- {@render children?.()}
+
+ {@render children()}
diff --git a/src/lib/components/buttons/index.ts b/src/lib/components/atoms/buttons/index.ts
similarity index 76%
rename from src/lib/components/buttons/index.ts
rename to src/lib/components/atoms/buttons/index.ts
index 1765400..fc5022f 100644
--- a/src/lib/components/buttons/index.ts
+++ b/src/lib/components/atoms/buttons/index.ts
@@ -1,3 +1,4 @@
+export { default as ActionEntryButton } from "./ActionEntryButton.svelte";
export { default as Button } from "./Button.svelte";
export { default as EntryButton } from "./EntryButton.svelte";
export { default as FloatingButton } from "./FloatingButton.svelte";
diff --git a/src/lib/components/atoms/divs/AdaptiveDiv.svelte b/src/lib/components/atoms/divs/AdaptiveDiv.svelte
new file mode 100644
index 0000000..23fa00b
--- /dev/null
+++ b/src/lib/components/atoms/divs/AdaptiveDiv.svelte
@@ -0,0 +1,15 @@
+
+
+
+ {@render children()}
+
diff --git a/src/lib/components/atoms/divs/BottomDiv.svelte b/src/lib/components/atoms/divs/BottomDiv.svelte
new file mode 100644
index 0000000..e28765b
--- /dev/null
+++ b/src/lib/components/atoms/divs/BottomDiv.svelte
@@ -0,0 +1,15 @@
+
+
+
+ {@render children()}
+
diff --git a/src/lib/components/atoms/divs/FullscreenDiv.svelte b/src/lib/components/atoms/divs/FullscreenDiv.svelte
new file mode 100644
index 0000000..c90e02c
--- /dev/null
+++ b/src/lib/components/atoms/divs/FullscreenDiv.svelte
@@ -0,0 +1,7 @@
+
+
+
+ {@render children()}
+
diff --git a/src/lib/components/divs/index.ts b/src/lib/components/atoms/divs/index.ts
similarity index 64%
rename from src/lib/components/divs/index.ts
rename to src/lib/components/atoms/divs/index.ts
index 7bd6a34..561bbde 100644
--- a/src/lib/components/divs/index.ts
+++ b/src/lib/components/atoms/divs/index.ts
@@ -1,3 +1,3 @@
export { default as AdaptiveDiv } from "./AdaptiveDiv.svelte";
export { default as BottomDiv } from "./BottomDiv.svelte";
-export { default as TitleDiv } from "./TitleDiv.svelte";
+export { default as FullscreenDiv } from "./FullscreenDiv.svelte";
diff --git a/src/lib/components/index.ts b/src/lib/components/atoms/index.ts
similarity index 59%
rename from src/lib/components/index.ts
rename to src/lib/components/atoms/index.ts
index 536f01f..14b0849 100644
--- a/src/lib/components/index.ts
+++ b/src/lib/components/atoms/index.ts
@@ -1,3 +1,5 @@
export { default as BottomSheet } from "./BottomSheet.svelte";
+export * from "./buttons";
+export * from "./divs";
+export * from "./inputs";
export { default as Modal } from "./Modal.svelte";
-export { default as TopBar } from "./TopBar.svelte";
diff --git a/src/lib/components/atoms/inputs/CheckBox.svelte b/src/lib/components/atoms/inputs/CheckBox.svelte
new file mode 100644
index 0000000..fe2899b
--- /dev/null
+++ b/src/lib/components/atoms/inputs/CheckBox.svelte
@@ -0,0 +1,23 @@
+
+
+
diff --git a/src/lib/components/atoms/inputs/TextInput.svelte b/src/lib/components/atoms/inputs/TextInput.svelte
new file mode 100644
index 0000000..613c85c
--- /dev/null
+++ b/src/lib/components/atoms/inputs/TextInput.svelte
@@ -0,0 +1,40 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/lib/components/inputs/index.ts b/src/lib/components/atoms/inputs/index.ts
similarity index 50%
rename from src/lib/components/inputs/index.ts
rename to src/lib/components/atoms/inputs/index.ts
index c2c534d..47cb929 100644
--- a/src/lib/components/inputs/index.ts
+++ b/src/lib/components/atoms/inputs/index.ts
@@ -1 +1,2 @@
+export { default as CheckBox } from "./CheckBox.svelte";
export { default as TextInput } from "./TextInput.svelte";
diff --git a/src/lib/components/buttons/Button.svelte b/src/lib/components/buttons/Button.svelte
deleted file mode 100644
index 65f80ab..0000000
--- a/src/lib/components/buttons/Button.svelte
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
diff --git a/src/lib/components/buttons/EntryButton.svelte b/src/lib/components/buttons/EntryButton.svelte
deleted file mode 100644
index ed455aa..0000000
--- a/src/lib/components/buttons/EntryButton.svelte
+++ /dev/null
@@ -1,30 +0,0 @@
-
-
-
diff --git a/src/lib/components/buttons/FloatingButton.svelte b/src/lib/components/buttons/FloatingButton.svelte
deleted file mode 100644
index 51870c7..0000000
--- a/src/lib/components/buttons/FloatingButton.svelte
+++ /dev/null
@@ -1,36 +0,0 @@
-
-
-
diff --git a/src/lib/components/divs/AdaptiveDiv.svelte b/src/lib/components/divs/AdaptiveDiv.svelte
deleted file mode 100644
index ee845cc..0000000
--- a/src/lib/components/divs/AdaptiveDiv.svelte
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
- {@render children?.()}
-
diff --git a/src/lib/components/divs/BottomDiv.svelte b/src/lib/components/divs/BottomDiv.svelte
deleted file mode 100644
index 8a10a99..0000000
--- a/src/lib/components/divs/BottomDiv.svelte
