Implement error handling during Profile Removal

Caught errors that occur when extension fails to contact server when 
"Remove Profile" Pressed. Updated placeholders for input boxes in 
`options.html` Updated manifest version. Preparing release of patch. 
Added **commented** code to verify the main server's identity through 
magic packet verification (using checksum SHA-256).

Author: AzlanCoding

README.md

@@ -3,7 +3,7 @@ Project Ignite is a new Device Manager Application (DMA) for schools developed a
 <br>
 Project Ignite focuses on ensuring the **Security** and **Privacy** of students as well as being as **Fail-Proof** as possible. The chrome extension for students is **designed to work even if the server goes offline** after it has been properly set up. Moreover, the chrome extension does not collect any data from students' devices (as of version 0.1.0).
 <br>
-The first version unstable of this application was made in less than 3 days.
+The first unstable version of this application was made in less than 3 days.
 <br><br>
 I believe that Singapore needs our own solution for a DMA to accommodate for the various needs of students and teachers. In the future, Project Ignite be more than just a DMA. It will be an all in one software to help teachers facilitate learning through various tools and features that will keep students intrigued to conducted lessons. These features will be synced to the complex timetable schools in Singapore have. It will also come with software to help schools create these complex timetables.
 <br>
@@ -25,7 +25,6 @@ This full stack application does not collect any personal data nor does it have
 ## Feature Timeline
 - **End of October 2024**
   - Multiple profile Support
-<br><br>
 - **End of November 2024**
   - Ability to handle more than 5,000 blocked sites
   - "Live class" feature, which includes the following features:
@@ -34,13 +33,10 @@ This full stack application does not collect any personal data nor does it have
     - "Live Management". Allows teachers, during a live class session, to see the sites students are visiting, push sites for students to visit, and, enforce a custom set of rules for which sites students are allowed to visit.
     - "Q&A". Allows students to post questions to the teacher without disrupting the entire lesson.
     - "Live Polls". Allows teachers to create multiple choice or open ended polls. This is useful when teachers show questions in their slides and ask students to answer.
-<br><br>
 - **By 3rd quarter of December 2024**
   - Documentation for Ignite DMA
-<br><br>
 - **End of June 2025**
   - Ability to manage the installation, enabling, disabling and removal of extensions from the chrome web store on students' devices.
-<br><br>
 - **Future Goals**
   - Timetable generation and ability to sync with "Live class" system
   - iPad and Windows Client for students using these devices
@@ -78,8 +74,8 @@ Even if you cannot enforce this setting, it will by default have access to all s
 - [ ] Server: Code cleanup
 - [ ] App Icon
 - [ ] Server: Create reset profile password feature?
-- [ ] Extension (`background.js`): Implement Error Handling.
+- [ ] Extension (`background.js`): Implement Logging.
 - [ ] Extension: Detect use of [pillow](https://github.com/S1monlol/pillow)
-- [ ] Extension: Implement End-to-End Encryption to prevent server impersonation. (Students might fork server and bypass through DNS hijack)
+- [ ] Extension: Implement Verify Magic Packet to prevent server impersonation. (Students might fork server and bypass through DNS hijack)
 - [ ] Extension: Find a way around `declarativeNetRequest` 5000 rule limit
 - [ ] Extension: Support for multiple profiles

extension/background.js

@@ -451,6 +451,24 @@ export function syncNow(){
   return syncProfiles();
 }
 
+//The function below is used to verify the main server's identity
+//How it works is that when the main server receives the correct PIN
+//to remove the enrollment. A secret file is sent to the client and
+//the checksum of the file is measured to verify that the server
+//contacted is indeed the real server.
+//Function has not been Implemented yet
+/*export function verifyMagicPacket(blob){
+  return blob.arrayBuffer().then((dataBuffer) => {
+    return crypto.subtle.digest('SHA-256', dataBuffer).then((hashBuffer) => {
+      const hashArray = Array.from(new Uint8Array(hashBuffer));
+      const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+      const expectedChecksum = "139531df1cac2ff1b2be3fa5afde6a904cef6583de35efe07f1ddfe6f3228da5";
+      return hashHex === expectedChecksum;
+    });
+  });
+}
+*/
+
 if (typeof window == 'undefined') { //The javascript equivilant of `if __name__ == '__main__':` in python
   chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
     if (request === 'getBlockedSites') {

