- [x] Removed ‘Restart Signal’ global menu item
- [x] Change _Click to create contact…_ to _Start conversation…_
- [x] Move global menu (top-left kebab) into OS menu bar,
i.e. **Settings** > **Preferences…**
- [x] Add tests for OS menu bar templates
- [x] Fix bug with **Window** menu on macOS when showing setup options
- [x] Use _Title Case_ for all OS menu bar menu items for consistency
commit dedf7c9af0de90980388559659df0d92a77b864c
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 16:53:42 2018 -0500
Use ‘Title Case’ to be consistent with OS menus
References:
- Apple:
- https://developer.apple.com/macos/human-interface-guidelines/menus/menu-anatomy/#menu-and-menu-item-titles
- https://developer.apple.com/library/content/documentation/FinalCutProX/Conceptual/FxPlugHIG/TextStyleGuidelines/TextStyleGuidelines.html#//apple_ref/doc/uid/TP40013782-CH6-SW1
- https://titlecaseconverter.com/
commit 3286da29b334bd4526c587b17707c2f230cec8f5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 16:36:50 2018 -0500
Fix bug for macOS ‘Window’ menu with setup options
commit 236a23d1eafe2a16073394a27b9013298b682a25
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 16:27:46 2018 -0500
Test menus with included setup options
commit c5d5f5abb8d7f52d6a4aa182a86c92f7ddceade0
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 16:10:27 2018 -0500
Move settings (‘Preferences’) into OS-level menu
This reduces our reliance on custom UI until we have more design resources.
commit 027803f8f4983cffa443f0beff1854dcf541689b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 16:02:56 2018 -0500
Prepare tests for menu with/without included setup
commit 9e2f006924b85eb249a8a1261c1c4dd1a706afa6
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 15:55:46 2018 -0500
Destructure `includeSetup`
commit 6b2a1eccdf724fd722e58415d2700da73942d9e8
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 15:55:14 2018 -0500
🔤 `createTemplate` `options`
commit c2fecba34b153fed106f414ed3347d46299f6fe5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 12:49:55 2018 -0500
Test menu for Windows and Linux
commit 60281b1af9ad1f022cdbc40711ebd0b688a7355d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 12:40:39 2018 -0500
Add `yarn run test-app` command
commit 1a0489919c0a97b03fe88196260fef894fb3d9e4
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 12:40:29 2018 -0500
Add test for `SignalMenu.createTemplate` on macOS
commit 9638b86c0f00f231e44562a5aa01626f0e5fdd8b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 12:34:46 2018 -0500
Make `createTemplate` pure
Extracting `options.platform` makes it easier to test without having to
stub `process.platform`.
commit 9c26404892d7c9a7bd0199a9e8367a165a3b365c
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 11:47:39 2018 -0500
Extract `locale.load` `appLocale` & `logger` for testability
This allows us to run this code in a non-Electron environment, e.g. Node.js
Mocha test suite.
commit 710b22438df25c8d5e8431845a035c55ec8fc0b7
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 11:46:13 2018 -0500
🔤 npm scripts
commit 9ae22937fbce078f91443023b560b3c0468c1380
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 11:45:30 2018 -0500
Use 2-space indendation for `app` module tests
commit 22c26baf6159bd2e1f5a787c10e2260f09395329
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 11:22:55 2018 -0500
Prefer named exports
commit 9c9526195266ac77ac2ca04135a1e675f617dfd2
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 11:22:46 2018 -0500
🔤 Organize `require`s
commit 2f144d24d9e9a9ef72fe418996e3c911b304b00a
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 27 11:13:50 2018 -0500
Remove existing global hamburger menu
This will be replaced by a OS-level ‘Preferences’ menu.
commit f5adb374cb742e5f319ececda8ab6d8adee88d7e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 26 18:40:54 2018 -0500
Remove ‘Restart Signal’ menu from settings
Apparently, this is a remnant from the Chrome web application.
commit d7a206bc8e67ef44022085e804ca040ed1b219f7
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 26 17:16:49 2018 -0500
Clarify label for starting a new conversation
When user a enters a number that is not a contact, we prompt them to start a new
conversation.
commit 715a4064367fb61d85c1a4f9d48261b2ce002435
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 26 16:46:26 2018 -0500
Use ‘Enter name or number’ as prompt’
This follows implementation of Android and recommendation from Alissa.
Hotfix: Ignore invalid expire timer sync resets
iOS omits `expireTimer` protobuf property to denote disappearing messages have been turned off. However, that doesn’t allow us to distinguish it from old clients that are not aware of this property. This change ignores these invalid values until we consistently use `0` to denote disabled disappearing messages (as Android does).
- [x] Ignore non-numeric `expireTimer` values during contact sync. Long-term, we’ll use `0` to denote turning off expire timers.
- [x] Log what value `expireTimer` is set to.
- [x] Log changes to `expireTimer` in `handleDataMessage` until it uses `ConversationController::updateExpirationTimer`.
- A new design for the import flow. It features:
- Icons at the top of every screen
- Gray background, blue buttons, thinner text
- Simpler copy
- A new design for the install flow. It features:
- Immediate entry into the QR code screen
- Animated dots to show that we're loading the QR code from the server
- Fewer screens: 1) QR 2) device name 3) sync-in-progress
- When not set up, the app opens directly into the install screen, which has been streamlined. The `--import` command-line argument will cause the app to open directly into the import flow.
- Support for two different flavors of builds - the normal build will open into the standard registration flow, and the import flavor will be exactly the same except during setup it will open directly into the import flow.
- A new design for the (dev-only) standalone registration view
- When these install sequences are active, the OS File menu has entries to allow you to switch the method of setup you'd like to use. These go away as soon as the first step is taken in any of these flows.
- The device name (chosen on initial setup) is now shown in the settings panel
- At the end of a light import, we hand off to the normal device link screen, starting at the QR code. On a full import, we remove the sensitive encryption information in the export to prevent conflicts on multiple imports.
- `Whisper.Backup.exportToDirectory()` takes an options object so you can tell it to do a light export.
- `Whisper.Backup.importFromDirectory()` takes an options object so you can force it to load only the light components found on disk. It also returns an object so you can tell whether a given import was a full import or light import.
- On start of import, we build a list of all the ids present in the messages, conversations, and groups stores in IndexedDB. This can take some time if a lot of data is in the database already, but it makes the subsequent deduplicated import very fast.
- Disappearing messages are now excluded when exporting
- Remove some TODOs in the tests
As described in #998, images are sometimes displayed with an incorrect
orientation. This is because cameras often write files in the native sensor byte
order and attach the `Orientation` EXIF metadata to tell end-user devices how to
display the images based on the original author’s capture orientation.
Electron/Chromium (and therefore Signal Desktop) currently doesn’t support
applying this metadata for `<img>` tags, e.g. CSS `image-orientation: from-
image`. As a workaround, this change uses the `loadImage` library with the
`orientation: true` flag to auto-orient images ~~before display~~ upon receipt
and before sending.
**Changes**
- [x] ~~Auto-orient images during display in message list view~~
- [x] Ensure image is not displayed until loaded (to prevent layout reflow) .
- [x] Auto-orient images upon receipt and before storing in IndexedDB
(~~or preserve original data until Chromium offers native fix?~~)
- [x] Auto-orient images in compose area preview.
- [x] ~~Auto-orient images in lightbox view~~
- [x] Auto-orient images before sending / storage.
- [x] Add EditorConfig for sharing code styles across editors.