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
- {@render children?.()}
-
diff --git a/src/lib/components/divs/TitleDiv.svelte b/src/lib/components/divs/TitleDiv.svelte
deleted file mode 100644
index d6c4414..0000000
--- a/src/lib/components/divs/TitleDiv.svelte
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
-
- {#if Icon}
-
- {/if}
-
- {@render children?.()}
-
diff --git a/src/lib/components/inputs/TextInput.svelte b/src/lib/components/inputs/TextInput.svelte
deleted file mode 100644
index 61f42ad..0000000
--- a/src/lib/components/inputs/TextInput.svelte
+++ /dev/null
@@ -1,35 +0,0 @@
-
-
-
-
-
-
-
-
-
diff --git a/src/lib/components/molecules/ActionModal.svelte b/src/lib/components/molecules/ActionModal.svelte
new file mode 100644
index 0000000..a351403
--- /dev/null
+++ b/src/lib/components/molecules/ActionModal.svelte
@@ -0,0 +1,50 @@
+
+
+
+
+
+
+
{title}
+ {@render children()}
+
+
+
+
+
diff --git a/src/lib/components/molecules/Categories/Categories.svelte b/src/lib/components/molecules/Categories/Categories.svelte
new file mode 100644
index 0000000..a11313e
--- /dev/null
+++ b/src/lib/components/molecules/Categories/Categories.svelte
@@ -0,0 +1,63 @@
+
+
+{#if categoriesWithName.length > 0}
+
+ {#each categoriesWithName as { info }}
+
+ {/each}
+
+{/if}
diff --git a/src/lib/components/molecules/Categories/Category.svelte b/src/lib/components/molecules/Categories/Category.svelte
new file mode 100644
index 0000000..aab227c
--- /dev/null
+++ b/src/lib/components/molecules/Categories/Category.svelte
@@ -0,0 +1,43 @@
+
+
+{#if $info}
+
+
+
+{/if}
diff --git a/src/lib/components/molecules/Categories/index.ts b/src/lib/components/molecules/Categories/index.ts
new file mode 100644
index 0000000..d8a70c2
--- /dev/null
+++ b/src/lib/components/molecules/Categories/index.ts
@@ -0,0 +1,2 @@
+export { default } from "./Categories.svelte";
+export * from "./service";
diff --git a/src/lib/components/molecules/Categories/service.ts b/src/lib/components/molecules/Categories/service.ts
new file mode 100644
index 0000000..08c41db
--- /dev/null
+++ b/src/lib/components/molecules/Categories/service.ts
@@ -0,0 +1,6 @@
+export interface SelectedCategory {
+ id: number;
+ dataKey: CryptoKey;
+ dataKeyVersion: Date;
+ name: string;
+}
diff --git a/src/lib/components/molecules/IconEntryButton.svelte b/src/lib/components/molecules/IconEntryButton.svelte
new file mode 100644
index 0000000..4b6ad47
--- /dev/null
+++ b/src/lib/components/molecules/IconEntryButton.svelte
@@ -0,0 +1,30 @@
+
+
+
+
+ {@render children()}
+
+
diff --git a/src/lib/components/molecules/SubCategories.svelte b/src/lib/components/molecules/SubCategories.svelte
new file mode 100644
index 0000000..9c84a89
--- /dev/null
+++ b/src/lib/components/molecules/SubCategories.svelte
@@ -0,0 +1,67 @@
+
+
+
+ {#snippet subCategoryCreate()}
+
+ 카테고리 추가하기
+
+ {/snippet}
+
+ {#if subCategoryCreatePosition === "top"}
+ {@render subCategoryCreate()}
+ {/if}
+ {#key info}
+
+ {/key}
+ {#if subCategoryCreatePosition === "bottom"}
+ {@render subCategoryCreate()}
+ {/if}
+
diff --git a/src/lib/components/molecules/TitledDiv.svelte b/src/lib/components/molecules/TitledDiv.svelte
new file mode 100644
index 0000000..e7ddc25
--- /dev/null
+++ b/src/lib/components/molecules/TitledDiv.svelte
@@ -0,0 +1,43 @@
+
+
+
+
+
+ {@render title()}
+
+ {#if description}
+
+ {@render description()}
+
+ {/if}
+
+ {#if children}
+
+ {@render children()}
+
+ {/if}
+
diff --git a/src/lib/components/molecules/TopBar.svelte b/src/lib/components/molecules/TopBar.svelte
new file mode 100644
index 0000000..cf7f8b8
--- /dev/null
+++ b/src/lib/components/molecules/TopBar.svelte
@@ -0,0 +1,37 @@
+
+
+
+
+ {#if title}
+
{title}
+ {/if}
+
+ {#if children}
+ {@render children()}
+ {/if}
+
+
diff --git a/src/lib/components/molecules/index.ts b/src/lib/components/molecules/index.ts
new file mode 100644
index 0000000..8edc84a
--- /dev/null
+++ b/src/lib/components/molecules/index.ts
@@ -0,0 +1,9 @@
+export * from "./ActionModal.svelte";
+export { default as ActionModal } from "./ActionModal.svelte";
+export * from "./Categories";
+export { default as Categories } from "./Categories";
+export { default as IconEntryButton } from "./IconEntryButton.svelte";
+export * from "./labels";
+export { default as SubCategories } from "./SubCategories.svelte";
+export { default as TitledDiv } from "./TitledDiv.svelte";
+export { default as TopBar } from "./TopBar.svelte";
diff --git a/src/lib/components/molecules/labels/CategoryLabel.svelte b/src/lib/components/molecules/labels/CategoryLabel.svelte
new file mode 100644
index 0000000..cbafa54
--- /dev/null
+++ b/src/lib/components/molecules/labels/CategoryLabel.svelte
@@ -0,0 +1,28 @@
+
+
+{#snippet subtextSnippet()}
+ {subtext}
+{/snippet}
+
+
+ {name}
+
diff --git a/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte b/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte
new file mode 100644
index 0000000..5d4fb81
--- /dev/null
+++ b/src/lib/components/molecules/labels/DirectoryEntryLabel.svelte
@@ -0,0 +1,31 @@
+
+
+{#snippet subtextSnippet()}
+ {subtext}
+{/snippet}
+
+
+ {name}
+
diff --git a/src/lib/components/molecules/labels/IconLabel.svelte b/src/lib/components/molecules/labels/IconLabel.svelte
new file mode 100644
index 0000000..a173b68
--- /dev/null
+++ b/src/lib/components/molecules/labels/IconLabel.svelte
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+
+ {@render children()}
+
+ {#if subtext}
+
+ {@render subtext()}
+
+ {/if}
+
+
diff --git a/src/lib/components/molecules/labels/TitleLabel.svelte b/src/lib/components/molecules/labels/TitleLabel.svelte
new file mode 100644
index 0000000..ffb51c3
--- /dev/null
+++ b/src/lib/components/molecules/labels/TitleLabel.svelte
@@ -0,0 +1,24 @@
+
+
+
+
+ {#if Icon}
+
+ {/if}
+
+
+ {@render children()}
+
+
diff --git a/src/lib/components/molecules/labels/index.ts b/src/lib/components/molecules/labels/index.ts
new file mode 100644
index 0000000..af8f40b
--- /dev/null
+++ b/src/lib/components/molecules/labels/index.ts
@@ -0,0 +1,4 @@
+export { default as CategoryLabel } from "./CategoryLabel.svelte";
+export { default as DirectoryEntryLabel } from "./DirectoryEntryLabel.svelte";
+export { default as IconLabel } from "./IconLabel.svelte";
+export { default as TitleLabel } from "./TitleLabel.svelte";
diff --git a/src/lib/components/organisms/Category/Category.svelte b/src/lib/components/organisms/Category/Category.svelte
new file mode 100644
index 0000000..295bf99
--- /dev/null
+++ b/src/lib/components/organisms/Category/Category.svelte
@@ -0,0 +1,107 @@
+
+
+
+
+ {#if info.id !== "root"}
+
하위 카테고리
+ {/if}
+
+
+ {#if info.id !== "root"}
+
+
+
+ {#key info}
+ {#each files as { info, isRecursive }}
+
+ {:else}
+
이 카테고리에 추가된 파일이 없어요.
+ {/each}
+ {/key}
+
+
+ {/if}
+
diff --git a/src/lib/components/organisms/Category/File.svelte b/src/lib/components/organisms/Category/File.svelte
new file mode 100644
index 0000000..5263b95
--- /dev/null
+++ b/src/lib/components/organisms/Category/File.svelte
@@ -0,0 +1,42 @@
+
+
+{#if $info}
+
+
+
+{/if}
diff --git a/src/lib/components/organisms/Category/index.ts b/src/lib/components/organisms/Category/index.ts
new file mode 100644
index 0000000..51e0a58
--- /dev/null
+++ b/src/lib/components/organisms/Category/index.ts
@@ -0,0 +1,2 @@
+export { default } from "./Category.svelte";
+export * from "./service";
diff --git a/src/lib/components/organisms/Category/service.ts b/src/lib/components/organisms/Category/service.ts
new file mode 100644
index 0000000..1d587b5
--- /dev/null
+++ b/src/lib/components/organisms/Category/service.ts
@@ -0,0 +1,6 @@
+export interface SelectedFile {
+ id: number;
+ dataKey: CryptoKey;
+ dataKeyVersion: Date;
+ name: string;
+}
diff --git a/src/lib/components/organisms/index.ts b/src/lib/components/organisms/index.ts
new file mode 100644
index 0000000..64f9861
--- /dev/null
+++ b/src/lib/components/organisms/index.ts
@@ -0,0 +1,3 @@
+export * from "./Category";
+export { default as Category } from "./Category";
+export * from "./modals";
diff --git a/src/lib/components/organisms/modals/CategoryCreateModal.svelte b/src/lib/components/organisms/modals/CategoryCreateModal.svelte
new file mode 100644
index 0000000..279c1a1
--- /dev/null
+++ b/src/lib/components/organisms/modals/CategoryCreateModal.svelte
@@ -0,0 +1,18 @@
+
+
+
diff --git a/src/lib/components/organisms/modals/RenameModal.svelte b/src/lib/components/organisms/modals/RenameModal.svelte
new file mode 100644
index 0000000..66ccfe0
--- /dev/null
+++ b/src/lib/components/organisms/modals/RenameModal.svelte
@@ -0,0 +1,22 @@
+
+
+
diff --git a/src/lib/components/organisms/modals/TextInputModal.svelte b/src/lib/components/organisms/modals/TextInputModal.svelte
new file mode 100644
index 0000000..e1fd2c4
--- /dev/null
+++ b/src/lib/components/organisms/modals/TextInputModal.svelte
@@ -0,0 +1,42 @@
+
+
+
onSubmitClick(value)}
+>
+
+
diff --git a/src/lib/components/organisms/modals/index.ts b/src/lib/components/organisms/modals/index.ts
new file mode 100644
index 0000000..2fa9422
--- /dev/null
+++ b/src/lib/components/organisms/modals/index.ts
@@ -0,0 +1,3 @@
+export { default as CategoryCreateModal } from "./CategoryCreateModal.svelte";
+export { default as RenameModal } from "./RenameModal.svelte";
+export { default as TextInputModal } from "./TextInputModal.svelte";
diff --git a/src/lib/indexedDB/filesystem.ts b/src/lib/indexedDB/filesystem.ts
index 5c9fc4d..293c16d 100644
--- a/src/lib/indexedDB/filesystem.ts
+++ b/src/lib/indexedDB/filesystem.ts
@@ -15,16 +15,28 @@ interface FileInfo {
contentType: string;
createdAt?: Date;
lastModifiedAt: Date;
+ categoryIds: number[];
+}
+
