SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Qr generator create bug fix

Browse Source
This commit is contained in:
lockbitchat
2025-10-08 01:24:04 -04:00
parent 60db79d2ae
commit 75fa1cd27d
7 changed files with 56 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dist/app-boot.js vendored
View File

@@ -1807,7 +1807,7 @@ var EnhancedSecureCryptoUtils = class _EnhancedSecureCryptoUtils {
throw new Error("Challenge mismatch - possible replay attack"); throw new Error("Challenge mismatch - possible replay attack");
} }
const responseAge = Date.now() - proof.responseTimestamp; const responseAge = Date.now() - proof.responseTimestamp;
if (responseAge > 3e5) { if (responseAge > 18e5) {
throw new Error("Proof response expired"); throw new Error("Proof response expired");
} }
const expectedHash = await _EnhancedSecureCryptoUtils.hashPublicKey(publicKey); const expectedHash = await _EnhancedSecureCryptoUtils.hashPublicKey(publicKey);
@@ -1966,7 +1966,7 @@ var EnhancedSecureCryptoUtils = class _EnhancedSecureCryptoUtils {
throw new Error("Invalid metadata structure"); throw new Error("Invalid metadata structure");
} }
const messageAge = Date.now() - metadata.timestamp; const messageAge = Date.now() - metadata.timestamp;
if (messageAge > 3e5) { if (messageAge > 18e5) {
throw new Error("Message expired (older than 5 minutes)"); throw new Error("Message expired (older than 5 minutes)");
} }
if (expectedSequenceNumber !== null) { if (expectedSequenceNumber !== null) {
@@ -6566,7 +6566,7 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
} }
const now = Date.now(); const now = Date.now();
const messageAge = now - aad.timestamp; const messageAge = now - aad.timestamp;
if (messageAge > 3e5) { if (messageAge > 18e5) {
throw new Error("AAD timestamp too old - possible replay attack"); throw new Error("AAD timestamp too old - possible replay attack");
} }
return aad; return aad;
@@ -11226,7 +11226,7 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
throw new Error("Missing required security fields in offer data \u2013 possible MITM attack"); throw new Error("Missing required security fields in offer data \u2013 possible MITM attack");
} }
const offerAge = Date.now() - timestamp; const offerAge = Date.now() - timestamp;
const MAX_OFFER_AGE = 3e5; const MAX_OFFER_AGE = 18e5;
if (offerAge > MAX_OFFER_AGE) { if (offerAge > MAX_OFFER_AGE) {
this._secureLog("error", "Offer data is too old - possible replay attack", { this._secureLog("error", "Offer data is too old - possible replay attack", {
operationId, operationId,
@@ -13873,7 +13873,6 @@ var SecureMasterKeyManager = class {
this._onPasswordRequired = null; this._onPasswordRequired = null;
this._onSessionExpired = null; this._onSessionExpired = null;
this._onUnlocked = null; this._onUnlocked = null;
this._setupEventListeners();
} }
/** /**
* Set callback for password requests * Set callback for password requests

