Commit graph

45 commits

Author SHA1 Message Date
Jamie Kyle
bbd43b6e38
Implement read support for CDN3 2023-07-26 15:15:05 -07:00
trevor-signal
82e058f2b8
Conversation open speed benchmarking for staging builds
Co-authored-by: Fedor Indutnyy <indutny@signal.org>
2023-07-21 00:37:56 +02:00
Fedor Indutny
3e586be46a
Move challenge urls into config 2023-04-06 14:49:24 -07:00
Fedor Indutny
fad0529080
New sticker creator button 2023-02-27 14:34:43 -08:00
Evan Hahn
a61b0f18f9
Remove old CA 2023-02-15 09:34:52 -08:00
Fedor Indutny
8ed13b2247
Username hashing 2023-02-08 09:14:59 -08:00
Josh Perez
19a42ed719
Onboarding story 2022-11-08 21:38:19 -05:00
Fedor Indutny
7f0a66847b
Remove LegacyCDS 2022-10-26 16:17:14 -07:00
Fedor Indutny
c18fa35354
Remove unused CDSH code 2022-08-23 09:38:46 -07:00
Fedor Indutny
d036803df9
Mirror CDS requests 2022-08-18 17:31:12 -07:00
Fedor Indutny
757af2cbbe
Include ACI+Access Keys pairs with CDSI requests 2022-08-18 13:44:53 -07:00
Fedor Indutny
79b48115e6 Handle PniChangeNumber 2022-07-28 14:50:10 -04:00
Fedor Indutny
a450e13a99
Fetch PNI group credentials 2022-07-08 13:46:25 -07:00
Fedor Indutny
253e050262
CDSI Support 2022-06-14 18:15:33 -07:00
Fedor Indutny
0c8c332805
Use new CDS implementation in staging 2022-03-09 11:28:40 -08:00
Fedor Indutny
6281d52ec6
Storage service tests and benches in ts/test-mock 2022-02-11 14:32:51 -08:00
Scott Nonnenberg
604a4d1ac2
Add second trusted issuer certificate authority 2022-01-27 10:17:39 -08:00
Fedor Indutny
b4b65c4f00
Add v2 implementation of CDS HSM 2021-12-06 23:54:20 +01:00
Fedor Indutny
1ce39478a2
Update signal-client to 0.11.0 2021-11-24 09:39:47 +01:00
Fedor Indutny
bb15cfc622
Additional protocol changes for CDS v2 2021-11-12 21:45:30 +01:00
Fedor Indutny
409bf1fc82
WebSocket API for CDS 2021-11-08 15:32:31 -08:00
Scott Nonnenberg
9a1430a460
Typescriptify main.js 2021-10-01 13:49:59 -05:00
Evan Hahn
7b9a68b7f9
Upgrade zkgroup to v0.8.1 2021-09-28 09:30:30 -07:00
Scott Nonnenberg
29a3a2ac58
WhatsNew: Save build creation time, use as displayed date 2021-09-13 14:00:32 -05:00
Ehren Kret
425404cd6e
Update chat server URLs 2021-08-24 17:32:46 -04:00
Fedor Indutny
990e501850
First pass on CI support 2021-03-25 19:02:53 -07:00
Scott Nonnenberg
e863aae0bf
Specify public key type in updatesPublicKey 2021-02-05 11:34:52 -06:00
Evan Hahn
23fed9ce63
Group calling SFU URL should be configurable 2020-12-07 13:40:11 -06:00
Ken Powers
8290881bd8 Support for Contact Discovery Service 2020-09-09 17:34:57 -07:00
Josh Perez
8502d23576 Social Graph: read-only state sync with primary device 2020-07-30 13:10:05 -07:00
Scott Nonnenberg
ebafc52f61
Update zkgroup dependency to 0.7.1 2020-05-15 17:01:14 -07:00
Ehren Kret
a0e9791623 Add support for receiving attachments from CDN 2 2020-04-29 17:42:41 -07:00
Scott Nonnenberg
c1dfe3e5b4
Adds support for versioned profiles
* Add zkgroup library

