allow frontend to be served statically

[cs01]

This implements a static frontend as suggested in #36.

background

Currently, the browser contains decrypted data and the encryption key. If the browser's JavaScript were modified to be malicious and a malicious server were created, it would be hard to detect.

this pr

This PR allows the backend to accept cross origin requests, and the frontend to be served statically on GitHub pages, Vercel, or a local static server, which can be manually built. The static page still routes the terminal traffic through a (potentially) untrusted server, but that is okay since the traffic is encrypted before going over the wire.

Changes

• Accept cross origin requests on backend
• Create script to publish built frontend to https://cs01.github.io/termpair/connect/
• Make UI to define url of TermPair server where encrypted terminal data should be sent via websocket
• Also added UI to let regular server specify Terminal ID on the landing page instead of requiring it in the URL
• Update docs

[ignoramous]

Thanks. Add a CSP attribute to the script tag so that in-browser plugins / MiTM access-points don't interfere with the JavaScript loaded by the static html-page served from a audit-able / trusted endpoint.

The static page still routes the terminal traffic through a (potentially) untrusted server, but that is okay since the traffic is encrypted before going over the wire.

As mentioned in #36, the server can still store the cipher text forever, which enables all sorts of correlation attacks as it bides its time for quantum computers to go main stream and decrypt it all (:

[cs01]

I haven’t merged this PR yet because it requires updates to the UI. I have been doing lots of refactoring in the UI, so I will pick this up when the UI refactors are done.

[cs01]

This is ready for review if you want. It's a pretty big PR. It prettymuch implements what we talked about.

[ignoramous]

Nice! (: