Major Security Improvements:

- Enhanced user fingerprinting with WebGL, Canvas, and Audio fingerprinting - Hardware binding to prevent F5/Ctrl+F5 abuse - Persistent storage across browser sessions (localStorage + sessionStorage) - Global demo session counter with 10 session limit per device - Multi-tab protection (max 2 tabs simultaneously) - Anti-reset protection with hardware mismatch detection Demo Session Protection: - Advanced fingerprint generation with CPU benchmarking - Enhanced validation with cryptographic verification - Automatic cleanup and session completion tracking - Cooldown periods between sessions (1min + 15min completion) - Weekly partial reset of global counters Fixes: - Fixed SessionTimer console spam after connection disconnect - Added missing registerEnhancedDemoSessionUsage method - Corrected method calls from generateUserFingerprint to generateAdvancedUserFingerprint - Implemented proper event handling for connection state changes WebRTC Improvements: - Added peer-disconnect, new-connection, and connection-cleaned events - Enhanced connection cleanup with proper UI notifications - Fixed SessionTimer state management during disconnections - Prevented infinite re-rendering and console logging Performance Optimizations: - Auto-save persistent data every 30 seconds - Periodic cleanup of old session data (every 6 hours) - Memory management for used preimages (10k limit) - Tab heartbeat system for multi-tab detection Testing: - Demo sessions now properly enforce limits - P2P anonymity maintained (no server validation) - Compatible with incognito mode restrictions - Resistant to common abuse techniques
2025-08-16 20:58:42 -04:00
parent 32635839c6
commit e4273f5150
5 changed files with 697 additions and 136 deletions
--- a/src/network/EnhancedSecureWebRTCManager.js
+++ b/src/network/EnhancedSecureWebRTCManager.js
@@ -2505,6 +2505,13 @@ async autoEnableSecurityFeatures() {
                securityLevel: offerPackage.securityLevel.level
            });

+            document.dispatchEvent(new CustomEvent('new-connection', {
+                detail: { 
+                    type: 'offer',
+                    timestamp: Date.now()
+                }
+            }));
+
            return offerPackage;
        } catch (error) {
            window.EnhancedSecureCryptoUtils.secureLog.log('error', 'Enhanced secure offer creation failed', {
@@ -2712,6 +2719,13 @@ async autoEnableSecurityFeatures() {
                securityLevel: answerPackage.securityLevel.level
            });

+            document.dispatchEvent(new CustomEvent('new-connection', {
+                detail: { 
+                    type: 'answer',
+                    timestamp: Date.now()
+                }
+            }));
+
            return answerPackage;
        } catch (error) {
            window.EnhancedSecureCryptoUtils.secureLog.log('error', 'Enhanced secure answer creation failed', {
@@ -3252,6 +3266,13 @@ async autoEnableSecurityFeatures() {
        setTimeout(() => {
            this.sendDisconnectNotification(); 
        }, 100);
+
+        document.dispatchEvent(new CustomEvent('peer-disconnect', {
+            detail: { 
+                reason: 'user_disconnect',
+                timestamp: Date.now()
+            }
+        }));
        
        setTimeout(() => {
            this.cleanupConnection();
@@ -3263,6 +3284,13 @@ async autoEnableSecurityFeatures() {
        this.isVerified = false;
        this.onMessage('🔌 Connection lost. Attempting to reconnect...', 'system');
        
+        document.dispatchEvent(new CustomEvent('peer-disconnect', {
+            detail: { 
+                reason: 'connection_lost',
+                timestamp: Date.now()
+            }
+        }));
+
        setTimeout(() => {
            if (!this.intentionalDisconnect) {
                this.attemptReconnection();
@@ -3322,6 +3350,13 @@ async autoEnableSecurityFeatures() {
        this.onKeyExchange(''); 
        this.onVerificationRequired(''); 

+        document.dispatchEvent(new CustomEvent('peer-disconnect', {
+            detail: { 
+                reason: reason,
+                timestamp: Date.now()
+            }
+        }));
+
        setTimeout(() => {
            this.cleanupConnection();
        }, 2000);
@@ -3390,6 +3425,13 @@ async autoEnableSecurityFeatures() {
        // IMPORTANT: Clearing security logs
        window.EnhancedSecureCryptoUtils.secureLog.clearLogs();
        
+        document.dispatchEvent(new CustomEvent('connection-cleaned', {
+            detail: { 
+                timestamp: Date.now(),
+                reason: this.intentionalDisconnect ? 'user_cleanup' : 'automatic_cleanup'
+            }
+        }));
+
        // Notifying the UI about complete cleanup
        this.onStatusChange('disconnected');
        this.onKeyExchange('');