Session uuids managed by server

package.json

@@ -30,7 +30,8 @@
   "bin" : "./server.js",
   "dependencies": {
     "node-static": "~0.7.9",
-    "socket.io": "~1.7.2"
+    "socket.io": "~1.7.2",
+    "uuid": "*"
   },
   "os": [
     "darwin",

public/css/default.css

@@ -29,6 +29,21 @@ body, html {
 .info 		{ color: #99FFFF; }
 .neutral	{ color: #eeeeee; }
 
+/*------------------------------------*\
+	PARTICIPANTS
+\*------------------------------------*/
+#participants {
+	right: 0;
+	top: 0;
+	bottom: 0;
+	width: 200px;
+	position: absolute;
+	padding:0;
+	margin:0;
+	background-color: #282A2D;
+}
+
+
 /*------------------------------------*\
 	CHAT
 \*------------------------------------*/
@@ -70,7 +85,7 @@ body, html {
 	INPUT & LOADER
 \*------------------------------------*/
 #input_wrapper {
-	right:0;
+	right:200px;
 	bottom:0;
 	left:0;
 	position: absolute;

public/index.html

@@ -18,22 +18,28 @@
 		<li>SRV> Booting ...</li>
 	</ul>
 
+	<!-- Participants -->
+	<div id="participants">
+		hey
+	</div>
+
 	<!-- Message input -->
-	<div id="input_wrapper" class="loading">
+		<div id="input_wrapper" class="loading">
 		<div id="loader"><span>|</span></div>
+		<span class="current">Yo</span>
 		<input type="text" id="input" />
 	</div>
 
 	<!-- 
 		Production JS
-	-->
-		<script src="js/cryptalk.min.js"></script>
 	
+		<script src="js/cryptalk.min.js"></script>
+	-->
 	<!-- 
 		Development JS
-	
-		<script src="js/lib/main.js"></script>
 	-->
+		<script src="js/lib/main.js"></script>
+	
 	
 </body>
 </html>

public/js/lib/console.js

@@ -106,7 +106,7 @@ define(['$', 'castrato', 'settings', 'templates', 'sounds', 'room', 'notificatio
 			},
 
 			message: function (data) {
-				commands.post('message', data.message, data.nick);
+				commands.post('message', data.message, '[' + data.uuid.substring(0,8) + '] ' + data.nick);
 			},
 
 			clearInput: function () {  
@@ -188,16 +188,22 @@ define(['$', 'castrato', 'settings', 'templates', 'sounds', 'room', 'notificatio
 					return (!parameters.room) ? commands.post('error', templates.messages.msg_no_room) : commands.post('error', templates.messages.msg_no_key);
 				}
 
-				// Before sending the message.
-				// Encrypt message using room UUID as salt and key as pepper.
+				var plainData = {
+						msg: buffer,
+						nick: parameters.nick ? parameters.nick : false
+					},
+
+					encData = $.AES.encrypt(JSON.stringify(plainData), parameters.room + parameters.key).toString(),
+
+					hashRoom = $.SHA1(parameters.room);
+
 				mediator.emit(
 					'socket:emit',
 					{ 
 						data: 'message:send', 
 						payload: {
-							room: $.SHA1(parameters.room),
-							msg: $.AES.encrypt(buffer, $.SHA1(parameters.room) + parameters.key).toString(),
-							nick: parameters.nick ? $.AES.encrypt(parameters.nick, $.SHA1(parameters.room) + parameters.key).toString() : false
+							room: hashRoom,
+							data: encData
 						}
 					}
 				);

public/js/lib/host.js

@@ -146,14 +146,19 @@ define(['$', 'castrato','settings','templates','hosts','window'], function ($, m
 				})
 
 				.on('message:send', function (data) {
-					var decrypted = $.AES.decrypt(data.msg, $.SHA1(parameters.room) + parameters.key),
-						sanitized = $.escapeHtml(decrypted),
-						nick = 		!data.nick ? templates.default_nick : $.escapeHtml($.AES.decrypt(data.nick, $.SHA1(parameters.room) + parameters.key));
-
-					if (!decrypted) {
+					// Do not trust incoming data
+					try {
+						var plain = $.AES.decrypt(data.data, parameters.room + parameters.key),
+							plainObj = JSON.parse(plain),
+							sanitized = $.escapeHtml(plainObj.msg),
+							nick = 		!plainObj.nick ? templates.default_nick : plainObj.nick;
+						if (!plain) {
+							mediator.emit('console:error', templates.messages.unable_to_decrypt);
+						} else {
+							mediator.emit('console:message', { message: sanitized, nick: nick, uuid: data.uuid } );
+						}
+					} catch (e) {
 						mediator.emit('console:error', templates.messages.unable_to_decrypt);
-					} else {
-						mediator.emit('console:message', { message: sanitized, nick: nick } );
 					}
 				})
 

server.js

@@ -3,7 +3,8 @@
 const
 	files = require('node-static'),
 	port = process.env.PORT || 8080,
-	path = require('path');
+	path = require('path'),
+	uuid = require('uuid');
 
 var
 	file,
@@ -28,6 +29,8 @@ server.listen(port, function(){
 
 io.on('connection', function(socket) {
 
+	socket.uuid = uuid();
+
 	socket.on('room:join', function(req) {
 		if( req ) {
 			socket.emit('room:joined',req);
@@ -65,14 +68,14 @@ io.on('connection', function(socket) {
 		if(req && req.room) {
 
 			// Check that the message size is within bounds
-			var total_msg_size = (req.msg) ? req.msg.length : 0 + (req.nick) ? req.nick.length : 0;
+			var total_msg_size = (req.data) ? req.data.length : 0;
 			if( total_msg_size <= 4096) {
 
 				// Check that at least 100ms has passed since last message
 				if( socket.last_message === undefined || new Date().getTime() - socket.last_message > 100 ) {
 
-					socket.broadcast.to(req.room).emit('message:send', { msg: req.msg, nick: req.nick} );
-					socket.emit('message:send', { msg: req.msg, nick: req.nick} );
+					socket.broadcast.to(req.room).emit('message:send', { data: req.data, uuid: socket.uuid } );
+					socket.emit('message:send', { data: req.data, uuid: socket.uuid } );
 
 					socket.last_message = new Date().getTime();