Postmessage nonce security, Follow username mentions, Follow button displays avalible signups on first press

content.json

@@ -1,144 +1,161 @@
 {
- "address": "1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8", 
- "background-color": "white", 
- "cloneable": true, 
- "description": "Blogging platform Demo", 
- "domain": "Blog.ZeroNetwork.bit", 
+ "address": "1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8",
+ "background-color": "white",
+ "cloneable": true,
+ "description": "Blogging platform Demo",
+ "domain": "Blog.ZeroNetwork.bit",
  "files": {
   "css/all.css": {
-   "sha512": "14db0f16dbaf910888666b2936cbd42fd5bb2c81dcf37c72d6127f45bd5de1d1", 
-   "size": 121643
-  }, 
+   "sha512": "925dc5974f267939c38490ae2bada5677789e8482f5320fe2d9c252d1c62c79a",
+   "size": 127369
+  },
   "data-default/data.json": {
-   "sha512": "aff6accbac7e950ff567105666ddf29b70ca7c2dcd9d90f9a969509a42a9b195", 
+   "sha512": "aff6accbac7e950ff567105666ddf29b70ca7c2dcd9d90f9a969509a42a9b195",
    "size": 352
-  }, 
+  },
   "data-default/users/content-default.json": {
-   "sha512": "0603ce08f7abb92b3840ad0cf40e95ea0b3ed3511b31524d4d70e88adba83daa", 
+   "sha512": "0603ce08f7abb92b3840ad0cf40e95ea0b3ed3511b31524d4d70e88adba83daa",
    "size": 679
-  }, 
+  },
   "data/data.json": {
-   "sha512": "615fbd9b4427627528d1c5cf8fc9041991192b3f5bd51c71eec9c36410d6fa97", 
-   "size": 60327
-  }, 
+   "sha512": "8f3a8284e4d51633a56bbbca4c5e2607925a21a09734fc412178c8b32a5e2cbf",
+   "size": 73658
+  },
+  "data/files/ZeroFrame.coffee": {
+   "sha512": "96a11e88429e2fa26c47f5d24bf52d030d506f1dfecb2a4e2c5e034cc5d07e31",
+   "size": 1335
+  },
   "data/img/autoupdate.png": {
-   "sha512": "d2b4dc8e0da2861ea051c0c13490a4eccf8933d77383a5b43de447c49d816e71", 
+   "sha512": "d2b4dc8e0da2861ea051c0c13490a4eccf8933d77383a5b43de447c49d816e71",
    "size": 24460
-  }, 
+  },
   "data/img/clone.png": {
-   "sha512": "b60362ebb7744cd3fe07d25e2f29df246cb359da7f613ba8612649593f28d74e", 
+   "sha512": "b60362ebb7744cd3fe07d25e2f29df246cb359da7f613ba8612649593f28d74e",
    "size": 4547
-  }, 
+  },
   "data/img/direct_domains.png": {
-   "sha512": "5f14b30c1852735ab329b22496b1e2ea751cb04704789443ad73a70587c59719", 
+   "sha512": "5f14b30c1852735ab329b22496b1e2ea751cb04704789443ad73a70587c59719",
    "size": 16185
-  }, 
+  },
   "data/img/domain.png": {
-   "sha512": "ce87e0831f4d1e95a95d7120ca4d33f8273c6fce9f5bbedf7209396ea0b57b6a", 
+   "sha512": "ce87e0831f4d1e95a95d7120ca4d33f8273c6fce9f5bbedf7209396ea0b57b6a",
    "size": 11881
-  }, 
+  },
   "data/img/memory.png": {
-   "sha512": "dd56515085b4a79b5809716f76f267ec3a204be3ee0d215591a77bf0f390fa4e", 
+   "sha512": "dd56515085b4a79b5809716f76f267ec3a204be3ee0d215591a77bf0f390fa4e",
    "size": 12775
-  }, 
+  },
   "data/img/multiuser.png": {
-   "sha512": "88e3f795f9b86583640867897de6efc14e1aa42f93e848ed1645213e6cc210c6", 
+   "sha512": "88e3f795f9b86583640867897de6efc14e1aa42f93e848ed1645213e6cc210c6",
    "size": 29480
-  }, 
+  },
   "data/img/new_zeronet_logos.png": {
