feat: Use SubtleCrypto instead of CryptoJS for SHA-1

author: Christoph Brill <opensource@christophbrill.de> 2022-12-09 19:51:09 +0100
committer: Christoph Brill <opensource@christophbrill.de> 2022-12-09 19:51:09 +0100
commit: aa2e04d31ad7a0ebd89aa9510f5db8aa3db8051e (patch)
tree: f3b44c1f355a13ea70fb112c8edab2e6d1e4f85f
parent: 7cc3396ce18be3b80bc1b511bdc87e88b0547e32 (diff)
4 files changed, 32 insertions, 48 deletions
diff --git a/index.php b/index.php
index a480360..91276c2 100755
--- a/index.php
+++ b/index.php
@@ -81,9 +81,7 @@ div.container-fluid span a { overflow-wrap: break-word; }
   </style>'.PHP_EOL;
 
 if (isset($date)) {
-    echo '  <script type="text/javascript" src="js/core-min.js"></script>
-  <script type="text/javascript" src="js/sha1-min.js"></script>
-  <script type="text/javascript" src="js/script.js"></script>
+    echo '  <script type="text/javascript" src="js/script.js"></script>
   </script>'.PHP_EOL;
 
     if (count($users) > 0) {
diff --git a/js/core-min.js b/js/core-min.js
deleted file mode 100644
index 3f191b4..0000000
--- a/js/core-min.js
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
-CryptoJS v3.1.2
-code.google.com/p/crypto-js
-(c) 2009-2013 by Jeff Mott. All rights reserved.
-code.google.com/p/crypto-js/wiki/License
-*/
-var CryptoJS=CryptoJS||function(h,r){var k={},l=k.lib={},n=function(){},f=l.Base={extend:function(a){n.prototype=this;var b=new n;a&&b.mixIn(a);b.hasOwnProperty("init")||(b.init=function(){b.$super.init.apply(this,arguments)});b.init.prototype=b;b.$super=this;return b},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var b in a)a.hasOwnProperty(b)&&(this[b]=a[b]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}},
-j=l.WordArray=f.extend({init:function(a,b){a=this.words=a||[];this.sigBytes=b!=r?b:4*a.length},toString:function(a){return(a||s).stringify(this)},concat:function(a){var b=this.words,d=a.words,c=this.sigBytes;a=a.sigBytes;this.clamp();if(c%4)for(var e=0;e<a;e++)b[c+e>>>2]|=(d[e>>>2]>>>24-8*(e%4)&255)<<24-8*((c+e)%4);else if(65535<d.length)for(e=0;e<a;e+=4)b[c+e>>>2]=d[e>>>2];else b.push.apply(b,d);this.sigBytes+=a;return this},clamp:function(){var a=this.words,b=this.sigBytes;a[b>>>2]&=4294967295<<
-32-8*(b%4);a.length=h.ceil(b/4)},clone:function(){var a=f.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var b=[],d=0;d<a;d+=4)b.push(4294967296*h.random()|0);return new j.init(b,a)}}),m=k.enc={},s=m.Hex={stringify:function(a){var b=a.words;a=a.sigBytes;for(var d=[],c=0;c<a;c++){var e=b[c>>>2]>>>24-8*(c%4)&255;d.push((e>>>4).toString(16));d.push((e&15).toString(16))}return d.join("")},parse:function(a){for(var b=a.length,d=[],c=0;c<b;c+=2)d[c>>>3]|=parseInt(a.substr(c,
-2),16)<<24-4*(c%8);return new j.init(d,b/2)}},p=m.Latin1={stringify:function(a){var b=a.words;a=a.sigBytes;for(var d=[],c=0;c<a;c++)d.push(String.fromCharCode(b[c>>>2]>>>24-8*(c%4)&255));return d.join("")},parse:function(a){for(var b=a.length,d=[],c=0;c<b;c++)d[c>>>2]|=(a.charCodeAt(c)&255)<<24-8*(c%4);return new j.init(d,b)}},t=m.Utf8={stringify:function(a){try{return decodeURIComponent(escape(p.stringify(a)))}catch(b){throw Error("Malformed UTF-8 data");}},parse:function(a){return p.parse(unescape(encodeURIComponent(a)))}},
-q=l.BufferedBlockAlgorithm=f.extend({reset:function(){this._data=new j.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=t.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var b=this._data,d=b.words,c=b.sigBytes,e=this.blockSize,f=c/(4*e),f=a?h.ceil(f):h.max((f|0)-this._minBufferSize,0);a=f*e;c=h.min(4*a,c);if(a){for(var g=0;g<a;g+=e)this._doProcessBlock(d,g);g=d.splice(0,a);b.sigBytes-=c}return new j.init(g,c)},clone:function(){var a=f.clone.call(this);
-a._data=this._data.clone();return a},_minBufferSize:0});l.Hasher=q.extend({cfg:f.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){q.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(b,d){return(new a.init(d)).finalize(b)}},_createHmacHelper:function(a){return function(b,d){return(new u.HMAC.init(a,
-d)).finalize(b)}}});var u=k.algo={};return k}(Math);
diff --git a/js/script.js b/js/script.js
index 7cb80aa..8be64cb 100644
--- a/js/script.js
+++ b/js/script.js
@@ -1,13 +1,20 @@
+async function digestMessage(username) {
+	const msgUint8 = new TextEncoder().encode(username);
+	const hashBuffer = await crypto.subtle.digest('SHA-1', msgUint8);
+	const hashArray = Array.from(new Uint8Array(hashBuffer));
+	return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
+}
+
 function addUser(username) {
 
