An exception to the previous commit, for incoming messages we should not
show a mysterious empty bubble. Instead there is some generic
non-technical error message.
// FREEBIE
Change how message errors are rendered. Errors associated with a number
will be shown under that number in the detail view rather than piling up
in the message bubble.
// FREEBIE
Fix inconsistency in error format, where we sometimes get an unexpected
Error object and sometimes get a wrapper object containing an Error.
Also start saving network errors.
// FREEBIE
Refactor outgoing message error handling to use the same success and
error handlers. This creates a somewhat strange pattern, where we call
send and pass in the promise that resolves when sending is complete, but
there's enough variety in the libtextsecure syntax for different message
sending routines that it belongs at the conversation level and only the
post-processing stuff is really shared by all messages.
// FREEBIE
There is no in-window navigation in the chrome app environment, so nix
the first if-clause here. Also make it programmatically reloadable and
fix indentation.
// FREEBIE
1. This is nonstandard behavior, not supported by any other clients. It
may help sometimes but will also cause bugs (see 2)
2. iOS doesn't handle group updates with missing fields. all fields must
be populated, and libtextsecure doesn't have any knowledge of the group
name or avatar, so these updates will clobber group state on iOS.
// FREEBIE
This one's been around since forever, but only manifests when someone
leaves the group and comes back. In that case we fail to reinit their
numberRegistrationId object, which causes a npe when we try to send
send them group messages.
Affected parties must ask their fickle friends to leave/join again.
// FREEBIE
Rather than asking for a global target, the message receiver implements
the EventTarget interface itself. It does not expose the dispatchEvent
method, however. This ensures that events can only be triggered from
within the internal MessageReceiver class, which means we no longer need
to namespace them.
// FREEBIE
Let the libtextsecure consumer pass in their own server url, username,
password, and signaling key, as with libtextsecure-java.
Also brings reconnect logic up into the MessageReceiver class, which
is the only place it should apply.
Encapsulate the global conversation cache collection against accidental
access, avoiding the data-clobbering bug fixed in previous commit.
Also move some one-off program initialization code from panel controller
to background.js
// FREEBIE
The conversation's contactCollection only contains references to the
current membership, and will not provide contact info for people who
have left the group, causing their messages to render without numbers or
avatars.
// FREEBIE
When confirming the creation of a one on one conversation with a new
contact, the first click would do nothing but the second click would
work. Now the first click works.
Fix by only reject new conversation creation if not saved.
// FREEBIE
Fixes auto archive when deleting all messages, and auto unarchive when
sending a new message. Previously, the convo would not reappear in the
inbox after deleting all messages.
// FREEBIE
Only fetch them from a frontend view. If the conversation is not open,
we don't need to load the messages, and if we do load them, they will
render before we've done the initial contact info loading (as
implemented in 74e96ce).
Fixes#344
// FREEBIE
This listener is doing way more work than necessary to update the dom by
removing all the list items and re-creating them. This also causes the
bug where selected state is cleared when new messages arrive, not to
mention binding new event listeners without unbinding the old ones.
Fix by simply promoting an element to the top of the list when it's
active_at value changes, rather than re-rendering the whole list. This
could backfire if the value gets changed to an earlier timestamp but for
now we assume that won't happen.
// FREEBIE
The chrome.notifications api renders iconUrls at full bleed, as opposed
to the Web Notifications api, which adds padding. This was causing our
identicons to look a bit over stretched.
Fixed by rendering them a bit larger and with some padding.
// FREEBIE
Only allow one notification at a time. Use a basic notification for
normal messages, and image notification for image messages, and a list
notification when there are multiple unread messages.
// FREEBIE
Forgot to bind the socket event handler, and the then() handler should
come before the catch() handler or else it will execute every time the
catch handler executes.
// FREEBIE
Always test connectivity with an http request after a websocket closes,
regardless of what code/error it closed with. If that request succeeds,
automatically reconnect the socket.
// FREEBIE
Create a new collection type for the inbox which listens to events on
the main conversation cache. Also don't reload conversation info from
the database as often or when unnecessary.
Fixes#345
// FREEBIE
There's no need to use a custom collection type here since we don't use
any of the ConversationCollection methods. This helps prevent the
introduction of duplicate models for the same chat.
// FREEBIE
The delivery receipt handler should only update messages, so rather than
reloading the conversation and its contacts, only reload the messages.
// FREEBIE
Makes the groupupdate and recipient input fields stick to the top,
restyles the typeahead as a floating dropdown list of suggestions
rather than a full width component, fixes group avatar thumbnail
rendering.
// FREEBIE
Used by member list view. Refactored some templates for shared markup.
Fixes strange behavior where members in the list were hoverable and
selectable.
// FREEBIE
Establishes basic functionality for viewing conversations in two column
mode, including message area and message list resizing, and maintaining
scroll position.
Various subviews need to be retooled but are more or less still
functional, i.e., new message, message detail, key verification, etc...
Start by requesting keys for only the master device, then handle 410 as
needed. Single-device users are the more common case and this strategy
lets us avoid requesting/expending one of our own device keys when
establishing a session with sibling devices.
// FREEBIE
After setting a new identity key as trusted, we retry decryption on all
pending conflicts for that contact. If their identity changed twice in a
row, we can still get a conflict the second time, and should handle it
appropriately.
When resolving conflicts, we should not only discard the old key, but
set the new trusted key to the one the user has verified. Previously, we
would end up trusting the first-seen new key, which may not be the one
the user verified.
// FREEBIE
Related with #278. Redone to include keeping scroll at the bottom when resizing the window, as suggested in #305, and to better fit the current code structure.
This new endpoint should always issue a response to a provisioning
socket so if we don't receive one we should assume the connection has
been lost.
Closes#318
By default, automatically disconnect if no response. This is preferable
because we can sometimes lose connectivity without receiving a close
event from the socket, but it's also possible that the endpoint may not
support responses.
// FREEBIE
saveKeysToDeviceObject is the detector of outgoing identity key errors.
Catch these key errors closer to the source by pulling the
getKeysForNumber into the context of sendMessageToDevices, which lets
it access registerError and the message protobuf.
Previously identity key errors would be uncaught if all existing
sessions with a recipient were closed/deleted, since we would
preemptively fetch the new identity key. The old error handling only
kicked in after a 409/410 response from the server when posting a
message encrypted for a stale session.
// FREEBIE
Previously we would convert a bytebuffer to a string, pass it to
libaxolotl where it would be parsed back into a bytebuffer.
Ideally we would just pass the bytebuffer, but it turns out that
libaxolotl's bytebyffer class is identical but separate from
libtextsecure's bytebuffer class. ¯\_(ツ)_/¯
So instead we pass the underlying array buffer, which is handled
more or less the same way as a bytebuffer, and most importantly,
does not involve any copying.
// FREEBIE
We now disconnect ourselves if we don't get the server's response to a
keepalive request within 30s. This way we will eventually disconnect if
the network goes away but the socket is not closed.*
* See code.google.com/p/chromium/issues/detail?id=197841 and
https://stackoverflow.com/questions/11755605/chrome-websocket-connection-not-closed-when-browser-closed
We will then try to reconnect once a minute (See 8a10c96);
Keepalives belong at this level anyway, since the format is defined by
both the websocket resource protocol and our specific server url
structure.
// FREEBIE
This trigger function uses chrome's runtime message passing api, which
traverses between different windows in our runtime, but we only trigger
the updateInbox event from the backgroud page, so we don't need to use
that api, which requires some extra cpu/memory overhead.
// FREEBIE
Well that didn't work. Luckily this comparison is primarily enforced at
the libaxolotl level.
With this and the corresponding change to libaxolotl, remote identity
keys are always going to be stored as array buffers going forward. This
will cause incompatibility with existing keys stored as strings, so
updating to this point requires you to purge your identity key and
session store.
We're overriding the default with null often enough that we should
just change the default.
Consequently, no more phantom blank conversations with oneself should
appear after receiving a group update. They were being added to the
inbox because they were incorrectly initialized with an active_at value.
Fixes#281
All the old event listeners and in-memory objects have perished with the
old background page. Also reopen the inbox if it was already open.
Fixes#289
// FREEBIE
The following are equivalent, except that the first is longer and
invokes an extra function call.
```
return new Promise(function(resolve, reject) {
reject(new Error("Unknown Group"));
});
return Promise.reject(new Error("Unknown Group"));
```
Refreshing the background page does re-open the socket, but the inbox
and other windows don't reattach correctly. Reload the whole runtime to
force close all windows, reload the background, and re open the inbox.
In lieu of a click event, the change event was being fired when clicking
out of the search input. The input event seems to be what we actually want.
Fixes#273
This bug was caused by a race between indexeddb requests and sending
messages. Order of events to repro was roughly:
1. send async idb request for current message list
2. add new message(s)
3. idb request returns with now incomplete message list
4. message collection gets reset to list from 3, removing messages
added in 2, but not removing their phantom views/dom elements. (bug)
5. send another idb request for current message list
6. idb request returns bearing all messages including those from 2.
7. messages from 2 are added and rendered a second time.
The fix was simply to not remove messages in 4, which means we reuse the
original message model object rather than recreating it in 7.
Fixes#243
// FREEBIE
The unset function, and the series of events/callbacks triggered by its
use, are not as similar to the set/save functions as previously
anticipated, leading to flux in the state of the 'pending' attribute.
Fixes#283
// FREEBIE
Line breaks can now be insterted into message box using Shift+Enter or Alt+Enter. Messages with new lines are properly displayed in the conversation view (but only there, to keep inbox clean). The template was modified to allow HTML, but the message itself is sanitized before new line handling is run.
As discussed in similar issue there: https://github.com/GoogleChrome/chromedeveditor/issues/1023 - it is not possible to add onClosed event listener on an 'abstract' current window property, it needs to be set on the particular window instance instead.
Before that change, the clean up function was never actually called, because the listener was never properly attached. That was probably the reason of existence for "panel isn't actually open ... and so we try again." code that was executed if the previous window wasn't cleaned up properly (so actually every time). This code is no longer needed, I guess, as the windows are now cleaned up properly.
The avatar handler was being added to the list of promises too late,
so we were storing the raw avatar protobuf (Long id, bytes key) rather
than the downloaded/decrypted attachment data.
Fixes#280
Protocol and handling is all analogous to contact sync: Multiple
GroupDetails structs are packed into a single attachment blob and parsed
on our end. We don't display the synced groups in the conversation list
until a new message is sent to one of them.
// FREEBIE
* Fix a css bug preventing bottom bar from sticking to the bottom.
* Resize discussion container as a function of the overall window
height. The previous difference-based method gives the wrong result
when the window height changes but the bottom-bar height stays the
same.
// FREEBIE
Fixes#264
Implement the equivalent of java's String.hashCode on the conversation model.
Change avatar template and attributes. Use css classes for colors.
Initializing a message receiver opens the socket and starts listening
right away rather than requiring a separate call to connect. The only
other publicly accessible method is to query the socket status.
// FREEBIE
Update protobuf definitions and refactor message receive and decrypt
codepath to support new protocol, including various flavors of sync
messages (sent messages, contacts, and groups).
Also cleans up background.js and lets libtextsecure internalize
textsecure.processDecrypted and ensure that it is called before handing
DataMessages off to the application.
The Envelope structure now has a generic content field and a
legacyMessage field for backwards compatibility. We'll send outgoing
messages as legacy messages, and sync messages as "content" while
continuing to support both legacy and non-legacy messages on the receive
side until old clients have a chance to transition.
This behavior was intended to help keep the websocket alive, but keeping
the inbox window around can cause some stale frontend state. Also we now
have a keepalive alarm to check for new messages once a minute.
These collections should always be operating with the same model
instances, so let the inbox reset it self from the same in-memory
cache of conversation models used by the conversation windows.
If all the application windows are closed (and not merely hidden), the
background page will go inactive and there's nothing we can do to stop
it. However, we can ask chrome to trigger an alarm once per minute,
which will spin up the background page and check for new messages.
This will effectively keep us alive as long as chrome has open windows
or is running in the background, subject to chrome settings'
Advanced -> System -> Continue running background apps
As a chrome packaged app, we have to keep at least one window open in
order to maintain our websocket connection in the background page.
This change replaces the system window frame with custom buttons in the
inbox header, such that the 'close' button merely hides the window
rather than unloading it.
Fixes#237
FREEBIE
In a multi device world, it's possible to receive a receipt for a sync
message before the sync message actually arrives. In this case we need
to keep the receipt around and the process it when the message shows up.
My current version of chromium inexplicably exposes a crippled version
of chrome.browserAction even though we are now a packaged app and should
not have that functionality exposed to us anymore. This results in some
errors to the tune of "property 'foo' of undefined".
It also doesn't support the innerBounds property for window creation,
only the older (deprecated) bounds property.
Also make it accessible by providing a mode argument to the install
function. Previously developers could just edit the url but we no longer
have the address bar as an app window, so now they must close the
default installer and run the following from the background page
console: `extension.install('standalone')`.
In the production build, this should result in an error since it is not
supported / the register page is not included there.
Appify tabs, windows, browserAction
Port the extension.windows.focus function to new window api and
generalize its error handling in the case where the requested window
does not exist. An error will be passed to the callback.
Port extension.browserAction and rename it to the more generic
extension.onLaunched.
Use of the id option when opening a window ensures that attempting to
open a duplicate window merely focuses the existing window.
Finally, after registration, close the options window and open the
inbox.
Port extension.remove
Add window.storage to the background page, which loads all data from the
'items' store in indexeddb, caching them in memory for synchronous
access, then override textsecure storage to use that in memory store.
Storing multiple sessions in a single indexeddb record is prone to
clobbering data due to races between requests to update multiple device
sessions for the same number, since you have to read the current state
of the device->session map and update it. Splitting the records up makes
it so that those updates can be made in parallel. Selecting all the
sessions for a given number can still be done efficiently thanks to
indexeddb range queries.
* Session records are now opaque strings, so treat them that way:
- no more cross checking identity key and session records
- Move hasOpenSession to axolotl wrapper
- Remote registration ids must be fetched async'ly via protocol wrapper
* Implement async AxolotlStore using textsecure.storage
* Add some db stores and move prekeys and signed keys to indexeddb
* Add storage tests
* Rename identityKey storage key from libaxolotl25519KeyidentityKey to
simply identityKey, since it's no longer hardcoded in libaxolotl
* Rework registration and key-generation, keeping logic in libtextsecure
and rendering in options.js.