-   "sha512": "a8685d5d8d9d84a83710a1316ee7b8f998f14918cef32e14217d5e45f156aa20", 
+   "sha512": "a8685d5d8d9d84a83710a1316ee7b8f998f14918cef32e14217d5e45f156aa20",
    "size": 59816
-  }, 
+  },
+  "data/img/optional.png": {
+   "sha512": "84df27a2ee59f18bc646ed4e6610a6ca7569fad2e85198ba9aa278a3258f35c3",
+   "size": 104799
+  },
   "data/img/progressbar.png": {
-   "sha512": "23d592ae386ce14158cec34d32a3556771725e331c14d5a4905c59e0fe980ebf", 
+   "sha512": "23d592ae386ce14158cec34d32a3556771725e331c14d5a4905c59e0fe980ebf",
    "size": 13294
-  }, 
+  },
   "data/img/sidebar.png": {
-   "sha512": "e5fdafcc7226f830eb27a1296236aa985625e27480e6829660db978ceae0bba9", 
+   "sha512": "e5fdafcc7226f830eb27a1296236aa985625e27480e6829660db978ceae0bba9",
    "size": 98641
-  }, 
+  },
   "data/img/slides.png": {
-   "sha512": "1933db3b90ab93465befa1bd0843babe38173975e306286e08151be9992f767e", 
+   "sha512": "1933db3b90ab93465befa1bd0843babe38173975e306286e08151be9992f767e",
    "size": 14439
-  }, 
+  },
   "data/img/slots_memory.png": {
-   "sha512": "82a250e6da909d7f66341e5b5c443353958f86728cd3f06e988b6441e6847c29", 
+   "sha512": "82a250e6da909d7f66341e5b5c443353958f86728cd3f06e988b6441e6847c29",
    "size": 9488
-  }, 
+  },
   "data/img/trayicon.png": {
-   "sha512": "e7ae65bf280f13fb7175c1293dad7d18f1fcb186ebc9e1e33850cdaccb897b8f", 
+   "sha512": "e7ae65bf280f13fb7175c1293dad7d18f1fcb186ebc9e1e33850cdaccb897b8f",
    "size": 19040
-  }, 
+  },
   "data/img/tutorial-1.png": {
-   "sha512": "885d322f4e189775cbacb6e7d4f9ee89554d5709077e3777f0d382b0e9d315f1", 
+   "sha512": "885d322f4e189775cbacb6e7d4f9ee89554d5709077e3777f0d382b0e9d315f1",
    "size": 18729
-  }, 
+  },
   "data/img/uipassword.png": {
-   "sha512": "2f7ddb406cb318da51c36dc4e30e79aca17ef6730b9ba1fa5a9768127d3d0f02", 
+   "sha512": "2f7ddb406cb318da51c36dc4e30e79aca17ef6730b9ba1fa5a9768127d3d0f02",
    "size": 5383
-  }, 
+  },
+  "data/img/xmas_tree.jpg": {
+   "sha512": "fec017f87867f43d0f2b98e0b275b59a1997746e6cae9d322c551d7ab357488c",
+   "size": 43706
+  },
   "data/img/zeroblog-comments.png": {
-   "sha512": "efe4e815a260e555303e5c49e550a689d27a8361f64667bd4a91dbcccb83d2b4", 
+   "sha512": "efe4e815a260e555303e5c49e550a689d27a8361f64667bd4a91dbcccb83d2b4",
    "size": 24001
-  }, 
+  },
   "data/img/zeroid.png": {
-   "sha512": "b46d541a9e51ba2ddc8a49955b7debbc3b45fd13467d3c20ef104e9d938d052b", 
+   "sha512": "b46d541a9e51ba2ddc8a49955b7debbc3b45fd13467d3c20ef104e9d938d052b",
    "size": 18875
-  }, 
+  },
+  "data/img/zeromail.png": {
+   "sha512": "f2ced47d30bbf76549ae990b63dab00f3764ad48b6085464b122b108f31da368",
+   "size": 34638
+  },
   "data/img/zeroname.png": {
-   "sha512": "bab45a1bb2087b64e4f69f756b2ffa5ad39b7fdc48c83609cdde44028a7a155d", 
+   "sha512": "bab45a1bb2087b64e4f69f756b2ffa5ad39b7fdc48c83609cdde44028a7a155d",
    "size": 36031
-  }, 
+  },
   "data/img/zerotalk-mark.png": {
-   "sha512": "a335b2fedeb8d291ca68d3091f567c180628e80f41de4331a5feb19601d078af", 
+   "sha512": "a335b2fedeb8d291ca68d3091f567c180628e80f41de4331a5feb19601d078af",
    "size": 44862
-  }, 
+  },
   "data/img/zerotalk-upvote.png": {
-   "sha512": "b1ffd7f948b4f99248dde7efe256c2efdfd997f7e876fb9734f986ef2b561732", 
+   "sha512": "b1ffd7f948b4f99248dde7efe256c2efdfd997f7e876fb9734f986ef2b561732",
    "size": 41092
-  }, 
+  },
   "data/img/zerotalk.png": {
-   "sha512": "54d10497a1ffca9a4780092fd1bd158c15f639856d654d2eb33a42f9d8e33cd8", 
+   "sha512": "54d10497a1ffca9a4780092fd1bd158c15f639856d654d2eb33a42f9d8e33cd8",
    "size": 26606
-  }, 
+  },
   "data/pdf/zeronet_presentation.pdf": {
-   "sha512": "556d7294d964badd0fa6191984a0525f70c8821ec6473c7487684259e88f688a", 
+   "sha512": "556d7294d964badd0fa6191984a0525f70c8821ec6473c7487684259e88f688a",
    "size": 477911
-  }, 
+  },
   "dbschema.json": {
-   "sha512": "b387d0a1f93c159d0c89534e1c08115355b3b65262ab85ff79ec65768a514bde", 
+   "sha512": "b387d0a1f93c159d0c89534e1c08115355b3b65262ab85ff79ec65768a514bde",
    "size": 1924
-  }, 
+  },
   "img/loading.gif": {
-   "sha512": "8a42b98962faea74618113166886be488c09dad10ca47fe97005edc5fb40cc00", 
+   "sha512": "8a42b98962faea74618113166886be488c09dad10ca47fe97005edc5fb40cc00",
    "size": 723
-  }, 
+  },
   "index.html": {
-   "sha512": "ae881f5a52b36faac97fa06ac140a3a85e5fb9494482cc48de0405c6a890f9b8", 
-   "size": 5901
-  }, 
+   "sha512": "59331ccbe89d293a8209d61aea1c1a87e483d517df3a3331a146274138a3d461",
+   "size": 6210
+  },
   "js/all.js": {
-   "sha512": "f809256e3ab91c4bdd76c60e6cbaa469afeeee30cc18a56af1f03f6048aa26a5", 
-   "size": 210450
+   "sha512": "afd397f939dd5572b8b060f7601e6a727ccf673f439050aaf83081c7d6827b04",
+   "size": 219924
   }
- }, 
- "ignore": "((js|css)/(?!all.(js|css))|data/.*db|data/users/.*/.*)", 
+ },
+ "ignore": "((js|css)/(?!all.(js|css))|data/.*db|data/users/.*/.*)",
  "includes": {
   "data/users/content.json": {
-   "signers": [], 
+   "signers": [],
    "signers_required": 1
   }
- }, 
- "modified": 1446775276.26, 
+ },
+ "postmessage_nonce_security": true,
+ "modified": 1454871785.45,
  "sign": [
-  57991881946952167454322340555223230381605467895626737690363212960004734314484, 
-  49307891265351103514194691191925165083176262395509091042088174280588230507122
- ], 
- "signers_sign": "G7W/oNvczE5nPTFYVOqv8+GOpQd23LS/Dc1Q6xQ1NRDDHlYzmoSE63UQ7Za05kD0rwIYXbuUSr8z8p6RhZmnUs8=", 
+  53523412265427659660002592635772655067131373145368568573632488247121248785089,
+  101255384476047707765244829076483505851690344946361674232933275211895120676214
+ ],
+ "signers_sign": "G7W/oNvczE5nPTFYVOqv8+GOpQd23LS/Dc1Q6xQ1NRDDHlYzmoSE63UQ7Za05kD0rwIYXbuUSr8z8p6RhZmnUs8=",
  "signs": {
-  "1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8": "G507Q9Vv1Nks2M/27cUbms2vIkA1hB0i76jhslJSw8t5Rpst5ZRxFX61iCRymkIr+rgti/Zo/kUZKSNw+CvQXqA="
- }, 
- "signs_required": 1, 
- "title": "ZeroBlog", 
- "zeronet_version": "0.3.2"
+  "1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8": "G0xZKJ7DgmgzJN8sFphi5TxLkn07pZsj8Bq9AQzlTeQf/7GVkojwYLy62riA/xr4L/PHsCDppOtHVcPJC9Pk9UY="
+ },
+ "signs_required": 1,
+ "title": "ZeroBlog",
+ "zeronet_version": "0.3.6"
 }

