Commit graph

440 commits

Author SHA1 Message Date
Evan Hahn
4519aa4abf Allow PSD uploads over 6MB
You can't currently upload PSD files over 6MB. This is because its
mimetype is `image/vnd.adobe.photoshop`. We think this is an image, and
non-GIF images have a limit of 6MB.

To fix this, we could do one of two things:

1. Add a special case for PSD files
2. Increase the size limit for unsupported image types such as this

I went with the second option.

Tested this by:

- adding automated tests
- uploading a ~9 MB PSD file
- uploading a ~1 MB PNG
- uploading a ~27 MB PNG (which worked because it's converted to a smaller JPEG)
- uploading a ~50 MB text file
- trying to upload a ~500 MB text file (which failed, as expected)

Addresses [DESKTOP-1168][].

[DESKTOP-1168]: https://signalmessenger.atlassian.net/browse/DESKTOP-1168
2021-02-10 14:47:55 -08:00
Scott Nonnenberg
9858ae0642 Honor messageKeysLimit, remove batching for session saves 2021-02-10 14:47:55 -08:00
Scott Nonnenberg
e10ae03bb7
Create group link previews; don't open Signal links in browser first; allow ephemeral download of previously-error'd pack 2021-02-10 16:39:26 -06:00
Evan Hahn
bc37b5c907
Add an assertion when updating conversations; update cleanData 2021-02-04 11:54:03 -08:00
Scott Nonnenberg
a48b3e381e
Support for joining New Groups via invite links 2021-01-29 14:16:48 -08:00
Josh Perez
c0510b08a5
Introduce conversation details screen for New Groups
Co-authored-by: Chris Svenningsen <chris@carbonfive.com>
Co-authored-by: Sidney Keese <me@sidke.com>
2021-01-29 13:19:24 -08:00
Evan Hahn
8ccf402497 Use consistent User-Agent when uploading debug logs 2021-01-25 18:28:59 -08:00
Scott Nonnenberg
9f81b4157b Also use sent_at whenever we query database with received_at 2021-01-19 17:35:11 -08:00
Scott Nonnenberg
3f58a9b762
Clean up UUID-handling to prepare for future 2020-12-09 17:26:37 -05:00
Evan Hahn
0c039bf431
Add group calling events to the message timeline 2020-12-07 14:43:19 -06:00
Scott Nonnenberg
2b8ae412e0
New feature flag with ability to migrate GV1 groups 2020-12-01 10:42:35 -06:00
Scott Nonnenberg
26884432a2 Update TypeScript, Prettier and typescript-eslint for new TypeScript 3.8 syntax 2020-11-23 14:45:44 -05:00
Chris Svenningsen
d593f74241
New contact popup when clicking on group member or avatar 2020-11-11 09:36:05 -08:00
Evan Hahn
8bfaf598af Add license headers across the project 2020-11-04 13:03:13 -06:00
Evan Hahn
decc93532b Hide call buttons when on call 2020-11-04 13:03:13 -06:00
Evan Hahn
184f7e1bf3 Remove ESLint no-continue rule 2020-11-04 13:00:41 -06:00
Evan Hahn
b7cd0b1bf7 Tidy up link previews types 2020-11-04 13:00:40 -06:00
Evan Hahn
60f2422e2a Consolidate sleep usages into a tested utility function 2020-10-26 15:48:44 -07:00
Evan Hahn
f21dad1519 Mark long hrefs or those with invalid characters as sneaky 2020-10-12 18:10:08 -04:00
Scott Nonnenberg
d51a0b5ece GroupsV2: Better group invite behavior 2020-10-12 18:10:08 -04:00
Josh Perez
9510fd1eec Cleans up mute state after mute expires 2020-10-12 18:10:08 -04:00
Josh Perez
27759233e4 Storage Service Write: Improved conflict handling 2020-10-12 18:10:08 -04:00
Evan Hahn
693deaebe8 Remove IP addresses from "sneaky" link detection 2020-10-12 18:10:08 -04:00
Evan Hahn
313faab774 Outbound link previews 2020-10-12 18:10:08 -04:00
Evan Hahn
