made compression configurable, fixes #38

2019-06-23 19:45:40 +02:00 · 2019-06-23 19:45:40 +02:00 · c2e060d464
parent 848d3563f4
commit c2e060d464
8 changed files with 35 additions and 21 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@
  * **1.3 (not yet released)**
    * ADDED: Translation for Czech (#424)
    * ADDED: Threat modeled the application (#177)
+    * ADDED: Made compression configurable (#38)
    * CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
    * CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
    * CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@ -75,13 +75,19 @@ languageselection = false
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
 ; sha256 in HMAC for the deletion token
-zerobincompatibility = false
+; zerobincompatibility = false

-; Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS), defaults to true.
+; Enable or disable the warning message when the site is served over an insecure
+; connection (insecure HTTP instead of HTTPS), defaults to true.
 ; Secure transport methods like Tor and I2P domains are automatically whitelisted.
 ; It is **strongly discouraged** to disable this.
 ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
-httpwarning = true
+; httpwarning = true
+
+; Pick compression algorithm or disable it. Only applies to pastes/comments
+; created after changing the setting.
+; Can be set to one these values: none / zlib (default).
+; compression = zlib

 [expire]
 ; expire value that is selected per default
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -941,14 +941,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            // AES in Galois Counter Mode, keysize 256 bit,
            // authentication tag 128 bit, 10000 iterations in key derivation
            const spec = [
-                getRandomBytes(16), // initialization vector
-                getRandomBytes(8),  // salt
-                100000,             // iterations
-                256,                // key size
-                128,                // tag size
-                'aes',              // algorithm
-                'gcm',              // algorithm mode
-                'zlib'              // compression
+                getRandomBytes(16),                     // initialization vector
+                getRandomBytes(8),                      // salt
+                100000,                                 // iterations
+                256,                                    // key size
+                128,                                    // tag size
+                'aes',                                  // algorithm
+                'gcm',                                  // algorithm mode
+                $('body').data('compression') || 'zlib' // compression
            ], encodedSpec = [];
            for (let i = 0; i < spec.length; ++i) {
                encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i];
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@ -56,6 +56,7 @@ class Configuration
            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
            'zerobincompatibility'     => false,
            'httpwarning'              => true,
+            'compression'              => 'zlib',
        ),
        'expire' => array(
            'default' => '1week',
--- a/lib/Controller.php
+++ b/lib/Controller.php
@ -387,6 +387,7 @@ class Controller
        $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
        $page->assign('QRCODE', $this->_conf->getKey('qrcode'));
        $page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
+        $page->assign('COMPRESSION', $this->_conf->getKey('compression'));
        $page->draw($this->_conf->getKey('template'));
    }

--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -72,7 +72,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
@ -85,13 +85,17 @@ endif;
 		<meta name="msapplication-config" content="browserconfig.xml">
 		<meta name="theme-color" content="#ffe57e" />
 	</head>
-	<body role="document"<?php
-if ($isCpct):
-?> class="navbar-spacing"<?php
-endif;
-if ($isDark):
-?> class="dark-theme"<?php
-endif;
+	<body role="document" data-compression="<?php echo rawurlencode($COMPRESSION); ?>"<?php
+$class = array();
+if ($isCpct) {
+    $class[] = 'navbar-spacing';
+}
+if ($isDark) {
+    $class[] = 'dark-theme';
+}
+if (count($class)) {
+    echo ' class="', implode(' ', $class), '"';
+}
 ?>>
 		<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
 			<div class="modal-dialog" role="document">
--- a/tpl/page.php
+++ b/tpl/page.php
@ -50,7 +50,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
@ -63,7 +63,7 @@ endif;
 		<meta name="msapplication-config" content="browserconfig.xml">
 		<meta name="theme-color" content="#ffe57e" />
 	</head>
-	<body>
+	<body data-compression="<?php echo rawurlencode($COMPRESSION); ?>">
 		<header>
 			<div id="aboutbox">
 				<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />
--- a/tst/ViewTest.php
+++ b/tst/ViewTest.php
@ -56,6 +56,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
        $page->assign('URLSHORTENER', '');
        $page->assign('QRCODE', true);
        $page->assign('HTTPWARNING', true);
+        $page->assign('COMPRESSION', 'zlib');

        $dir = dir(PATH . 'tpl');
        while (false !== ($file = $dir->read())) {