v1.0.1

princekhunt · Mar 17, 2024 · ebbe4a1 · ebbe4a1
1 parent f7f81f2
commit ebbe4a1
Show file tree

Hide file tree

Showing 23 changed files with 149 additions and 36 deletions.
diff --git a/PrivatePing/settings/base.py b/PrivatePing/settings/base.py
@@ -28,6 +28,7 @@
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
+    'registration.middleware.FrameOptionsMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',

diff --git a/PrivatePing/settings/development.py b/PrivatePing/settings/development.py
@@ -38,4 +38,8 @@
         }
     }
 
-STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
+STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
+
+DOMAIN = "http://localhost:8000"
+
+CSRF_TRUSTED_ORIGINS = ["http://localhost:8000", "http://127.0.0.1:8000"]
diff --git a/PrivatePing/settings/production.py b/PrivatePing/settings/production.py
@@ -52,4 +52,6 @@
 ]
 STATIC_ROOT = os.path.join(BASE_DIR, '../assets/')
 
-DISABLE_SERVER_SIDE_CURSORS = True
+DISABLE_SERVER_SIDE_CURSORS = True
+
+DOMAIN = "https://privateping.plutoweb.live"
diff --git a/assets/js/chat/Base.js b/assets/js/chat/Base.js
@@ -125,8 +125,11 @@ $(document).ready(function() {
             },
             success: function(response){
                 if(response.status == "ok"){
+                    console.log("ok1");
                     if(!response.available){
+                        console.log("ok2")
                         if(!response.self){
+                            console.log("ok3")
                         $('#finduser').css('border', '2px solid green');
                         $('#adduserbutton').prop('disabled', false);
                         }
@@ -144,4 +147,6 @@ $(document).ready(function() {
             }
         });
     })
-});
+});
+
+parent.document.title = "PrivatePing - A Secure Chat Room";
diff --git a/assets/js/chat/chats.js b/assets/js/chat/chats.js
@@ -22,7 +22,7 @@ socket3.addEventListener('message', function (e) {
     if (data.status == 'offline') {
         if (count >= 3) {
             alert("User disconnected. Navigating you to the home page.");
-            window.location.href = '/';
+            parent.location.href = "/";
         }
         else {
             count++;
@@ -52,4 +52,19 @@ document.getElementById("msg_field").addEventListener("input", function(){
 
 alert("Please wait, User is connecting...");
 document.getElementById("msg_field").disabled = true;
-document.getElementById("send_btn").disabled = true;
+document.getElementById("send_btn").disabled = true;
+
+function trashmessages(){
+    //play sound
+    var audio = new Audio('/static/media/delete.mp3');
+    audio.play();
+
+    //Remove all messages whose id is ChatMessage
+    var chatMessages = document.querySelectorAll('#ChatMessage');
+
+    // Iterate through each element and remove it
+    chatMessages.forEach(function(element) {
+        element.remove();
+    });
+
+}
diff --git a/assets/js/registration/AnonymousDirectLogin.js b/assets/js/registration/AnonymousDirectLogin.js
@@ -53,3 +53,5 @@ setTimeout(function () {
     sendRequest();
   }
 }, 1000);
+
+parent.document.title = "PrivatePing - Anonymous Direct Login";
diff --git a/assets/js/registration/GenerateKeys.js b/assets/js/registration/GenerateKeys.js
@@ -62,3 +62,5 @@ async function main() {
 }
 
 main();
+
+parent.document.title = "PrivatePing - Securing Session";
diff --git a/assets/js/registration/Login.js b/assets/js/registration/Login.js
@@ -33,17 +33,20 @@ document.getElementById("password").addEventListener("keyup", function (event) {
     document.getElementById("login-button").click();
   }
 });
-document
-  .getElementById("login-button")
-  .addEventListener("click", function (event) {
-    event.preventDefault();
-    document.getElementById("LoginForm").style.display = "none";
-    document.getElementById("processing").innerHTML = "Logging you in...";
 
-    document.getElementById("LoginForm").submit();
-  });
 
-//hide form
+function FormProcessing() {
+  event.preventDefault();
+  document.getElementById("LoginForm").style.display = "none";
+  document.getElementById("processing").innerHTML = "Logging you in...";
+
+  document.getElementById("LoginForm").submit();
+}
+
+var login_button = document.getElementById("login-button");
+login_button.addEventListener("click", FormProcessing);
+login_button.addEventListener("submit", FormProcessing);
+
 
 // Hide the loader when the page is fully loader
 document.getElementById("Maincontent").style.display = "none";
@@ -52,3 +55,5 @@ window.addEventListener("load", function () {
   $("#pageloader").fadeOut();
   $("#Maincontent").delay(500).fadeIn();
 });
+
+parent.document.title = "PrivatePing - Login";
diff --git a/assets/js/registration/Signup.js b/assets/js/registration/Signup.js
@@ -163,3 +163,5 @@ window.addEventListener("load", function () {
   $("#pageloader").fadeOut();
   $("#Maincontent").delay(500).fadeIn();
 });
+
+parent.document.title = "PrivatePing - Signup";
diff --git a/assets/js/registration/registration_home.js b/assets/js/registration/registration_home.js
@@ -7,3 +7,4 @@ window.addEventListener("load", function () {
   $("#Maincontent").delay(500).fadeIn();
   $("#credits").delay(500).fadeIn();
 });
+parent.document.title = "PrivatePing: A secure messaging Application";
diff --git a/assets/media/delete.mp3 b/assets/media/delete.mp3
diff --git a/chat/templates/chat/Base.html b/chat/templates/chat/Base.html
@@ -4,6 +4,7 @@
 