- [x] Fix ESLint ignore file.
- [x] Change `function-paren-newline` ESLint rule from
`consistent` to `multiline`.
- [x] Add `operator-linebreak` ESLint rule for consistency.
- [x] Added `blob-util` dependency for converting between array buffers,
blobs, etc.
- [x] Extracted `createMessageHandler` to consolidate logic for
`onMessageReceived` and `onSentMessage`.
- [x] Introduce `async` / `await` to simplify async coding (restore control flow
for branching, loops, and exceptions).
- [x] Introduce `window.Signal` namespace for exposing ES2015+ CommonJS modules.
- [x] Introduce rudimentary `Message` and `Attachment` types to begin defining a
schema and versioning. This will allow us to track which changes, e.g.
auto-orient JPEGs, per message / attachment as well as which fields
are stored.
- [x] Renamed `window.dataURLtoBlob` to `window.dataURLToBlobSync` to both fix
the strange `camelCase` as well as to highlight that this operation is
synchronous and therefore blocks the user thread.
- [x] Normalize all JPEG MIME types to `image/jpeg`, eliminating the
invalid `image/jpg`.
- [x] Add `npm run test-modules` command for testing non-browser specific
CommonJS modules.
- **Stretch Goals**
- [ ] ~~Restrict `autoOrientImage` to `Blob` to narrow API interface.~~ Do
this once we use PureScript.
- [ ] ~~Return non-JPEGs as no-op from `autoOrientImage`.~~ Skipping
`autoOrientImage` for non-JPEGs altogether.
- [ ] Retroactively auto-orient existing JPEG image attachments in the
background.
---
Fixes#998
---
- **Blog:** EXIF Orientation Handling Is a Ghetto:
https://www.daveperrett.com/articles/2012/07/28/exif-orientation-handling-is-a-ghetto/
- **Chromium Bug:** EXIF orientation is ignored:
https://bugs.chromium.org/p/chromium/issues/detail?id=56845
- **Chromium Bug:** Support for the CSS image-orientation CSS property:
https://bugs.chromium.org/p/chromium/issues/detail?id=158753
---
commit ce5090b473a2448229dc38e4c3f15d7ad0137714
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 16 10:35:36 2018 -0500
Inline message descriptors
commit 329036e59c138c1e950ec7c654eebd7d87076de5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Thu Feb 15 17:34:40 2018 -0500
Clarify order of operations
Semantically, it makes more sense to do `getFile` before `clearForm`
even though it seems to work either way.
commit f9d4cfb2ba0d8aa308b0923bbe6066ea34cb97bd
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Thu Feb 15 17:18:26 2018 -0500
Simplify `operator-linebreak` configuration
Enabling `before` caused more code changes and it turns out our previous
configuration is already the default.
commit db588997acdd90ed2ad829174ecbba744383c78b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Thu Feb 15 17:15:59 2018 -0500
Remove obsolete TODO
commit 799c8817633f6afa0b731fc3b5434e463bd850e3
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Thu Feb 15 17:12:18 2018 -0500
Enable ESLint `function-paren-newline` `multiline`
Per discussion.
commit b660b6bc8ef41df7601a411213d6cda80821df87
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Thu Feb 15 17:10:48 2018 -0500
Use `messageDescriptor.id` not `source`
commit 5e7309d176f4a7e97d3dc4c738e6b0ccd4792871
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 16:29:01 2018 -0500
Remove unnecessary `eslint-env`
commit 393b3da55eabd7413596c86cc3971b063a0efe31
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 16:19:17 2018 -0500
Refactor `onSentMessage` and `onMessageReceived`
Since they are so similar, we create the handlers using new
`createMessageHandler` function. This allows us to ensure both synced and
received messages go through schema upgrade pipeline.
commit b3db0bf179c9a5bea96480cde28c6fa7193ac117
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 16:18:21 2018 -0500
Add `Message` descriptor functions
commit 8febf125b1b42fe4ae1888dd50fcee2749dc1ff0
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 14:46:56 2018 -0500
Fix typo
commit 98d951ef77bd578b313a4ff4b496b793e82e88d5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 12:22:39 2018 -0500
Remove `promises` reference
commit a0e9559ed5bed947dabf28cb672e63d39948d854
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 12:22:13 2018 -0500
Fix `AttachmentView::mediaType` fall-through
commit 67be916a83951b8a1f9b22efe78a6da6b1825f38
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 12:03:41 2018 -0500
Remove minor TODOs
commit 0af186e118256b62905de38487ffacc41693ff47
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 11:44:41 2018 -0500
Enable ESLint for `js/views/attachment_view.js`
commit 28a2dc5b8a28e1a087924fdc7275bf7d9a577b92
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 11:44:12 2018 -0500
Remove dynamic type checks
commit f4ce36fcfc2737de32d911cd6103f889097813f6
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 11:27:56 2018 -0500
Rename `process` to `upgradeSchema`
- `Message.process` -> `Message.upgradeSchema`
- `Attachment.process` -> `Attachment.upgradeSchema`
- `Attachment::processVersion` -> `Attachment::schemaVersion`
Document version history.
commit 41b92c0a31050ba05ddb1c43171d651f3568b9ac
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 11:11:50 2018 -0500
Add `operator-linebreak` ESLint rule
Based on the following discussion:
https://github.com/signalapp/Signal-Desktop/pull/2040#discussion_r168029106
commit 462defbe55879060fe25bc69103d4429bae2b2f6
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 11:01:30 2018 -0500
Add missing `await` for `ConversationController.getOrCreateAndWait`
Tested this by setting `if` condition to `true` and confirming it works.
It turns rotating a profile key is more involved and might require
registering a new account according to Matthew.
commit c08058ee4b883b3e23a40683de802ac81ed74874
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 16:32:24 2018 -0500
Convert `FileList` to `Array`
commit 70a6c4201925f57be1f94d9da3547fdefc7bbb53
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 15:46:34 2018 -0500
🎨 Fix lint errors
commit 2ca7cdbc31d4120d6c6a838a6dcf43bc209d9788
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 15:07:09 2018 -0500
Skip `autoOrientImage` for non-JPEG images
commit 58eac383013c16ca363a4ed33dca5c7ba61284e5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 14:55:35 2018 -0500
Move new-style modules to `window.Signal` namespace
commit 02c9328877dce289d6116a18b1c223891bd3cd0b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 14:35:23 2018 -0500
Extract `npm run test-modules` command
commit 2c708eb94fba468b81ea9427734896114f5a7807
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 13:25:51 2018 -0500
Extract `Message.process`
commit 4a2e52f68a77536a0fa04aa3c29ad3e541a8fa7e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 13:25:12 2018 -0500
Fix EditorConfig
commit a346bab5db082720f5d47363f06301380e870425
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 13:13:02 2018 -0500
Remove `vim` directives on ESLint-ed files
commit 7ec885c6359e495b407d5bc3eac9431d47c37fc6
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 13:08:24 2018 -0500
Remove CSP whitelisting of `blob:`
We no longer use `autoOrientImage` using blob URLs. Bring this back if we
decide to auto-orient legacy attachments.
commit 879b6f58f4a3f4a9ed6915af6b1be46c1e90e0ca
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:57:05 2018 -0500
Use `Message` type to determine send function
Throws on invalid message type.
commit 5203d945c98fd2562ae4e22c5c9838d27dec305b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:56:48 2018 -0500
Whitelist `Whisper` global
commit 8ad0b066a3690d3382b86bf6ac00c03df7d1e20b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:56:32 2018 -0500
Add `Whisper.Types` namespace
This avoids namespace collision for `Whisper.Message`.
commit 785a949fce2656ca7dcaf0869d6b9e0648114e80
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:55:43 2018 -0500
Add `Message` type
commit 674a7357abf0dcc365455695d56c0479998ebf27
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:35:23 2018 -0500
Run ESLint on `Conversation::sendMessage`
commit cd985aa700caa80946245b17ea1b856449f152a0
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:34:38 2018 -0500
Document type signature of `FileInputView::readFile`
commit d70d70e52c49588a1dc9833dfe5dd7128e13607f
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:31:16 2018 -0500
Move attachment processing closer to sending
This helps ensure processing happens uniformly, regardless of which code
paths are taken to send an attachment.
commit 532ac3e273a26b97f831247f9ee3412621b5c112
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:22:29 2018 -0500
Process attachment before it’s sent
Picked this place since it already had various async steps, similar to
`onMessageReceived` for the incoming `Attachment.process`.
