SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
857d7d74abb93dfe8ba0daf11d814b83c9da5fda
securebit-chat/src/components/ui/Header.jsx

633 lines
28 KiB
React
Raw Normal View History

First commit - all files added
2025-08-11 20:52:14 -04:00
const EnhancedMinimalHeader = ({
status,
fingerprint,
verificationCode,
onDisconnect,
isConnected,
securityLevel,
sessionManager,
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
sessionTimeLeft,
webrtcManager
First commit - all files added
2025-08-11 20:52:14 -04:00
}) => {
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
const [currentTimeLeft, setCurrentTimeLeft] = React.useState(sessionTimeLeft || 0);
const [hasActiveSession, setHasActiveSession] = React.useState(false);
const [sessionType, setSessionType] = React.useState('unknown');
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
const [realSecurityLevel, setRealSecurityLevel] = React.useState(null);
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
const [lastSecurityUpdate, setLastSecurityUpdate] = React.useState(0);
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
// ============================================
// FIXED SECURITY UPDATE LOGIC
// ============================================
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
React.useEffect(() => {
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
let isUpdating = false;
let lastUpdateAttempt = 0;
const updateRealSecurityStatus = async () => {
const now = Date.now();
if (now - lastUpdateAttempt < 10000) {
return;
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
}
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
if (isUpdating) {
return;
}
isUpdating = true;
lastUpdateAttempt = now;
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
try {
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
if (!webrtcManager || !isConnected) {
return;
}
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
const activeWebrtcManager = webrtcManager;
let realSecurityData = null;
if (typeof activeWebrtcManager.getRealSecurityLevel === 'function') {
realSecurityData = await activeWebrtcManager.getRealSecurityLevel();
} else if (typeof activeWebrtcManager.calculateAndReportSecurityLevel === 'function') {
realSecurityData = await activeWebrtcManager.calculateAndReportSecurityLevel();
} else {
realSecurityData = await window.EnhancedSecureCryptoUtils.calculateSecurityLevel(activeWebrtcManager);
}
if (window.DEBUG_MODE) {
console.log('🔐 REAL security level calculated:', {
level: realSecurityData?.level,
score: realSecurityData?.score,
passedChecks: realSecurityData?.passedChecks,
totalChecks: realSecurityData?.totalChecks,
isRealData: realSecurityData?.isRealData,
sessionType: realSecurityData?.sessionType,
maxPossibleScore: realSecurityData?.maxPossibleScore,
verificationResults: realSecurityData?.verificationResults ? Object.keys(realSecurityData.verificationResults) : []
});
}
if (realSecurityData && realSecurityData.isRealData !== false) {
const currentScore = realSecurityLevel?.score || 0;
const newScore = realSecurityData.score || 0;
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
if (currentScore !== newScore || !realSecurityLevel) {
setRealSecurityLevel(realSecurityData);
setLastSecurityUpdate(now);
if (window.DEBUG_MODE) {
console.log('✅ Security level updated in header component:', {
oldScore: currentScore,
newScore: newScore,
sessionType: realSecurityData.sessionType
});
}
} else if (window.DEBUG_MODE) {
console.log(' Security level unchanged, skipping update');
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
}
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
} else {
console.warn('⚠️ Security calculation returned invalid data');
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
}
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
} catch (error) {
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
console.error('❌ Error in real security calculation:', error);
} finally {
isUpdating = false;
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
}
};
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
if (isConnected) {
updateRealSecurityStatus();
