Ailur
/
burgernotes-client-web
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Fixed typos in privacy policy, made use of localStorage more efficient, fixed privacy policy's grammar and updated names of localStorage items in order to fit in with a standardised naming schema (and updated the privacy policy to reflect this)

This commit is contained in:
Tracker-Friendly 2024-07-30 11:23:22 +01:00
parent e63fa13553
commit c911abea92
7 changed files with 105 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
privacy/index.html
View File

@ -18,41 +18,41 @@
<p>Welcome to the Burgernotes privacy policy! Burgernotes is <a <p>Welcome to the Burgernotes privacy policy! Burgernotes is <a
href="https://concord.hectabit.org/hectabit/burgernotes">free & open source</a> software licensed under the <a href="https://concord.hectabit.org/hectabit/burgernotes">free & open source</a> software licensed under the <a
href="https://www.gnu.org/licenses/agpl-3.0.en.html">GNU AGPL-3.0</a>.</p> href="https://www.gnu.org/licenses/agpl-3.0.en.html">GNU AGPL-3.0</a>.</p>
<p>In this document, the terms "we" and "us" refer to the Hectabit Project, an open source initiative and the creator of Burgernotes. The terms "you" and "the user" refer the the reader of this privacy policy and all users of Burgernotes. "This website" and "this service" refer to Burgernotes, an online website you are currently using.</p> <p>In this document, the terms "we" and "us" refer to the Hectabit Project, an open source initiative and the creator of Burgernotes. The terms "you" and "the user" refer to the reader of this privacy policy and all users of Burgernotes. "This website" and "this service" refer to Burgernotes, an online website you are currently using.</p>
<h2 class="w300">Information collected when signing up</h2> <h2 class="w300">Information collected when signing up</h2>
<p>When signing up for an account, we collect and store the following information:</p> <p>When signing up for an account, we collect and store the following information:</p>
<ul> <ul>
<li>Username, and your password hashed</li> <li class="w900">Username, and your password hashed</li>
<p>This is used to authenticate you into our service when you log in</p> <li>This is used to authenticate you into our service when you log in</li>
<li>Date of account creation</li> <li class="w900">Date of account creation</li>
<p>This is used so that we can see inactive accounts and suspend them</p> <li>This is used so that we can see inactive accounts and suspend them</li>
<li>Web browser "User Agent"</li> <li class="w900">Web browser "User Agent"</li>
<p>This is used so you are able to recognise your devices signing into your account</p> <li>This is used, so you are able to recognise your devices signing in to your account</li>
</ul> </ul>
<h2 class="w300">Information collected when logging in</h2> <h2 class="w300">Information collected when logging in</h2>
<p>When logging back in to your account, we collect and store the following information:</p> <p>When logging back in to your account, we collect and store the following information:</p>
<ul> <ul>
<li>Web browser "User agent"</li> <li class="w900">Web browser "User agent"</li>
<p>This is used so you are able to recognise your devices signing into your account</p> <li>This is used, so you are able to recognise your devices signing in to your account</li>
</ul> </ul>
<h2 class="w300">Information we collect while using our services</h2> <h2 class="w300">Information we collect while using our services</h2>
<p>When you create a note, we collect and use this information:</p> <p>When you create a note, we collect and use this information:</p>
<ul> <ul>
<li>Encrypted note content and title</li> <li class="w900">Encrypted note content and title</li>
<p>This is used so that you may retrieve the note later</p> <li>This is used so that you may retrieve the note later</li>
<li>Note creator</li> <li class="w900">Note creator</li>
<p>This is used so that we can make sure your note is not given to anyone else</p> <li>This is used so that we can make sure your note is not given to anyone else</li>