Could we try have this live closer to where we store it in IndexedDB, e.g.
`Conversation::sendMessage`?
commit a4582ae2fb6e1d3487131ba1f8fa6a00170cb32c
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 12:21:42 2018 -0500
Refactor `getFile` and `getFiles`
Lint them using ESLint.
commit 07e9114e65046d791fc4f6ed90d6e2e938ad559d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:37:31 2018 -0500
Document incoming and outgoing attachments fields
Note how outgoing message attachments only have 4 fields. This presumably
means the others are not used in our code and could be discarded for
simplicity.
commit fdc3ef289d6ec1be344a12d496839d5ba747bb6a
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:36:21 2018 -0500
Highlight that `dataURLToBlob` is synchronous
commit b9c6bf600fcecedfd649ef2ae3c8629cced4e45a
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:35:49 2018 -0500
Add EditorConfig configuration
commit e56101e229d56810c8e31ad7289043a152c6c449
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:34:23 2018 -0500
Replace custom with `blob-util` functions
IMPORTANT: All of them are async so we need to use `await`, otherwise we get
strange or silent errors.
commit f95150f6a9569fabcb31f3acd9f6b7bf50b5d145
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:17:30 2018 -0500
Revert "Replace custom functions with `blob-util`"
This reverts commit 8a81e9c01bfe80c0e1bf76737092206c06949512.
commit 33860d93f3d30ec55c32f3f4a58729df2eb43f0d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:13:02 2018 -0500
Revert "Replace `blueimp-canvas-to-blob` with `blob-util`"
This reverts commit 31b3e853e4afc78fe80995921aa4152d9f6e4783.
commit 7a0ba6fed622d76a3c39c7f03de541a7edb5b8dd
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 11:12:58 2018 -0500
Replace `blueimp-canvas-to-blob` with `blob-util`
commit 47a5f2bfd8b3f546e27e8d2b7e1969755d825a66
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 10:55:34 2018 -0500
Replace custom functions with `blob-util`
commit 1cfa0efdb4fb1265369e2bf243c21f04f044fa01
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 10:47:02 2018 -0500
Add `blob-util` dependency
commit 9ac26be1bd783cd5070d886de107dd3ad9c91ad1
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 10:46:44 2018 -0500
Document why we drop original image data during auto-orient
commit 4136d6c382b99f41760a4da519d0db537fa7de8d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 10:46:27 2018 -0500
Extract `DEFAULT_JPEG_QUALITY`
commit 4a7156327eb5f94dba80cb300b344ac591226b0e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 10:37:11 2018 -0500
Drop support for invalid `image/jpg` MIME type
commit 69fe96581f25413194032232f1bf704312e4754c
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:54:30 2018 -0500
Document `window.onInvalidStateError` global
commit a48ba1c77458da38583ee9cd488f70a59f6ee0fd
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:54:04 2018 -0500
Selectively run ESLint on `js/background.js`
Enabling ESLint on a per function basis allows us to incrementally improve
the codebase without requiring large and potentially risky refactorings.
commit e6d1cf826befc17ad4ec72fda8e761701665635e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:16:23 2018 -0500
Move async attachment processing to `onMessageReceived`
We previously processed attachments in `handleDataMessage` which is mostly a
synchronous function, except for the saving of the model. Moving the
processing into the already async `onMessageReceived` improves code clarity.
commit be6ca2a9aae5b59c360817deb1e18d39d705755e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:14:49 2018 -0500
Document import of ES2015+ modules
commit eaaf7c41608fb988b8f4bbaa933cff110115610e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:14:29 2018 -0500
🎨 Fix lint error
commit a25b0e2e3d0f72c6a7bf0a15683f02450d5209ee
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:13:57 2018 -0500
🎨 Organize `require`s
commit e0cc3d8fab6529d01b388acddf8605908c3d236b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 09:07:17 2018 -0500
Implement attachment process version
Instead of keeping track of last normalization (processing) date, we now
keep track of an internal processing version that will help us understand
what kind of processing has already been completed for a given attachment.
This will let us retroactively upgrade existing attachments.
As we add more processing steps, we can build a processing pipeline that can
convert any attachment processing version into a higher one,
e.g. 4 -> 5 -> 6 -> 7.
commit ad9083d0fdb880bc518e02251e51a39f7e1c585f
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:50:31 2018 -0500
Ignore ES2015+ files during JSCS linting
commit 96641205f734927aaebc2342d977c555799c3e3b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:48:07 2018 -0500
Improve ESLint ignore rules
Apparently, using unqualified `/**` patterns prevents `!` include patterns.
Using qualified glob patterns, e.g. `js/models/**/*.js`, lets us work
around this.
commit 255e0ab15bd1a0ca8ca5746e42d23977c8765d01
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:44:59 2018 -0500
🔤 ESLint ignored files
commit ebcb70258a26f234bd602072ac7c0a1913128132
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:35:47 2018 -0500
Whitelist `browser` environment for ESLint
commit 3eaace6f3a21421c5aaaaf01592408c7ed83ecd3
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:35:05 2018 -0500
Use `MIME` module
commit ba2cf7770e614415733414a2dcc48f110b929892
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:32:54 2018 -0500
🎨 Fix lint errors
commit 65acc86e8580e88f7a6611eb4b8fa5d7291f7a3f
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:30:42 2018 -0500
Add ES2015+ files to JSHint ignored list
commit 8b6494ae6c9247acdfa059a9b361ec5ffcdb39f0
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:29:20 2018 -0500
Document potentially unexpected `autoScale` behavior
commit 8b4c69b2002d1777d3621be10f92cbf432f9d4d6
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:26:47 2018 -0500
Test CommonJS modules separately
Not sure how to test them as part of Grunt `unit-tests` task as
`test/index.html` doesn’t allow for inclusion of CommonJS modules that use
`require`. The tests are silently skipped.
commit 213400e4b2bba3efee856a25b40e269221c3c39d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 08:24:27 2018 -0500
Add `MIME` type module
commit 37a726e4fb4b3ed65914463122a5662847b5adee
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 20:18:05 2018 -0500
Return proper `Error` from `blobArrayToBuffer`
commit 164752db5612220e4dcf58d57bcd682cb489a399
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 20:15:41 2018 -0500
🎨 Fix ESLint errors
commit d498dd79a067c75098dd3179814c914780e5cb4f
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 20:14:33 2018 -0500
Update `Attachment` type field definitions
commit 141155a1533ff8fb616b70ea313432781bbebffd
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 20:12:50 2018 -0500
Move `blueimp-canvas-to-blob` from Bower to npm
commit 7ccb833e5d286ddd6235d3e491c62ac1e4544510
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:33:50 2018 -0500
🎨 Clarify data flow
commit e7da41591fde5a830467bebf1b6f51c1f7293e74
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:31:21 2018 -0500
Use `blobUrl` for consistency
commit 523a80eefe0e2858aa1fb2bb9539ec44da502963
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:28:06 2018 -0500
Remove just-in-time image auto-orient for lightbox
We can bring this back if our users would like auto-orient for old
attachments.