* tsconfig.json: Prettier wants to mess it up. :0(

* Initial take on versioned profile fetches

* Fix up the logging in getProfiles() - warn instead of error

* Introduce new VERSIONED_PROFILE_FETCH flag

* Update zkgroup dependency to v0.5.0

* Fix lint-deps - new zkgroup library brought in new debug dep

* ts/zkgroup: Introduce some commonly-used helper functions

* Update to latest serverPublicParams

* Don't derive profileKeyVersion unless flag is set
2020-04-15 16:12:28 -07:00
Ken Powers
0d3b390129 Upgrade Prettier 2020-01-08 09:44:54 -08:00
Scott Nonnenberg
c8ea2e9463 Download and install updates without the help of electron-updater 2019-04-05 17:18:37 -07:00
Scott Nonnenberg
3917ab940e web_api: Fix caching of https.agent objects between requests 2019-02-20 16:51:30 -08:00
Scott Nonnenberg
813924685e Link Previews 2019-01-29 13:53:14 -08:00
Scott Nonnenberg
a7d78c0e9b Sealed Sender support
https://signal.org/blog/sealed-sender/
2018-10-29 14:49:18 -07:00
Scott Nonnenberg
f3bd0cf903 Refactor api.js into web_api, which encapsulates all web access 2018-05-31 13:25:45 -07:00
Scott Nonnenberg
426dab85a2
New design for import/install, 'light' import (#2053)
- A new design for the import flow. It features:
  - Icons at the top of every screen
  - Gray background, blue buttons, thinner text
  - Simpler copy
- A new design for the install flow. It features:
  - Immediate entry into the QR code screen
  - Animated dots to show that we're loading the QR code from the server
  - Fewer screens: 1) QR 2) device name 3) sync-in-progress
- When not set up, the app opens directly into the install screen, which has been streamlined. The `--import` command-line argument will cause the app to open directly into the import flow.
- Support for two different flavors of builds - the normal build will open into the standard registration flow, and the import flavor will be exactly the same except during setup it will open directly into the import flow.
- A new design for the (dev-only) standalone registration view
- When these install sequences are active, the OS File menu has entries to allow you to switch the method of setup you'd like to use. These go away as soon as the first step is taken in any of these flows.
- The device name (chosen on initial setup) is now shown in the settings panel
- At the end of a light import, we hand off to the normal device link screen, starting at the QR code. On a full import, we remove the sensitive encryption information in the export to prevent conflicts on multiple imports.
- `Whisper.Backup.exportToDirectory()` takes an options object so you can tell it to do a light export.
- `Whisper.Backup.importFromDirectory()` takes an options object so you can force it to load only the light components found on disk. It also returns an object so you can tell whether a given import was a full import or light import.
- On start of import, we build a list of all the ids present in the messages, conversations, and groups stores in IndexedDB. This can take some time if a lot of data is in the database already, but it makes the subsequent deduplicated import very fast.
- Disappearing messages are now excluded when exporting
- Remove some TODOs in the tests
2018-02-22 10:40:32 -08:00
Lilia
ae190fed44
Profiles (#1453)
* Add AES-GCM encryption for profiles

With tests.

* Add profileKey to DataMessage protobuf

// FREEBIE

* Decrypt and save profile names

// FREEBIE

* Save incoming profile keys

* Move pad/unpad to crypto module

// FREEBIE

* Support fetching avatars from the cdn

// FREEBIE

* Translate failed authentication errors

When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.

// FREEBIE

* Handle profile avatars (wip) and log decrypt errors

// FREEBIE

* Display profile avatars

Synced contact avatars will still override profile avatars.

* Display profile names in convo list

Only if we don't have a synced contact name.