<li>Note creation date</li> <li class="w900">Note creation date</li>
<p>This is used so that your notes are listed by age if no edited date exists</p> <li>This is used so that your notes are listed by age if no edited date exists</li>
<li>Note last edited date</li> <li class="w900">Note last edited date</li>
<p>This is used so that your notes are listed by age</p> <li>This is used so that your notes are listed by age</li>
</ul> </ul>
<p>When you edit a note, we collect and use this information:</p> <p>When you edit a note, we collect and use this information:</p>
<ul> <ul>
<li>Encrypted note content and title</li> <li class="w900">Encrypted note content and title</li>
<p>This is used so that you may retrieve the note later</p> <li>This is used so that you may retrieve the note later</li>
<li>Note last edited date</li> <li class="w900">Note last edited date</li>
<p>This is used so that your notes are listed by age</p> <li>This is used so that your notes are listed by age</li>
</ul> </ul>
<h2 class="w300">How we use your data</h2> <h2 class="w300">How we use your data</h2>
<p>We use your data to make our services work. We don't share your information with third-parties.</p> <p>We use your data to make our services work. We don't share your information with third-parties.</p>
@ -61,38 +61,37 @@
(Advanced Encryption Standard - Cipher Block Chaining) 256-bit encryption.</p> (Advanced Encryption Standard - Cipher Block Chaining) 256-bit encryption.</p>
<p>We can only see:</p> <p>We can only see:</p>
<ul> <ul>
<li>Note creation date</li> <li class="w900">Note creation date</li>
<p>This is used so that your notes are listed by age if no edited date exists</p> <li>This is used so that your notes are listed by age if no edited date exists</li>
<li>Note last edited date</li> <li class="w900">Note last edited date</li>
<p>This is used so that your notes are listed by age</p> <li>This is used so that your notes are listed by age</li>
<li>Note creator</li> <li class="w900">Note creator</li>
<p>This is used so that we can make sure your note is not given to anyone else</p> <li>This is used so that we can make sure your note is not given to anyone else</li>
</ul> </ul>
<p><b>Not</b> note content or title.</p> <p><b>Not</b> note content or title.</p>
<h2 class="w300">Use of cookies</h2> <h2 class="w300">Use of cookies</h2>
<p>Burgernotes does not use cookies in the conventional sense. Burgernotes places infomation into localStorage, a type of blob storage similar to cookies, but not accessible to third-party websites or the server.</p> <p>Burgernotes does not use cookies in the conventional sense. Burgernotes places information into localStorage, a type of blob storage similar to cookies, but not accessible to third-party websites or the server.</p>
<p>This ensures that a malicious server or third-party websites cannot tell your infomation.</p> <p>This ensures that a malicious server or third-party websites cannot tell your information.</p>
<ul> <ul>
<li>DONOTSHARE-secretkey</li> <li class="w900">PRIVATE-secretKey</li>
<p>This is used by the client to send to the server in order to identify you as... you.</p> <li>This is used by the client to send to the server in order to identify you as... you.</li>
<p>This contains no useful infomation and is simply a string of random bytes. If this is shared, you may simply remove the offending secretKey from your session list, by clicking "X" on the device you have logged in on to create this key.</p> <li>This contains no useful information and is simply a string of random bytes. If this is shared, you may simply remove the offending secretKey from your session list, by clicking "X" on the device you have logged in on to create this key.</li>
<li>DONOTSHARE-password</li> <li class="w900">PRIVATE-cryptoKey</li>
<p>This is used by the aformentioned AES to encrypt and decrypt your notes. It never leaves your device.</p> <li>This is used by the aforementioned AES to encrypt and decrypt your notes. It never leaves your device.</li>