commit 0739feae9c47dd523c10740d6cdf746d539f270c
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:27:21 2018 -0500
Remove just-in-time auto-orient of message attachments
We can bring this back if our users would like auto-orient for old
attachments. But better yet, we might implement this as database migration.
commit ed43c66f92830ee233d5a94d0545eea4da43894d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:26:24 2018 -0500
Auto-orient JPEG attachments upon receipt
commit e2eb8e36b017b048d57602fca14e45d657e0e1a1
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:25:26 2018 -0500
Expose `Attachment` type through `Whisper.Attachment`
commit 9638fbc987b84f143ca34211dc4666d96248ea2f
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:23:39 2018 -0500
Use `contentType` from `model`
commit 032c0ced46c3876cb9474b26f9d53d6f1c6b16a0
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:23:04 2018 -0500
Return `Error` object for `autoOrientImage` failures
commit ff04bad8510c4b21aef350bed2b1887d0e055b98
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:22:32 2018 -0500
Add `options` for `autoOrientImage` output type / quality
commit 87745b5586d1e182b51c9f9bc5e4eaf6dbc16722
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:18:46 2018 -0500
Add `Attachment` type
Defines various functions on attachments, e.g. normalization
(auto-orient JPEGs, etc.)
commit de27fdc10a53bc8882a9c978e82265db9ac6d6f5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 16:16:34 2018 -0500
Add `yarn grunt` shortcut
This allows us to use local `grunt-cli` for `grunt dev`.
commit 59974db5a5da0d8f4cdc8ce5c4e3c974ecd5e754
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 10:10:11 2018 -0500
Improve readability
commit b5ba96f1e6f40f2e1fa77490c583217768e1f412
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 10:08:12 2018 -0500
Use `snake_case` for module names
Prevents problems across case-sensitive and case-insensitive file systems.
We can work around this in the future using a lint rule such as
`eslint-plugin-require-path-exists`.
See discussion:
https://github.com/signalapp/Signal-Desktop/pull/2040#discussion_r167365931
commit 48c5d3155c96ef628b00d99b52975e580d1d5501
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Mon Feb 12 10:05:44 2018 -0500
🎨 Use destructuring
commit 4822f49f22382a99ebf142b337375f7c25251d76
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 17:41:40 2018 -0500
Auto-orient images in lightbox view
commit 7317110809677dddbbef3fadbf912cdba1c010bf
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 17:40:14 2018 -0500
Document magic number for escape key
commit c790d07389a7d0bbf5298de83dbcfa8be1e7696b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 17:38:35 2018 -0500
Make second `View` argument an `options` object
commit fbe010bb63d0088af9dfe11f153437fab34247e0
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 17:27:40 2018 -0500
Allow `loadImage` to fetch `blob://` URLs
commit ec35710d002b019a273eeb48f94dcaf2babe5d96
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:57:48 2018 -0500
🎨 Shorten `autoOrientImage` import
commit d07433e3cf316c6a143a0c9393ba26df9e3af17b
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:57:19 2018 -0500
Make `autoOrientImage` module standalone
commit c285bf5e33cdf10e0ef71e72cd6f55aef0df96ef
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:55:44 2018 -0500
Replace `loadImage` with `autoOrientImage`
commit 44318549235af01fd061c25f557c93fd21cebb7a
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:53:23 2018 -0500
Add `autoOrientImage` module
This module exposes `loadImage` with a `Promise` based interface and pre-
populates `orientation: true` option to auto-orient input. Returns data URL
as string.
The module uses a named export as refactoring references of modules with
`default` (`module.exports`) export references can be error-prone.
See: https://basarat.gitbooks.io/typescript/docs/tips/defaultIsBad.html
commit c77063afc6366fe49615052796fe46f9b369de39
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:44:30 2018 -0500
Auto-orient preview images
See: #998
commit 06dba5eb8f662c11af3a9ba8395bb453ab2e5f8d
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:43:23 2018 -0500
TODO: Use native `Canvas::toBlob`
One challenge is that `Canvas::toBlob` is async whereas
`dataURLtoBlob` is sync.
commit b15c304a3125dd023fd90990e6225a7303f3596f
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 16:42:45 2018 -0500
Make `null` check strict
Appeases JSHint. ESLint has a nice `smart` option for `eqeqeq` rule:
https://eslint.org/docs/rules/eqeqeq#smart
commit ea70b92d9b18201758e11fdc25b09afc97b50055
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 15:23:58 2018 -0500
Use `Canvas::toDataURL` to preserve `ImageView` logic
This way, all the other code paths remain untouched in case we want to
remove the auto-orient code once Chrome supports the `image-orientation`
CSS property.
See:
- #998
- https://developer.mozilla.org/en-US/docs/Web/CSS/image-orientation
commit 62fd744f9f27d951573a68d2cdfe7ba2a3784b41
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 14:38:04 2018 -0500
Use CSS to constrain auto-oriented images
commit f4d3392687168c237441b29140c7968b49dbef9e
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 14:35:02 2018 -0500
Replace `ImageView` `el` with auto-oriented `canvas`
See: #998
commit 1602d7f610e4993ad1291f88197f9ead1e25e776
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 14:25:48 2018 -0500
Pass `Blob` to `View` (for `ImageView`)
This allows us to do JPEG auto-orientation based on EXIF metadata.
commit e6a414f2b2a80da1137b839b348a38510efd04bb
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 14:25:12 2018 -0500
🔪 Remove newline
commit 5f0d9570d7862fc428ff89c2ecfd332a744537e5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 11:17:02 2018 -0500
Expose `blueimp-load-image` as `window.loadImage`
commit 1e1c62fe2f6a76dbcf1998dd468c26187c9871dc
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 11:16:46 2018 -0500
Add `blueimp-load-image` npm dependency
commit ad17fa8a68a21ca5ddec336801b8568009bef3d4
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Fri Feb 9 11:14:40 2018 -0500
Remove `blueimp-load-image` Bower dependency
Synchronizes our protocol buffers with `libsignal-service-java` project.
**Changes**
- [x] **BREAKING:** Rename `package` from `textsecure` to `signalservice`.
⚠️~~Workaround: Rename back to `textsecure`.~~
Changed all protobuf `package` names across our project.
- [x] Rename `java_` metadata.
- [x] Move `NullMessage`, `ReceiptMessage`, and `Verified`.
- [x] Rename `Contacts.isComplete` to `Contacts.complete`. Confirmed to be
unreferenced in our project.
- [x] Rename `Settings` to `Configuration` (`textsecure.protobuf.Settings` seems
to be unused)
- [x] Rename `libtextsecure` `MessageReceiver` `settings` event to
`configuration`.
- [x] Rename `ReceiptMessage.timestamps` to `ReceiptMessage.timestamp`.
- [x] Add `AttachmentPointer` `width` and `height`.
- [x] Renamed `IncomingPushMessageSignal.proto` to `SignalService.proto` to
match server.
