refactor: switch to loading kernel as a Blob with script injection, and do not use in-memory variables to pass data. Additionally, fix reading of code with readableStreamToBlob

package.json

@@ -34,6 +34,7 @@
 		"@noble/ciphers": "^0.1.4",
 		"@peculiar/webcrypto": "^1.4.3",
 		"@scure/bip39": "^1.2.1",
+		"binconv": "^0.2.0",
 		"ed25519-keygen": "^0.4.1",
 		"ejs": "^3.1.9",
 		"file-type": "^18.5.0",

src/main/bootloader/kernel.ts

@@ -12,9 +12,9 @@ import {
   setBootloaderPortals,
   setKernelLoaded,
   setLoginComplete,
-  setUserKey,
 } from "./vars.js";
 import { getStoredUserKey } from "./storage.js";
+import { readableStreamToBlob } from "binconv";
 import { handleIncomingMessage } from "./messages.js";
 
 export function boot() {
@@ -29,7 +29,6 @@ export function boot() {
   }
 
   log("user is already logged in, attempting to load kernel");
-  setUserKey(userKey);
   setActivePortalMasterKey(userKey);
   setLoginComplete(true);
   sendAuthUpdate();
@@ -59,7 +58,31 @@ export async function loadKernel() {
   setBootloaderPortals(getActivePortals());
 
   try {
-    eval(kernelCode);
+    await new Promise(async (resolve, reject) => {
+      const url = URL.createObjectURL(await readableStreamToBlob(kernelCode));
+
+      const el = document.createElement("script");
+      el.src = url;
+      el.onload = () => {
+        URL.revokeObjectURL(url);
+        resolve(null);
+      };
+      el.onerror = (
+        event: Event | string,
+        source?: string,
+        lineno?: number,
+        colno?: number,
+        error?: Error,
+      ) => {
+        URL.revokeObjectURL(url);
+        reject(error);
+      };
+
+      document.head.appendChild(el);
+    });
+
+    window.removeEventListener("message", handleIncomingMessage);
+
     setKernelLoaded("success");
     sendAuthUpdate();
     log("kernel successfully loaded");
@@ -78,16 +101,18 @@ export async function loadKernel() {
 
 async function downloadKernel(
   kernelCid: string,
-): Promise<[kernelCode: string, err: Err]> {
+): Promise<[kernelCode: ReadableStream, err: Err]> {
   const [code, err] = await downloadObject(kernelCid);
 
   if (err != null) {
-    return ["", err];
+    return [null as any, err];
   }
 
   return [code, null];
 }
 
-function downloadDefaultKernel(): Promise<[kernelCode: string, err: Err]> {
+function downloadDefaultKernel(): Promise<
+  [kernelCode: ReadableStream, err: Err]
+> {
   return downloadKernel(defaultKernelLink);
 }

src/main/bootloader/storage.ts

@@ -4,7 +4,6 @@ import {
   getLogoutComplete,
   setLoginComplete,
   setLogoutComplete,
-  setUserKey,
 } from "./vars.js";
 import { log, logErr, reloadKernel, sendAuthUpdate } from "./util.js";
 import { loadKernel } from "./kernel.js";
@@ -38,8 +37,6 @@ function handleStorage(event: StorageEvent) {
       return;
     }
 
-    setUserKey(userKey);
-
     log("user is now logged in, attempting to load kernel");
     setLoginComplete(true);
     loadKernel();

src/main/bootloader/vars.ts

@@ -4,12 +4,9 @@ import { x25519 } from "@noble/curves/ed25519";
 let loginComplete = false;
 let logoutComplete = false;
 let kernelLoaded = "not yet";
-let bootloaderPortals: Client[] = [];
 let communicationKey: Uint8Array;
 let frontendCommunicationPubKey: Uint8Array;
 
-var userKey: Uint8Array;
-
 export const defaultKernelLink =
   "zduFSV7fLr7GeucUQFgxzq877rmMAbALz19nDHMtBEwz1eoGcKeQt3Lzfh";
 
@@ -32,15 +29,8 @@ export function setKernelLoaded(status: string) {
 export function getKernelLoaded() {
   return kernelLoaded;
 }
-export function setUserKey(key: Uint8Array) {
-  userKey = key;
-}
-export function getUserKey() {
-  return userKey;
-}
-
 export function setBootloaderPortals(portals: Client[]) {
-  bootloaderPortals = portals;
+  window.bootloaderPortals = portals;
 }
 
 export function getCommunicationKey() {