From 628961026b7bedf06d3995bf3287c86342cdbc9e Mon Sep 17 00:00:00 2001 From: Tor Hveem Date: Mon, 7 Oct 2013 15:38:47 +0200 Subject: [PATCH] Add support for encryption --- index.html | 22 +++++++++++++++++----- js/websockets.js | 24 ++++++++++-------------- 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/index.html b/index.html index 180f0a4..051a724 100644 --- a/index.html +++ b/index.html @@ -7,8 +7,6 @@ - - @@ -16,6 +14,8 @@ + +
@@ -33,6 +33,18 @@ /relay add weechat 9001 Note: The communication goes directly between your browser and your weechat in clear text. Connection settings are saved between sessions, including password, in your own browser. +

Encryption

+ If you want to use encrypted session you first have to set up the relay using SSL +
+$ mkdir -p ~/.weechat/ssl
+$ cd ~/.weechat/ssl
+$ openssl req -nodes -newkey rsa:2048 -keyout relay.pem -x509 -days 365 -out relay.pem
+
+ If WeeChat is already running, you can reload the certificate and private key with command: +
+/relay sslcertkey
+/relay add ssl.weechat 8000
+

Connection settings

@@ -50,9 +62,9 @@

Password will be stored in your browser session

- - -

Default is fine.

+ + +

Check the box if you want to encrypt communication between browser and WeeChat. Note: Due to a bug encryption will not work in Firefox. You must also first visit the URL https://weechathost:relayport/ to accept the certificate

diff --git a/js/websockets.js b/js/websockets.js index 592abdb..9b5d36f 100644 --- a/js/websockets.js +++ b/js/websockets.js @@ -453,23 +453,19 @@ weechat.factory('connection', ['$rootScope', '$log', 'handlers', 'colors', funct } // Takes care of the connection and websocket hooks - var connect = function (hostport, proto, password) { - websocket = new WebSocket("ws://" + hostport + "/weechat"); + var connect = function (hostport, password, ssl) { + var proto = ssl ? 'wss':'ws'; + websocket = new WebSocket(proto+"://" + hostport + "/weechat"); websocket.binaryType = "arraybuffer" websocket.onopen = function (evt) { var send = ""; - // FIXME: does password need to be sent only if protocol is not weechat? - if (proto == "weechat") { - if (password) { - send += "init compression=off,password=" + password + "\n"; - } - - send += "(bufinfo) hdata buffer:gui_buffers(*) number,full_name,short_name,title\n"; - send += "sync\n"; - } else { - + if (password) { + send += "init compression=off,password=" + password + "\n"; } + + send += "(bufinfo) hdata buffer:gui_buffers(*) number,full_name,short_name,title\n"; + send += "sync\n"; $log.info("Connected to relay"); doSend(send); $rootScope.connected = true; @@ -490,7 +486,7 @@ weechat.factory('connection', ['$rootScope', '$log', 'handlers', 'colors', funct } websocket.onerror = function (evt) { - if (evt.type == "error" && websocket.readyState == 0) { + if (evt.type == "error" && websocket.readyState != 1) { $rootScope.errorMessage = true; } $log.error("Relay error " + evt.data); @@ -565,7 +561,7 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', 'connection }; $scope.connect = function() { - connection.connect($scope.hostport, $scope.proto, $scope.password); + connection.connect($scope.hostport, $scope.password, $scope.ssl); } $rootScope.getLines = function() { var count = 20;