-256');
+  storage.set('fxaWrapKey', JSON.stringify(keystore.toJSON(true)));
+  return jose.util.base64url.encode(JSON.stringify(keypair.toJSON()));
+}
+
+export async function getFileListKey(storage, bundle) {
+  const keystore = await jose.JWK.asKeyStore(
+    JSON.parse(storage.get('fxaWrapKey'))
+  );
+  const result = await jose.JWE.createDecrypt(keystore).decrypt(bundle);
+  const jwks = JSON.parse(jose.util.utf8.encode(result.plaintext));
+  const jwk = jwks['https://identity.mozilla.com/apps/send'];
+  const baseKey = await crypto.subtle.importKey(
+    'raw',
+    b64ToArray(jwk.k),
+    { name: 'HKDF' },
+    false,
+    ['deriveKey']
+  );
+  const fileListKey = await crypto.subtle.deriveKey(
+    {
+      name: 'HKDF',
+      salt: new Uint8Array(),
+      info: encoder.encode('fileList'),
+      hash: 'SHA-256'
+    },
+    baseKey,
+    {
+      name: 'AES-GCM',
+      length: 128
+    },
+    true,
+    ['encrypt', 'decrypt']
+  );
+  const rawFileListKey = await crypto.subtle.exportKey('raw', fileListKey);
+  return arrayToB64(new Uint8Array(rawFileListKey));
+}

app/main.js

@@ -1,3 +1,4 @@
+/* global userInfo */
 import 'fast-text-encoding'; // MS Edge support
 import 'fluent-intl-polyfill';
 import app from './routes';
@@ -11,6 +12,8 @@ import metrics from './metrics';
 import experiments from './experiments';
 import Raven from 'raven-js';
 import './main.css';
+import User from './user';
+import { getFileListKey } from './fxa';
 
 (async function start() {
   if (navigator.doNotTrack !== '1' && window.RAVEN_CONFIG) {
@@ -20,13 +23,17 @@ import './main.css';
   if (capa.streamDownload) {
     navigator.serviceWorker.register('/serviceWorker.js');
   }
+  if (userInfo && userInfo.keys_jwe) {
+    userInfo.fileListKey = await getFileListKey(storage, userInfo.keys_jwe);
+  }
   app.use((state, emitter) => {
     state.capabilities = capa;
     state.transfer = null;
     state.fileInfo = null;
     state.translate = locale.getTranslator();
     state.storage = storage;
     state.raven = Raven;
+    state.user = new User(userInfo, storage);
     window.appState = state;
     let unsupportedReason = null;
     if (