 <head>
     <meta charset="UTF-8" />
+    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' {{domain}}">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
     <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
         integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous" />
@@ -44,7 +45,7 @@
 
     {% block head %}{% endblock %}
 
-    <title>PrivatePing - A secure Messaging Application</title>
+    <title>PrivatePing - A Secure Chat Room</title>
 </head>
 
 <body>
@@ -324,7 +325,7 @@ <h2>Privacy is a <u>Fundamental</u> Right!</h2>
                     width = 90;
                 }
                 const text_box =
-                    '<div class="container" style="max-width: ' +
+                    '<div id="ChatMessage" class="container" style="max-width: ' +
                     width +
                     '%;">' +
                     "<h5>" +
@@ -422,7 +423,7 @@ <h2>Privacy is a <u>Fundamental</u> Right!</h2>
             }
 
             const text_box =
-                '<div class="container-darker" style="max-width: ' +
+                '<div id="ChatMessage" class="container-darker" style="max-width: ' +
                 width +
                 '%;">' +
                 "<h5>" +

diff --git a/chat/templates/chat/chats.html b/chat/templates/chat/chats.html
@@ -9,9 +9,9 @@ <h3>{{friend.name}}</h3>
     <span id="live-notification-dot" class="logged-in">● </span><small id="live-notification-text">Connecting...</small>
 </div>
 <p class="text-center"><i class="fa-solid fa-lock"></i> Messages are End-to-End encrypted!</p>
-<p onclick="window.location.href='/';"
+<p onclick="trashmessages();"
     style="cursor: pointer; color:rgb(200, 57, 57); text-align: right; margin-bottom: 5vh;"> <i
-        class="fa fa-trash-can fa-xl" aria-hidden="true" onclick="window.location.reload();"></i> Trash Messages </p>
+        class="fa fa-trash-can fa-xl" aria-hidden="true" onclick="trashmessages();"></i> Trash Messages </p>
 <p id="typing" style="color: green; font-size: 1em; margin-top: -10px;"></p>
 
 <div class="messages" id="board">

diff --git a/chat/views.py b/chat/views.py
@@ -9,6 +9,7 @@
 import urllib
 from registration.models import user_type
 from chat.tools import getFriendsList, getUserId
+from django.views.decorators.clickjacking import xframe_options_exempt
 
 def index(request):
     if not request.user.is_authenticated:
@@ -38,7 +39,7 @@ def addFriend(request, name):
 
     return redirect("/dashboard")
 
-
+@xframe_options_exempt
 def chat(request, username):
     try:
         friend = UserProfile.objects.get(username=username)
@@ -68,6 +69,7 @@ def chat(request, username):
         response.set_cookie('public_key', public_key)
         return response
 
+@xframe_options_exempt
 def waiting_room(request):
 
     if not request.user.is_authenticated:
@@ -90,7 +92,8 @@ def waiting_room(request):
         return render(request, "chat/waiting_room.html", {"friend": friend.name, 'friends': friends})
     except:
         return HttpResponse("<script>alert('something went wrong'); window.location.href='/';</script>")
-
+
+@xframe_options_exempt
 def room(request):
     if request.method == "GET":
         ForUser = request.GET.get("user")

diff --git a/registration/middleware.py b/registration/middleware.py
@@ -1,4 +1,5 @@
 from django.http import HttpResponseForbidden
+from PrivatePing.settings import DOMAIN
 
 class AllowDesktopOnlyMiddleware:
     def __init__(self, get_response):
@@ -15,3 +16,15 @@ def __call__(self, request):
 
         response = self.get_response(request)
         return response
+
+class FrameOptionsMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        response["X-Frame-Options"] = "ALLOW-FROM " + DOMAIN
+        response["Content-Security-Policy"] = "frame-ancestors " + DOMAIN
+        response["X-Content-Security-Policy"] = "frame-ancestors " + DOMAIN
+        response["Referrer-Policy"] = "no-referrer"
+        return response
diff --git a/registration/templates/registration/AnonymousDirectLogin.html b/registration/templates/registration/AnonymousDirectLogin.html
@@ -6,6 +6,7 @@
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
   <meta name="description" content="PrivatePing - Anynoumous Direct Login" />
+  <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' {{domain}}">
   <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
   <link
     href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100&family=Nunito&family=Open+Sans:ital,wght@0,300;0,400;1,300&family=Solitreo&display=swap"

