Initial (very, very raw) dev release

Author: erayd

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 100
+
+[Makefile]
+indent_style = tab

.gitignore

@@ -0,0 +1,12 @@
+/chromium
+/firefox
+/dist
+/dist-webstore
+
+/src/node_modules
+/src/css
+/src/js
+/src/*.log
+
+*.pem
+*.crx

.version

@@ -0,0 +1 @@
+0.1.0-dev

LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2019, Maxim Baz & Steve Gilberd
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Makefile

@@ -0,0 +1,96 @@
+VERSION ?= $(shell cat .version)
+
+CLEAN_FILES := chromium firefox dist dist-webstore
+CHROME := $(shell which chromium 2>/dev/null || which chromium-browser 2>/dev/null || which chrome 2>/dev/null || which google-chrome 2>/dev/null || which google-chrome-stable 2>/dev/null)
+
+#######################
+# For local development
+
+.PHONY: all
+all: extension chromium firefox
+
+.PHONY: extension
+extension:
+	$(MAKE) -C src
+
+EXTENSION_FILES := \
+	src/*.css \
+	src/*.png \
+	src/*.svg \
+	src/fonts/* \
+	src/popup/*.html \
+	src/popup/*.svg
+EXTENSION_FILES := \
+    $(wildcard $(EXTENSION_FILES)) \
+	src/css/popup.dist.css \
+	src/js/background.dist.js \
+	src/js/popup.dist.js \
+	src/js/inject.dist.js
+CHROMIUM_FILES := $(patsubst src/%,chromium/%, $(EXTENSION_FILES))
+FIREFOX_FILES  := $(patsubst src/%,firefox/%,  $(EXTENSION_FILES))
+
+.PHONY: chromium
+chromium: extension $(CHROMIUM_FILES) chromium/manifest.json
+
+$(CHROMIUM_FILES) : chromium/% : src/%
+	[ -d $(dir $@) ] || mkdir -p $(dir $@)
+	cp $< $@
+
+chromium/manifest.json : src/manifest-chromium.json
+	[ -d $(dir $@) ] || mkdir -p $(dir $@)
+	cp $< $@
+
+.PHONY: firefox
+firefox: extension $(FIREFOX_FILES) firefox/manifest.json
+
+$(FIREFOX_FILES) : firefox/% : src/%
+	[ -d $(dir $@) ] || mkdir -p $(dir $@)
+	cp $< $@
+
+firefox/manifest.json : src/manifest-firefox.json
+	[ -d $(dir $@) ] || mkdir -p $(dir $@)
+	cp $< $@
+
+#######################
+# For official releases
+
+.PHONY: clean
+clean:
+	rm -rf $(CLEAN_FILES)
+	$(MAKE) -C src clean
+
+.PHONY: crx-webstore
+crx-webstore:
+	"$(CHROME)" --disable-gpu --pack-extension=./chromium --pack-extension-key=webstore.pem
+	mv chromium.crx browserpass-otp-webstore.crx
+
+.PHONY: crx-github
+crx-github:
+	"$(CHROME)" --disable-gpu --pack-extension=./chromium --pack-extension-key=github.pem
+	mv chromium.crx browserpass-otp-github.crx
+
+.PHONY: dist
+dist: clean extension chromium firefox crx-webstore crx-github
+	mkdir -p dist
+
+	git archive -o dist/browserpass-otp-$(VERSION).tar.gz --format tar.gz --prefix=browserpass-otp-$(VERSION)/ $(VERSION)
+
+	(cd chromium && zip -r ../dist/browserpass-otp-chromium-$(VERSION).zip *)
+	(cd firefox  && zip -r ../dist/browserpass-otp-firefox-$(VERSION).zip  *)
+
+	mv browserpass-otp-webstore.crx dist/browserpass-otp-webstore-$(VERSION).crx
+	mv browserpass-otp-github.crx dist/browserpass-otp-github-$(VERSION).crx
+
+	for file in dist/*; do \
+	    gpg --detach-sign --armor "$$file"; \
+	done
+
+	mkdir -p dist-webstore
+
+	cp dist/browserpass-otp-firefox-$(VERSION).zip dist-webstore/firefox-$(VERSION).zip
+	mv dist/browserpass-otp-$(VERSION).tar.gz dist-webstore/firefox-$(VERSION)-src.tar.gz
+
+	cp -a chromium dist-webstore/
+	sed -i '/"key"/d' dist-webstore/chromium/manifest.json
+	(cd dist-webstore/chromium && zip -r ../chrome-$(VERSION).zip *)
+	rm -rf dist-webstore/chromium

package.json

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "base32-decode": "^1.0.0"
+  }
+}