* Remove key_worker since workers are handled at the libaxolotl level
now
Encapsulate the websocket resources and socket setup process in a
friendly OO class. The MessageReceiver constructor expects an instance
of EventTarget on which to fire message events asynchronously. The
provider of the EventTarget can then add/remove listeners as desired.
Ground work for a smoother registration flow. Overall UX still needs
some polish but at least now we can have a progress gif or animation or
whatever. Also adds the phonenumber-confirmation step as a simple alert
box, which will be replaced with a nice dialogue in a later commit.
Creating a group with a member who's identity key has changed would
previously fail silently. Now, we catch and save the error, allowing the
same conflict resolution process as with regular messages.
Fixes#205
Previously there was a long pause between confirming the group details
and opening the conversation. Fix by first saving/opening the
conversation, rather than waiting for the initial group update to finish
transmitting.
This reverts commit 31e7d285e3.
This seemed like a nice feature, but the popup bubble isn't very
conducive to nontrivial user inputs, e.g. file inputs.
Fixes#211
Clicking on a key conflict message opens the message detail view,
which displays the contact(s) in this conversation. If the message
contains a key conflict with any of these contacts, a button is
displayed which attempts to resolve that conflict and any other
conflicts in the conversation that are related to that contact.
We'd like to live in a world where we can retry all the pending
conflicts in a conversation as a batch, which means we don't want to
wipe the identity key before processing each message. Thus, remove that
step from these handlers and encapsulate in a method on the conversation
model.
Ensure that both tryAgain functions return promises, allowing the
application to take appropriate action in the result of success or
failure. This lets us remove all dependency from libtextsecure on
app-level constructs like message objects/ids and the `extenion.trigger`
function.
Corresponding frontend changes to follow in another commit.
1. Return the value returned by the registered function, to expose the
underlying promise to the caller.
2. Stop accepting extra arguments to the replay function. The caller
should be able to do what they want with the returned promise instead.
3. Add a timestamp argument to the outgoing case, needed to re-try
sending a message.
Rather than opening the inbox in its own window, let it appear as a
browser action popup by default, but allow promotion to its own window
if requested.
Let libaxolotl throw a generic error instead of a replayable error, and
add an helper function in libtextsecure's axolotl_wrapper to catch and
convert from the generic error to the replayable one. This allows the
ReplayableError to remain a libtextsecure-level concept only.
Somewhat unrelatedly, but nearby, fix some whitespace and add missing
semicolon.
`emoji.init_colons` creates and populates `emoji.map.colons`, a global
map from common names to emoji code points. It's safe to call
repeatedly, but unecessary.
Now with actual malloc/free implementations. Had to drop back to -O1
optimization because the ed25519 signature test broke with -O2. :(
Closes#153
The toolchain install and build process, for reference:
```
wget https://s3.amazonaws.com/mozilla-games/emscripten/releases/emsdk-portable.tar.gz
tar xvfz emsdk-portable.tar.gz
cd emsdk-portable
./emsdk update
./emsdk install latest
./emsdk activate latest
source ./emsdk_env.sh
cd ../TextSecure-Browser
grunt build
```
I had some trouble with the registration..
Quickly checked TextSecure Server API and found the problems:
number has to be valid PSTN. (Including regionCode, precisely what validateNumber() returns)
verificationCode has to be all numbers, no dashes or spaces
Closes#193
Update unreadCounts per-conversation on incoming messages. Render unread
conversations with font-weigh: bold in the inbox view.
To ensure that the inbox and conversation views remain in sync, the
background page now ensures that the same models objects are used for
both views.
Turns out we can get ABNORMAL_CODE (1006) for disconnects where (for
instance) we pause the background page too long. However, in these cases
there is no preceeding ErrorEvent. In contrast, when we have bad
authentication credentials, there is an ErrorEvent. Thus, this change
ensures that we only reconnect if there was no Error.
Templatize the inbox view and use the same pattern for in-window view
switching as is now used with the conversation/message detail views.
This means doing more with markup and less jquery manipulation of
individual subelements of the inbox view.
Closes#173
Previously, in the event of a failed websocket auth, we would attempt to
reconnect once a second ad infinitum. This changeset ensures that we
only reconnect automatically if the socket closed 'normally' as
indicated by the code on the socket's CloseEvent. Otherwise, show a
'Websocket closed' error on the inbox view.
Ideally we would show a more contextual error (ie, 'Unauthorized'), but
unfortunately the actual server response code is not available to our
code. It can be observed in the console output from the background page,
but programmatically, we only receive the WebSocket CloseEvent codes
listed here:
https://developer.mozilla.org/en-US/docs/Web/API/CloseEvent#Status_codes
The websocket error message is displayed by a normally-hidden but ever
present socket status element. Clicking this element will immediately
refresh the background page, which will try again to open the websocket
connection.
When first intalling, users will no longer be presented with the option
to register as a standalone client.
For developer convenience, the standalone form can still be found at
chrome-extension://.../register.html
Closes#159
Only re-render a message if the body changed. Re-render only the
delivery receipt checkmark if the delivered property changes.
Fix a bug where attachments flash in and out of existance when a
delivery receipt arrives.
Define a Whisper.View base class that automatically parses and renders
templates and attributes defined by the subclass. This saves us a good
number of lines of code as well as some marginal memory overhead, since
we are no longer saving per-instance copies of template strings.
Although I find the previous implementation more elegant, it results in
a deeper nesting of Promises than necessary, which can make debugging
more complicated. The canvas scaling and compression apis are actually
synchronous, so the callback structure isn't really recessary here.
Converting to a loop also makes this process easier to understand at
a glance.
Fixed some bugs along the way:
* accidentally scaling small images up to 1920px
* jpeg compressing gifs and other formats even if unnecessary
Previously we would not scale large resolution images with small file
sizes, but in fact, both resolution and file size constraints should be
enforced.
With these changes, message bubbles in the default-sized chat popup are
just wide enough to display the full complement of html5 media player
controls.
Converting attachment data to base64-encoded data uris takes O(n) and
there's no need! URL.createObjectURL returns a magic link that can be
set as the `src` attribute to `img`, `video`, and `audio` tags to load
blob data directly without copying.
https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL
Add contentType-specific limits, switch to lazy-init iff we encounter an
oversized file, and restyle as a toast, factoring out a generic
ToastView along the way.
Wait a little longer on initial scroll down. Previous timeout sometimes
triggered before all text is finished rendering.
Remove redundant resize calls.
Sometimes a conversation's messages would be reverse-ordered on first
load, correcting themselves after a refresh. This is an artifact of the
order we load messages from the database. To fix, load them in the
opposite order.
The alternative solution would be to reset the collection every time we
fetch new messages, but this would create an entirely new set of model
objects each time, which seems unnecessary.
Background page conversations were trying to trigger events on the inbox
list view which had been destroyed, resulting in a background page
console error of "can't read innerHeight of null".
Avoid this by removing listeners when the inbox window is closed.
When sending an constrct a copy of the PushMessageContent protobuf, add
a SyncMessageContext, and send it to ourselves. Do this for all kinds of
group messages, and individual text/media messages, but not closeSession
messages as the latter are device-specific.
Do not sync messages if we are the primary device, which should only be
supported in development. Normal web clients must be paired with a
android or ios master device, and even in dev, a primary/standalone web
client does not support linking additional devices.
The message view has three flavors so far, a normal text+attachments
message, a group update, and an end session message. This changeset
extracts the normal message rendering into its own subview, and adds
some convenience functions to the message model in order to simplify
some of that flavoring logic.
The first message sent to a new contact was throwing 'Unknown Group'.
This was because we didn't wait for the initial save to sync the `type`
attribute to indexedDB. Instead, don't trigger the conversation to open
until it has finished saving.
This is an artifact of a time when conversation elements would pop in
and out of the dom at a moment's notice, and thus needed to rebind their
event listeners regularly.
Previously the conversation window would query the background page
for a model id and then fetch the conversation. Instead, we can fetch
the conversation before opening the window, which simplifies the front
end scripts and avoids creating multiple copies of the same model.
Unless the background page fetches the latest details of a conversation
before updating it, it may clobber or nullify some attributes e.g., the
contact's name.
When a new message arrives, if its conversation is not already opened,
the background page opens it. If it is alrady open the window is
focused. Finally, the 'message' event is triggered, resulting in
1. the inbox refetches conversations
2. all conversations fetch new messages
TODO: only send this event to the target window
This collection is just an in-memory indexer used for typeaheads. For
display, the matching models are added to a separate collection. Thus,
the order of the elements in the typeahead collection does not matter.
It feels a little weird when you can't see the matching member. Would
consider putting this back in if we display the member list in the
contact list item view.
Previously, the ugly file input was hidden with opacity, and styled as a
square paperclip icon, but its drop and click zones were not constrained
to the visible square. They remained active across the whole 'Choose
File' button, which overlapped with the textarea. Instead, hide the file
input complete (display: none) and transmit click events from the
paperclip to the input programmatically.
Eventually, we'll need to address drag and drop events, but I want to do
that at the window level. Otherwise dropping a file outside the file
input drop zone causes the browser to navigate to the file://... url.
Render the entire conversation from a template, because some parts of it
must be rendered conditionally if it is a group vs private conversation.
Also apply some style fixes and restore lost functionality:
* Make conversation title bar fixed.
* Widens message bubbles.
* Unhide message list.
* Restore attachment rendering.
* Restore message sending and attachment file selection.
* Style attachments file input as a paperclip.
* Style send button like on Android and make it a submit input.
Don't auto open the last conversation. It doesn't make sense now that we
no longer have two column layout.
Don't trigger/listen for selected events. There's no need since the list
item opens a new popup now.
New private conversations have their type set in onMessageReceived. New
group conversations should be handled the same way as normal group
updates. It was pointed out we should never have to handle a group
message without a preceding group update, as those would be rejected by
textsecure.processDecrypted. An exception would be if you delete the
group from indexedDB but not localStorage, but that's not a mode we
should be supporting.