4
dist/app-boot.js.map vendored
View File

File diff suppressed because one or more lines are too long

26
dist/app.js vendored
View File

@@ -2429,12 +2429,15 @@ var EnhancedSecureP2PChat = () => {
if (typeof window.encodeBinaryToPrefixed === "function") { if (typeof window.encodeBinaryToPrefixed === "function") {
const bin = window.encodeBinaryToPrefixed(offerString); const bin = window.encodeBinaryToPrefixed(offerString);
const TARGET_CHUNKS = 4; const TARGET_CHUNKS = 4;
let FRAME_MAX = Math.max(200, Math.floor(bin.length / TARGET_CHUNKS)); let total = TARGET_CHUNKS;
let FRAME_MAX = Math.max(200, Math.ceil(bin.length / TARGET_CHUNKS));
if (FRAME_MAX <= 0) FRAME_MAX = 200; if (FRAME_MAX <= 0) FRAME_MAX = 200;
let total = Math.ceil(bin.length / FRAME_MAX); if (bin.length <= FRAME_MAX) {
if (total < 2) { total = 1;
total = 2; FRAME_MAX = bin.length;
FRAME_MAX = Math.ceil(bin.length / 2) || 1; } else {
FRAME_MAX = Math.ceil(bin.length / TARGET_CHUNKS);
total = TARGET_CHUNKS;
} }
const id = `bin_${Date.now()}_${Math.random().toString(36).slice(2)}`; const id = `bin_${Date.now()}_${Math.random().toString(36).slice(2)}`;
const chunks = []; const chunks = [];
@@ -2549,12 +2552,15 @@ var EnhancedSecureP2PChat = () => {
if (typeof window.encodeBinaryToPrefixed === "function") { if (typeof window.encodeBinaryToPrefixed === "function") {
const bin = window.encodeBinaryToPrefixed(answerString); const bin = window.encodeBinaryToPrefixed(answerString);
const TARGET_CHUNKS = 4; const TARGET_CHUNKS = 4;
let FRAME_MAX = Math.max(200, Math.floor(bin.length / TARGET_CHUNKS)); let total = TARGET_CHUNKS;
let FRAME_MAX = Math.max(200, Math.ceil(bin.length / TARGET_CHUNKS));
if (FRAME_MAX <= 0) FRAME_MAX = 200; if (FRAME_MAX <= 0) FRAME_MAX = 200;
let total = Math.ceil(bin.length / FRAME_MAX); if (bin.length <= FRAME_MAX) {
if (total < 2) { total = 1;
total = 2; FRAME_MAX = bin.length;
FRAME_MAX = Math.ceil(bin.length / 2) || 1; } else {
FRAME_MAX = Math.ceil(bin.length / TARGET_CHUNKS);
total = TARGET_CHUNKS;
} }
const id = `ans_${Date.now()}_${Math.random().toString(36).slice(2)}`; const id = `ans_${Date.now()}_${Math.random().toString(36).slice(2)}`;
const chunks = []; const chunks = [];

4
dist/app.js.map vendored
View File

File diff suppressed because one or more lines are too long

30
src/app.jsx
View File

@@ -2746,10 +2746,19 @@
const bin = window.encodeBinaryToPrefixed(offerString); const bin = window.encodeBinaryToPrefixed(offerString);
// Force chunking into 4 parts - split binary data directly // Force chunking into 4 parts - split binary data directly
const TARGET_CHUNKS = 4; const TARGET_CHUNKS = 4;
let FRAME_MAX = Math.max(200, Math.floor(bin.length / TARGET_CHUNKS)); let total = TARGET_CHUNKS;
let FRAME_MAX = Math.max(200, Math.ceil(bin.length / TARGET_CHUNKS));
if (FRAME_MAX <= 0) FRAME_MAX = 200; if (FRAME_MAX <= 0) FRAME_MAX = 200;
let total = Math.ceil(bin.length / FRAME_MAX);
if (total < 2) { total = 2; FRAME_MAX = Math.ceil(bin.length / 2) || 1; } // Ensure we don't exceed TARGET_CHUNKS
if (bin.length <= FRAME_MAX) {
total = 1;
FRAME_MAX = bin.length;
} else {
// Recalculate to ensure exactly TARGET_CHUNKS parts
FRAME_MAX = Math.ceil(bin.length / TARGET_CHUNKS);
total = TARGET_CHUNKS;
}
const id = `bin_${Date.now()}_${Math.random().toString(36).slice(2)}`; const id = `bin_${Date.now()}_${Math.random().toString(36).slice(2)}`;
const chunks = []; const chunks = [];
@@ -2883,10 +2892,19 @@
const bin = window.encodeBinaryToPrefixed(answerString); const bin = window.encodeBinaryToPrefixed(answerString);
// Force chunking into 4 parts - split binary data directly // Force chunking into 4 parts - split binary data directly
const TARGET_CHUNKS = 4; const TARGET_CHUNKS = 4;
let FRAME_MAX = Math.max(200, Math.floor(bin.length / TARGET_CHUNKS)); let total = TARGET_CHUNKS;
let FRAME_MAX = Math.max(200, Math.ceil(bin.length / TARGET_CHUNKS));
if (FRAME_MAX <= 0) FRAME_MAX = 200; if (FRAME_MAX <= 0) FRAME_MAX = 200;
let total = Math.ceil(bin.length / FRAME_MAX);
if (total < 2) { total = 2; FRAME_MAX = Math.ceil(bin.length / 2) || 1; } // Ensure we don't exceed TARGET_CHUNKS
if (bin.length <= FRAME_MAX) {
total = 1;
FRAME_MAX = bin.length;
} else {
// Recalculate to ensure exactly TARGET_CHUNKS parts
FRAME_MAX = Math.ceil(bin.length / TARGET_CHUNKS);
total = TARGET_CHUNKS;
}
const id = `ans_${Date.now()}_${Math.random().toString(36).slice(2)}`; const id = `ans_${Date.now()}_${Math.random().toString(36).slice(2)}`;
const chunks = []; const chunks = [];