if (!realSecurityLevel || realSecurityLevel.score < 50) {
const retryInterval = setInterval(() => {
if (!realSecurityLevel || realSecurityLevel.score < 50) {
updateRealSecurityStatus();
} else {
clearInterval(retryInterval);
}
}, 5000);
setTimeout(() => clearInterval(retryInterval), 30000);
}
}
const interval = setInterval(updateRealSecurityStatus, 30000);
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
return () => clearInterval(interval);
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
}, [webrtcManager, isConnected, lastSecurityUpdate, realSecurityLevel]);
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
// ============================================
// FIXED EVENT HANDLERS
// ============================================
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
React.useEffect(() => {
const handleSecurityUpdate = (event) => {
if (window.DEBUG_MODE) {
console.log('🔒 Security level update event received:', event.detail);
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
}
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
setTimeout(() => {
setLastSecurityUpdate(0);
}, 100);
};
const handleRealSecurityCalculated = (event) => {
if (window.DEBUG_MODE) {
console.log('🔐 Real security calculated event:', event.detail);
}
if (event.detail && event.detail.securityData) {
setRealSecurityLevel(event.detail.securityData);
setLastSecurityUpdate(Date.now());
}
};
document.addEventListener('security-level-updated', handleSecurityUpdate);
document.addEventListener('real-security-calculated', handleRealSecurityCalculated);
window.forceHeaderSecurityUpdate = (webrtcManager) => {
if (window.DEBUG_MODE) {
console.log('🔄 Force header security update called');
}
if (webrtcManager && window.EnhancedSecureCryptoUtils) {
window.EnhancedSecureCryptoUtils.calculateSecurityLevel(webrtcManager)
.then(securityData => {
if (securityData && securityData.isRealData !== false) {
setRealSecurityLevel(securityData);
setLastSecurityUpdate(Date.now());
console.log('✅ Header security level force-updated');
}
})
.catch(error => {
console.error('❌ Force update failed:', error);
});
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
} else {
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
setLastSecurityUpdate(0);
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
}
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
};
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
return () => {
document.removeEventListener('security-level-updated', handleSecurityUpdate);
document.removeEventListener('real-security-calculated', handleRealSecurityCalculated);
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
};
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
}, []);
// ============================================
// REST of the component logic
// ============================================
React.useEffect(() => {
const updateSessionInfo = () => {
if (sessionManager) {
const isActive = sessionManager.hasActiveSession();
const timeLeft = sessionManager.getTimeLeft();
const currentSession = sessionManager.currentSession;
setHasActiveSession(isActive);
setCurrentTimeLeft(timeLeft);
setSessionType(currentSession?.type || 'unknown');
}
};
updateSessionInfo();
const interval = setInterval(updateSessionInfo, 1000);
return () => clearInterval(interval);
}, [sessionManager]);
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
React.useEffect(() => {
if (sessionManager?.hasActiveSession()) {
setCurrentTimeLeft(sessionManager.getTimeLeft());
setHasActiveSession(true);
} else {
setHasActiveSession(false);
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
setRealSecurityLevel(null);
setLastSecurityUpdate(0);
setSessionType('unknown');
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
}
}, [sessionManager, sessionTimeLeft]);
React.useEffect(() => {
const handleForceUpdate = (event) => {
if (sessionManager) {
const isActive = sessionManager.hasActiveSession();
const timeLeft = sessionManager.getTimeLeft();
const currentSession = sessionManager.currentSession;
setHasActiveSession(isActive);
setCurrentTimeLeft(timeLeft);
setSessionType(currentSession?.type || 'unknown');
}
};
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
// Connection cleanup handler (use existing event from module)
const handleConnectionCleaned = () => {
if (window.DEBUG_MODE) {
console.log('🧹 Connection cleaned - clearing security data in header');
}
setRealSecurityLevel(null);
setLastSecurityUpdate(0);
setHasActiveSession(false);
setCurrentTimeLeft(0);
setSessionType('unknown');
};
const handlePeerDisconnect = () => {
if (window.DEBUG_MODE) {
console.log('👋 Peer disconnect detected - clearing security data in header');
}
setRealSecurityLevel(null);
setLastSecurityUpdate(0);
};
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
document.addEventListener('force-header-update', handleForceUpdate);
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
document.addEventListener('peer-disconnect', handlePeerDisconnect);
document.addEventListener('connection-cleaned', handleConnectionCleaned);
return () => {
document.removeEventListener('force-header-update', handleForceUpdate);
document.removeEventListener('peer-disconnect', handlePeerDisconnect);
document.removeEventListener('connection-cleaned', handleConnectionCleaned);
};
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
}, [sessionManager]);
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
// ============================================
// SECURITY INDICATOR CLICK HANDLER
// ============================================
const handleSecurityClick = () => {
if (!realSecurityLevel) {
alert('Security verification in progress...\nPlease wait for real-time cryptographic verification to complete.');
return;
}
// Detailed information about the REAL security check
let message = `🔒 REAL-TIME SECURITY VERIFICATION\n\n`;
message += `Security Level: ${realSecurityLevel.level} (${realSecurityLevel.score}%)\n`;
message += `Session Type: ${realSecurityLevel.sessionType || 'demo'}\n`;
message += `Verification Time: ${new Date(realSecurityLevel.timestamp).toLocaleTimeString()}\n`;
message += `Data Source: ${realSecurityLevel.isRealData ? 'Real Cryptographic Tests' : 'Simulated Data'}\n\n`;
if (realSecurityLevel.verificationResults) {
message += 'DETAILED CRYPTOGRAPHIC TESTS:\n';
message += '=' + '='.repeat(40) + '\n';
const passedTests = Object.entries(realSecurityLevel.verificationResults).filter(([key, result]) => result.passed);
const failedTests = Object.entries(realSecurityLevel.verificationResults).filter(([key, result]) => !result.passed);
if (passedTests.length > 0) {
message += '✅ PASSED TESTS:\n';
passedTests.forEach(([key, result]) => {
const testName = key.replace(/([A-Z])/g, ' $1').replace(/^./, str => str.toUpperCase());
message += ` ${testName}: ${result.details}\n`;
});
message += '\n';
}
if (failedTests.length > 0) {
message += '❌ UNAVAILABLE/Failed TESTS:\n';
failedTests.forEach(([key, result]) => {
const testName = key.replace(/([A-Z])/g, ' $1').replace(/^./, str => str.toUpperCase());
message += ` ${testName}: ${result.details}\n`;
});
message += '\n';
}
message += `SUMMARY:\n`;
message += `Passed: ${realSecurityLevel.passedChecks}/${realSecurityLevel.totalChecks} tests\n`;
}
// Add information about what is available in other sessions
message += `\n📋 WHAT'S AVAILABLE IN OTHER SESSIONS:\n`;
message += '=' + '='.repeat(40) + '\n';
if (realSecurityLevel.sessionType === 'demo') {
message += `🔒 BASIC SESSION (5,000 sat - $2.00):\n`;
message += ` • ECDSA Digital Signatures\n`;
message += ` • Metadata Protection\n`;
message += ` • Perfect Forward Secrecy\n`;
message += ` • Nested Encryption\n`;
message += ` • Packet Padding\n\n`;
message += `🚀 PREMIUM SESSION (20,000 sat - $8.00):\n`;
message += ` • All Basic + Enhanced features\n`;
message += ` • Traffic Obfuscation\n`;
message += ` • Fake Traffic Generation\n`;
message += ` • Decoy Channels\n`;
message += ` • Anti-Fingerprinting\n`;
message += ` • Message Chunking\n`;
message += ` • Advanced Replay Protection\n`;
} else if (realSecurityLevel.sessionType === 'basic') {
message += `🚀 PREMIUM SESSION (20,000 sat - $8.00):\n`;
message += ` • Traffic Obfuscation\n`;
message += ` • Fake Traffic Generation\n`;