Also in this change I switched to instantiating a new conversation
object on every call to handlePushMessageContent. Originally, I thought
to use the local conversation list as a cache, but it's a bit simpler to
re-read from the database every time for now. Later on we should revisit
and optimize for fewer read/writes per incoming message.
Just display a sensible default in the frontend if it's unset.
For private conversations this should be the phone number, for
groups, the list of numbers.
This was intended to sync the group state of a recently re-installed
client, but is prone to overkill when we have a lot of old stale groups
around. Also this implementation incurs some rate limit errors from the
server.
Uses app-level timestamps for outgoing messages.
Adds timestamp property to the outgoing jsonData.
Triggers a runtime event to notify frontend on delivery receipts.
Renders delivered messages with a 'delivered' class.
This change removes the timestamp field from messages and conversations
in favor of multiple semantically named timestamp fields: sent_at,
received_at on messages; active_at on conversations. This requires/lets
us rethink and improve our indexing scheme thusly:
The inbox index on conversations will order entries by the
conversation.active_at property, which should only appear on
conversations destined for the inbox.
The receipt index will use the message.sent_at property, for effecient
lookup of outgoing messages by timestamp, for use in processing delivery
receipts.
The group index on conversation.members is multi-entry, meaning that
looking up any phone number in this index will efficiently yield all
groups the number belongs to.
The conversation index lets us scan messages in a single conversation,
in the order they were received (or the reverse order). It is a compound
index on [conversationId, received_at].
This ended up turning into a rewrite/refactor of the background page.
For best results, view this diff with `-w` to ignore whitespace. In
order to support retrying message decryption, possibly at a much later
time than the message is received, we now implement the following:
Each message is saved before it is decrypted. This generates a unique
message_id which is later used to update the database entry with the
message contents, or with any errors generated during processing.
When an IncomingIdentityKeyError occurs, we catch it and save it on the
model, then update the front end as usual. When the user clicks to
accept the new key, the error is replayed, which causes the message to
be decrypted and then passed to the background page for normal
processing.
ReplayableErrors make it easy for the frontend to handle identity key
errors by wrapping the necessary steps into one convenient little
replay() callback function.
The frontend remains agnostic to what those steps are. It just calls
replay() once the user has acknowledged the key change.
The protocol layer is responsible for registering the callbacks needed
by the IncomingIdentityKeyError and OutgoingIdentityKeyError.
superfeedr has done a nice job with this backbone -> indexedDB adapter,
but their query interface is somewhat limited. This commit adds an
alternate interface that lets us specify the index and cursor bounds we
want. This interface requires deeper knowledge of indexedDB indices, but
is more powerful overall.
This was used to conditionally render messages in the group style, but
it's actually unnecessary. We can render the same markup in both cases
and change the appearance with css.
This commit provides the javascript complement to
[WebSocket-Resources](https://github.com/WhisperSystems/WebSocket-Resources),
allowing us to use a bi-directional request-response framework over
websockets.
See websocket-resources.js and websocket-resources_test.js
for usage details.
Along the way I also factored the websocket keepalive and reconnect
logic into its own file/wrapper object.
Move base64 encoding of attachments to an AttachmentView. This makes
image rendering an asynchronous task so we fire an update event to
indicate to the parent MessageListView that its content has changed
height and it is time to scroll down.
Register the runtime callback at the top level view rather than having
each conversation view register independently.
Also refactors Layout into InboxView.
After a message is saved asynchronsly, fire an event and pass the
message attributes to frontend listeners via the chrome-runtime API.
This behavior is similar to the 'storage' event fired by localStorage.
Getting up and running with IndexedDB was pretty easy, thanks to
backbone. The tricky part was making reads and writes asynchronous.
In that process I did some refactoring on Whisper.Threads, which
has been renamed Conversations for consistency with the view names.
This change also adds the unlimitedStorage permission.
Eliminates the global Whisper.Messages object and consolidates shared
send/receive logic in Whisper.Threads.
To the latter end, note that the decrypted array buffer on an attachment
pointer is now named data instead of decrypted, in order to match the
format of outgoing attachments presented by
FileReader.readAsArrayBuffers and let us use the same handler to base64
encode them.
This dependency may be a little heavy for our current use case, but we can
roll with it for now and find something slimmer if it turns out yagni.
Closes#77Closes#40
Runtime reload is overkill and causes a jarring ux. Instead, send and
receive messages across the runtime. Also, if we need to jump between
the main ui and options pages, simply navigate within the current tab
rather than spawning a new one.
We only depend on cryptojs for this webcrypto polyfill, so let Grunt
concatenate them into one file.
The reference in the getString helper isn't needed since we use the
built in string converters on CryptoJS's word arrays.
Rename methods on the curve25519 interface to be a bit more high level.
Cleanup emscripten wrapper class, wrap long lines and such. Also add a
grunt task alias for building the emscripten compiled curve
implementation.