+export type CategoryId = "root" | number;
+
+interface CategoryInfo {
+ id: number;
+ parentId: CategoryId;
+ name: string;
+ files: { id: number; isRecursive: boolean }[];
}
const filesystem = new Dexie("filesystem") as Dexie & {
directory: EntityTable
;
file: EntityTable;
+ category: EntityTable;
};
-filesystem.version(1).stores({
+filesystem.version(2).stores({
directory: "id, parentId",
file: "id, parentId",
+ category: "id, parentId",
});
export const getDirectoryInfos = async (parentId: DirectoryId) => {
@@ -59,13 +71,29 @@ export const deleteFileInfo = async (id: number) => {
await filesystem.file.delete(id);
};
+export const getCategoryInfos = async (parentId: CategoryId) => {
+ return await filesystem.category.where({ parentId }).toArray();
+};
+
+export const getCategoryInfo = async (id: number) => {
+ return await filesystem.category.get(id);
+};
+
+export const storeCategoryInfo = async (categoryInfo: CategoryInfo) => {
+ await filesystem.category.put(categoryInfo);
+};
+
+export const deleteCategoryInfo = async (id: number) => {
+ await filesystem.category.delete(id);
+};
+
export const cleanupDanglingInfos = async () => {
const validDirectoryIds: number[] = [];
const validFileIds: number[] = [];
- const queue: DirectoryId[] = ["root"];
+ const directoryQueue: DirectoryId[] = ["root"];
while (true) {
- const directoryId = queue.shift();
+ const directoryId = directoryQueue.shift();
if (!directoryId) break;
const [subDirectories, files] = await Promise.all([
@@ -74,13 +102,28 @@ export const cleanupDanglingInfos = async () => {
]);
subDirectories.forEach(({ id }) => {
validDirectoryIds.push(id);
- queue.push(id);
+ directoryQueue.push(id);
});
files.forEach(({ id }) => validFileIds.push(id));
}
+ const validCategoryIds: number[] = [];
+ const categoryQueue: CategoryId[] = ["root"];
+
+ while (true) {
+ const categoryId = categoryQueue.shift();
+ if (!categoryId) break;
+
+ const subCategories = await filesystem.category.where({ parentId: categoryId }).toArray();
+ subCategories.forEach(({ id }) => {
+ validCategoryIds.push(id);
+ categoryQueue.push(id);
+ });
+ }
+
await Promise.all([
filesystem.directory.where("id").noneOf(validDirectoryIds).delete(),
filesystem.file.where("id").noneOf(validFileIds).delete(),
+ filesystem.category.where("id").noneOf(validCategoryIds).delete(),
]);
};
diff --git a/src/lib/modules/file/upload.ts b/src/lib/modules/file/upload.ts
index 2518c7f..71a38fb 100644
--- a/src/lib/modules/file/upload.ts
+++ b/src/lib/modules/file/upload.ts
@@ -8,12 +8,14 @@ import {
wrapDataKey,
encryptData,
encryptString,
+ digestMessage,
signMessageHmac,
} from "$lib/modules/crypto";
import type {
DuplicateFileScanRequest,
DuplicateFileScanResponse,
FileUploadRequest,
+ FileUploadResponse,
} from "$lib/server/schemas";
import {
fileUploadStatusStore,
@@ -97,6 +99,8 @@ const encryptFile = limitFunction(
const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
const fileEncrypted = await encryptData(fileBuffer, dataKey);
+ const fileEncryptedHash = encodeToBase64(await digestMessage(fileEncrypted.ciphertext));
+
const nameEncrypted = await encryptString(file.name, dataKey);
const createdAtEncrypted =
createdAt && (await encryptString(createdAt.getTime().toString(), dataKey));
@@ -110,8 +114,9 @@ const encryptFile = limitFunction(
return {
dataKeyWrapped,
dataKeyVersion,
- fileEncrypted,
fileType,
+ fileEncrypted,
+ fileEncryptedHash,
nameEncrypted,
createdAtEncrypted,
lastModifiedAtEncrypted,
@@ -127,7 +132,7 @@ const requestFileUpload = limitFunction(
return value;
});
- await axios.post("/api/file/upload", form, {
+ const res = await axios.post("/api/file/upload", form, {
onUploadProgress: ({ progress, rate, estimated }) => {
status.update((value) => {
value.progress = progress;
@@ -137,11 +142,14 @@ const requestFileUpload = limitFunction(
});
},
});
+ const { file }: FileUploadResponse = res.data;
status.update((value) => {
value.status = "uploaded";
return value;
});
+
+ return { fileId: file };
},
{ concurrency: 1 },
);
@@ -152,7 +160,7 @@ export const uploadFile = async (
hmacSecret: HmacSecret,
masterKey: MasterKey,
onDuplicate: () => Promise,
-) => {
+): Promise<{ fileId: number; fileBuffer: ArrayBuffer } | undefined> => {
const status = writable({
name: file.name,
parentId,
@@ -178,14 +186,15 @@ export const uploadFile = async (
value = value.filter((v) => v !== status);
return value;
});
- return false;
+ return undefined;
}
const {
dataKeyWrapped,
dataKeyVersion,
- fileEncrypted,
fileType,
+ fileEncrypted,
+ fileEncryptedHash,
nameEncrypted,
createdAtEncrypted,
lastModifiedAtEncrypted,
@@ -212,9 +221,10 @@ export const uploadFile = async (
} as FileUploadRequest),
);
form.set("content", new Blob([fileEncrypted.ciphertext]));
+ form.set("checksum", fileEncryptedHash);
- await requestFileUpload(status, form);
- return true;
+ const { fileId } = await requestFileUpload(status, form);
+ return { fileId, fileBuffer };
} catch (e) {
status.update((value) => {
value.status = "error";
diff --git a/src/lib/modules/filesystem.ts b/src/lib/modules/filesystem.ts
index 7313cb5..eaf1d1a 100644
--- a/src/lib/modules/filesystem.ts
+++ b/src/lib/modules/filesystem.ts
@@ -9,10 +9,20 @@ import {
getFileInfo as getFileInfoFromIndexedDB,
storeFileInfo,
deleteFileInfo,
+ getCategoryInfos as getCategoryInfosFromIndexedDB,
+ getCategoryInfo as getCategoryInfoFromIndexedDB,
+ storeCategoryInfo,
+ deleteCategoryInfo,
type DirectoryId,
+ type CategoryId,
} from "$lib/indexedDB";
import { unwrapDataKey, decryptString } from "$lib/modules/crypto";
-import type { DirectoryInfoResponse, FileInfoResponse } from "$lib/server/schemas";
+import type {
+ CategoryInfoResponse,
+ CategoryFileListResponse,
+ DirectoryInfoResponse,
+ FileInfoResponse,
+} from "$lib/server/schemas";
export type DirectoryInfo =
| {
@@ -41,10 +51,30 @@ export interface FileInfo {
name: string;
createdAt?: Date;
lastModifiedAt: Date;
+ categoryIds: number[];
}
+export type CategoryInfo =
+ | {
+ id: "root";
+ dataKey?: undefined;
+ dataKeyVersion?: undefined;
+ name?: undefined;
+ subCategoryIds: number[];
+ files?: undefined;
+ }
+ | {
+ id: number;
+ dataKey?: CryptoKey;
+ dataKeyVersion?: Date;
+ name: string;
+ subCategoryIds: number[];
+ files: { id: number; isRecursive: boolean }[];
+ };
+
const directoryInfoStore = new Map>();
const fileInfoStore = new Map>();
+const categoryInfoStore = new Map>();
const fetchDirectoryInfoFromIndexedDB = async (
id: DirectoryId,
@@ -77,6 +107,7 @@ const fetchDirectoryInfoFromServer = async (
if (res.status === 404) {
info.set(null);
await deleteDirectoryInfo(id as number);
+ return;
} else if (!res.ok) {
throw new Error("Failed to fetch directory information");
}
@@ -123,7 +154,7 @@ export const getDirectoryInfo = (id: DirectoryId, masterKey: CryptoKey) => {
directoryInfoStore.set(id, info);
}
- fetchDirectoryInfo(id, info, masterKey);
+ fetchDirectoryInfo(id, info, masterKey); // Intended
return info;
};
@@ -149,6 +180,7 @@ const fetchFileInfoFromServer = async (
if (res.status === 404) {
info.set(null);
await deleteFileInfo(id);
+ return;
} else if (!res.ok) {
throw new Error("Failed to fetch file information");
}
@@ -176,6 +208,7 @@ const fetchFileInfoFromServer = async (
name,
createdAt,
lastModifiedAt,
+ categoryIds: metadata.categories,
});
await storeFileInfo({
id,
@@ -184,6 +217,7 @@ const fetchFileInfoFromServer = async (
contentType: metadata.contentType,
createdAt,
lastModifiedAt,
+ categoryIds: metadata.categories,
});
};
@@ -201,6 +235,95 @@ export const getFileInfo = (fileId: number, masterKey: CryptoKey) => {
fileInfoStore.set(fileId, info);
}
- fetchFileInfo(fileId, info, masterKey);
+ fetchFileInfo(fileId, info, masterKey); // Intended
+ return info;
+};
+
+const fetchCategoryInfoFromIndexedDB = async (
+ id: CategoryId,
+ info: Writable,
+) => {
+ if (get(info)) return;
+
+ const [category, subCategories] = await Promise.all([
+ id !== "root" ? getCategoryInfoFromIndexedDB(id) : undefined,
+ getCategoryInfosFromIndexedDB(id),
+ ]);
+ const subCategoryIds = subCategories.map(({ id }) => id);
+
+ if (id === "root") {
+ info.set({ id, subCategoryIds });
+ } else {
+ if (!category) return;
+ info.set({ id, name: category.name, subCategoryIds, files: category.files });
+ }
+};
+
+const fetchCategoryInfoFromServer = async (
+ id: CategoryId,
+ info: Writable,
+ masterKey: CryptoKey,
+) => {
+ let res = await callGetApi(`/api/category/${id}`);
+ if (res.status === 404) {
+ info.set(null);
+ await deleteCategoryInfo(id as number);
+ return;
+ } else if (!res.ok) {
+ throw new Error("Failed to fetch category information");
+ }
+
+ const { metadata, subCategories }: CategoryInfoResponse = await res.json();
+
+ if (id === "root") {
+ info.set({ id, subCategoryIds: subCategories });
+ } else {
+ const { dataKey } = await unwrapDataKey(metadata!.dek, masterKey);
+ const name = await decryptString(metadata!.name, metadata!.nameIv, dataKey);
+
+ res = await callGetApi(`/api/category/${id}/file/list?recurse=true`);
+ if (!res.ok) {
+ throw new Error("Failed to fetch category files");
+ }
+
+ const { files }: CategoryFileListResponse = await res.json();
+ const filesMapped = files.map(({ file, isRecursive }) => ({ id: file, isRecursive }));
+
+ info.set({
+ id,
+ dataKey,
+ dataKeyVersion: new Date(metadata!.dekVersion),
+ name,
+ subCategoryIds: subCategories,
+ files: filesMapped,
+ });
+ await storeCategoryInfo({
+ id,
+ parentId: metadata!.parent,
+ name,
+ files: filesMapped,
+ });
+ }
+};
+
+const fetchCategoryInfo = async (
+ id: CategoryId,
+ info: Writable,
+ masterKey: CryptoKey,
+) => {
+ await fetchCategoryInfoFromIndexedDB(id, info);
+ await fetchCategoryInfoFromServer(id, info, masterKey);
