lord3nd3r
/
aprhodite
forked from ComputerTech/aprhodite
1
0
Fork 0
Code Pull Requests Activity
14 Commits 1 Branch 0 Tags 461 KiB
Commit Graph

5 Commits

Author SHA1 Message Date
3nd3r 46ba1d7273 Fix #6: Add missing DOM elements, fix null references 
- Add violet-trial-badge span to index.html header
- Add null guard in updateVioletBadge() for safety
- Remove dead $('tab-ai-violet') reference (Violet tab is dynamic)
- Fix duplicate trialBadge declaration and restore hidden logic
 2026-04-12 12:55:20 -05:00
3nd3r cdfbb666b9 Fix #5: Fix broken E2E encryption for user-to-user PMs 
- User-to-user PMs now use a server-derived shared room key (HMAC-SHA256)
  instead of each user's personal PBKDF2 key (which differed per user,
  making cross-user decryption impossible)
- Server sends room_key in pm_ready, pm_invite, and pm/history responses
- crypto.js: add importKeyBase64() for importing server-provided keys
- chat.js: use sharedKey for encrypt/decrypt in user-to-user PMs
- Violet AI transit encryption still uses personal key (unchanged)
- PM history decryption now handles errors gracefully per-message
- Encodes otherUser in history URL to prevent injection
 2026-04-12 12:54:09 -05:00
3nd3r be3503b31b Fix #3: Remove client-exploitable payment endpoint 
- Payment endpoint no longer uses @_require_auth (not client-callable)
- Identifies user from webhook payload user_id instead of client JWT
- Removed hardcoded payment secret from chat.js
- Client now shows placeholder message directing to admin
- Webhook secret + user_id must come from payment provider server
 2026-04-12 12:51:31 -05:00
Antigravity c514c5fb73 Fix Lobby tab switching and message submission logic 2026-04-12 18:15:44 +01:00
ComputerTech ad510c57e1 Initial commit: SexyChat (Aphrodite) v1.0 2026-04-12 17:55:40 +01:00