---
commit 2b6aa19bf9ea5d8f2f4fd9e4102699a9d06a2b45
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 19:41:24 2018 -0500
Rename protobuf `package`: `textsecure` --> `signalservice`
Brings us closer to `libsignal-service-java`.
commit 91612880a5bf2c9ae8a9334877ac24e91102b905
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 19:19:35 2018 -0500
Rename `SyncMessage.Settings` to `SyncMessage.Configuration`
commit 848eb9559928c54dffd3426bba8e7cd7b1687cdc
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 20:16:43 2018 -0500
Rename `ReadReceipt` `timestamps` --> `timestamp`
commit 39859e64b41ddf41127b52d963fe7cc2b9fcad68
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Wed Feb 14 18:43:42 2018 -0500
Rename `IncomingPushMessageSignal.proto` to `SignalService.proto`
This matches the `libsignal-service-java` filename.
commit fd4bfd76af57ffa44178caf21d350cca211dc048
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 16:24:36 2018 -0500
Revert protobuf `package` to `textsecure`
This was a breaking change and would need to be introduced with additional
changes.
commit 9f618fa91717a0349f1ea28bf6d365ef0a5c9ca5
Author: Daniel Gasienica <daniel@gasienica.ch>
Date: Tue Feb 13 16:09:55 2018 -0500
Sync service protocol buffers with Java project
Snapshot: 4684a49b2e/protobuf/SignalService.proto
* Re-enable libtextsecure unit tests, get passing, run in CI
* Save prekeys optimistically, track confirmed, new clean behavior
* Eliminate potential conflicts when rotating on startup
* Remove last symlink: get libtextsecure tests running on windows
* Log when we get a blocked numbers sync message
* Save three old signed keys in addition to the current active
* Remove the mystery from all the error-related log messages
* Log successful load of signed key - to help debug prekey errors
* removeSignedPreKey: Don't hang or crash in error cases
* Log on top-level unhandled promise rejection
* Remove trailing comma in param list, Electron 1.6 does not like
* Harden top-level error handler for strange object shapes
* Retry failed signed key rotation; start rotation when registered (#1772)
* rotateSignedPrekeys: Fix 'res is not defined' error
* If the server rejects key rotation, don't retry immediately
* Force a signed key rotation on launch of any new version
* Script for beta config; unique data dir, in-app env/type display
To release a beta build, increment the version and add -beta-N to the
end, then go through all the standard release activities.
The prepare-build npm script then updates key bits of the package.json
to ensure that the beta build can be installed alongside a production
build. This includes a new name ('Signal Beta') and a different location
for application data.
Note: Beta builds can be installed alongside production builds.
As part of this, a couple new bits of data are shown across the app:
- Environment (development or test, not shown if production)
- App Instance (disabled in production; used for multiple accounts)
These are shown in:
- The window title - both environment and app instance. You can tell
beta builds because the app name, preceding these data bits, is
different.
- The about window - both environment and app instance. You can tell
beta builds from the version number.
- The header added to the debug log - just environment. The version
number will tell us if it's a beta build, and app instance isn't
helpful.
* Turn on single-window mode in non-production modes
Because it's really frightening when you see 'unable to read from db'
errors in the console.
* aply.sh: More instructions for initial setup and testing
* Gruntfile: Get consistent with use of package.json datas
* Linux: manually update desktop keys, since macros not available
* Online/offline: Always stop timer, don't connect if closed
* Sockets: Send our own close event faster, shutdown only on close
Seems that we were too-aggressively disconnecting from all socket
events. Also, we should be able to send our own close event a lot
faster with no ill effects.
* Catch-up libtextsecure changes
* Wait to manually disconnect after receiving 'offline' event
We've received Linux logs indicating that we can get offline/online
blips - only 30ms between the two events. The app was never realy
offline. So this change slows the whole disconnect process down.
* Handle offline startup: register for online event, don't connect
* Ensure that our preload.js setImmediate call finds right function
FREEBIE
* Our own socket close event, better logging, unregistration
FREEBIE
* Return CLOSED for NetworkStatusView if we've fully disconnected
* background.js: Remove messageReceiver = null, log in connect()
A null messageReciever makes the NetworkStatusView think we're online.
FREEBIE
* Refactor delivery receipt event handler
* Rename the delivery receipt event
For less ambiguity with read receipts.
* Rename synced read event
For less ambiguity with read receipts from other Signal users.
* Add support for incoming receipt messages
Handle ReceiptMessages, which may include encrypted delivery receipts or read
receipts from recipients of our sent messages.
// FREEBIE
* Rename ReadReceipts to ReadSyncs
* Render read messages with blue double checks
* Send read receipts to senders of incoming messages
// FREEBIE
* Move ReadSyncs to their own file
// FREEBIE
* Fixup old comments on read receipts (now read syncs)
And some variable renaming for extra clarity.
// FREEBIE
* Add global setting for read receipts
Don't send read receipt messages unless the setting is enabled.
Don't process read receipts if the setting is disabled.
// FREEBIE
* Sync read receipt setting from mobile
Toggling this setting on your mobile device should sync it to Desktop. When
linking, use the setting in the provisioning message.
// FREEBIE
* Send receipt messages silently
Avoid generating phantom messages on ios
// FREEBIE
* Save recipients on the outgoing message models
For accurate tracking and display of sent/delivered/read state, even if group
membership changes later.
// FREEBIE
* Fix conversation type in profile key update handling
// FREEBIE
* Set recipients on synced sent messages
* Render saved recipients in message detail if available
For older messages, where we did not save the intended set of recipients at the
time of sending, fall back to the current group membership.
// FREEBIE
* Record who has been successfully sent to
// FREEBIE
* Record who a message has been delivered to
* Invert the not-clickable class
* Fix readReceipt setting sync when linking
* Render per recipient sent/delivered/read status
In the message detail view for outgoing messages, render each recipient's
individual sent/delivered/read status with respect to this message, as long as
there are no errors associated with the recipient (ie, safety number changes,
user not registered, etc...) since the error icon is displayed in that case.
*Messages sent before this change may not have per-recipient status lists
and will simply show no status icon.
// FREEBIE
* Add configuration sync request
Send these requests in a one-off fashion when:
1. We have just setup from a chrome app import
2. We have just upgraded to read-receipt support
// FREEBIE
* Expose sendRequestConfigurationSyncMessage
// FREEBIE
* Fix handling of incoming delivery receipts - union with array
FREEBIE
This prevents the parade of notifications if a machine wakes up from
sleep. Basically covers situations that the loading screen doesn't
already.
When disabled, notifications will be cached until they are subsequently
re-enabled, at which time all the pending notifications will be summarized.
From the background page, notifications are disabled during connection attempts
until an empty event. This means we can always safely call conversation.notify
to queue a notification for the next batch, dropping some options from message
and conversation model methods.
We've also moved the calls to check window focus and draw attention to the
window, which were previously included in the conversation model, but are now
performed by the Notification system, because the time that the notification is
displayed might be some time after the message is added by the conversation, so
decisions about focus and attention should be made in that moment and not
before.
// FREEBIE
* Disconnect from socket faster on complete loss of network access
Today we wait for a keepalive request to fail; this change forces
disconnect in the case that the browser tells us that we're now offline.
FREEBIE
* MessageReceiver: don't react to errors after explicit close()
FREEBIE
* Add AES-GCM encryption for profiles
With tests.
