Merge remote-tracking branch 'refs/remotes/origin/master'

Author: muke1908

backend/api/messaging/index.ts

@@ -66,9 +66,14 @@ router.post(
     if (!valid) {
       return res.sendStatus(404);
     }
-    const existing = await db.findOneFromDB({ channel, user: sender }, PUBLIC_KEY_COLLECTION);
+    const existing = await db.findOneFromDB<{ aesKey: string | null }>({ channel, user: sender }, PUBLIC_KEY_COLLECTION);
     if (existing) {
-      return res.status(409).send({ error: "Key already registered for this session" });
+      if (existing.aesKey) {
+        return res.status(409).send({ error: "Key already registered for this session" });
+      }
+      // First call registered publicKey with aesKey: null; this call adds the encrypted AES key
+      await db.updateOneFromDb({ channel, user: sender }, { aesKey }, PUBLIC_KEY_COLLECTION);
+      return res.send({ status: "ok" });
     }
     await db.insertInDb({ aesKey, publicKey, user: sender, channel }, PUBLIC_KEY_COLLECTION);
     return res.send({ status: "ok" });

client/app.ts

@@ -41,6 +41,27 @@ const callStatusText = document.getElementById('call-status')!;
 const endCallBtn = document.getElementById('end-call-btn') as HTMLButtonElement;
 const callDuration = document.getElementById('call-duration')!;
 
+// Audio notification
+function playBeep() {
+    try {
+        const AudioContextClass = window.AudioContext || (window as any).webkitAudioContext;
+        if (!AudioContextClass) return;
+        const ctx = new AudioContextClass();
+        const oscillator = ctx.createOscillator();
+        const gainNode = ctx.createGain();
+        oscillator.connect(gainNode);
+        gainNode.connect(ctx.destination);
+        oscillator.type = 'sine';
+        oscillator.frequency.setValueAtTime(880, ctx.currentTime);
+        gainNode.gain.setValueAtTime(0.3, ctx.currentTime);
+        gainNode.gain.linearRampToValueAtTime(0, ctx.currentTime + 0.4);
+        oscillator.start(ctx.currentTime);
+        oscillator.stop(ctx.currentTime + 0.4);
+    } catch (err) {
+        console.warn('Audio notification not available:', err);
+    }
+}
+
 // Initialize Chat
 async function initChat() {
     try {
@@ -120,6 +141,7 @@ async function checkExistingUsers() {
     try {
         const users = await chat.getUsersInChannel();
         if (users && users.length > 1) {
+            playBeep();
             chatHeader.classList.add('active');
             participantInfo.textContent = 'Peer is already here. Communication is encrypted.';
         }
@@ -181,6 +203,7 @@ joinBtn.addEventListener('click', async () => {
 
 function setupChatListeners() {
     chat.on('on-alice-join', () => {
+        playBeep();
         chatHeader.classList.add('active');
         participantInfo.textContent = 'Peer joined. Communication is encrypted.';
     });

service/build.js

@@ -18,9 +18,6 @@ async function build() {
         minify: isProduction,
         logLevel: 'info',
         metafile: true,
-        define: {
-            'process.env.CHATE2EE_API_URL': JSON.stringify(process.env.CHATE2EE_API_URL) || 'undefined',
-        },
     };
 
     if (watch) {

service/src/crypto.test.ts

@@ -124,3 +124,62 @@ describe('AesGcmEncryption (AES-GCM) – real Web Crypto', () => {
         );
     });
 });
+
+// ---------------------------------------------------------------------------
+// AES key exchange via RSA-encrypted channel
+// ---------------------------------------------------------------------------
+describe('AES key exchange via RSA-encrypted channel', () => {
+    it('AES key exported by sender can be RSA-encrypted and decrypted by receiver, enabling symmetric decryption', async () => {
+        // Simulate Bob (receiver): generate an RSA key pair
+        const { publicKey: bobPublicKey, privateKey: bobPrivateKey } = await cryptoUtils.generateKeypairs();
+
+        // Simulate Alice (sender): generate an AES key
+        const aliceAes = new AesGcmEncryption();
+        await aliceAes.int();
+
+        // Alice exports her AES key as a JWK string (this is what getRawAesKeyToExport returns)
+        const aesKeyJwk = await aliceAes.getRawAesKeyToExport();
+
+        // Alice encrypts the AES key with Bob's RSA public key before sending it to the server
+        const encryptedAesKey = await cryptoUtils.encryptMessage(aesKeyJwk, bobPublicKey);
+        expect(typeof encryptedAesKey).toBe('string');
+        expect(encryptedAesKey).not.toBe(aesKeyJwk); // must be ciphertext, not plaintext
+
+        // Bob decrypts the AES key using his RSA private key
+        const decryptedAesKeyJwk = await cryptoUtils.decryptMessage(encryptedAesKey, bobPrivateKey);
+        expect(decryptedAesKeyJwk).toBe(aesKeyJwk); // recovered plaintext must match original
+
+        // Bob sets the decrypted AES key as his remote key
+        const bobAes = new AesGcmEncryption();
+        await bobAes.setRemoteAesKey(decryptedAesKeyJwk);
+
+        // Alice encrypts some data with her local AES key
+        const originalText = 'Secret message over AES-GCM 🔐';
+        const { encryptedData, iv } = await aliceAes.encryptData(
+            new TextEncoder().encode(originalText).buffer
+        );
+
+        // Bob decrypts the data using the AES key he received through the RSA-encrypted channel
+        const decryptedBuffer = await bobAes.decryptData(encryptedData, iv);
+        const decryptedText = new TextDecoder().decode(decryptedBuffer);
+
+        expect(decryptedText).toBe(originalText);
+    });
+
+    it('a third party cannot decrypt the AES key without the receiver private key', async () => {
+        const { publicKey: bobPublicKey } = await cryptoUtils.generateKeypairs();
+        const { privateKey: evePrivateKey } = await cryptoUtils.generateKeypairs(); // attacker's key
+
+        const aliceAes = new AesGcmEncryption();
+        await aliceAes.int();
+        const aesKeyJwk = await aliceAes.getRawAesKeyToExport();
+
+        // Alice encrypts AES key with Bob's public key
+        const encryptedAesKey = await cryptoUtils.encryptMessage(aesKeyJwk, bobPublicKey);
+
+        // Eve (third party) tries to decrypt with her own private key and fails
+        await expect(
+            cryptoUtils.decryptMessage(encryptedAesKey, evePrivateKey)
+        ).rejects.toThrow();
+    });
+});

service/src/cryptoAES.ts

@@ -26,12 +26,6 @@ export class AesGcmEncryption {
         return this.aesKeyRemote;
     }
 
-    /**
-     * To Do: 
-     * this key is plain text, can be used to decrypt data.
-     * Should not be transmitted over network.
-     * Use cryptoUtils to encrypt the key and exchange.
-     */
     public async getRawAesKeyToExport(): Promise<string> {
         if (!this.aesKeyLocal) {
             throw new Error('AES key not generated');