// FREEBIE

* Make cdn url an environment config

Use different ones for staging and production

// FREEBIE

* Display profile name in conversation header

* Display profile name in group messages

* Update conversation header if profile avatar changes

// FREEBIE

* Style profile names small with ~

* Save profileKeys from contact sync messages

// FREEBIE

* Save profile keys from provisioning messages

For standalone accounts, generate a random profile key.

// FREEBIE

* Special case for one-time sync of our profile key

Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.

// FREEBIE

* Infer profile sharing from synced data messages

* Populate profile keys on outgoing messages

Requires that `profileSharing` be set on the conversation.

// FREEBIE

* Support for the profile key update flag

When receiving a message with this flag, don't init a message record, just
process the profile key and move on.

// FREEBIE

* Display profile names in group member list

* Refresh contact's profile on profile key changes

// FREEBIE

* Catch errors on profile save

// FREEBIE

* Save our own synced contact info

Don't return early if we get a contact sync for our own number

// FREEBIE
2017-09-14 17:04:00 -07:00
Lilia
50c470e53d
Certificate pinning via node XMLHttpRequest implementation (#1394)
* Add certificate pinning on https service requests

Make https requests to the server using node apis instead of browser apis, so we
can specify our own CA list, which contains only our own CA.

This protects us from MITM by a rogue CA.

As a bonus, this let's us drop the use of non-standard ports and just use good
ol' default 443 all the time, at least for http requests.

// FREEBIE

* Make certificateAuthorities an option on requests

Modify node-based xhr implementation based on driverdan/node-XMLHttpRequest,
adding support for setting certificate authorities on each request.

This allows us to pin our master CA for requests to the server and cdn but not
to the s3 attachment server, for instance. Also fix an exception when sending
binary data in a request: it is submitted as an array buffer, and must be
converted to a node Buffer since we are now using a node based request api.

// FREEBIE

* Import node-based xhr implementation

Add a copy of https://github.com/driverdan/node-XMLHttpRequest@86ff70e, and
expose it to the renderer in the preload script.

In later commits this module will be extended to support custom certificate
authorities.

// FREEBIE

* Support "arraybuffer" responseType on requests

When fetching attachments, we want the result as binary data rather than a utf8
string. This lets our node-based XMLHttpRequest honor the responseType property
if it is set on the xhr.

Note that naively using the raw `.buffer` from a node Buffer won't work, since
it is a reuseable backing buffer that is often much larger than the actual
content defined by the Buffer's offset and length.

Instead, we'll prepare a return buffer based on the response's content length
header, and incrementally write chunks of data into it as they arrive.

// FREEBIE

* Switch to self-signed server endpoint

* Log more error info on failed requests

With the node-based xhr, relevant error info are stored in statusText and
responseText when a request fails.

// FREEBIE

* Add node-based websocket w/ support for custom CA

// FREEBIE

* Support handling array buffers instead of blobs

Our node-based websocket calls onmessage with an arraybuffer instead of a blob.
For robustness (on the off chance we switch or update the socket implementation
agian) I've kept the machinery for converting blobs to array buffers.

// FREEBIE

* Destroy all wacky server ports

// FREEBIE
2017-09-14 17:03:17 -07:00
Scott Nonnenberg
b4e3cc0e6c
Load test page and run tests on start when NODE_ENV=test
FREEBIE
2017-09-14 16:53:46 -07:00
lilia
e7e030a5e2
Build expiration date
Add the buildExpiration config and add it to the renderer's config
object. Use grunt to write the build expiration to
config/local-production.json which will override the default value (no
expiration) in production. Finally, run this grunt task as part of the
build process.

// FREEBIE
2017-09-14 16:53:38 -07:00
lilia
7e1bee1082
Configure app/build using node config
Add environment-specific configs under `./config` and integrate with the
build system. Also changes package.json `files` from blacklist to
whitelist.

// FREEBIE
2017-09-14 16:53:36 -07:00