6
src/crypto/EnhancedSecureCryptoUtils.js
View File

@@ -2241,9 +2241,9 @@ class EnhancedSecureCryptoUtils {
throw new Error('Challenge mismatch - possible replay attack'); throw new Error('Challenge mismatch - possible replay attack');
} }
// Check response time (max 5 minutes) // Check response time (max 30 minutes for better UX)
const responseAge = Date.now() - proof.responseTimestamp; const responseAge = Date.now() - proof.responseTimestamp;
if (responseAge > 300000) { if (responseAge > 1800000) {
throw new Error('Proof response expired'); throw new Error('Proof response expired');
} }
@@ -2435,7 +2435,7 @@ class EnhancedSecureCryptoUtils {
} }
const messageAge = Date.now() - metadata.timestamp; const messageAge = Date.now() - metadata.timestamp;
if (messageAge > 300000) { if (messageAge > 1800000) { // 30 minutes for better UX
throw new Error('Message expired (older than 5 minutes)'); throw new Error('Message expired (older than 5 minutes)');
} }

10
src/network/EnhancedSecureWebRTCManager.js
View File

@@ -3451,7 +3451,7 @@ this._secureLog('info', '🔒 Enhanced Mutex system fully initialized and valida
// Validate timestamp (prevent very old messages) // Validate timestamp (prevent very old messages)
const now = Date.now(); const now = Date.now();
const messageAge = now - aad.timestamp; const messageAge = now - aad.timestamp;
if (messageAge > 300000) { // 5 minutes if (messageAge > 1800000) { // 30 minutes for better UX
throw new Error('AAD timestamp too old - possible replay attack'); throw new Error('AAD timestamp too old - possible replay attack');
} }
@@ -9581,9 +9581,9 @@ async processMessage(data) {
throw new Error('Missing required security fields in offer data possible MITM attack'); throw new Error('Missing required security fields in offer data possible MITM attack');
} }
// Replay attack protection (window reduced to 5 minutes) // Replay attack protection (extended to 30 minutes for better UX)
const offerAge = Date.now() - timestamp; const offerAge = Date.now() - timestamp;
const MAX_OFFER_AGE = 300000; // 5 minutes instead of 1 hour const MAX_OFFER_AGE = 1800000; // 30 minutes for better user experience
if (offerAge > MAX_OFFER_AGE) { if (offerAge > MAX_OFFER_AGE) {
this._secureLog('error', 'Offer data is too old - possible replay attack', { this._secureLog('error', 'Offer data is too old - possible replay attack', {
@@ -13072,8 +13072,8 @@ class SecureMasterKeyManager {
this._onSessionExpired = null; this._onSessionExpired = null;
this._onUnlocked = null; this._onUnlocked = null;
// Setup event listeners // Setup event listeners (disabled for better UX - no auto-disconnect)
this._setupEventListeners(); // this._setupEventListeners();
} }
/** /**