-	var colorlist = document.getElementById('usernames');
-	var username_clean = username.replace('|', '_')
+	const colorlist = document.getElementById('usernames');
+	const username_clean = username.replace('|', '_');
 
 	// The user was already in the list
 	if (document.mainform.highlight_names.value.indexOf(username) >= 0) {
 
 		// Remove the username from the list
-		var myvalue = document.mainform.highlight_names.value;
+		let myvalue = document.mainform.highlight_names.value;
 		myvalue = myvalue.replace(username, "");
 		myvalue = myvalue.replace(/;;/g,";");
 		myvalue = myvalue.replace(/^;/, "");
@@ -15,9 +22,9 @@ function addUser(username) {
 		document.mainform.highlight_names.value = myvalue;
 
 		// Unmark the lines of the user
-		for (var k = 0; k < document.styleSheets.length; k++) {
-			var rules = document.styleSheets[k].cssRules || document.styleSheets[k].rules;
-			for (var x = 0; x < rules.length; x++) {
+		for (let k = 0; k < document.styleSheets.length; k++) {
+			const rules = document.styleSheets[k].cssRules || document.styleSheets[k].rules;
+			for (let x = 0; x < rules.length; x++) {
 				if (rules[x].selectorText == ('span.user_' + username_clean)) {
 					rules[x].style.color = '';
 				}
@@ -36,27 +43,27 @@ function addUser(username) {
 		document.mainform.highlight_names.value += username;
 
 		// Mark all the lines of the newly selected user
-		var color = CryptoJS.SHA1(username).toString().substr(0, 6);
-		var styleSheet = document.styleSheets[0];
-		if (styleSheet.addRule) {
-			styleSheet.addRule('span.user_' + username_clean, 'color: #' + color, 0);
-		} else if (styleSheet.insertRule) {
-			styleSheet.insertRule('span.user_' + username_clean + ' { color: #' + color + '; }', 0);
-		} else {
-			document.mainform.submit();
-		}
+		return digestMessage(username).then((str) => {
+			const color = str.substring(0, 6);
+			const styleSheet = document.styleSheets[0];
+			if (styleSheet.insertRule) {
+				styleSheet.insertRule('span.user_' + username_clean + ' { color: #' + color + '; }', 0);
+			} else {
+				document.mainform.submit();
+			}
 