src/Makefile

@@ -0,0 +1,41 @@
+BROWSERIFY := node_modules/.bin/browserify
+PRETTIER := node_modules/.bin/prettier
+LESSC := node_modules/.bin/lessc
+
+CLEAN_FILES := js
+PRETTIER_FILES := $(wildcard *.json *.js popup/*.js *.less popup/*.less *.html popup/*.html)
+
+.PHONY: all
+all: deps prettier css/popup.dist.css js/background.dist.js js/popup.dist.js js/inject.dist.js
+
+.PHONY: deps
+deps:
+	yarn install
+
+.PHONY: prettier
+prettier: $(PRETTIER) $(PRETTIER_FILES)
+	$(PRETTIER) --write $(PRETTIER_FILES)
+
+css/popup.dist.css: $(LESSC) popup/popup.less
+	[ -d css ] || mkdir -p css
+	$(LESSC) popup/popup.less css/popup.dist.css
+
+js/background.dist.js: $(BROWSERIFY) background.js
+	[ -d js ] || mkdir -p js
+	$(BROWSERIFY) -o js/background.dist.js background.js
+
+js/popup.dist.js: $(BROWSERIFY) popup/*.js
+	[ -d js ] || mkdir -p js
+	$(BROWSERIFY) -o js/popup.dist.js popup/popup.js
+
+js/inject.dist.js: $(BROWSERIFY) inject.js
+	[ -d js ] || mkdir -p js
+	$(BROWSERIFY) -o js/inject.dist.js inject.js
+
+	# Firefox requires the last command to evaluate to something serializable
+	# https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs/executeScript#Return_value
+	echo ";undefined" >> js/inject.dist.js
+
+.PHONY: clean
+clean:
+	rm -rf $(CLEAN_FILES)

src/background.js

@@ -0,0 +1,110 @@
+"use strict";
+
+require("chrome-extension-async");
+const hash = require("hash.js");
+const Authenticator = require("otplib").authenticator.Authenticator;
+
+const validSenders = [
+    "naepdomgkenhinolocfifgehidddafch",
+    "pjmbgaakjkbhpopmakjoedenlfdmcdgm",
+    "klfoddkbhleoaabpmiigbmpbjfljimgb",
+    "[email protected]"
+];
+
+// Main entry point, invoked from browserpass. No response is expected.
+chrome.runtime.onMessageExternal.addListener(function(request, sender) {
+    // reject invalid senders
+    if (!validSenders.includes(sender.id)) {
+        return;
+    }
+
+    // parse OTP object
+    if (request.otp.key === null) {
+        // this is an OTP URI, so extract the pieces
+        try {
+            let url = new URL(request.otp.data.toLowerCase());
+            let parts = url.pathname.split("/").filter(s => s.trim());
+            var otp = {
+                type: parts[0],
+                secret: url.searchParams.get("secret").toUpperCase(),
+                algorithm: url.searchParams.get("algorithm") || "sha1",
+                digits: parseInt(url.searchParams.get("digits") || "6"),
+                period: parseInt(url.searchParams.get("period") || "30")
+            };
+        } catch (e) {
+            console.log(`Unable to parse uri: ${request.otp.data}`, e);
+            return;
+        }
+    } else {
+        var otp = {
+            type: request.otp.key.toLowerCase(),
+            secret: request.otp.data.toUpperCase(),
+            algorithm: "sha1",
+            digits: 6,
+            period: 30
+        };
+    }
+
+    // fix default type
+    if (otp.type === "otp") {
+        otp.type = "totp";
+    }
+
+    // set handler
+    if (otp.type === "totp") {
+        otp.generate = makeTOTP.bind(otp);
+    } else {
+        console.log(`Unsupported OTP type: ${otp.type}`);
+    }
+
+    // generate code
+    copyToClipboard(otp.generate());
+});
+
+/**
+ * Gemerate a TOTP code
+ *
+ * @return string Generated code
+ */
+function makeTOTP() {
+    switch (this.algorithm) {
+        case "sha1":
+        case "sha256":
+        case "sha512":
+            break;
+        default:
+            throw new Error(`Unsupported TOTP algorithm: ${this.algorithm}`);
+    }
+
+    var generator = new Authenticator();
+    generator.options = {
+        crypto: {
+            createHmac: (a, k) => hash.hmac(hash[a], k)
+        },
+        algorithm: this.algorithm,
+        digits: this.digits,
+        step: this.period
+    };
+
+    return generator.generate(this.secret);
+}
+
+/**
+ * Copy text to clipboard
+ *
+ * @since 3.0.0
+ *
+ * @param string text Text to copy
+ * @return void
+ */
+function copyToClipboard(text) {
+    document.addEventListener(
+        "copy",
+        function(e) {
+            e.clipboardData.setData("text/plain", text);
+            e.preventDefault();
+        },
+        { once: true }
+    );
+    document.execCommand("copy");
+}

src/inject.js

@@ -0,0 +1,14 @@
+{
+    "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCCoXUbvVtAC6rN7QNTLIQ/ThQWBcp9TgeS0HOcpkUxOypD0fyJDMv2U3c6yuCwIqmBa+LwDncLbSyhb788N6hc4+01QWKzQa9qjpAWKHTx1erKxs8+OjbdTxJBgfKI9s9hVUuBTeNBv4PoC1pv3F2wk0HyZct63GcMCikZMMri/3/HRXTPAsT+ROxwrohsyZLSg4FptrNYPQb/7XpPS1+eHOqzNqv0Zhh6/gJSJ5gML6tKjudjnhF0pi6weKbvkIlf9g2nT/Wo8iarimJX49ENqpSuqP+BFpspoptwyIqfUmi3NQZXDOXkyg9DYQvXjU4+yrVmJs7XpzU9RdNDe9wIDAQAB",
+    "manifest_version": 2,
+    "name": "Browserpass OTP",
+    "description": "OTP extension for browserpass",
+    "version": "3.0.0",
+    "author": "Maxim Baz <[email protected]>, Steve Gilberd <[email protected]>",
+    "homepage_url": "https://github.com/browserpass/browserpass-otp",
+    "background": {
+        "persistent": true,
+        "scripts": ["js/background.dist.js"]
+    },
+    "permissions": ["clipboardWrite"]
+}