* Add profileKey to DataMessage protobuf
// FREEBIE
* Decrypt and save profile names
// FREEBIE
* Save incoming profile keys
* Move pad/unpad to crypto module
// FREEBIE
* Support fetching avatars from the cdn
// FREEBIE
* Translate failed authentication errors
When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.
// FREEBIE
* Handle profile avatars (wip) and log decrypt errors
// FREEBIE
* Display profile avatars
Synced contact avatars will still override profile avatars.
* Display profile names in convo list
Only if we don't have a synced contact name.
// FREEBIE
* Make cdn url an environment config
Use different ones for staging and production
// FREEBIE
* Display profile name in conversation header
* Display profile name in group messages
* Update conversation header if profile avatar changes
// FREEBIE
* Style profile names small with ~
* Save profileKeys from contact sync messages
// FREEBIE
* Save profile keys from provisioning messages
For standalone accounts, generate a random profile key.
// FREEBIE
* Special case for one-time sync of our profile key
Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.
// FREEBIE
* Infer profile sharing from synced data messages
* Populate profile keys on outgoing messages
Requires that `profileSharing` be set on the conversation.
// FREEBIE
* Support for the profile key update flag
When receiving a message with this flag, don't init a message record, just
process the profile key and move on.
// FREEBIE
* Display profile names in group member list
* Refresh contact's profile on profile key changes
// FREEBIE
* Catch errors on profile save
// FREEBIE
* Save our own synced contact info
Don't return early if we get a contact sync for our own number
// FREEBIE
* main.js: check for truthiness of mainwindow, not === null
FREEBIE
* background.js: Connect to websocket even if we are unlinked
We know registration isn't done, but it has been done before. So instead
of sitting tight, we connect to the socket to start everything up and
attempt to the websocket once more.
FREEBIE
* Add certificate pinning on https service requests
Make https requests to the server using node apis instead of browser apis, so we
can specify our own CA list, which contains only our own CA.
This protects us from MITM by a rogue CA.
As a bonus, this let's us drop the use of non-standard ports and just use good
ol' default 443 all the time, at least for http requests.
// FREEBIE
* Make certificateAuthorities an option on requests
Modify node-based xhr implementation based on driverdan/node-XMLHttpRequest,
adding support for setting certificate authorities on each request.
This allows us to pin our master CA for requests to the server and cdn but not
to the s3 attachment server, for instance. Also fix an exception when sending
binary data in a request: it is submitted as an array buffer, and must be
converted to a node Buffer since we are now using a node based request api.
// FREEBIE
* Import node-based xhr implementation
Add a copy of https://github.com/driverdan/node-XMLHttpRequest@86ff70e, and
expose it to the renderer in the preload script.
In later commits this module will be extended to support custom certificate
authorities.
// FREEBIE
* Support "arraybuffer" responseType on requests
When fetching attachments, we want the result as binary data rather than a utf8
string. This lets our node-based XMLHttpRequest honor the responseType property
if it is set on the xhr.
Note that naively using the raw `.buffer` from a node Buffer won't work, since
it is a reuseable backing buffer that is often much larger than the actual
content defined by the Buffer's offset and length.
Instead, we'll prepare a return buffer based on the response's content length
header, and incrementally write chunks of data into it as they arrive.
// FREEBIE
* Switch to self-signed server endpoint
* Log more error info on failed requests
With the node-based xhr, relevant error info are stored in statusText and
responseText when a request fails.
// FREEBIE
* Add node-based websocket w/ support for custom CA
// FREEBIE
* Support handling array buffers instead of blobs
Our node-based websocket calls onmessage with an arraybuffer instead of a blob.
For robustness (on the off chance we switch or update the socket implementation
agian) I've kept the machinery for converting blobs to array buffers.
// FREEBIE
* Destroy all wacky server ports
// FREEBIE
Just send an event from the main process to the renderer,
The latter routes it the appropriate view method.
For now it's a no-op unless the main window exists and it is showing the inbox,
which will be addressed in a future commit.
// FREEBIE
Since we no longer have support for list-style notifications, stop
coalescing notifications into batches and just show contents of the last
message received. Also open the window when clicking on a notification
if it has previously been closed.
// FREEBIE
All Whisper.events listeners are now defined and bound in background.js,
and we no longer need global methods for opening the inbox and
conversation views, as those are handled by AppView or internally by
InboxView.
// FREEBIE
Traditionally, NODE_ENV refers to an environment variable. For clarity,
let's keep it that way and don't reuse it in the renderer. Also, add a
note about explicitly overriding env vars for node-config.
// FREEBIE
Introduce a top level view for navigating between the inbox and the
installer, enabling an in-window relink flow. Navigation is driven
through the openInbox and openInstaller global events.
// FREEBIE
Add environment-specific configs under `./config` and integrate with the
build system. Also changes package.json `files` from blacklist to
whitelist.
// FREEBIE
Set NODE_ENV at run time or build time to switch the app between dev and
production modes.
At build time, the current NODE_ENV will be included in the packaged
app's package.json file. At runtime we read NODE_ENV from package.json,
but also allow the local environment variable to override. A query
string parsed by a preload script exposes the value to the renderer,
which then determines whether we use the staging or production server.
Additionally, different environments have different user data
directories.
// FREEBIE
* Fetch all conversations on startup of app, not on inbox load
A recent change to fetch conversations less didn't take into account all
that can happen in the app without the inbox loaded. That only happens
when the window is shown, and messages can come in with the app in the
background. In that case, the conversation wouldn't have been loaded
from the database, but would be saved to the database anyway, losing
data.
This change fetches all conversations as soon as the the data store is
ready for a fetch. It also introduces failsafe throws to ensure that
synchronous ConversationController accesses don't happen until the
initial fetch is complete. A new getUnsafe() method was required to
account for some of the model setup that happens during that initial
conversation fetch.
Fixes#1428
FREEBIE
* Fix tests: ConversationController.load() required before get()
FREEBIE
* Fetch conversations once, clean up ConversationController API
Race conditions around re-fetching have caused some problems recently,
so this removes the need to re-fetch conversations. They are fetched
once or saved once, and that is it. All interaction goes through the
ConversationController, which is the central source of truth.
We have two rules for Conversations:
1. If a conversation is in the ConversationController it doesn't need
to be fetched, but its initial fetch/save might be in progress. You
can wait for that fetch/save with conversation.initialPromise.
2. If a conversation is not already in the ConversationController, it's
not yet in the database. It needs to be added to the
ConversationController and saved to the database.
FREEBIE
* Remove Conversation.fetch() call in Message.handleDataMessage()
FREEBIE
* ConversationController.API cleanup: Fix two missing spots
FREEBIE
When processing a contact sync with embedded identity key verification info, we
were running overlapping async fetch/save operations on the same conversation
model, causing a race that tends to clobber updates to the contact info.
In this change we extend the application-level contact info handler to block on
a subsequent call to the verification handler, which effectively serializes the
fetch/save calls, and relieves the need for the message receiver to trigger a
seperate event concerning the verification info on contact sync messages.
Fixes#1408
// FREEBIE
* Add support for backup and restore
This first pass works for all stores except messages, pending some scaling
improvements.
// FREEBIE
* Import of messages and attachments
Properly sanitize filenames. Logging information that will help with
debugging but won't threaten privacy (no contact or group names),
where the on-disk directories have this information to make things
human-readable
FREEBIE
* First fully operational single-action export and import!
FREEBIE
* Add migration export flow
A banner alert leads to a blocking ui for the migration. We close the socket and
wait for incoming messages to drain before starting the export.