<p>This is derived from your password and is therefore sensitive and should NEVER, EVER be shared. If you have done so, change your password as soon as possible.</p> <li>This is derived from your password and is therefore sensitive and should NEVER, EVER be shared. If you have done so, change your password as soon as possible.</li>
<li>SETTING-fontsize</li> <li class="w900">SETTING-fontsize</li>
<p>This is used to determine the size of your font. It is not sensitive infomation and can be freely shared, though it never leaves your device.</p> <li>This is used to determine the size of your font. It is not sensitive information and can be freely shared, though it never leaves your device.</li>
<li>FIRSTVISIT</li> <li class="w900">SETTING-newVersion<li>
<p>This is used to determine if the user guide should be played, showing on a mobile device how touch gestures are used. It is not sensitive infomation and can be freely shared, though it never leaves your device.</p> <li>This determines if you have seen the "What's New?" dialog displayed in each new version. It is not sensitive information and can be freely shared, though it never leaves your device.</li>
<li>NEWVERSION<li> <li class="w900">SETTING-homeServer</li>
<p>This determines if you have seen the "What's New?" dialouge displayed in each new version. It is not sensitive infomation and can be freely shared, though it never leaves your device.</p> <li>This determines which server Burgernotes should connect to. It is not sensitive information and can be freely shared, though it never leaves your device.</li>
<li>homeserver</li> </ul>
<p>This determines which server Burgernotes should connect to. It is not sensitive infomation and can be freely shared, though it never leaves your device.</li>
<h2 class="w300">We don't sell your data</h2> <h2 class="w300">We don't sell your data</h2>
<p>We don't sell or share your data to advertisers or third-parties, and no such thing exists on this website - it is entirely self-contained. Not even an external font service is used.</p> <p>We don't sell or share your data to advertisers or third-parties, and no such thing exists on this website - it is entirely self-contained. Not even an external font service is used.</p>
<h2 class="w300">Liability</h2> <h2 class="w300">Liability</h2>
<p>We take no responsibility for the use of Burgernotes, or any external instances provided by third-parties. We <p>We take no responsibility for the use of Burgernotes, or any external instances provided by third-parties. We
refuse liability for any inappropriate or illegal use of Burgernotes, as it is not within our power to prevent it.</p> refuse liability for any inappropriate or illegal use of Burgernotes, as it is not within our power to prevent it.</p>
<p>This is a summerisation of the below paragraph, found in AGPL-3.0, as linked above.</p> <p>This is a summarization of the below paragraph, found in AGPL-3.0, as linked above.</p>
<p>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING <p>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
@ -103,7 +102,7 @@
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.</p> SUCH DAMAGES.</p>
<p>Burgernotes comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.</p> <p>Burgernotes comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.</p>
<p>Burgernotes is compatible with the UK GDPR and the Californian Data Protection Regulation. We do not knowingly serve citizens in the European Union, and those who do so do so at their own risk. The only violating law of the EU GDPR is that it is no longer hosted in an EU country after the events of Brexit.</p> <p>Burgernotes is compatible with the UK GDPR and the Californian Data Protection Regulation. We do not knowingly serve citizens in the European Union, and those who do so at their own risk. The only violating law of the EU GDPR is that it is no longer hosted in an EU country after the events of Brexit.</p>
<br> <br>
<button class="clickButton" onclick="back()">Take me back where I was!</button> <button class="clickButton" onclick="back()">Take me back where I was!</button>
<br><br> <br><br>

4
static/js/homeserver.js
View File

@ -5,9 +5,9 @@ let statusBox = document.getElementById("statusBox")
let changeButton = document.getElementById("changeButton") let changeButton = document.getElementById("changeButton")
let backButton = document.getElementById("backButton") let backButton = document.getElementById("backButton")
let remote = localStorage.getItem("homeserverURL") let remote = localStorage.getItem("SETTING-homeServer")
if (remote == null) { if (remote == null) {
localStorage.setItem("homeserverURL", "https://notes.hectabit.org") localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org")
remote = "https://notes.hectabit.org" remote = "https://notes.hectabit.org"
} }

14
static/js/login.js
View File

@ -1,14 +1,14 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
if (localStorage.getItem("DONOTSHARE-secretkey") !== null || localStorage.getItem("DONOTSHARE-password") !== null) { if (localStorage.getItem("PRIVATE-secretKey") !== null || localStorage.getItem("PRIVATE-cryptoKey") !== null) {
window.location.replace("/app/") window.location.replace("/app/")
document.body.innerHTML = "Redirecting..." document.body.innerHTML = "Redirecting..."
throw new Error(); throw new Error();
} }
let remote = localStorage.getItem("homeserverURL") let remote = localStorage.getItem("SETTING-homeServer")
if (remote == null) { if (remote == null) {
localStorage.setItem("homeserverURL", "https://notes.hectabit.org") localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org")
remote = "https://notes.hectabit.org" remote = "https://notes.hectabit.org"
} }
@ -170,8 +170,8 @@ signupButton.addEventListener("click", () => {
showElements(true) showElements(true)
} else if (loginOld.status === 200) { } else if (loginOld.status === 200) {
statusBox.innerText = "Setting up encryption keys..." statusBox.innerText = "Setting up encryption keys..."
localStorage.setItem("DONOTSHARE-secretkey", loginDataOld["key"]) localStorage.setItem("PRIVATE-secretKey", loginDataOld["key"])
localStorage.setItem("DONOTSHARE-password", await hashwasm.argon2id({ localStorage.setItem("PRIVATE-cryptoKey", await hashwasm.argon2id({
password: password, password: password,
salt: new TextEncoder().encode("I love Burgernotes!"), salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1, parallelism: 1,
@ -203,8 +203,8 @@ signupButton.addEventListener("click", () => {
} }
} else if (login.status === 200) { } else if (login.status === 200) {
statusBox.innerText = "Setting up encryption keys..." statusBox.innerText = "Setting up encryption keys..."
localStorage.setItem("DONOTSHARE-secretkey", loginData["key"]) localStorage.setItem("PRIVATE-secretKey", loginData["key"])
localStorage.setItem("DONOTSHARE-password", await hashwasm.argon2id({ localStorage.setItem("PRIVATE-cryptoKey", await hashwasm.argon2id({
password: password, password: password,
salt: new TextEncoder().encode("I love Burgernotes!"), salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1, parallelism: 1,

4
static/js/logout.js
View File

@ -1,7 +1,7 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
window.localStorage.removeItem("DONOTSHARE-secretkey") window.localStorage.removeItem("PRIVATE-secretKey")
window.localStorage.removeItem("DONOTSHARE-password") window.localStorage.removeItem("PRIVATE-cryptoKey")
window.localStorage.removeItem("CACHE-username") window.localStorage.removeItem("CACHE-username")
window.location.replace("/login") window.location.replace("/login")