bdd71e4898 Support APNGs in Sticker Creator 2020-10-12 18:10:07 -04:00
Scott Nonnenberg
9f73b40d7a
MessageReceiver: Use UUID if we have it 2020-09-25 09:20:36 -05:00
Scott Nonnenberg
bc3b61db1d Add p-queue timeouts; fix search crash; improve promise rejection logging 2020-09-21 15:42:51 -04:00
Chris Svenningsen
b4e9c278d3 Migrate to eslint 2020-09-21 15:42:51 -04:00
Scott Nonnenberg
7a02cc815d Support for new GroupV2 groups 2020-09-09 17:34:57 -07:00
Josh Perez
1ce0959fa1 Storage Service: Write 2020-09-09 17:34:57 -07:00
Chris Svenningsen
8a2c17f65f Apply new ESLint rules to legacy code 2020-09-09 17:34:57 -07:00
Evan Hahn
496a90efbb More descriptive notification/left pane text 2020-09-09 17:34:57 -07:00
Chris Svenningsen
5b1536cc02 Initial move towards new ESLint config supporting TS
Co-authored-by: Sidney Keese <sidney@carbonfive.com>
2020-09-01 17:11:16 -04:00
Evan Hahn
fd06ac9d57 Sticker improvements 2020-09-01 17:11:16 -04:00
Evan Hahn
2e1e6e847a Widen the set of link previews which can be received 2020-09-01 17:10:18 -04:00
Evan Hahn
aaed0db2e5 Verify sticker data in getDataFromLink 2020-08-28 15:42:25 -04:00
Evan Hahn
45d829e439 Improved link verification logic. 2020-08-28 15:42:24 -04:00
Scott Nonnenberg
eb44e2fc6a
Calling: Show call event summaries in left pane 2020-08-12 19:52:34 -04:00
Scott Nonnenberg
81cb7730a5
Message Requests improvements 2020-08-06 20:50:54 -04:00
Scott Nonnenberg
d75eee015f Show notifications when a user's profile name changes 2020-07-30 13:27:44 -07:00
Scott Nonnenberg
901179440f Merge contacts when we discover split or duplicated contacts 2020-07-30 13:17:45 -07:00
Josh Perez
5b83485c89 Update safety number change warning dialog 2020-07-30 13:10:05 -07:00
Ken Powers
bf04c9114e Harden UUID-handling code paths 2020-07-30 13:10:03 -07:00
Peter Thatcher
d3a27a6442 Calling support 2020-07-30 13:08:47 -07:00
Ken Powers
83574eb067 Message Requests 2020-07-30 13:08:44 -07:00
Josh Perez
ba6cb653bf Drop group messages that don't change group 2020-07-13 16:06:24 -07:00
Scott Nonnenberg
a14936451e deleteStickerPackReference: Return early on empty array as well 2020-07-10 11:07:37 -07:00
Ken Powers
352818fd32 Add more logging around attachment queueing 2020-06-10 14:39:45 -07:00
Ken Powers
d6d2d242d4
Always use sender certificates including UUID 2020-05-07 13:51:37 -07:00
Scott Nonnenberg
464c814a95 Remove all IndexedDB migration code 2020-04-29 17:42:41 -07:00
Ken Powers
980862768b Linkify URLs containing @ 2020-04-29 17:42:41 -07:00
Scott Nonnenberg
aaa91c441b Ensure old attachments with .id field only are handled 2020-04-29 17:42:41 -07:00
Ehren Kret
a0e9791623 Add support for receiving attachments from CDN 2 2020-04-29 17:42:41 -07:00
Scott Nonnenberg
6b094e1514 Refactor: Move data-access code to Typescript w/ shared interface 2020-04-15 14:45:11 -07:00
Scott Nonnenberg
9ab54b9b83 Move web_api.js and js/modules/crypto.js to TypeScript 2020-04-15 14:44:51 -07:00
Scott Nonnenberg
71436d18e2 Include sender in group update notifications 2020-04-15 14:44:46 -07:00
Ken Powers
a1270867ff Debug Logs: gzip before upload 2020-03-24 17:03:22 -07:00
Ken Powers
37ad95af27 Passive UUID fixes 2020-03-24 17:03:22 -07:00
Scott Nonnenberg
8d6cba1b43 Eliminate remaining Electron 8 deprecations
* Change systemPreferences.isDarkMode() to nativeTheme.shouldUseDarkColors