FREEBIE
* A number of updates for the export flow
1. We don't immediately pop the directory selection dialog box, instead
showing an explicit 'choose directory' button after explaining what is
about to happen
2. We show a 'submit debug log' button on most steps of the process
3. We handle export errors and encourage the user to double-check their
filesystem then submit their log
4. We are resilient to restarts during the process
5. We handle the user cancelling out of the directory selection dialog
differently from other errors.
6. The export process is now serialized: non-messages, then messages.
7. After successful export, show where the data is on disk
FREEBUE
* Put migration behind a flag
FREEBIE
* Shut down websocket before proceeding with export
FREEBIE
* Add MigrationView to test/index.html to fix test
FREEBIE
* Remove 'Submit Debug Log' button when the export process is complete
FREEBIE
* Create a 'Signal Export' directory below user-chosen dir
This cleans things up a bit so we don't litter the user's target
directory with lots of stuff.
FREEBIE
* Clarify MessageReceiver.drain() method comments
FREEBIE
* A couple updates for clarity - event names, else handling
Also the removal of wait(), which wasn't used anywhere.
FREEBIE
* A number of wording updates for the export flow
FREEBIE
* Export complete: put dir on its own line, make text selectable
FREEBIE
There's really no reason to retry encryption errors again if they've
already been made user-visible in a conversation.
Also, refactor e->error in background.js onError(), since both e and ev
in this method made it too easy to make a mistake.
Not sure exactly how to think about Chrome app lifetimes, so we're
being conservative. We only show the full-application loading screen
once, on first display of the inbox.
FREEBIE
These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.
// FREEBIE
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.
// FREEBIE
Bind a single listener to keychange events from the storage interface,
which then looks up relevant conversations and adds notices to them,
with tests.
Previously we would need to instantiate a conversation model in order to
start listening to its key change events. In practice this usually
happens at startup but we shouldn't rely on it, and it incurs higher
overhead since it creates a different listener for each conversation.
// FREEBIE
Let install view manage the connection to the provisioning socket as
well as cleaning up the window on completion, simplifying options.js.
Call `remove` so that the view stops listening when the window closes.
Move view script and template to background page.
Adds ability to hide nav if this isn't our first run.
// FREEBIE
Listen for reconnectTimer to display reconnection info. Listen for
unauthorized to update network status immediately after a failed login,
rather than waiting for the normal 5s interval to time out.
// FREEBIE
Now that the InboxView is initialized in the background page context, we
can manipulate it more directly, without going through a global function
on the foreground window.
// FREEBIE
Don't wait for background init before rendering inbox.
If the client detects that it has become unlinked, it will not call
`init()`, never fire the deferredInit, and never render the inbox,
but we want to allow users access to their local messages even if they
have (perhaps temporarily) unlinked the desktop client.
Also, prefer not to extend Backbone.Model until/unless we really need
it.
// FREEBIE
There may come a day when we may need to change this url from the server
side. On that day, clients should continue to operate normally. The
service should be able to change attachment server locations without
requiring a client update.
// FREEBIE
Rotate signed prekey every 48hrs, waiting for online access if
necessary. After a rotation attempt is made, schedule the next run for
48hrs in the future.
We use a timeout to "wake up" and handle the rotation. This timeout gets
set on startup and whenever the next rotation time is changed. For
paranoia's sake, always clear the current timeout before setting the
next one.
Since new registrations necessarily upload new signed keys, we reset the
scheduled time to T+48hrs on `registration_done` events.
// FREEBIE
Turns out there's no garauntee that Android will send us contact info
with phone numbers in e164 format. When that happens, we fail to update
the correct contact. Fix by performing validation on the incoming number
before attempting to merge changes to the name, avatar, or color.
Fixes#903
When initialized, or when expiration-related attributes change, expiring
messages will set timers to self-destruct. On self-destruct they trigger
'expired' events so that frontend listeners can clean up any collections
and views referencing them.
At startup, load all messages pending expiration so they can start their
timers even if they haven't been loaded in the frontend yet.
Todo: Remove expired conversation snippets from the left pane.
Add a section under settings for performing a contact sync from your
mobile device. This just re-runs the same import operation that occurs
at install/link time.
// FREEBIE
In the case of a double send (same message encrypted and sent twice due
to key conflict bug), we would mark the first instance read twice rather
than marking both instances read. Fix by searching for matching messages
that have not yet been marked read.
// FREEBIE
Occasionally these will fail if they happen to be executed before the
necessary dependencies (storage, ConversationCollection) are declared.
// FREEBIE
Similar in function to an xhr request, a textsecure.SyncRequest object
is initialized from a message sender and receiver pair and initiates a
request for sync from the master device. It later fires a success event
when both contacts and groups are done syncing, or a timeout event after
one minute.
// FREEBIE
Clear the registration flag when we detect that our credentials have
been invalidated, but retain the knowledge that we've been registered
before, so as to preserve post-first-install behaviors like skipping the
introductory install screens, and accessing the main ui.
Fix#541
// FREEBIE
This chrome alarm business is in place to help us wake up and check for
messages when running in the background. Without it, chrome will suspend
our app after a short period of inactivity. Upon waking, if the app
discovers it is not linked, it prompts you to link it. However, if
you've declined registration (i.e., because you already maxed out your
linked device limit, but chrome auto-added the app to another machine),
we should just wait until explicitly launched again.
Fixes#519
// FREEBIE
Previously, when processing a backlog of sync messages and their
delivery receipts, we would fail to mark some messages as delivered even
though we got a receipt. This was due to an async race condition between
saving a sync message and fetching it after the receipt arrives.
Fix by re-ordering idb requests such that we save the message first and
fetch it after.
Fixes#479
// FREEBIE
Previous commit removed notification models from the global collection
but did not actually update the existing notification.
This commit refactors the notification interface to allow us to update
it without re-surfacing the notifcation onscreen.
// FREEBIE
The window title now shows the global number of unread messages as
"Signal (1)". This way the user can see the number of unread messages
in the task bar and when alt-tabbing.
Resolves: #384
Fixed the global counting of unread messages. This makes the "unreadCount"
variable in storage to stay in sync with the sum of unread messages in each
conversation. To achieve this, the controller_view updates the global
variable whenever messages are received or read.
Create a cleaner seperation between generating notifications
and updating frontend conversation views. The former is now
handled by `conversation.notify` while the latter is achieved
by triggering an event on the conversation model, which will
only be acted on if there are any views listening for it.
Additionally, instead of re-fetching the entire message history,
which is overkill, just add or update the new/modified message.
This will help speed up the newmessage event handler and also
help avoid unnecessary re-rendering when resolving key conflicts.
// FREEBIE
In rare cases, a race between delivery receipts and outgoing message
requests can cause the sent flag to be reversed. Fix by marking messages
sent at the same time they are marked delivered.
// FREEBIE
textsecure.MessageSender takes server url and credentials and returns
a message sending interface configured for that server.
Used a wrapper function to insert a TextSecureServer instance into
sendmessage.js code at runtime. This will result in function duplication
between different MessageSender objects, pending further refactoring to
use prototypal inheritence.
// FREEBIE
Following the pattern from previous commit, let the server class accept
a url and login credentials from the caller. Then integrate into
MessageReceiver and AccountManager.
// FREEBIE
Rather than asking for a global target, the message receiver implements
the EventTarget interface itself. It does not expose the dispatchEvent
method, however. This ensures that events can only be triggered from
within the internal MessageReceiver class, which means we no longer need
to namespace them.