extension/manifest.json

@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "Ignite DMA",
-  "version": "0.1",
+  "version": "0.1.1",
   "author": "AzlanCoding",
   "description": "A Device Manager Application (DMA) for students under MOE",
   "homepage_url": "https://ignitedma.mooo.com/",

extension/options.html

@@ -72,7 +72,7 @@
           <div class="field">
             <label class="label">Profile Code</label>
             <div class="control">
-              <input class="input" type="text" maxLength="8" placeholder="ABC123" id="classCode" style="text-transform:uppercase"/>
+              <input class="input" type="text" maxLength="8" placeholder="ABCDEFGH" id="classCode" style="text-transform:uppercase"/>
             </div>
           </div>
           <button class="button is-primary" id="addProfileBtn">Add Profile</button>
@@ -88,7 +88,7 @@
           <div class="field">
             <label class="label">Master PIN</label>
             <div class="control">
-              <input class="input" type="password" id="maserPinInput"/>
+              <input class="input" type="password" id="maserPinInput" placeholder="Enter Master Pin"/>
             </div>
           </div>
           <button class="button is-danger" id="removeProfileBtn">Remove Profile</button>

extension/scripts.js

@@ -59,9 +59,41 @@ function masterPin(){
       alert("Wrong PIN");
     }
     document.getElementById("removeProfileBtn").classList.remove("is-loading");
+  }).catch((err) => {
+    alert("FAILED TO CONTACT SERVER!\n"+err);
+    document.getElementById("removeProfileBtn").classList.remove("is-loading");
   });
 }
 
+//Not implemented yet
+/*
+function masterPin(){
+  document.getElementById("removeProfileBtn").classList.add("is-loading");
+  let enrollCode = "";
+  return fetch(updateHost+"/api/v1/masterPin",{cache: "no-cache", method:"post", headers: {'enrollCode': enrollCode, 'PIN': document.getElementById('maserPinInput').value}}).then((response) => {
+    if (response.ok) {
+      response.blob().then((data) => {
+        verifyMagicPacket(data).then((outcome) => {
+          if (outcome){
+            removeClass().then(()=>{
+              alert("REMOVAL PROCESS SUCCESS!");
+              window.location.reload();
+            });
+          }
+          else{
+            alert("Wrong PIN");
+            document.getElementById("removeProfileBtn").classList.remove("is-loading");
+          }
+        });
+      });
+    }
+    else {
+      alert("Wrong PIN");
+      document.getElementById("removeProfileBtn").classList.remove("is-loading");
+    }
+  });
+}
+*/
 
 function createBlockedSiteData(value){
   const container = document.getElementById('profileBlockedSites');
@@ -158,10 +190,13 @@ document.getElementById("refreshProfileBtn").addEventListener("click", () => {
       alert("STOP SPAMMING `REFRESH PROFILE` YOU'RE BREAKING THE APP\n"+err+"\nREFRESHING PAGE...");
       canContinue = false;
       window.location.reload();
-      // BUG: Uncaught (in promise) Error: This request exceeds the MAX_WRITE_OPERATIONS_PER_MINUTE quota.
+      // NOTE: Uncaught (in promise) Error: This request exceeds the MAX_WRITE_OPERATIONS_PER_MINUTE quota.
       // Caused when `Refresh Profile` is spammed
     }
     else{
+      // I know this looks a bit stupid but it is needed.
+      // Even after window.location.reload() is called this function
+      // may still execute as the button may have been spammed too many times.
       if (canContinue){
         alert("FAILED TO CONTACT SERVER!\n"+err);
       }