diff --git a/registration/templates/registration/GenerateKeys.html b/registration/templates/registration/GenerateKeys.html
@@ -6,6 +6,7 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
   <meta name="description" content="PrivatePing - Generate Keys">
+  <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' {{domain}}">
   <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
   <link
     href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100&family=Nunito&family=Open+Sans:ital,wght@0,300;0,400;1,300&family=Solitreo&display=swap"

diff --git a/registration/templates/registration/Home.html b/registration/templates/registration/Home.html
@@ -7,6 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
   <meta name="description"
     content="PrivatePing - Discover unparalleled privacy with our secure web messaging app. Enjoy end-to-end encryption, automatic message deletion on refresh, key rotation with each login, and anonymous login options. Chat securely and anonymously with peace of mind." />
+    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' {{domain}}">
     <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
     <link
     href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100&family=Nunito&family=Open+Sans:ital,wght@0,300;0,400;1,300&family=Solitreo&display=swap"

diff --git a/registration/templates/registration/Login.html b/registration/templates/registration/Login.html
@@ -7,6 +7,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
     <meta name="description"
         content="PrivatePing - Secure your conversations with our encrypted messaging platform. Experience peace of mind with end-to-end encryption, automatic message deletion, key rotation, and anonymous login options. Protect your privacy while staying connected securely.">
+    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' {{domain}}">
         <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
         <link
         href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100&family=Nunito&family=Open+Sans:ital,wght@0,300;0,400;1,300&family=Solitreo&display=swap"
@@ -71,7 +72,7 @@
         <div style="position: relative;" id="login-container">
             <h1 style="color: antiquewhite;">PrivatePing - Login</h1>
             <div id="login-form">
-                <img src="{% static  'images/user/login.gif' %}" alt="Loading" id="loading-gif" height="40%"
+                <img src="{% static 'images/user/login.gif' %}" alt="Loading" id="loading-gif" height="40%"
                     width="40%">
                 <h1 style="color: antiquewhite;" id="processing"></h1>
                 <form id="LoginForm" method="post">{% csrf_token %}

diff --git a/registration/templates/registration/Signup.html b/registration/templates/registration/Signup.html
@@ -7,6 +7,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
     <meta name="description"
         content="PrivatePing - Begin your secure journey with us by signing up for our encrypted messaging platform. Safeguard your privacy with our end-to-end encryption, ensuring your data remains confidential. Experience seamless registration and enjoy the peace of mind that comes with secure communication. Join now and connect with confidence.">
+    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'self' {{domain}}">
         <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
     <link
         href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100&family=Nunito&family=Open+Sans:ital,wght@0,300;0,400;1,300&family=Solitreo&display=swap"

diff --git a/registration/templates/registration/iframe_base.html b/registration/templates/registration/iframe_base.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+{% load static %}
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
+    <meta
+      name="description"
+      content="PrivatePing - Discover unparalleled privacy with our secure web messaging app. Enjoy end-to-end encryption, automatic message deletion on refresh, key rotation with each login, and anonymous login options. Chat securely and anonymously with peace of mind."
+    />
+    <script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
+    <link
+      href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100&family=Nunito&family=Open+Sans:ital,wght@0,300;0,400;1,300&family=Solitreo&display=swap"
+      rel="stylesheet"
+    />
+    <link rel="stylesheet" href="{% static 'css/registration/registration_home.css' %}" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+
+    <!--define favicon for all devices-->
+    <link rel="apple-touch-icon" sizes="180x180" href="{% static 'images/favicons/apple-touch-icon.png' %}" />
+    <link rel="icon" type="image/png" sizes="32x32" href="{% static 'images/favicons/favicon-32x32.png' %}" />
+    <link rel="icon" type="image/png" sizes="16x16" href="{% static 'images/favicons/favicon-16x16.png' %}" />
+
+    <!--define favicon for android chrome-->
+    <link rel="icon" type="image/png" sizes="192x192" href="{% static 'images/favicons/android-chrome-192x192.png' %}" />
+    <link rel="icon" type="image/png" sizes="512x512" href="{% static 'images/favicons/android-chrome-512x512.png' %}" />
+
+    <!--define favicon general-->
+    <link rel="icon" href="{% static 'images/favicons/favicon.ico' %}" />
+
+    <title>PrivatePing: A secure messaging Application</title>
+    </head>
+    <body>
+        <!--iframe whole page so that page can be reload without refresh-->
+        <iframe id="baseiframe" src="{% url 'registration:home' %}" frameborder="0" style="width: 100%; height: 100%; position: absolute; top: 0; left: 0; right: 0; bottom: 0;"></iframe>
+    </body>
+</html>
diff --git a/registration/urls.py b/registration/urls.py
@@ -5,7 +5,8 @@
 app_name = "registration"
 
 urlpatterns = [
-    path("", views.Home, name="home"),
+    path("", views.Base, name="base"),
+    path("home", views.Home, name="home"),
     path("humans.txt", TemplateView.as_view(template_name="registration/humans.txt", content_type="text/plain")),
     path("robots.txt", TemplateView.as_view(template_name="registration/robots.txt", content_type="text/plain")),
     path("signup/", views.Signup, name="register"),