78
static/js/main.js
View File

@ -1,12 +1,19 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
if (localStorage.getItem("DONOTSHARE-secretkey") === null || localStorage.getItem("DONOTSHARE-password") === null) { let secretKey = localStorage.getItem("PRIVATE-secretKey")
let password = localStorage.getItem("PRIVATE-cryptoKey")
let fontSize = localStorage.getItem("SETTING-fontsize")
let remote = localStorage.getItem("SETTING-homeServer")
if (secretKey === null || password === null) {
window.location.replace("/login") window.location.replace("/login")
document.body.innerHTML = "Redirecting..." document.body.innerHTML = "Redirecting..."
throw new Error(); throw new Error();
} else if (fontSize === null) {
localStorage.setItem("SETTING-fontsize", "16")
fontSize = 16
} }
let remote = localStorage.getItem("homeserverURL")
if (remote == null) { if (remote == null) {
localStorage.setItem("homeserverURL", "https://notes.hectabit.org") localStorage.setItem("homeserverURL", "https://notes.hectabit.org")
remote = "https://notes.hectabit.org" remote = "https://notes.hectabit.org"
@ -17,10 +24,6 @@ function formatBytes(a, b = 2) {
return `${parseFloat((a / Math.pow(1000, d)).toFixed(c))} ${["Bytes", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"][d]}` return `${parseFloat((a / Math.pow(1000, d)).toFixed(c))} ${["Bytes", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"][d]}`
} }
let secretkey = localStorage.getItem("DONOTSHARE-secretkey")
let password = localStorage.getItem("DONOTSHARE-password")
let currentFontSize = 16
let offlineMode = false let offlineMode = false
let backButton = document.getElementById("backButton") let backButton = document.getElementById("backButton")
let usernameBox = document.getElementById("usernameBox") let usernameBox = document.getElementById("usernameBox")
@ -86,7 +89,6 @@ function base64ToArrayBuffer(base64) {
} }
async function getKey() { async function getKey() {
let password = localStorage.getItem("DONOTSHARE-password")
let salt = new TextEncoder().encode("I love Burgernotes!") let salt = new TextEncoder().encode("I love Burgernotes!")
let cryptoKey = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"]) let cryptoKey = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"])
return await window.crypto.subtle.deriveKey({ return await window.crypto.subtle.deriveKey({
@ -268,22 +270,15 @@ document.addEventListener("DOMContentLoaded", async function () {
}); });
function updateFont() { function updateFont() {
currentFontSize = localStorage.getItem("SETTING-fontsize") noteBox.style.fontSize = fontSize + "px"
noteBox.style.fontSize = currentFontSize + "px" textSizeBox.innerText = fontSize + "px"
textSizeBox.innerText = currentFontSize + "px"
} }
async function checknetwork() { async function checknetwork() {
let loggedInEndpoint fetch(remote + "/api/loggedin", {
if (localStorage.getItem("legacy") === "true") {
loggedInEndpoint = "userinfo"
} else {
loggedInEndpoint = "loggedin"
}
fetch(remote + "/api/" + loggedInEndpoint, {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: localStorage.getItem("DONOTSHARE-secretkey"), secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -315,19 +310,14 @@ document.addEventListener("DOMContentLoaded", async function () {
}); });
} }
if (localStorage.getItem("SETTING-fontsize") === null) {
localStorage.setItem("SETTING-fontsize", "16")
updateFont() updateFont()
} else {
updateFont()
}
textPlusBox.addEventListener("click", () => { textPlusBox.addEventListener("click", () => {
localStorage.setItem("SETTING-fontsize", String(Number(localStorage.getItem("SETTING-fontsize")) + Number(1))) localStorage.setItem("SETTING-fontsize", String(Number(fontSize) + Number(1)))
updateFont() updateFont()
}); });
textMinusBox.addEventListener("click", () => { textMinusBox.addEventListener("click", () => {
localStorage.setItem("SETTING-fontsize", String(Number(localStorage.getItem("SETTING-fontsize")) - Number(1))) localStorage.setItem("SETTING-fontsize", String(Number(fontSize) - Number(1)))
updateFont() updateFont()
}); });
@ -345,7 +335,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/userinfo", { fetch(remote + "/api/userinfo", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -386,7 +376,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/deleteaccount", { fetch(remote + "/api/deleteaccount", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -429,11 +419,11 @@ document.addEventListener("DOMContentLoaded", async function () {
async function fatalError(notes, passwordBackup) { async function fatalError(notes, passwordBackup) {