Firstly, don't initialize textsecure.nativclient unless the browser
supports it. The mimetype-check trick is hewn from nacl-common.js.
Secondly, nativeclient crypto functions will all automatically wait for
the module to load before sending messages, so we needn't register any
onload callbacks outside nativeclient.js. (Previously, if you wanted to
do crypto with native client, you would have to register a call back and
wait for the module to load.) Now that the native client crypto is
encapsulated behind a nice interface, it can handle all that
onload-callback jazz internally: if the module isn't loaded when you
call a nativeclient function, return a promise that waits for the load
callback, and eventually resolves with the result of the requested
command. This removes the need for textsecure.registerOnLoadCallback.
Finally, although native client has its quirks, it's significantly
faster than the alternative (emscripten compiled js), so this commit
also lets the crypto backend use native client opportunistically, if
it's available, falling back to js if not, which should make us
compatible with older versions of chrome and chromium.
Man you shoulda been there. Code was compiling all over the damn place.
It was wild.
Seriously though. Ignore that intermediate compiled file. What happens
in build stays in build.
Build with `grunt compile && grunt concat:curve25519` after installing
emscripten.
Enable by either (a) not loading nativeclient.js or (b) setting
`textsecure.NATIVE_CLIENT = false` before loading nativeclient.js.
The nativeclient.js module overrides
window.textsecure.registerOnLoadFunction with its own version. Otherwise
helpers will define a trivial placeholder for same.
The flag textsecure.NATIVE_CLIENT can be set anywhere ahead of
nativeclient.js, but is only acted on in nativeclient.js,
and crypto.js.
NB: this diff is best viewed with --ignore-whitespace
Distills crypto.js down to the hard cryptoey bones. It pulls from
webcrypto for aes and hmac, and from native client for curve25519 stuff
or potentially another object implementing the handful of needed
curve25519 functions.
Everything else formerly known as crypto, including session storage and
management, axolotl, etc.. is now protocol.js. The separation is not
quite perfect, but it's a big step.
nativeclient.js now enables talking to the native client module through
a high level interface as well as registering callbacks that will be
executed once the module is loaded. And it has tests!
Finally, this commit removes all references to the "testing_only"
object, preferring to run tests on textsecure.crypto instead.
To components. Because tab-completion works better when there aren't two
things starting with bower, and shorter names are nicer to deal with in
general.
Latest protobuf.js requires that we pass in the sign value when making
longs from strings, ex: dcodeIO.Long.fromString(id, true);
However, it does the string->long conversion automatically if its given
a string for a fixed64 field, so we can pass our string ids right in!
ftw
Moved all test code into /test. Renamed test.js to crypto_test.js.
(Let's try to keep test files topical.) Merged test_views.html and
test.html into a single test/index.html.
Todo: use Grunt to generate test/index.html from index.html and files
found in /test. Also, write more tests.
We now correctly and opportunistically use the webcrypto API if
available, polyfilling if it's not detected. This change also includes a
layer of abstraction over the webcrypto interface so we no longer have
to deal with key-imports or algorithm names all over the place. Since we
no longer support AES-CTR, code outside this file can simply call
`textsecure.subtle.<encrypt|decrypt|sign>(key, data [, iv])`.
TypedArray.prototype.set doesn't handle ArrayBuffers correctly (it
writes all zeros). Instead, wrap each ArrayBuffer in a typed array
for concatenation.
processData (default: true)
Type: Boolean
By default, data passed in to the data option as an object (technically,
anything other than a string) will be processed and transformed into a
query string, fitting to the default content-type
"application/x-www-form-urlencoded". If you want to send a DOMDocument,
or other non-processed data, set this option to false.
https://api.jquery.com/jQuery.ajax/
Parse attachment ids out of the attachment pointer url and return them
as strings because the copy parsed by JSON suffers a loss of precision.
Convert them to and from the format expected by the protobuf using
facilities from decodeIO.Long.
Sadly, we are not quite compliant with the WC3 webcrypto spec
due to our insistance on passing around key data in plain old
ArrayBuffers.
Also converted whitespace.
DRY up protobuf declarations and move to a slightly briefer naming
convention.
Also dropped some ArrayBuffer -> string conversions as
ProtoBuf.js handles ArrayBuffers just fine, and in fact, more
efficiently than strings.
Finally, dropped the btoa() wrappers, because that incurs an extra
string -> string conversion before the protobuf's internal string ->
array buffer conversion. In lieu of btoa, we can simply pass in the
optional string encoding argument to the protobuf's decode method,
which in these cases should be 'binary'.
Related: #17
All the group messages were being sent to the last recipient in the
list, due to the persistence of `var number` in later loops and async
calls. An easy mistake to make, when you use for instead of each.
An exception is thrown when protobuf tries to encode a number as the
group id, which is declared to have type 'bytes'.
Fix by make it an ArrayBuffer instead, and increase the length to 16,
which is what the Android client uses:
c632b32ff8/src/org/thoughtcrime/securesms/database/GroupDatabase.java (L222)
Previously, if calling createNewGroup with an undefined groupId,
no groupId was generated.
This occurred because no entry for "group" + undefined exists in
localStorage, which caused this code to think undefined was a
valid group id.
Fixed by adding `|| groupId == undefined` to the while clause.
Also decoupled the groupId collision check for clarity.
When codes are sent they are formatted as xxx-xxx. Previously when I
would paste these from GVoice they failed validation thanks to the dash
and whatever whitespace I happened to grab.
Also,
* moved fetch out of the list view
* removed unused #last() function
* put test setup lines in their own tiny file.
* added data-cover to view script tags for code coveage reports.
The layout class is the only class that should have knowledge of
page-level constant markup, such as #gutter and #contacts, and
should be pretty much the only place we find elements by id (with
the exception of template elements).
This change removes references to #gutter from views. Rather than
hardcoding assumptions about page layout, view elements should
ask the layout to insert themselves into the main content area by
calling Whisper.Layout.setContent.
Each conversation views now manages its own separate elements
rather than all binding to a shared #conversation element, and
similarly for message composition ui.
Also includes the beginnings of group creation UI (not working yet),
featuring bootstrap-tagsinput field for entering group recipients
Let ConversationListItemView save a reference to its corresponding
ConversationView. This lets it render or delegate/undelegate events
when opening and closing a conversation.
Similarly for ConversationView itself, which contains a MessageListView.
When a thread is 'destroyed' from the UI we delete its messages and mark
the thread as inactive, (in other words, keep it around as contact info).
Additionally, we only load active threads when initializing the UI, and
reactivate threads when new messages are added to them.
Conflicts:
js/models/messages.js
js/models/threads.js
js/views/conversations/show.js
ERHMAGERRRD testing frameworks are so the best. Removed all our custom
code for ensuring test exclusivity and doneness and isolating callbacks
and everything. mocha does it all for us, and makes it pretty.
Also rather than return a long chain of promises that eventually resolve
to truthiness, we now use chai to make assertions about what is good and
right in the world.
Recommended reading:
https://visionmedia.github.io/mochahttp://chaijs.com/api/assert/
There were a few problems.
1. The message event was being triggered in background, not popup
2. The initial message/thread fetches from localStorage were mis-ordered
3. The timestamp wasn't being extracted from the right place
4. #3 caused messages to fail validation and not be saved
1-3 are fixed. To address 4 I switched validate() to log a warning
instead of preventing save.
Adds thread model/collection for managing conversation-level state, such
as unreadCounts, group membership, thread order, etc... plus various UI
improvements enabled by thread model, including an improved compose
flow, and thread-destroy button.
Adds Whisper.notify for presenting messages to the user in an orderly
fashion. Currently using a growl-style fade in/out effect.
Also some housekeeping:
Cut up views into separate files.
Partial fix for formatTimestamp.
Tweaked buttons and other styles.
Slight revert from said commit. We really do need the
IncomingPushMessageSignal protobuf at the UI layer, mostly because
it contains the 'source' attribute, without which we don't know
who sent the message.
Also fix a crash when there are no attachments on a message.
Better load the functions defined in chromium.js before trying to use
them. Hmm.. also, options.js should probably wait for the DOM to load
before it tries to initialize things in it.
The 'sender' field actually holds the recipient for outgoing
messages. Rename that field to 'person', indicating the 2nd
party generically.
Also decouples the thread name from thread recipients at the
view layer, in preparation for group support.
Adds Backbone-based Whisper.Messages model/collection with local storage
extension. Saves sent and received messages in Whisper.Messages instead
of message map. This will assign a unique id to the message and save it
to localStorage.
Adds Backbone-based view to popup.html
Automatically updates itself when new messages are saved to
Whisper.Messages db from the background page.
Added some shiny new styles, and started splitting up css into multiple
files for sanity's sake.
btoa expects a string argument, so when passing it the ArrayBuffer
object returned by getRandomBytes(), it's converted to a string by
calling .toString() on it. This always results in "[object ArrayBuffer]",
effectively resulting in a completely non-random password.
var i was being bound in the closure of this click handler, then
incremented by the for loop, such that its value was 1 by the time the
handler was called, so we were grabbing the message body from, e.g.
$("#input1") when we wanted $("#input0").
* key API changes moxie made because he disliked the other API
* remove atmosphere
* Fix some bugs in the send path, update for new send API
* Send HTML
When included after api.js, fake_api.js inits a FakeWhisperAPI.
FakeWhisperAPI inherits the methods of API, overrides a few, and
then usurps its place as the one true API.
Single device mode successfully "registers" against FakeAPI. Sadly,
multidevice mode has a recursive loop somewhere that makes the callstack
asplode.
The details of the server API are now mostly relegated to api.js, and
accessed through the API container object, improving modularity and
readability, and setting us up to derive a FakeAPI for serverless
development.