// FREEBIE
Let the libtextsecure consumer pass in their own server url, username,
password, and signaling key, as with libtextsecure-java.
Also brings reconnect logic up into the MessageReceiver class, which
is the only place it should apply.
Encapsulate the global conversation cache collection against accidental
access, avoiding the data-clobbering bug fixed in previous commit.
Also move some one-off program initialization code from panel controller
to background.js
// FREEBIE
Only fetch them from a frontend view. If the conversation is not open,
we don't need to load the messages, and if we do load them, they will
render before we've done the initial contact info loading (as
implemented in 74e96ce).
Fixes#344
// FREEBIE
The delivery receipt handler should only update messages, so rather than
reloading the conversation and its contacts, only reload the messages.
// FREEBIE
This trigger function uses chrome's runtime message passing api, which
traverses between different windows in our runtime, but we only trigger
the updateInbox event from the backgroud page, so we don't need to use
that api, which requires some extra cpu/memory overhead.
// FREEBIE
We're overriding the default with null often enough that we should
just change the default.
Consequently, no more phantom blank conversations with oneself should
appear after receiving a group update. They were being added to the
inbox because they were incorrectly initialized with an active_at value.
Fixes#281
All the old event listeners and in-memory objects have perished with the
old background page. Also reopen the inbox if it was already open.
Fixes#289
// FREEBIE
Protocol and handling is all analogous to contact sync: Multiple
GroupDetails structs are packed into a single attachment blob and parsed
on our end. We don't display the synced groups in the conversation list
until a new message is sent to one of them.
// FREEBIE
Initializing a message receiver opens the socket and starts listening
right away rather than requiring a separate call to connect. The only
other publicly accessible method is to query the socket status.
// FREEBIE
Update protobuf definitions and refactor message receive and decrypt
codepath to support new protocol, including various flavors of sync
messages (sent messages, contacts, and groups).
Also cleans up background.js and lets libtextsecure internalize
textsecure.processDecrypted and ensure that it is called before handing
DataMessages off to the application.
The Envelope structure now has a generic content field and a
legacyMessage field for backwards compatibility. We'll send outgoing
messages as legacy messages, and sync messages as "content" while
continuing to support both legacy and non-legacy messages on the receive
side until old clients have a chance to transition.
If all the application windows are closed (and not merely hidden), the
background page will go inactive and there's nothing we can do to stop
it. However, we can ask chrome to trigger an alarm once per minute,
which will spin up the background page and check for new messages.
This will effectively keep us alive as long as chrome has open windows
or is running in the background, subject to chrome settings'
Advanced -> System -> Continue running background apps
In a multi device world, it's possible to receive a receipt for a sync
message before the sync message actually arrives. In this case we need
to keep the receipt around and the process it when the message shows up.
Appify tabs, windows, browserAction
Port the extension.windows.focus function to new window api and
generalize its error handling in the case where the requested window
does not exist. An error will be passed to the callback.
Port extension.browserAction and rename it to the more generic
extension.onLaunched.
Use of the id option when opening a window ensures that attempting to
open a duplicate window merely focuses the existing window.
Finally, after registration, close the options window and open the
inbox.
Port extension.remove
Add window.storage to the background page, which loads all data from the
'items' store in indexeddb, caching them in memory for synchronous
access, then override textsecure storage to use that in memory store.
Encapsulate the websocket resources and socket setup process in a
friendly OO class. The MessageReceiver constructor expects an instance
of EventTarget on which to fire message events asynchronously. The
provider of the EventTarget can then add/remove listeners as desired.
This reverts commit 31e7d285e3.
This seemed like a nice feature, but the popup bubble isn't very
conducive to nontrivial user inputs, e.g. file inputs.
Fixes#211
Ensure that both tryAgain functions return promises, allowing the
application to take appropriate action in the result of success or
failure. This lets us remove all dependency from libtextsecure on
app-level constructs like message objects/ids and the `extenion.trigger`
function.
Corresponding frontend changes to follow in another commit.
Rather than opening the inbox in its own window, let it appear as a
browser action popup by default, but allow promotion to its own window
if requested.
Update unreadCounts per-conversation on incoming messages. Render unread
conversations with font-weigh: bold in the inbox view.
To ensure that the inbox and conversation views remain in sync, the
background page now ensures that the same models objects are used for
both views.
Closes#173
Previously, in the event of a failed websocket auth, we would attempt to
reconnect once a second ad infinitum. This changeset ensures that we
only reconnect automatically if the socket closed 'normally' as
indicated by the code on the socket's CloseEvent. Otherwise, show a
'Websocket closed' error on the inbox view.
Ideally we would show a more contextual error (ie, 'Unauthorized'), but
unfortunately the actual server response code is not available to our
code. It can be observed in the console output from the background page,
but programmatically, we only receive the WebSocket CloseEvent codes
listed here:
https://developer.mozilla.org/en-US/docs/Web/API/CloseEvent#Status_codes
The websocket error message is displayed by a normally-hidden but ever
present socket status element. Clicking this element will immediately
refresh the background page, which will try again to open the websocket
connection.
Previously the conversation window would query the background page
for a model id and then fetch the conversation. Instead, we can fetch
the conversation before opening the window, which simplifies the front
end scripts and avoids creating multiple copies of the same model.
Unless the background page fetches the latest details of a conversation
before updating it, it may clobber or nullify some attributes e.g., the
contact's name.
When a new message arrives, if its conversation is not already opened,
the background page opens it. If it is alrady open the window is
focused. Finally, the 'message' event is triggered, resulting in
1. the inbox refetches conversations
2. all conversations fetch new messages
TODO: only send this event to the target window
New private conversations have their type set in onMessageReceived. New
group conversations should be handled the same way as normal group
updates. It was pointed out we should never have to handle a group
message without a preceding group update, as those would be rejected by
textsecure.processDecrypted. An exception would be if you delete the
group from indexedDB but not localStorage, but that's not a mode we
should be supporting.
Also in this change I switched to instantiating a new conversation
object on every call to handlePushMessageContent. Originally, I thought
to use the local conversation list as a cache, but it's a bit simpler to
re-read from the database every time for now. Later on we should revisit
and optimize for fewer read/writes per incoming message.
Just display a sensible default in the frontend if it's unset.
For private conversations this should be the phone number, for
groups, the list of numbers.
Uses app-level timestamps for outgoing messages.
Adds timestamp property to the outgoing jsonData.
Triggers a runtime event to notify frontend on delivery receipts.
Renders delivered messages with a 'delivered' class.
This ended up turning into a rewrite/refactor of the background page.
For best results, view this diff with `-w` to ignore whitespace. In
order to support retrying message decryption, possibly at a much later
time than the message is received, we now implement the following:
Each message is saved before it is decrypted. This generates a unique
message_id which is later used to update the database entry with the
message contents, or with any errors generated during processing.
When an IncomingIdentityKeyError occurs, we catch it and save it on the
model, then update the front end as usual. When the user clicks to
accept the new key, the error is replayed, which causes the message to
be decrypted and then passed to the background page for normal
processing.
After a message is saved asynchronsly, fire an event and pass the
message attributes to frontend listeners via the chrome-runtime API.
This behavior is similar to the 'storage' event fired by localStorage.
Getting up and running with IndexedDB was pretty easy, thanks to
backbone. The tricky part was making reads and writes asynchronous.
In that process I did some refactoring on Whisper.Threads, which
has been renamed Conversations for consistency with the view names.
This change also adds the unlimitedStorage permission.
