xftp-web: use XFTP server domain in share link, verify on download (#1732)

* xftp-web: use XFTP server domain in share link, verify on download

Use a random XFTP server host from the file description as the link
origin instead of the current page domain. On download, verify
that the hosting domain matches one of the servers in the description.

* xftp-web: use first description server as link origin

* xftp-web: show wrong server error in download UI instead of blank page

Author: shumvgolove

xftp-web/src/protocol/address.ts

@@ -52,3 +52,23 @@ export function parseXFTPServer(address: string): XFTPServer {
 export function formatXFTPServer(srv: XFTPServer): string {
   return "xftp://" + base64urlEncode(srv.keyHash) + "@" + srv.host + ":" + srv.port
 }
+
+// Extract unique XFTP servers referenced in a file description's chunk replicas.
+export function getDescriptionServers(fd: {chunks: {replicas: {server: string}[]}[]}): XFTPServer[] {
+  const seen = new Set<string>()
+  const servers: XFTPServer[] = []
+  for (const chunk of fd.chunks) {
+    for (const replica of chunk.replicas) {
+      if (!seen.has(replica.server)) {
+        seen.add(replica.server)
+        servers.push(parseXFTPServer(replica.server))
+      }
+    }
+  }
+  return servers
+}
+
+// Build an HTTPS origin from an XFTP server address.
+export function serverOrigin(server: XFTPServer): string {
+  return server.port === "443" ? `https://${server.host}` : `https://${server.host}:${server.port}`
+}

xftp-web/web/download.ts

@@ -5,6 +5,7 @@ import {
   newXFTPAgent, closeXFTPAgent,
   decodeDescriptionURI, downloadFileRaw
 } from '../src/agent.js'
+import {getDescriptionServers} from '../src/protocol/address.js'
 import {XFTPPermanentError} from '../src/client.js'
 
 const DECRYPT_WEIGHT = 0.15
@@ -20,6 +21,8 @@ export function initDownload(app: HTMLElement, hash: string) {
     return
   }
 
+  const wrongServer = !getDescriptionServers(fd).map(s => s.host).includes(window.location.hostname)
+
   const size = fd.redirect ? fd.redirect.size : fd.size
   app.innerHTML = `
     <div class="card">
@@ -62,6 +65,11 @@ export function initDownload(app: HTMLElement, hash: string) {
     showStage(errorStage)
   }
 
+  if (wrongServer) {
+    readyStage.innerHTML = `<p class="error">${t('wrongServer', 'This file is not hosted on this server.')}</p>`
+    return
+  }
+
   dlBtn.addEventListener('click', startDownload)
   retryBtn.addEventListener('click', () => showStage(readyStage))
 

xftp-web/web/upload.ts

@@ -6,6 +6,7 @@ import {
   newXFTPAgent, closeXFTPAgent, uploadFile, encodeDescriptionURI,
   type EncryptedFileMetadata
 } from '../src/agent.js'
+import {getDescriptionServers, serverOrigin} from '../src/protocol/address.js'
 import {XFTPPermanentError} from '../src/client.js'
 
 const MAX_SIZE = 100 * 1024 * 1024
@@ -170,7 +171,11 @@ export function initUpload(app: HTMLElement) {
       })
       if (aborted) return
 
-      const url = window.location.origin + window.location.pathname + '#' + result.uri
+      const descServers = getDescriptionServers(result.rcvDescription)
+      const origin = descServers.length > 0
+        ? serverOrigin(descServers[0])
+        : window.location.origin
+      const url = origin + window.location.pathname + '#' + result.uri
       shareLink.value = url
       showStage(completeStage)
       app.dispatchEvent(new CustomEvent('xftp:upload-complete', {detail: {url}, bubbles: true}))