* Remove vibrancy parameter to BrowserWindow

* Update curve25519-n; removes context-aware deprecation warning

* Set app.allowRendererProcessReuse = true to remove warning

* Move from deprecated setters to direct property set

* Serialized sender certificates: Store less, store plain object

* isMenuBarAutoHide -> autoHideMenuBar

* UUID: Fix sealed sender indicator on message details screen

* Data._cleanData: Remove function keys, handle null in array

Also:
- run _cleanData when saving attachment download jobs
- remove job from jobs table when the send itself throws error

* _cleanData: Don't dig into strings, booleans, or numbers

* getPropsForMessageDetail: Make it clear what we're reducing

Co-authored-by: Ken Powers <ken@signal.org>
2020-03-24 17:03:01 -07:00
Ken Powers
a90246cbe5 Passive UUID support
Co-authored-by: Scott Nonnenberg <scott@signal.org>
2020-03-24 16:59:35 -07:00
Scott Nonnenberg
a840e2e5b1 Remove legacy import flow 2020-03-04 17:12:56 -08:00
Josh Perez
60773d28d5
Fix new sticker pack keys 2020-02-24 17:03:55 -08:00
Ken Powers
8d9ccd3c0a
Ensure proper file permissions on startup
Co-authored-by: Scott Nonnenberg <scott@signal.org>
2020-02-21 15:40:04 -08:00
Josh Perez
6b56dd4ce0
Move registration from redux selectors to util 2020-02-21 15:08:21 -08:00
Ken Powers
f0028a5cfe Don't linkify invalid URLs 2020-02-19 15:22:37 -08:00
Josh Perez
1881fa5fa5
Add swoon sticker packs as blessed and known
* Add swoon sticker packs as blessed and known
* Do not install blessed packs by default
2020-02-18 14:36:59 -08:00
Josh Perez
0843f569a0
Adds additional logging to boot path 2020-02-18 10:48:58 -08:00
Josh Perez
18fd44f504
Move all status/alert dialogs into the Left Pane 2020-02-12 13:30:58 -08:00
Scott Nonnenberg
3938eb9801
A set of fixes and upgrades
* writeToDownloads: Add missing await
* Remove window.isFocused() - not used anywhere!
* Update typescript, p-queue, make necessary changes to fix build
* Slow down sender certificate retries with no existing cert
* Slow down signed prekey refreshes when unlinked - 5s -> 5m
* Update protobufjs to 4.1.2
2020-02-07 14:37:04 -05:00
Scott Nonnenberg
a271fe0eee Add version number to user-agent header on outgoing requests 2020-01-16 21:36:14 -08:00
Scott Nonnenberg
be6ae038dc Ensure sender cert refresh timer resets only when necessary 2020-01-16 21:36:14 -08:00
Ken Powers
8dbbde6790 Partial Revert "Conversation: Wait for database fetch to add incoming messages"
This partially reverts commit bce711c36dfdb3eefda59a10aabe71058b3e40a2.
2020-01-16 08:34:31 -08:00
Scott Nonnenberg
55eff02872 Reintroduce file chooser dialog for every attachment save 2020-01-15 17:23:02 -05:00
Scott Nonnenberg
1bf9ca7233 Save attachments with macOS quarantine attribute
* Attachments: Always save file to downloads directory, show toast
* Add new build:dev command for casual builds
2020-01-09 14:57:43 -05:00
Scott Nonnenberg
3e5071e340 Conversation: Wait for database fetch to add incoming messages 2020-01-09 09:43:47 -05:00
Ken Powers
0d3b390129 Upgrade Prettier 2020-01-08 09:44:54 -08:00
Ken Powers
fe65fd3eaa Sticker creator updates: new 200 sticker max, WebP supported 2019-12-19 15:27:02 -08:00
Scott Nonnenberg
f5be32ba14 Simplify linkification filter - check for ASCII/non-ASCII only 2019-12-18 14:45:11 -05:00
Ken Powers
11d47a8eb9 Sticker Creator 2019-12-17 12:28:46 -08:00
Scott Nonnenberg
2df1ba6e61 Introduce two built-in sticker packs: Zozo and Bandit 2019-12-17 12:28:46 -08:00
Scott Nonnenberg
e9f08c3da9 Bugfixes for v1.29
* If focus was set to document.body during archive, focus left pane
* Shortcut Guide: Add space between text and shortcut highlight
* Ensure that draft attachment can be closed with click on X button
* Move to keyDown event for user idle checking
* Additional resiliency around avatars; check for them on on-disk
* Increase timeouts to preserve websocket connection
* On startup, be resilient to malformed JSON in log files
* Don't crash if shell.openExternal returns an error
* Whenever we request a contact/group sync, also request block list
* Avatar popup: Ensure styling is mouse- and keyboard-appropriate
* MainHeader: Create popperRoot on demand, not on mount
* CompositionInput: Disable default Ctrl-/ shortcut
* Update libphonenumber
2019-12-03 15:02:50 -05:00
Scott Nonnenberg
bb02fa3a7e Prevent conversation up/down when showing search results 2019-11-15 14:34:24 -08:00
Scott Nonnenberg
20a892247f Keyboard shortcuts and accessibility 2019-11-13 16:53:42 -08:00
Scott Nonnenberg
8590a047c7 Change domain for sharing sticker packs 2019-11-13 19:12:36 -05:00
Ken Powers
8659f1dd23 Fix a number of emoji bugs in message composer 2019-10-31 12:32:10 -07:00
Scott Nonnenberg
0c09f9620f Improve message download performance 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
7ab2d9acc6 Video Thumbnails: Seek to 1s mark in video before capture 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
b77246a7e0 When SQLITE_CORRUPT error happens, immediately restart the app 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
3719724337 Prevent multiple instances of same background attachment job 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
1ab844674a Ensure out-of-band attachment updates make new top-level objects 2019-09-03 20:07:47 -04:00
Scott Nonnenberg
936768d9c1 Recalculate message height when pending sticker is loaded 2019-08-22 15:41:55 -07:00
Scott Nonnenberg
c39d5a811a Full-text search within conversation 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
9d4f2afa5a Persist drafts 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
5ebd8bc690 Virtualize Messages List - only render what's visible 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
a976cfe6b6 Time out faster for IndexedDB existence checks 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
d42eb2126e Changes to View Once 2019-08-05 16:23:47 -07:00
Ken Powers
6c0365a770 One emoji image set for picker, composition, message bubble 2019-07-25 09:28:44 -07:00
Ken Powers
7b645011c2 New composition area with emoji typeahead 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459)
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3):1
2019-07-16 13:28:16 -07:00