-		// Now add the username to the colorlist
-		var listelement = document.createElement('li');
-		listelement.setAttribute('id', 'user_' + username_clean);
-		var spanelement = document.createElement('span');
-		spanelement.setAttribute('class', 'checkbox user_' + username_clean);
-		listelement.appendChild(spanelement);
-		spanelement.innerHTML = '<a href="javascript:addUser(\'' + username + '\');">' + username + '</a>';
-		colorlist.appendChild(listelement);
+			// Now add the username to the colorlist
+			const listelement = document.createElement('li');
+			listelement.setAttribute('id', 'user_' + username_clean);
+			const spanelement = document.createElement('span');
+			spanelement.setAttribute('class', 'checkbox user_' + username_clean);
+			listelement.appendChild(spanelement);
+			spanelement.innerHTML = '<a href="javascript:addUser(\'' + username + '\');">' + username + '</a>';
+			colorlist.appendChild(listelement);
+		});
 	}
 
-	var semicolons = (document.mainform.highlight_names.value.match(/;/g) || []).length;
+	const semicolons = (document.mainform.highlight_names.value.match(/;/g) || []).length;
 	document.getElementById('users_label').innerHTML = 'Users ' + (document.mainform.highlight_names.value.length ? ' (' + (semicolons + 1) + ')' : '');
 
 	document.cookie = 'stored_users=' + escape(document.mainform.highlight_names.value) + '; path=/';
diff --git a/js/sha1-min.js b/js/sha1-min.js
deleted file mode 100644
index 3ae0311..0000000
--- a/js/sha1-min.js
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-CryptoJS v3.1.2
-code.google.com/p/crypto-js
-(c) 2009-2013 by Jeff Mott. All rights reserved.
-code.google.com/p/crypto-js/wiki/License
-*/
-(function(){var k=CryptoJS,b=k.lib,m=b.WordArray,l=b.Hasher,d=[],b=k.algo.SHA1=l.extend({_doReset:function(){this._hash=new m.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(n,p){for(var a=this._hash.words,e=a[0],f=a[1],h=a[2],j=a[3],b=a[4],c=0;80>c;c++){if(16>c)d[c]=n[p+c]|0;else{var g=d[c-3]^d[c-8]^d[c-14]^d[c-16];d[c]=g<<1|g>>>31}g=(e<<5|e>>>27)+b+d[c];g=20>c?g+((f&h|~f&j)+1518500249):40>c?g+((f^h^j)+1859775393):60>c?g+((f&h|f&j|h&j)-1894007588):g+((f^h^
-j)-899497514);b=j;j=h;h=f<<30|f>>>2;f=e;e=g}a[0]=a[0]+e|0;a[1]=a[1]+f|0;a[2]=a[2]+h|0;a[3]=a[3]+j|0;a[4]=a[4]+b|0},_doFinalize:function(){var b=this._data,d=b.words,a=8*this._nDataBytes,e=8*b.sigBytes;d[e>>>5]|=128<<24-e%32;d[(e+64>>>9<<4)+14]=Math.floor(a/4294967296);d[(e+64>>>9<<4)+15]=a;b.sigBytes=4*d.length;this._process();return this._hash},clone:function(){var b=l.clone.call(this);b._hash=this._hash.clone();return b}});k.SHA1=l._createHelper(b);k.HmacSHA1=l._createHmacHelper(b)})();
author	Christoph Brill <opensource@christophbrill.de>	2022-12-09 19:51:09 +0100
committer	Christoph Brill <opensource@christophbrill.de>	2022-12-09 19:51:09 +0100
commit	aa2e04d31ad7a0ebd89aa9510f5db8aa3db8051e (patch)
tree	f3b44c1f355a13ea70fb112c8edab2e6d1e4f85f
parent	7cc3396ce18be3b80bc1b511bdc87e88b0547e32 (diff)