fulgens/services-src/auth/resources/wasm/clientKeyShare/main.go

91 lines
2.8 KiB
Go
Raw Normal View History

2024-09-28 19:41:34 +01:00
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/ecdh"
"crypto/rand"
"encoding/base64"
"net/url"
"strings"
"syscall/js"
)
func main() {
// Redirect to log-in if not signed in
localStorage := js.Global().Get("localStorage")
if localStorage.Call("getItem", "DONOTSHARE-secretKey").IsNull() {
js.Global().Get("window").Get("location").Call("replace", "/login"+js.Global().Get("window").Get("location").Get("search").String())
}
statusBox := js.Global().Get("document").Call("getElementById", "statusBox")
// Parse the query string
query, err := url.ParseQuery(strings.TrimPrefix(js.Global().Get("window").Get("location").Get("search").String(), "?"))
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error parsing query: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
// Get the ECDH public key from the query string
clientKeyBytes, err := base64.URLEncoding.DecodeString(query.Get("ecdhPublicKey"))
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error decoding ECDH public key: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
// Encode the ECDH public key
key, err := ecdh.X25519().NewPublicKey(clientKeyBytes)
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error encoding ECDH public key: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
// Generate a new ECDH key pair
privateKey, err := ecdh.X25519().GenerateKey(rand.Reader)
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error generating ECDH key pair: "+err.Error())
return
2024-09-28 19:41:34 +01:00
}
// Generate the shared secret
sharedSecret, err := privateKey.ECDH(key)
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error generating shared secret: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
// AES-GCM encrypt the DONOTSHARE-clientKey
block, err := aes.NewCipher(sharedSecret)
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error creating AES cipher: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
gcm, err := cipher.NewGCM(block)
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error creating GCM cipher: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
nonce := make([]byte, gcm.NonceSize())
_, err = rand.Read(nonce)
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error generating nonce: "+err.Error())
2024-09-28 19:41:34 +01:00
return
}
// Un-base64 the client key
decodedClientKey, err := base64.StdEncoding.DecodeString(localStorage.Call("getItem", "DONOTSHARE-clientKey").String())
2024-09-28 19:41:34 +01:00
if err != nil {
statusBox.Set("innerText", "Error decoding client key: "+err.Error())
return
2024-09-28 19:41:34 +01:00
}
encryptedClientKey := gcm.Seal(nil, nonce, decodedClientKey, nil)
2024-09-28 19:41:34 +01:00
// Redirect back to the referrer with the encrypted client key
redirectUri := strings.Split(js.Global().Get("document").Get("referrer").String(), "?")[0]
js.Global().Get("window").Get("location").Call("replace", redirectUri+"?ecdhPublicKey="+base64.URLEncoding.EncodeToString(privateKey.PublicKey().Bytes())+"&nonce="+base64.URLEncoding.EncodeToString(nonce)+"&cipherText="+base64.URLEncoding.EncodeToString(encryptedClientKey))
2024-09-28 19:41:34 +01:00
}