Commit a0d46ff1 authored by Arnolds's avatar Arnolds
Browse files

Improved decryption logic: refactored UI behavior for passphrases, ensured... 

Improved decryption logic: refactored UI behavior for passphrases, ensured fallback error messaging, and added button state handling.
parent 87307975

index.php

+57 −31
Original line number Diff line number Diff line
@@ -224,53 +224,79 @@ header('X-Robots-Tag: noindex, nofollow'); 
        const id = '<?php print($_GET['id'] ?? ''); ?>';

        const passFromHash = decodeURIComponent(location.hash.slice(1));



        document.getElementById('encryptedLink').parentElement.querySelector('button').addEventListener('click', () => {

            copyToClipboard(encryptedLink);

        });



        if (id) {



            if (passFromHash) document.getElementById('decryptPassphrase').value = passFromHash;

        document.getElementById('encryptedLink')

            .parentElement

            .querySelector('button')

            .addEventListener('click', () => copyToClipboard(encryptedLink));



            let result;



            (async function () {

                const response = await fetch(`/secret-api.php?id=${encodeURIComponent(id)}`);

                result = await response.json();



                if (!response.ok || !result.secret) {

        if (!id) {

            closeMainSections();

                    openMainSection('errorSection')

                    errorSection.querySelector('.error-content').innerHTML = result.error || '<p class="mb-0">Oooops... noslēpums ir pazudis kā zeķe veļasmašīnā 🧦!</p>'

            openMainSection('encryptSection');

            return;

        }



        // Always show the "decrypt" UI (no existence leak)

        closeMainSections();

        openMainSection('decryptSection');



                if (!result.ok && result.encrypted) {

        // Always show passphrase input (even for unencrypted / non-existing)

        document.getElementById('passphrase-input-block').style.display = 'block';

                }



            })();

        if (passFromHash) {

            document.getElementById('decryptPassphrase').value = passFromHash;

        }



            document.getElementById('decryptBtn').addEventListener('click', async () => {

        const decryptBtn = document.getElementById('decryptBtn');

        decryptBtn.addEventListener('click', async () => {

            const passphrase = document.getElementById('decryptPassphrase').value.trim();

                if (result.encrypted && !passphrase) return alert('Ievadi slepeno burvju vārdu 🪄, lai atkodētu noslēpumu, citādi tur vieni ķeburi vien ir!');



            // Optional: disable button to prevent double-click races

            decryptBtn.disabled = true;



            try {

                    document.getElementById('decryptedText').value = result.encrypted ? await decryptMessage(result.secret, passphrase) : result.secret;

                // IMPORTANT: ideally this should be a POST that only "consumes" on purpose.

                const response = await fetch(`/secret-api.php?id=${encodeURIComponent(id)}`, {

                    method: 'POST',

                    headers: { 'Content-Type': 'application/json' },

                    body: JSON.stringify({ passphraseHint: !!passphrase }) // optional, backend can ignore

                });



                const result = await response.json().catch(() => ({}));



                // Generic failure (don’t reveal if id exists)

                if (!response.ok || !result || !result.secret) {

                    closeMainSections();

                    openMainSection('errorSection');

                    errorSection.querySelector('.error-content').innerHTML =

                        '<p class="mb-0">Neizdevās atvērt noslēpumu. Iespējams, tas ir beidzies vai saite nav pareiza.</p>';

                    return;

                }



                // If secret is encrypted, require passphrase

                if (result.encrypted && !passphrase) {

                    alert('Ievadi slepeno burvju vārdu 🪄, lai atkodētu noslēpumu.');

                    return;

                }



                try {

                    document.getElementById('decryptedText').value = result.encrypted

                        ? await decryptMessage(result.secret, passphrase)

                        : result.secret;

                    document.getElementById('decryptedTextContainer').style.display = 'block';

                } catch (e) {

                    alert("Nesanāca atkodēt 😬. Pārbaudi, vai neesi sajaucis burvju vārdus 🔐🧙!");

                } catch {

                    alert('Nesanāca atkodēt 😬. Pārbaudi, vai burvju vārds ir pareizs 🔐🧙!');

                }



            });

        } else {

            } catch {

                closeMainSections();

            openMainSection('encryptSection');

                openMainSection('errorSection');

                errorSection.querySelector('.error-content').innerHTML =

                    '<p class="mb-0">Kaut kas nogāja greizi. Pamēģini vēlreiz.</p>';

            } finally {

                decryptBtn.disabled = false;

            }

        });

    });

</script>

<div class="modal fade" id="infoModal" tabindex="-1" aria-labelledby="infoModalLabel" aria-hidden="true">

    <div class="modal-dialog modal-lg modal-dialog-scrollable">