cdfbb666b9
- User-to-user PMs now use a server-derived shared room key (HMAC-SHA256) instead of each user's personal PBKDF2 key (which differed per user, making cross-user decryption impossible) - Server sends room_key in pm_ready, pm_invite, and pm/history responses - crypto.js: add importKeyBase64() for importing server-provided keys - chat.js: use sharedKey for encrypt/decrypt in user-to-user PMs - Violet AI transit encryption still uses personal key (unchanged) - PM history decryption now handles errors gracefully per-message - Encodes otherUser in history URL to prevent injection |
||
|---|---|---|
| .. | ||
| chat.js | ||
| crypto.js | ||
| socket.io.min.js | ||
| style.css | ||