message += ` • Decoy Channels\n`;
message += ` • Anti-Fingerprinting\n`;
message += ` • Message Chunking\n`;
message += ` • Advanced Replay Protection\n`;
}
message += `\n${realSecurityLevel.details || 'Real cryptographic verification completed'}`;
if (realSecurityLevel.isRealData) {
message += '\n\n✅ This is REAL-TIME verification using actual cryptographic functions.';
} else {
message += '\n\n⚠ Warning: This data may be simulated. Connection may not be fully established.';
}
alert(message);
};
// ============================================
// DISPLAY UTILITIES
// ============================================
First commit - all files added
2025-08-11 20:52:14 -04:00
const getStatusConfig = () => {
switch (status) {
case 'connected':
return {
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
text: 'Connected',
className: 'status-connected',
badgeClass: 'bg-green-500/10 text-green-400 border-green-500/20'
};
First commit - all files added
2025-08-11 20:52:14 -04:00
case 'verifying':
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Verifying...',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-verifying',
badgeClass: 'bg-purple-500/10 text-purple-400 border-purple-500/20'
};
case 'connecting':
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Connecting...',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-connecting',
badgeClass: 'bg-blue-500/10 text-blue-400 border-blue-500/20'
};
case 'retrying':
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Retrying...',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-connecting',
badgeClass: 'bg-yellow-500/10 text-yellow-400 border-yellow-500/20'
};
case 'failed':
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Error',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-failed',
badgeClass: 'bg-red-500/10 text-red-400 border-red-500/20'
};
case 'reconnecting':
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Reconnecting...',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-connecting',
badgeClass: 'bg-yellow-500/10 text-yellow-400 border-yellow-500/20'
};
case 'peer_disconnected':
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Peer disconnected',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-failed',
badgeClass: 'bg-orange-500/10 text-orange-400 border-orange-500/20'
};
default:
return {
Updated all text to English
2025-08-12 14:02:20 -04:00
text: 'Not connected',
First commit - all files added
2025-08-11 20:52:14 -04:00
className: 'status-disconnected',
badgeClass: 'bg-gray-500/10 text-gray-400 border-gray-500/20'
};
}
};
const config = getStatusConfig();
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
const displaySecurityLevel = realSecurityLevel || securityLevel;
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
const shouldShowTimer = hasActiveSession && currentTimeLeft > 0 && window.SessionTimer;
// ============================================
// DATA RELIABILITY INDICATOR
// ============================================
const getSecurityIndicatorDetails = () => {
if (!displaySecurityLevel) {
return {
tooltip: 'Security verification in progress...',
isVerified: false,
dataSource: 'loading'
};
}
const isRealData = displaySecurityLevel.isRealData !== false;
const baseTooltip = `${displaySecurityLevel.level} (${displaySecurityLevel.score}%)`;
if (isRealData) {
return {
tooltip: `${baseTooltip} - Real-time verification ✅`,
isVerified: true,
dataSource: 'real'
};
} else {
return {
tooltip: `${baseTooltip} - Estimated (connection establishing...)`,
isVerified: false,
dataSource: 'estimated'
};
}
};
const securityDetails = getSecurityIndicatorDetails();
// ============================================
// ADDING global methods for debugging
// ============================================
React.useEffect(() => {
window.debugHeaderSecurity = () => {
console.log('🔍 Header Security Debug:', {
realSecurityLevel,
lastSecurityUpdate,
isConnected,
webrtcManagerProp: !!webrtcManager,
windowWebrtcManager: !!window.webrtcManager,
cryptoUtils: !!window.EnhancedSecureCryptoUtils,
displaySecurityLevel: displaySecurityLevel,
securityDetails: securityDetails
});
};
return () => {
