From 825db849e275d864c97d041d7a83cd459605159e Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 18 Jul 2023 17:11:42 -0400
Subject: [PATCH] refactor: switch to loading kernel as a Blob with script
 injection, and do not use in-memory variables to pass data. Additionally, fix
 reading of code with readableStreamToBlob

---
 package.json                   |  1 +
 src/main/bootloader/kernel.ts  | 37 ++++++++++++++++++++++++++++------
 src/main/bootloader/storage.ts |  3 ---
 src/main/bootloader/vars.ts    | 12 +----------
 4 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/package.json b/package.json
index 14152d4..7e0d1af 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
 		"@noble/ciphers": "^0.1.4",
 		"@peculiar/webcrypto": "^1.4.3",
 		"@scure/bip39": "^1.2.1",
+		"binconv": "^0.2.0",
 		"ed25519-keygen": "^0.4.1",
 		"ejs": "^3.1.9",
 		"file-type": "^18.5.0",
diff --git a/src/main/bootloader/kernel.ts b/src/main/bootloader/kernel.ts
index cc87b78..f8e668f 100644
--- a/src/main/bootloader/kernel.ts
+++ b/src/main/bootloader/kernel.ts
@@ -12,9 +12,9 @@ import {
   setBootloaderPortals,
   setKernelLoaded,
   setLoginComplete,
-  setUserKey,
 } from "./vars.js";
 import { getStoredUserKey } from "./storage.js";
+import { readableStreamToBlob } from "binconv";
 import { handleIncomingMessage } from "./messages.js";
 
 export function boot() {
@@ -29,7 +29,6 @@ export function boot() {
   }
 
   log("user is already logged in, attempting to load kernel");
-  setUserKey(userKey);
   setActivePortalMasterKey(userKey);
   setLoginComplete(true);
   sendAuthUpdate();
@@ -59,7 +58,31 @@ export async function loadKernel() {
   setBootloaderPortals(getActivePortals());
 
   try {
-    eval(kernelCode);
+    await new Promise(async (resolve, reject) => {
+      const url = URL.createObjectURL(await readableStreamToBlob(kernelCode));
+
+      const el = document.createElement("script");
+      el.src = url;
+      el.onload = () => {
+        URL.revokeObjectURL(url);
+        resolve(null);
+      };
+      el.onerror = (
+        event: Event | string,
+        source?: string,
+        lineno?: number,
+        colno?: number,
+        error?: Error,
+      ) => {
+        URL.revokeObjectURL(url);
+        reject(error);
+      };
+
+      document.head.appendChild(el);
+    });
+
+    window.removeEventListener("message", handleIncomingMessage);
+
     setKernelLoaded("success");
     sendAuthUpdate();
     log("kernel successfully loaded");
@@ -78,16 +101,18 @@ export async function loadKernel() {
 
 async function downloadKernel(
   kernelCid: string,
-): Promise<[kernelCode: string, err: Err]> {
+): Promise<[kernelCode: ReadableStream, err: Err]> {
   const [code, err] = await downloadObject(kernelCid);
 
   if (err != null) {
-    return ["", err];
+    return [null as any, err];
   }
 
   return [code, null];
 }
 
-function downloadDefaultKernel(): Promise<[kernelCode: string, err: Err]> {
+function downloadDefaultKernel(): Promise<
+  [kernelCode: ReadableStream, err: Err]
+> {
   return downloadKernel(defaultKernelLink);
 }
diff --git a/src/main/bootloader/storage.ts b/src/main/bootloader/storage.ts
index 8168c92..9d4d6cf 100644
--- a/src/main/bootloader/storage.ts
+++ b/src/main/bootloader/storage.ts
@@ -4,7 +4,6 @@ import {
   getLogoutComplete,
   setLoginComplete,
   setLogoutComplete,
-  setUserKey,
 } from "./vars.js";
 import { log, logErr, reloadKernel, sendAuthUpdate } from "./util.js";
 import { loadKernel } from "./kernel.js";
@@ -38,8 +37,6 @@ function handleStorage(event: StorageEvent) {
       return;
     }
 
-    setUserKey(userKey);
-
     log("user is now logged in, attempting to load kernel");
     setLoginComplete(true);
     loadKernel();
diff --git a/src/main/bootloader/vars.ts b/src/main/bootloader/vars.ts
index 246842f..8b0781b 100644
--- a/src/main/bootloader/vars.ts
+++ b/src/main/bootloader/vars.ts
@@ -4,12 +4,9 @@ import { x25519 } from "@noble/curves/ed25519";
 let loginComplete = false;
 let logoutComplete = false;
 let kernelLoaded = "not yet";
-let bootloaderPortals: Client[] = [];
 let communicationKey: Uint8Array;
 let frontendCommunicationPubKey: Uint8Array;
 
-var userKey: Uint8Array;
-
 export const defaultKernelLink =
   "zduFSV7fLr7GeucUQFgxzq877rmMAbALz19nDHMtBEwz1eoGcKeQt3Lzfh";
 
@@ -32,15 +29,8 @@ export function setKernelLoaded(status: string) {
 export function getKernelLoaded() {
   return kernelLoaded;
 }
-export function setUserKey(key: Uint8Array) {
-  userKey = key;
-}
-export function getUserKey() {
-  return userKey;
-}
-
 export function setBootloaderPortals(portals: Client[]) {
-  bootloaderPortals = portals;
+  window.bootloaderPortals = portals;
 }
 
 export function getCommunicationKey() {