+};
+
+export const getCategoryInfo = (categoryId: CategoryId, masterKey: CryptoKey) => {
+ // TODO: MEK rotation
+
+ let info = categoryInfoStore.get(categoryId);
+ if (!info) {
+ info = writable(null);
+ categoryInfoStore.set(categoryId, info);
+ }
+
+ fetchCategoryInfo(categoryId, info, masterKey); // Intended
return info;
};
diff --git a/src/lib/modules/util.ts b/src/lib/modules/util.ts
index 67e1b3b..3fff89d 100644
--- a/src/lib/modules/util.ts
+++ b/src/lib/modules/util.ts
@@ -27,3 +27,37 @@ export const formatNetworkSpeed = (speed: number) => {
if (speed < 1000 * 1000 * 1000) return `${(speed / 1000 / 1000).toFixed(1)} Mbps`;
return `${(speed / 1000 / 1000 / 1000).toFixed(1)} Gbps`;
};
+
+export const truncateString = (str: string, maxLength = 20) => {
+ if (str.length <= maxLength) return str;
+ return `${str.slice(0, maxLength)}...`;
+};
+
+export enum SortBy {
+ NAME_ASC,
+ NAME_DESC,
+}
+
+type SortFunc = (a?: string, b?: string) => number;
+
+const collator = new Intl.Collator(undefined, { numeric: true, sensitivity: "base" });
+
+const sortByNameAsc: SortFunc = (a, b) => {
+ if (a && b) return collator.compare(a, b);
+ if (a) return -1;
+ if (b) return 1;
+ return 0;
+};
+
+const sortByNameDesc: SortFunc = (a, b) => -sortByNameAsc(a, b);
+
+export const sortEntries = (entries: T[], sortBy: SortBy) => {
+ let sortFunc: SortFunc;
+ if (sortBy === SortBy.NAME_ASC) {
+ sortFunc = sortByNameAsc;
+ } else {
+ sortFunc = sortByNameDesc;
+ }
+
+ entries.sort((a, b) => sortFunc(a.name, b.name));
+};
diff --git a/src/lib/server/db/category.ts b/src/lib/server/db/category.ts
new file mode 100644
index 0000000..f5c22ff
--- /dev/null
+++ b/src/lib/server/db/category.ts
@@ -0,0 +1,147 @@
+import { IntegrityError } from "./error";
+import db from "./kysely";
+import type { Ciphertext } from "./schema";
+
+export type CategoryId = "root" | number;
+
+interface Category {
+ id: number;
+ parentId: CategoryId;
+ userId: number;
+ mekVersion: number;
+ encDek: string;
+ dekVersion: Date;
+ encName: Ciphertext;
+}
+
+export type NewCategory = Omit;
+
+export const registerCategory = async (params: NewCategory) => {
+ await db.transaction().execute(async (trx) => {
+ const mek = await trx
+ .selectFrom("master_encryption_key")
+ .select("version")
+ .where("user_id", "=", params.userId)
+ .where("state", "=", "active")
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (mek?.version !== params.mekVersion) {
+ throw new IntegrityError("Inactive MEK version");
+ }
+
+ const { categoryId } = await trx
+ .insertInto("category")
+ .values({
+ parent_id: params.parentId !== "root" ? params.parentId : null,
+ user_id: params.userId,
+ master_encryption_key_version: params.mekVersion,
+ encrypted_data_encryption_key: params.encDek,
+ data_encryption_key_version: params.dekVersion,
+ encrypted_name: params.encName,
+ })
+ .returning("id as categoryId")
+ .executeTakeFirstOrThrow();
+ await trx
+ .insertInto("category_log")
+ .values({
+ category_id: categoryId,
+ timestamp: new Date(),
+ action: "create",
+ new_name: params.encName,
+ })
+ .execute();
+ });
+};
+
+export const getAllCategoriesByParent = async (userId: number, parentId: CategoryId) => {
+ let query = db.selectFrom("category").selectAll().where("user_id", "=", userId);
+ query =
+ parentId === "root"
+ ? query.where("parent_id", "is", null)
+ : query.where("parent_id", "=", parentId);
+ const categories = await query.execute();
+ return categories.map(
+ (category) =>
+ ({
+ id: category.id,
+ parentId: category.parent_id ?? "root",
+ userId: category.user_id,
+ mekVersion: category.master_encryption_key_version,
+ encDek: category.encrypted_data_encryption_key,
+ dekVersion: category.data_encryption_key_version,
+ encName: category.encrypted_name,
+ }) satisfies Category,
+ );
+};
+
+export const getCategory = async (userId: number, categoryId: number) => {
+ const category = await db
+ .selectFrom("category")
+ .selectAll()
+ .where("id", "=", categoryId)
+ .where("user_id", "=", userId)
+ .limit(1)
+ .executeTakeFirst();
+ return category
+ ? ({
+ id: category.id,
+ parentId: category.parent_id ?? "root",
+ userId: category.user_id,
+ mekVersion: category.master_encryption_key_version,
+ encDek: category.encrypted_data_encryption_key,
+ dekVersion: category.data_encryption_key_version,
+ encName: category.encrypted_name,
+ } satisfies Category)
+ : null;
+};
+
+export const setCategoryEncName = async (
+ userId: number,
+ categoryId: number,
+ dekVersion: Date,
+ encName: Ciphertext,
+) => {
+ await db.transaction().execute(async (trx) => {
+ const category = await trx
+ .selectFrom("category")
+ .select("data_encryption_key_version")
+ .where("id", "=", categoryId)
+ .where("user_id", "=", userId)
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (!category) {