delete window.debugHeaderSecurity;
};
}, [realSecurityLevel, lastSecurityUpdate, isConnected, webrtcManager, displaySecurityLevel, securityDetails]);
// ============================================
// RENDER
// ============================================
First commit - all files added
2025-08-11 20:52:14 -04:00
return React.createElement('header', {
className: 'header-minimal sticky top-0 z-50'
}, [
React.createElement('div', {
key: 'container',
className: 'max-w-7xl mx-auto px-4 sm:px-6 lg:px-8'
}, [
React.createElement('div', {
key: 'content',
className: 'flex items-center justify-between h-16'
}, [
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
// Logo and Title
First commit - all files added
2025-08-11 20:52:14 -04:00
React.createElement('div', {
key: 'logo-section',
className: 'flex items-center space-x-2 sm:space-x-3'
}, [
React.createElement('div', {
key: 'logo',
className: 'icon-container w-8 h-8 sm:w-10 sm:h-10'
}, [
React.createElement('i', {
className: 'fas fa-shield-halved accent-orange text-sm sm:text-base'
})
]),
React.createElement('div', {
key: 'title-section'
}, [
React.createElement('h1', {
key: 'title',
className: 'text-lg sm:text-xl font-semibold text-primary'
feat: rebrand to SecureBit.chat due to name conflict BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat - Changed project name to avoid confusion with LockBit ransomware group - Updated all documentation, branding, and references - Maintained all existing functionality and security features - Domain migration planned to securebit.chat Reason: The LockBit name became associated with a notorious ransomware group, causing conflicts on platforms and potential confusion for users. SecureBit better reflects our mission of providing secure P2P messaging while avoiding negative associations. This change affects: - README.md and all documentation - Package.json name field - Brand assets and logos - Website references - Social media handles Core functionality remains unchanged: ✅ 12-layer military-grade security ✅ Lightning Network integration ✅ P2P WebRTC architecture ✅ Open source MIT license
2025-08-14 15:54:11 -04:00
}, 'SecureBit.chat'),
First commit - all files added
2025-08-11 20:52:14 -04:00
React.createElement('p', {
key: 'subtitle',
className: 'text-xs sm:text-sm text-muted hidden sm:block'
feat: Add comprehensive PWA support with offline functionality - Add manifest.json with full PWA configuration - Support for installation on all platforms (iOS, Android, Desktop) - Custom app icons (72x72 to 512x512) with maskable support - App shortcuts for quick actions (Create/Join Channel) - Protocol handlers for web+securebit:// links - Share target integration - Implement enhanced Service Worker (v4.0) - Smart caching strategies (cache-first, network-first, stale-while-revalidate) - Security-aware caching (excludes sensitive endpoints) - Background sync for failed requests - Offline fallbacks with custom error handling - Response cloning fixes and CORS handling - Add PWA Install Prompt Manager - Cross-platform install detection and prompts - iOS Safari specific installation guide - Smart dismissal logic with retry mechanisms - Install success notifications and user guidance - Persistent install preferences with localStorage - Implement comprehensive Offline Manager - IndexedDB for offline data persistence - Automatic message queuing and sync when online - Session state recovery after connection loss - WebRTC reconnection handling - Real-time connection status indicators - Offline guidance and help system - Add offline-first features - Message queue with priority and retry logic - Session data preservation during disconnection - Application state recovery - Background sync registration - Periodic cleanup of old offline data - Enhanced user experience - Connection status notifications - Offline mode guidance and help - Automatic sync notifications - Reconnection progress indicators - Platform-specific installation instructions This implementation ensures SecureBit.chat works seamlessly offline while maintaining security and providing a native app-like experience across all platforms.