displayError("Something went wrong! Your password change has failed. Attempting to revert changes...") displayError("Something went wrong! Your password change has failed. Attempting to revert changes...")
password = passwordBackup password = passwordBackup
localStorage.setItem("DONOTSHARE-password", password) localStorage.setItem("PRIVATE-cryptoKey", password)
let changePasswordBackResponse = await fetch(remote + "/api/changepassword", { let changePasswordBackResponse = await fetch(remote + "/api/changepassword", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
newPassword: await hashpass(oldPass), newPassword: await hashpass(oldPass),
migration: false migration: false
}), }),
@ -493,7 +483,7 @@ document.addEventListener("DOMContentLoaded", async function () {
const response = await fetch(remote + "/api/changepassword", { const response = await fetch(remote + "/api/changepassword", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
newPassword: await hashpass(newPass) newPassword: await hashpass(newPass)
}), }),
headers: { headers: {
@ -513,11 +503,11 @@ document.addEventListener("DOMContentLoaded", async function () {
hashLength: 32, hashLength: 32,
outputType: "hex" outputType: "hex"
}) })
localStorage.setItem("DONOTSHARE-password", password) localStorage.setItem("PRIVATE-cryptoKey", password)
let purgeNotes = await fetch(remote + "/api/purgenotes", { let purgeNotes = await fetch(remote + "/api/purgenotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -555,7 +545,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/sessions/list", { fetch(remote + "/api/sessions/list", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -594,7 +584,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/sessions/remove", { fetch(remote + "/api/sessions/remove", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
sessionId: responseData[i]["id"] sessionId: responseData[i]["id"]
}), }),
headers: { headers: {
@ -644,7 +634,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/readnote", { fetch(remote + "/api/readnote", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
noteId: nameithink, noteId: nameithink,
}), }),
headers: { headers: {
@ -701,7 +691,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/editnote", { fetch(remote + "/api/editnote", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
noteId: nameithink, noteId: nameithink,
content: encryptedText, content: encryptedText,
title: encryptedTitle title: encryptedTitle
@ -729,7 +719,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/listnotes", { fetch(remote + "/api/listnotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -785,7 +775,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/removenote", { fetch(remote + "/api/removenote", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
noteId: noteData["id"] noteId: noteData["id"]
}), }),
headers: { headers: {
@ -835,7 +825,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/newnote", { fetch(remote + "/api/newnote", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
noteName: encryptedName, noteName: encryptedName,
}), }),
headers: { headers: {
@ -870,7 +860,7 @@ document.addEventListener("DOMContentLoaded", async function () {
let exportNotesFetch = await fetch(remote + "/api/exportnotes", { let exportNotesFetch = await fetch(remote + "/api/exportnotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -901,7 +891,7 @@ document.addEventListener("DOMContentLoaded", async function () {
let importNotesFetch = await fetch(remote + "/api/importnotes", { let importNotesFetch = await fetch(remote + "/api/importnotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
"secretKey": localStorage.getItem("DONOTSHARE-secretkey"), "secretKey": secretKey,
"notes": JSON.stringify(plaintextNotes) "notes": JSON.stringify(plaintextNotes)
}), }),
headers: { headers: {
@ -912,10 +902,10 @@ document.addEventListener("DOMContentLoaded", async function () {
} }
function firstNewVersion() { function firstNewVersion() {
if (localStorage.getItem("NEWVERSION") === "1.2") { if (localStorage.getItem("SETTING-newVersion") === "2.0") {
return false; return false;
} else { } else {
localStorage.setItem("NEWVERSION", "1.2") localStorage.setItem("SETTING-newVersion", "2.0")
return true; return true;
} }
} }
@ -961,7 +951,7 @@ document.addEventListener("DOMContentLoaded", async function () {
fetch(remote + "/api/removenote", { fetch(remote + "/api/removenote", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretKey,
noteId: selectedNote noteId: selectedNote
}), }),
headers: { headers: {

