made compression configurable, fixes #38

CHANGELOG.md

@@ -3,6 +3,7 @@
   * **1.3 (not yet released)**
     * ADDED: Translation for Czech (#424)
     * ADDED: Threat modeled the application (#177)
+    * ADDED: Made compression configurable (#38)
     * CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
     * CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
     * CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)

cfg/conf.sample.php

@@ -75,13 +75,19 @@ languageselection = false
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
 ; sha256 in HMAC for the deletion token
-zerobincompatibility = false
+; zerobincompatibility = false
 
-; Enable or disable the warning message when the site is served over an insecure connection (insecure HTTP instead of HTTPS), defaults to true.
+; Enable or disable the warning message when the site is served over an insecure
+; connection (insecure HTTP instead of HTTPS), defaults to true.
 ; Secure transport methods like Tor and I2P domains are automatically whitelisted.
 ; It is **strongly discouraged** to disable this.
 ; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
-httpwarning = true
+; httpwarning = true
+
+; Pick compression algorithm or disable it. Only applies to pastes/comments
+; created after changing the setting.
+; Can be set to one these values: none / zlib (default).
+; compression = zlib
 
 [expire]
 ; expire value that is selected per default

js/privatebin.js

@@ -941,14 +941,14 @@ jQuery.PrivateBin = (function($, RawDeflate) {
             // AES in Galois Counter Mode, keysize 256 bit,
             // authentication tag 128 bit, 10000 iterations in key derivation
             const spec = [
-                getRandomBytes(16), // initialization vector
+                getRandomBytes(16),                     // initialization vector
-                getRandomBytes(8),  // salt
+                getRandomBytes(8),                      // salt
-                100000,             // iterations
+                100000,                                 // iterations
-                256,                // key size
+                256,                                    // key size
-                128,                // tag size
+                128,                                    // tag size
-                'aes',              // algorithm
+                'aes',                                  // algorithm
-                'gcm',              // algorithm mode
+                'gcm',                                  // algorithm mode
-                'zlib'              // compression
+                $('body').data('compression') || 'zlib' // compression
             ], encodedSpec = [];
             for (let i = 0; i < spec.length; ++i) {
                 encodedSpec[i] = i < 2 ? btoa(spec[i]) : spec[i];

lib/Configuration.php

@@ -56,6 +56,7 @@ class Configuration
             'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; Referrer-Policy: \'no-referrer\'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
             'zerobincompatibility'     => false,
             'httpwarning'              => true,
+            'compression'              => 'zlib',
         ),
         'expire' => array(
             'default' => '1week',

lib/Controller.php

@@ -387,6 +387,7 @@ class Controller
         $page->assign('URLSHORTENER', $this->_conf->getKey('urlshortener'));
         $page->assign('QRCODE', $this->_conf->getKey('qrcode'));
         $page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
+        $page->assign('COMPRESSION', $this->_conf->getKey('compression'));
         $page->draw($this->_conf->getKey('template'));
     }
 

tpl/bootstrap.php

@@ -72,7 +72,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
@@ -85,13 +85,17 @@ endif;
 		<meta name="msapplication-config" content="browserconfig.xml">
 		<meta name="theme-color" content="#ffe57e" />
 	</head>
-	<body role="document"<?php
+	<body role="document" data-compression="<?php echo rawurlencode($COMPRESSION); ?>"<?php
-if ($isCpct):
+$class = array();
-?> class="navbar-spacing"<?php
+if ($isCpct) {
-endif;
+    $class[] = 'navbar-spacing';
-if ($isDark):
+}
-?> class="dark-theme"<?php
+if ($isDark) {
-endif;
+    $class[] = 'dark-theme';
+}
+if (count($class)) {
+    echo ' class="', implode(' ', $class), '"';
+}
 ?>>
 		<div id="passwordmodal" tabindex="-1" class="modal fade" role="dialog" aria-hidden="true">
 			<div class="modal-dialog" role="document">

tpl/page.php

@@ -50,7 +50,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.11.js" integrity="sha512-p7UyJuyBkhMcMgE4mDsgK0Lz70OvetLefua1oXs1OujWv9gOxh4xy8InFux7bZ4/DAZsTmO4rgVwZW9BHKaTaw==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qbbaN+vdcDPfAPXaU1pMI1MzHrjZNKRwgx/l7jE1Ma1ebJ8K7GhoKbOrqPi/xkYOrWPE94tBxvSxuvqe6czAqA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-wrACqkssPbx5b/OLzM+ZxUP8L1AmdG+aYefO4uFG8GedXxic3R4ICkWsrPL7jYbwLzzdmnmuIYc58JhCSVh28Q==" crossorigin="anonymous"></script>
 		<!--[if IE]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
 		<![endif]-->
@@ -63,7 +63,7 @@ endif;
 		<meta name="msapplication-config" content="browserconfig.xml">
 		<meta name="theme-color" content="#ffe57e" />
 	</head>
-	<body>
+	<body data-compression="<?php echo rawurlencode($COMPRESSION); ?>">
 		<header>
 			<div id="aboutbox">
 				<?php echo I18n::_('%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted <i>in the browser</i> using 256 bits AES. More information on the <a href="https://privatebin.info/">project page</a>.', I18n::_($NAME)); ?><br />

tst/ViewTest.php

@@ -56,6 +56,7 @@ class ViewTest extends PHPUnit_Framework_TestCase
         $page->assign('URLSHORTENER', '');
         $page->assign('QRCODE', true);
         $page->assign('HTTPWARNING', true);
+        $page->assign('COMPRESSION', 'zlib');
 
         $dir = dir(PATH . 'tpl');
         while (false !== ($file = $dir->read())) {