Merge chore/code-hygiene: clear E2EE key on logout (user-approved)
This commit is contained in:
commit
ab92831879
1 changed files with 9 additions and 0 deletions
|
|
@ -23,6 +23,7 @@ import {
|
||||||
UserPlus,
|
UserPlus,
|
||||||
} from "lucide-react";
|
} from "lucide-react";
|
||||||
import { api, clearActiveAccount, setActiveAccount, type Me } from "../lib/api";
|
import { api, clearActiveAccount, setActiveAccount, type Me } from "../lib/api";
|
||||||
|
import * as e2ee from "../lib/e2ee";
|
||||||
import { useLiveQuery } from "../lib/useLiveQuery";
|
import { useLiveQuery } from "../lib/useLiveQuery";
|
||||||
import { getUnreadCount, subscribe } from "../lib/notifications";
|
import { getUnreadCount, subscribe } from "../lib/notifications";
|
||||||
import type { Page } from "../lib/urlState";
|
import type { Page } from "../lib/urlState";
|
||||||
|
|
@ -103,6 +104,14 @@ export default function NavSidebar({
|
||||||
} catch {
|
} catch {
|
||||||
/* clear locally and reload regardless */
|
/* clear locally and reload regardless */
|
||||||
}
|
}
|
||||||
|
// Forget this device's E2EE private key on sign-out: it's otherwise persisted in IndexedDB
|
||||||
|
// and auto-unlocks on the next visit, so on a shared machine the conversations would stay
|
||||||
|
// decryptable after logout. Re-entering the message passphrase is required next time.
|
||||||
|
try {
|
||||||
|
await e2ee.clearDevice(me.id);
|
||||||
|
} catch {
|
||||||
|
/* IndexedDB unavailable (e.g. private mode) — never let it block the logout + reload */
|
||||||
|
}
|
||||||
clearActiveAccount();
|
clearActiveAccount();
|
||||||
location.reload();
|
location.reload();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue