-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.js
More file actions
88 lines (82 loc) · 2.87 KB
/
index.js
File metadata and controls
88 lines (82 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import { bundleIsolatedWebApp, WebBundleId } from "./wbn-bundle.js";
import { readFileSync, writeFileSync } from "node:fs";
import { webcrypto } from "node:crypto";
import * as path from "node:path";
// For Deno
globalThis.Buffer ??= (await import("node:buffer")).Buffer;
const algorithm = { name: "Ed25519" };
const decoder = new TextDecoder();
const controller = readFileSync("./direct-sockets/direct-socket-controller.js");
const script = readFileSync("./assets/script.js");
const privateKey = readFileSync("./privateKey.json");
const publicKey = readFileSync("./publicKey.json");
// https://github.com/tQsW/webcrypto-curve25519/blob/master/explainer.md
const cryptoKey = {
privateKey: await webcrypto.subtle.importKey(
"jwk",
JSON.parse(decoder.decode(privateKey)),
algorithm.name,
true,
["sign"],
),
publicKey: await webcrypto.subtle.importKey(
"jwk",
JSON.parse(decoder.decode(publicKey)),
algorithm.name,
true,
["verify"],
),
};
const webBundleId = await new WebBundleId(
cryptoKey.publicKey,
).serialize();
const isolatedWebAppURL = await new WebBundleId(
cryptoKey.publicKey,
).serializeWithIsolatedWebAppOrigin();
writeFileSync(
"./direct-sockets/direct-socket-controller.js",
decoder.decode(controller).replace(
"IWA_URL",
`isolated-app://${new URL(isolatedWebAppURL).hostname}`
)
);
writeFileSync(
"./assets/script.js",
decoder.decode(script).replace(
/USER_AGENT\s=\s"?.+"/g,
`USER_AGENT = "Built with ${navigator.userAgent}"`,
),
);
const { fileName, source, baseURL } = await bundleIsolatedWebApp({
baseURL: isolatedWebAppURL,
static: { dir: "assets" },
formatVersion: "b2",
output: "signed.swbn",
integrityBlockSign: {
webBundleId,
isIwa: true,
// https://github.com/GoogleChromeLabs/webbundle-plugins/blob/d251f6efbdb41cf8d37b9b7c696fd5c795cdc231/packages/rollup-plugin-webbundle/test/test.js#L408
// wbn-sign/lib/signers/node-crypto-signing-strategy.js
strategies: [new (class CustomSigningStrategy {
async sign(data) {
return new Uint8Array(
await webcrypto.subtle.sign(algorithm, cryptoKey.privateKey, data),
);
}
async getPublicKey() {
return cryptoKey.publicKey;
}
})()],
},
headerOverride: {
"cross-origin-embedder-policy": "require-corp",
"cross-origin-opener-policy": "same-origin",
"cross-origin-resource-policy": "same-origin",
"content-security-policy":
"base-uri 'none'; default-src 'self'; object-src 'none'; frame-src 'self' https: blob: data:; connect-src 'self' https: wss:; script-src 'self' 'wasm-unsafe-eval'; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; font-src 'self' blob: data:; style-src 'self' 'unsafe-inline'; require-trusted-types-for 'script';",
},
});
writeFileSync(fileName, source);
console.log(`${baseURL}
${fileName}
${source.byteLength} bytes`);