20
static/js/migrate.js
View File

@ -1,14 +1,16 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
if (localStorage.getItem("DONOTSHARE-secretkey") === null || localStorage.getItem("DONOTSHARE-password") === null) { let secretKey = localStorage.getItem("PRIVATE-secretKey")
let cryptoKey = localStorage.getItem("PRIVATE-cryptoKey")
if (secretKey === null || cryptoKey === null) {
window.location.replace("/login") window.location.replace("/login")
document.body.innerHTML = "Redirecting..." document.body.innerHTML = "Redirecting..."
throw new Error(); throw new Error();
} }
let remote = localStorage.getItem("homeserverURL") let remote = localStorage.getItem("SETTING-homeServer")
if (remote == null) { if (remote == null) {
localStorage.setItem("homeserverURL", "https://notes.hectabit.org") localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org")
remote = "https://notes.hectabit.org" remote = "https://notes.hectabit.org"
} }
@ -44,7 +46,6 @@ function showInput(inputType) {
case 3: case 3:
information.innerText = "You have successfully migrated to new Burgernotes! Enjoy the more secure and feature-rich experience. Click continue to return to the app." information.innerText = "You have successfully migrated to new Burgernotes! Enjoy the more secure and feature-rich experience. Click continue to return to the app."
titleBox.innerText = "Migration Complete" titleBox.innerText = "Migration Complete"
fileInput.classList.remove("hidden")
break break
} }
} }
@ -94,15 +95,14 @@ function back() {
} }
async function getKey() { async function getKey() {
let password = localStorage.getItem("DONOTSHARE-password")
let salt = new TextEncoder().encode("I love Burgernotes!") let salt = new TextEncoder().encode("I love Burgernotes!")
let cryptoKey = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"]) let cryptoKeyFormatted = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(cryptoKey), "PBKDF2", false, ["deriveBits", "deriveKey"])
return await window.crypto.subtle.deriveKey({ return await window.crypto.subtle.deriveKey({
name: "PBKDF2", name: "PBKDF2",
salt, salt,
iterations: 1, iterations: 1,
hash: "SHA-512" hash: "SHA-512"
}, cryptoKey, {name: "AES-GCM", length: 256}, true, ["encrypt", "decrypt"]) }, cryptoKeyFormatted, {name: "AES-GCM", length: 256}, true, ["encrypt", "decrypt"])
} }
function arrayBufferToBase64(buffer) { function arrayBufferToBase64(buffer) {
@ -132,7 +132,7 @@ async function importNotes(plaintextNotes) {
let purgeNotesFetch = await fetch(remote + "/api/purgenotes", { let purgeNotesFetch = await fetch(remote + "/api/purgenotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
"secretKey": localStorage.getItem("DONOTSHARE-secretkey"), "secretKey": secretKey,
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"
@ -144,7 +144,7 @@ async function importNotes(plaintextNotes) {
let importNotesFetch = await fetch(remote + "/api/importnotes", { let importNotesFetch = await fetch(remote + "/api/importnotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
"secretKey": localStorage.getItem("DONOTSHARE-secretkey"), "secretKey": secretKey,
"notes": JSON.stringify(plaintextNotes) "notes": JSON.stringify(plaintextNotes)
}), }),
headers: { headers: {
@ -164,7 +164,7 @@ async function exportNotes() {
let exportNotesFetch = await fetch(remote + "/api/exportnotes", { let exportNotesFetch = await fetch(remote + "/api/exportnotes", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: localStorage.getItem("DONOTSHARE-secretkey") secretKey: secretKey
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8" "Content-Type": "application/json; charset=UTF-8"

10
static/js/signup.js
View File

@ -1,14 +1,14 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
if (localStorage.getItem("DONOTSHARE-secretkey") !== null || localStorage.getItem("DONOTSHARE-password") !== null) { if (localStorage.getItem("PRIVATE-secretKey") !== null || localStorage.getItem("PRIVATE-cryptoKey") !== null) {
window.location.replace("/app/") window.location.replace("/app/")
document.body.innerHTML = "Redirecting..." document.body.innerHTML = "Redirecting..."
throw new Error(); throw new Error();
} }
let remote = localStorage.getItem("homeserverURL") let remote = localStorage.getItem("SETTING-homeServer")
if (remote == null) { if (remote == null) {
localStorage.setItem("homeserverURL", "https://notes.hectabit.org") localStorage.setItem("SETTING-homeServer", "https://notes.hectabit.org")
remote = "https://notes.hectabit.org" remote = "https://notes.hectabit.org"
} }
@ -137,8 +137,8 @@ signupButton.addEventListener("click", () => {
let responseData = await response.json() let responseData = await response.json()
if (response.status === 200) { if (response.status === 200) {
statusBox.innerText = "Setting up encryption keys..." statusBox.innerText = "Setting up encryption keys..."
localStorage.setItem("DONOTSHARE-secretkey", responseData["key"]) localStorage.setItem("PRIVATE-secretKey", responseData["key"])
localStorage.setItem("DONOTSHARE-password", await hashwasm.argon2id({ localStorage.setItem("PRIVATE-cryptoKey", await hashwasm.argon2id({
password: password, password: password,
salt: new TextEncoder().encode("I love Burgernotes!"), salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1, parallelism: 1,