2025-08-17 16:04:45 -04:00
}, 'End-to-end freedom. v4.01.212')
First commit - all files added
2025-08-11 20:52:14 -04:00
])
]),
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
// Status and Controls - Responsive
First commit - all files added
2025-08-11 20:52:14 -04:00
React.createElement('div', {
key: 'status-section',
className: 'flex items-center space-x-2 sm:space-x-3'
}, [
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
// Session Timer
shouldShowTimer && React.createElement(window.SessionTimer, {
key: 'session-timer',
timeLeft: currentTimeLeft,
sessionType: sessionType,
sessionManager: sessionManager
}),
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel && React.createElement('div', {
First commit - all files added
2025-08-11 20:52:14 -04:00
key: 'security-level',
className: 'hidden md:flex items-center space-x-2 cursor-pointer hover:opacity-80 transition-opacity duration-200',
onClick: handleSecurityClick,
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
title: securityDetails.tooltip
First commit - all files added
2025-08-11 20:52:14 -04:00
}, [
React.createElement('div', {
key: 'security-icon',
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
className: `w-6 h-6 rounded-full flex items-center justify-center relative ${
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'green' ? 'bg-green-500/20' :
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
displaySecurityLevel.color === 'orange' ? 'bg-orange-500/20' :
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'yellow' ? 'bg-yellow-500/20' : 'bg-red-500/20'
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
} ${securityDetails.isVerified ? '' : 'animate-pulse'}`
First commit - all files added
2025-08-11 20:52:14 -04:00
}, [
React.createElement('i', {
className: `fas fa-shield-alt text-xs ${
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'green' ? 'text-green-400' :
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
displaySecurityLevel.color === 'orange' ? 'text-orange-400' :
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'yellow' ? 'text-yellow-400' : 'text-red-400'
First commit - all files added
2025-08-11 20:52:14 -04:00
}`
})
]),
React.createElement('div', {
key: 'security-info',
className: 'flex flex-col'
}, [
React.createElement('div', {
key: 'security-level-text',
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
className: 'text-xs font-medium text-primary flex items-center space-x-1'
}, [
React.createElement('span', {}, `${displaySecurityLevel.level} (${displaySecurityLevel.score}%)`)
]),
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
React.createElement('div', {
First commit - all files added
2025-08-11 20:52:14 -04:00
key: 'security-details',
className: 'text-xs text-muted mt-1 hidden lg:block'
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
}, securityDetails.dataSource === 'real' ?
`${displaySecurityLevel.passedChecks || 0}/${displaySecurityLevel.totalChecks || 0} tests` :
(displaySecurityLevel.details || `Stage ${displaySecurityLevel.stage || 1}`)
),
First commit - all files added
2025-08-11 20:52:14 -04:00
React.createElement('div', {
key: 'security-progress',
className: 'w-16 h-1 bg-gray-600 rounded-full overflow-hidden'
}, [
React.createElement('div', {
key: 'progress-bar',
className: `h-full transition-all duration-500 ${
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'green' ? 'bg-green-400' :
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
displaySecurityLevel.color === 'orange' ? 'bg-orange-400' :
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'yellow' ? 'bg-yellow-400' : 'bg-red-400'
First commit - all files added
2025-08-11 20:52:14 -04:00
}`,
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
style: { width: `${displaySecurityLevel.score}%` }
First commit - all files added
2025-08-11 20:52:14 -04:00
})
])
])
]),
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
// Mobile Security Indicator
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel && React.createElement('div', {
First commit - all files added
2025-08-11 20:52:14 -04:00
key: 'mobile-security',
className: 'md:hidden flex items-center'
}, [
React.createElement('div', {
key: 'mobile-security-icon',
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
className: `w-8 h-8 rounded-full flex items-center justify-center cursor-pointer hover:opacity-80 transition-opacity duration-200 relative ${
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'green' ? 'bg-green-500/20' :
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
displaySecurityLevel.color === 'orange' ? 'bg-orange-500/20' :
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'yellow' ? 'bg-yellow-500/20' : 'bg-red-500/20'
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
} ${securityDetails.isVerified ? '' : 'animate-pulse'}`,
title: securityDetails.tooltip,
First commit - all files added
2025-08-11 20:52:14 -04:00
onClick: handleSecurityClick
}, [
React.createElement('i', {
className: `fas fa-shield-alt text-sm ${
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'green' ? 'text-green-400' :
Encryption module control system & session timer improvements - Added a real verification system for active encryption modules, giving users full control over enabled modules. - During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions. - Refactored session timer initialization for proper functionality and accurate countdown. - Optimized code structure related to session management and module verification.
2025-08-17 20:38:47 -04:00
displaySecurityLevel.color === 'orange' ? 'text-orange-400' :
Update session pricing and demo mode - Updated demo mode: now includes basic protection features, still stronger than many competing messengers. - Adjusted pricing for Basic and Premium sessions to better reflect security levels. - Added restrictions to Basic session and enhanced Premium session to deliver maximum protection.