css/Comments.css

@@ -9,7 +9,7 @@
 .comment .reply:hover .icon { opacity: 1 }
 .comment .info { font-size: 12px; color: #AAA; margin-bottom: 7px }
 .comment .info .score { margin-left: 5px }
-.comment .comment-body { line-height: 1.5em; margin-top: 0.5em; margin-bottom: 0.5em }
+.comment .comment-body { line-height: 1.5em; margin-top: 0.5em; margin-bottom: 0.5em; word-wrap: break-word; }
 .comment .comment-body p { margin-bottom: 0px; margin-top: 0.5em; }
 .comment .comment-body p:first-child { margin: 0px; margin-top: 0px; }
 .comment .comment-body.editor { margin-top: 0.5em !important; margin-bottom: 0.5em !important }

css/ZeroBlog.css

@@ -75,7 +75,7 @@ a:hover { color: #3498db }
 /* -- Left -- */
 
 .left { float: left; position: absolute; width: 220px; padding-left: 20px; padding-right: 20px; margin-top: 60px; text-align: right }
-.right { float: left; padding-left: 60px; margin-left: 240px; max-width: 650px; padding-right: 60px; padding-top: 60px }
+.right { float: left; padding-left: 60px; margin-left: 240px; max-width: 700px; padding-right: 60px; padding-top: 60px }
 
 .left .avatar {
 	background-color: #F0F0F0; width: 60px; height: 60px; border-radius: 100%; margin-bottom: 10px;

css/all.css

@@ -14,7 +14,7 @@
 .comment .reply:hover .icon { opacity: 1 }
 .comment .info { font-size: 12px; color: #AAA; margin-bottom: 7px }
 .comment .info .score { margin-left: 5px }
-.comment .comment-body { line-height: 1.5em; margin-top: 0.5em; margin-bottom: 0.5em }
+.comment .comment-body { line-height: 1.5em; margin-top: 0.5em; margin-bottom: 0.5em; word-wrap: break-word; }
 .comment .comment-body p { margin-bottom: 0px; margin-top: 0.5em; }
 .comment .comment-body p:first-child { margin: 0px; margin-top: 0px; }
 .comment .comment-body.editor { margin-top: 0.5em !important; margin-bottom: 0.5em !important }
@@ -190,7 +190,7 @@ a:hover { color: #3498db }
 /* -- Left -- */
 
 .left { float: left; position: absolute; width: 220px; padding-left: 20px; padding-right: 20px; margin-top: 60px; text-align: right }
-.right { float: left; padding-left: 60px; margin-left: 240px; max-width: 650px; padding-right: 60px; padding-top: 60px }
+.right { float: left; padding-left: 60px; margin-left: 240px; max-width: 700px; padding-right: 60px; padding-top: 60px }
 
 .left .avatar {
 	background-color: #F0F0F0; width: 60px; height: 60px; -webkit-border-radius: 100%; -moz-border-radius: 100%; -o-border-radius: 100%; -ms-border-radius: 100%; border-radius: 100% ; margin-bottom: 10px;

js/ZeroBlog.coffee

@@ -42,7 +42,25 @@ class ZeroBlog extends ZeroFrame
 			 body AS body,
 			 '?Post:' || post_id AS url
 			FROM post", true)
-		# follow.addFeed("Username mentions", "SELECT ...", true)
+
+		if Page.site_info.cert_user_id
+			username = Page.site_info.cert_user_id.replace /@.*/, ""
+			@follow.addFeed("Username mentions", "
+				SELECT
+				'comment' AS type,
+				 date_added,
+				 post.title AS title,
+				 keyvalue.value || ': ' || comment.body AS body,
+				 '?Post:' || comment.post_id || '#Comments' AS url
+				FROM comment
+				LEFT JOIN json USING (json_id)
+				LEFT JOIN json AS json_content ON (json_content.directory = json.directory AND json_content.file_name='content.json')
+				LEFT JOIN keyvalue ON (keyvalue.json_id = json_content.json_id AND key = 'cert_user_id')
+				LEFT JOIN post ON (comment.post_id = post.post_id)
+				WHERE
+				 comment.body LIKE '%[#{username}%' OR comment.body LIKE '%@#{username}%'
+			", true)
+
 		@follow.addFeed("Comments", "
 			SELECT
 			'comment' AS type,

js/all.js

@@ -615,11 +615,20 @@
       this.follows = {};
       this.elem.on("click", (function(_this) {
         return function() {
-          if (Page.server_info.rev > 900) {
+          var is_default_feed, menu_item, param, query, title, _ref, _ref1;
+          if (Page.server_info.rev > 850) {
             if (_this.elem.hasClass("following")) {
               _this.showFeeds();
             } else {
               _this.followDefaultFeeds();
+              _ref = _this.feeds;
+              for (title in _ref) {
+                _ref1 = _ref[title], query = _ref1[0], menu_item = _ref1[1], is_default_feed = _ref1[2], param = _ref1[3];
+                if (!menu_item.hasClass("selected")) {
+                  _this.showFeeds();
+                  break;
+                }
+              }
             }
           } else {
             Page.cmd("wrapperNotification", ["info", "Please update your ZeroNet client to use this feature"]);
@@ -744,7 +753,6 @@
 }).call(this);
 
 
-
 /* ---- data/1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8/js/utils/InlineEditor.coffee ---- */
 
 
@@ -966,7 +974,7 @@
         button_pos = this.button.offset();
         this.elem.css({
           "top": button_pos.top + this.button.outerHeight(),
-          "left": button_pos.left
+          "left": button_pos.left + this.button.outerWidth() - this.elem.outerWidth()
         });
         this.button.addClass("menu-active");
         this.elem.addClass("visible");
@@ -1021,6 +1029,7 @@
 }).call(this);
 
 
+
 /* ---- data/1BLogC9LN4oPDcruNz3qo1ysa133E9AGg8/js/utils/RateLimit.coffee ---- */
 
 
@@ -1231,6 +1240,7 @@
       this.onMessage = __bind(this.onMessage, this);
       this.url = url;
       this.waiting_cb = {};
+      this.wrapper_nonce = document.location.href.replace(/.*wrapper_nonce=([A-Za-z0-9]+).*/, "$1");
       this.connect();
       this.next_message_id = 1;
       this.init();
@@ -1298,6 +1308,7 @@
       if (cb == null) {
         cb = null;
       }
+      message.wrapper_nonce = this.wrapper_nonce;
       message.id = this.next_message_id;
       this.next_message_id += 1;
       this.target.postMessage(message, "*");
@@ -1636,8 +1647,13 @@
     };
 
     ZeroBlog.prototype.initFollowButton = function() {
+      var username;
       this.follow = new Follow($(".feed-follow"));
       this.follow.addFeed("Posts", "SELECT post_id AS event_uri, 'post' AS type, date_published AS date_added, title AS title, body AS body, '?Post:' || post_id AS url FROM post", true);
+      if (Page.site_info.cert_user_id) {
+        username = Page.site_info.cert_user_id.replace(/@.*/, "");
+        this.follow.addFeed("Username mentions", "SELECT 'comment' AS type, date_added, post.title AS title, keyvalue.value || ': ' || comment.body AS body, '?Post:' || comment.post_id || '#Comments' AS url FROM comment LEFT JOIN json USING (json_id) LEFT JOIN json AS json_content ON (json_content.directory = json.directory AND json_content.file_name='content.json') LEFT JOIN keyvalue ON (keyvalue.json_id = json_content.json_id AND key = 'cert_user_id') LEFT JOIN post ON (comment.post_id = post.post_id) WHERE comment.body LIKE '%[" + username + "%' OR comment.body LIKE '%@" + username + "%'", true);
+      }
       this.follow.addFeed("Comments", "SELECT 'comment' AS type, date_added, post.title AS title, keyvalue.value || ': ' || comment.body AS body, '?Post:' || comment.post_id || '#Comments' AS url FROM comment LEFT JOIN json USING (json_id) LEFT JOIN json AS json_content ON (json_content.directory = json.directory AND json_content.file_name='content.json') LEFT JOIN keyvalue ON (keyvalue.json_id = json_content.json_id AND key = 'cert_user_id') LEFT JOIN post ON (comment.post_id = post.post_id)");
       return this.follow.init();
     };

js/utils/Follow.coffee

@@ -4,11 +4,15 @@ class Follow extends Class
 		@feeds = {}
 		@follows = {}
 		@elem.on "click", =>
-			if Page.server_info.rev > 900
+			if Page.server_info.rev > 850
 				if @elem.hasClass "following"
 					@showFeeds()
 				else
 					@followDefaultFeeds()
+					for title, [query, menu_item, is_default_feed, param] of @feeds
+						if not menu_item.hasClass "selected"
+							@showFeeds()
+							break
 			else
 				Page.cmd "wrapperNotification", ["info", "Please update your ZeroNet client to use this feature"]
 			return false

js/utils/Menu.coffee

@@ -10,7 +10,7 @@ class Menu
 			@hide()
 		else
 			button_pos = @button.offset()
-			@elem.css({"top": button_pos.top+@button.outerHeight(), "left": button_pos.left})
+			@elem.css({"top": button_pos.top+@button.outerHeight(), "left": button_pos.left + @button.outerWidth() - @elem.outerWidth()})
 			@button.addClass("menu-active")
 			@elem.addClass("visible")
 			if window.visible_menu then window.visible_menu.hide()

js/utils/ZeroFrame.coffee

@@ -2,6 +2,7 @@ class ZeroFrame extends Class
 	constructor: (url) ->
 		@url = url
 		@waiting_cb = {}
+		@wrapper_nonce = document.location.href.replace(/.*wrapper_nonce=([A-Za-z0-9]+).*/, "$1")
 		@connect()
 		@next_message_id = 1
 		@init()
@@ -13,7 +14,7 @@ class ZeroFrame extends Class
 
 	connect: ->
 		@target = window.parent
-		window.addEventListener("message", @onMessage, false) 
+		window.addEventListener("message", @onMessage, false)
 		@cmd("innerReady")
 
 
@@ -50,12 +51,13 @@ class ZeroFrame extends Class
 
 
 	send: (message, cb=null) ->
+		message.wrapper_nonce = @wrapper_nonce
 		message.id = @next_message_id
 		@next_message_id += 1
 		@target.postMessage(message, "*")
 		if cb
 			@waiting_cb[message.id] = cb
-			
+
 
 	onOpenWebsocket: =>
 		@log "Websocket open"