2025-08-17 02:22:55 -04:00
displaySecurityLevel.color === 'yellow' ? 'text-yellow-400' : 'text-red-400'
First commit - all files added
2025-08-11 20:52:14 -04:00
}`
})
])
]),
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
// Status Badge
First commit - all files added
2025-08-11 20:52:14 -04:00
React.createElement('div', {
key: 'status-badge',
className: `px-2 sm:px-3 py-1.5 rounded-lg border ${config.badgeClass} flex items-center space-x-1 sm:space-x-2`
}, [
React.createElement('span', {
key: 'status-dot',
className: `status-dot ${config.className}`
}),
React.createElement('span', {
key: 'status-text',
className: 'text-xs sm:text-sm font-medium'
}, config.text)
]),
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
// Disconnect Button
First commit - all files added
2025-08-11 20:52:14 -04:00
isConnected && React.createElement('button', {
key: 'disconnect-btn',
onClick: onDisconnect,
className: 'p-1.5 sm:px-3 sm:py-1.5 bg-red-500/10 hover:bg-red-500/20 text-red-400 border border-red-500/20 rounded-lg transition-all duration-200 text-sm'
}, [
React.createElement('i', {
className: 'fas fa-power-off sm:mr-2'
}),
React.createElement('span', {
className: 'hidden sm:inline'
Updated all text to English
2025-08-12 14:02:20 -04:00
}, 'Disconnect')
First commit - all files added
2025-08-11 20:52:14 -04:00
])
])
])
])
]);
};
feat: Enhanced demo mode security and vulnerability fixes - **Fixed demo mode timing attack vulnerability** - Added strict rate limiting and user fingerprinting - **Eliminated replay attack vectors** - Implemented preimage tracking and expiration validation - **Enhanced key reuse protection** - Added cryptographic validation and session isolation - **Strengthened free tier abuse prevention** - Multi-layer cooldown system with global limits - **Secure user fingerprinting** - Browser-based identification without privacy invasion - **Global session limits** - Maximum 10 concurrent demo sessions across all users - **Per-user daily limits** - 3 demo sessions per 24 hours with smart cooldown - **Session completion tracking** - Prevents rapid reconnection abuse - **Enhanced preimage generation** - Timestamped, versioned, and entropy-validated - **Configurable security layers** - Individual toggle for encryption, obfuscation, and traffic features - **Debug mode controls** - `window.DEBUG_MODE` for detailed logging and diagnostics - **Emergency security disable** - Graceful fallback when advanced features cause issues - **Vulnerability testing support** - Controlled security layer bypass for penetration testing - **Cross-session compatibility** - Works seamlessly with both paid and free sessions - **Real-time UI updates** - Synchronized timer display across all components - **Session state management** - Automatic cleanup and notification system - **Payment integration** - Smooth transition between demo and paid sessions - **Layered security architecture** - 7+ configurable security features with independent controls - **Traffic analysis protection** - Advanced obfuscation with fake traffic and packet padding - **Connection state monitoring** - Enhanced logging for security audit and debugging - **Fallback mechanisms** - Robust error handling with security-first degradation - **Structured security logs** - Detailed audit trail for security events - **Performance monitoring** - Connection state and encryption layer metrics - **Attack detection logging** - Comprehensive tracking of security violations - **Development diagnostics** - Enhanced debugging for faster development cycles - Refactored `PayPerSessionManager` with enhanced security controls - Added `generateUserFingerprint()` with privacy-preserving identification - Implemented `checkDemoSessionLimits()` with multi-tier validation - Enhanced `EnhancedSecureWebRTCManager` with configurable security layers - Added emergency security disable functionality for testing environments - Improved session timer with cross-component synchronization **Breaking Changes:** None - All changes are backward compatible **Security Impact:** High - Eliminates critical vulnerabilities in free tier **Testing Impact:** Significantly improved - New debug modes and security layer controls
2025-08-14 23:34:54 -04:00
window.EnhancedMinimalHeader = EnhancedMinimalHeader;
Reference in New Issue Copy Permalink