+ throw new IntegrityError("Category not found");
+ } else if (category.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+ throw new IntegrityError("Invalid DEK version");
+ }
+
+ await trx
+ .updateTable("category")
+ .set({ encrypted_name: encName })
+ .where("id", "=", categoryId)
+ .where("user_id", "=", userId)
+ .execute();
+ await trx
+ .insertInto("category_log")
+ .values({
+ category_id: categoryId,
+ timestamp: new Date(),
+ action: "rename",
+ new_name: encName,
+ })
+ .execute();
+ });
+};
+
+export const unregisterCategory = async (userId: number, categoryId: number) => {
+ const res = await db
+ .deleteFrom("category")
+ .where("id", "=", categoryId)
+ .where("user_id", "=", userId)
+ .executeTakeFirst();
+ if (res.numDeletedRows === 0n) {
+ throw new IntegrityError("Category not found");
+ }
+};
diff --git a/src/lib/server/db/client.ts b/src/lib/server/db/client.ts
index 37a1054..cb873c7 100644
--- a/src/lib/server/db/client.ts
+++ b/src/lib/server/db/client.ts
@@ -1,53 +1,97 @@
-import { SqliteError } from "better-sqlite3";
-import { and, or, eq, gt, lte } from "drizzle-orm";
-import db from "./drizzle";
+import pg from "pg";
import { IntegrityError } from "./error";
-import { client, userClient, userClientChallenge } from "./schema";
+import db from "./kysely";
+import type { UserClientState } from "./schema";
+
+interface Client {
+ id: number;
+ encPubKey: string;
+ sigPubKey: string;
+}
+
+interface UserClient {
+ userId: number;
+ clientId: number;
+ state: UserClientState;
+}
+
+interface UserClientWithDetails extends UserClient {
+ encPubKey: string;
+ sigPubKey: string;
+}
export const createClient = async (encPubKey: string, sigPubKey: string, userId: number) => {
- return await db.transaction(
- async (tx) => {
- const clients = await tx
- .select({ id: client.id })
- .from(client)
- .where(or(eq(client.encPubKey, sigPubKey), eq(client.sigPubKey, encPubKey)))
- .limit(1);
- if (clients.length !== 0) {
+ return await db
+ .transaction()
+ .setIsolationLevel("serializable")
+ .execute(async (trx) => {
+ const client = await trx
+ .selectFrom("client")
+ .where((eb) =>
+ eb.or([
+ eb("encryption_public_key", "=", encPubKey),
+ eb("encryption_public_key", "=", sigPubKey),
+ eb("signature_public_key", "=", encPubKey),
+ eb("signature_public_key", "=", sigPubKey),
+ ]),
+ )
+ .limit(1)
+ .executeTakeFirst();
+ if (client) {
throw new IntegrityError("Public key(s) already registered");
}
- const newClients = await tx
- .insert(client)
- .values({ encPubKey, sigPubKey })
- .returning({ id: client.id });
- const { id: clientId } = newClients[0]!;
- await tx.insert(userClient).values({ userId, clientId });
-
- return clientId;
- },
- { behavior: "exclusive" },
- );
+ const { clientId } = await trx
+ .insertInto("client")
+ .values({ encryption_public_key: encPubKey, signature_public_key: sigPubKey })
+ .returning("id as clientId")
+ .executeTakeFirstOrThrow();
+ await trx
+ .insertInto("user_client")
+ .values({ user_id: userId, client_id: clientId })
+ .execute();
+ return { id: clientId };
+ });
};
export const getClient = async (clientId: number) => {
- const clients = await db.select().from(client).where(eq(client.id, clientId)).limit(1);
- return clients[0] ?? null;
+ const client = await db
+ .selectFrom("client")
+ .selectAll()
+ .where("id", "=", clientId)
+ .limit(1)
+ .executeTakeFirst();
+ return client
+ ? ({
+ id: client.id,
+ encPubKey: client.encryption_public_key,
+ sigPubKey: client.signature_public_key,
+ } satisfies Client)
+ : null;
};
export const getClientByPubKeys = async (encPubKey: string, sigPubKey: string) => {
- const clients = await db
- .select()
- .from(client)
- .where(and(eq(client.encPubKey, encPubKey), eq(client.sigPubKey, sigPubKey)))
- .limit(1);
- return clients[0] ?? null;
+ const client = await db
+ .selectFrom("client")
+ .selectAll()
+ .where("encryption_public_key", "=", encPubKey)
+ .where("signature_public_key", "=", sigPubKey)
+ .limit(1)
+ .executeTakeFirst();
+ return client
+ ? ({
+ id: client.id,
+ encPubKey: client.encryption_public_key,
+ sigPubKey: client.signature_public_key,
+ } satisfies Client)
+ : null;
};
export const createUserClient = async (userId: number, clientId: number) => {
try {
- await db.insert(userClient).values({ userId, clientId });
+ await db.insertInto("user_client").values({ user_id: userId, client_id: clientId }).execute();
} catch (e) {
- if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
+ if (e instanceof pg.DatabaseError && e.code === "23505") {
throw new IntegrityError("User client already exists");
}
throw e;
@@ -55,52 +99,76 @@ export const createUserClient = async (userId: number, clientId: number) => {
};
export const getAllUserClients = async (userId: number) => {
- return await db.select().from(userClient).where(eq(userClient.userId, userId));
+ const userClients = await db
+ .selectFrom("user_client")
+ .selectAll()
+ .where("user_id", "=", userId)
+ .execute();
+ return userClients.map(
+ ({ user_id, client_id, state }) =>
+ ({
+ userId: user_id,
+ clientId: client_id,
+ state,
+ }) satisfies UserClient,
+ );
};
export const getUserClient = async (userId: number, clientId: number) => {
- const userClients = await db
- .select()
- .from(userClient)
- .where(and(eq(userClient.userId, userId), eq(userClient.clientId, clientId)))
- .limit(1);
- return userClients[0] ?? null;
+ const userClient = await db
+ .selectFrom("user_client")
+ .selectAll()
+ .where("user_id", "=", userId)
+ .where("client_id", "=", clientId)
+ .limit(1)
+ .executeTakeFirst();
+ return userClient
+ ? ({
+ userId: userClient.user_id,
+ clientId: userClient.client_id,
+ state: userClient.state,
+ } satisfies UserClient)
+ : null;
};
export const getUserClientWithDetails = async (userId: number, clientId: number) => {
- const userClients = await db
- .select()
- .from(userClient)
- .innerJoin(client, eq(userClient.clientId, client.id))
- .where(and(eq(userClient.userId, userId), eq(userClient.clientId, clientId)))
- .limit(1);
- return userClients[0] ?? null;
+ const userClient = await db
+ .selectFrom("user_client")
+ .innerJoin("client", "user_client.client_id", "client.id")
+ .selectAll()
+ .where("user_id", "=", userId)
+ .where("client_id", "=", clientId)
+ .limit(1)
+ .executeTakeFirst();
+ return userClient
+ ? ({
+ userId: userClient.user_id,
+ clientId: userClient.client_id,
+ state: userClient.state,
+ encPubKey: userClient.encryption_public_key,
+ sigPubKey: userClient.signature_public_key,
+ } satisfies UserClientWithDetails)
+ : null;
};
export const setUserClientStateToPending = async (userId: number, clientId: number) => {
await db
- .update(userClient)
+ .updateTable("user_client")
.set({ state: "pending" })
- .where(
- and(
- eq(userClient.userId, userId),
- eq(userClient.clientId, clientId),
- eq(userClient.state, "challenging"),
- ),
- );
+ .where("user_id", "=", userId)
+ .where("client_id", "=", clientId)
+ .where("state", "=", "challenging")
+ .execute();
};
export const setUserClientStateToActive = async (userId: number, clientId: number) => {
await db
- .update(userClient)
+ .updateTable("user_client")
.set({ state: "active" })
- .where(
- and(
- eq(userClient.userId, userId),
- eq(userClient.clientId, clientId),
- eq(userClient.state, "pending"),
- ),
- );
+ .where("user_id", "=", userId)
+ .where("client_id", "=", clientId)
+ .where("state", "=", "pending")
+ .execute();
};
export const registerUserClientChallenge = async (
@@ -110,30 +178,30 @@ export const registerUserClientChallenge = async (
allowedIp: string,
expiresAt: Date,
) => {
- await db.insert(userClientChallenge).values({
- userId,
- clientId,
- answer,
- allowedIp,
- expiresAt,
- });
+ await db
+ .insertInto("user_client_challenge")
+ .values({
+ user_id: userId,
+ client_id: clientId,
+ answer,
+ allowed_ip: allowedIp,
+ expires_at: expiresAt,
+ })
+ .execute();
};
export const consumeUserClientChallenge = async (userId: number, answer: string, ip: string) => {
- const challenges = await db
- .delete(userClientChallenge)
- .where(
- and(
- eq(userClientChallenge.userId, userId),
- eq(userClientChallenge.answer, answer),
- eq(userClientChallenge.allowedIp, ip),
- gt(userClientChallenge.expiresAt, new Date()),
- ),
- )
- .returning({ clientId: userClientChallenge.clientId });
- return challenges[0] ?? null;
+ const challenge = await db
+ .deleteFrom("user_client_challenge")
+ .where("user_id", "=", userId)
+ .where("answer", "=", answer)
+ .where("allowed_ip", "=", ip)
+ .where("expires_at", ">", new Date())
+ .returning("client_id")
+ .executeTakeFirst();
+ return challenge ? { clientId: challenge.client_id } : null;
};
export const cleanupExpiredUserClientChallenges = async () => {
- await db.delete(userClientChallenge).where(lte(userClientChallenge.expiresAt, new Date()));
+ await db.deleteFrom("user_client_challenge").where("expires_at", "<=", new Date()).execute();
};
diff --git a/src/lib/server/db/drizzle.ts b/src/lib/server/db/drizzle.ts
deleted file mode 100644
index 589c91e..0000000
--- a/src/lib/server/db/drizzle.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-import Database from "better-sqlite3";
-import { drizzle } from "drizzle-orm/better-sqlite3";
-import { migrate } from "drizzle-orm/better-sqlite3/migrator";
-import env from "$lib/server/loadenv";
-
-const client = new Database(env.databaseUrl);
-const db = drizzle(client);
-
-export const migrateDB = () => {
- if (process.env.NODE_ENV === "production") {
- migrate(db, { migrationsFolder: "./drizzle" });
- }
-};
-
-export default db;
diff --git a/src/lib/server/db/error.ts b/src/lib/server/db/error.ts
index 547cc6c..a145f14 100644
--- a/src/lib/server/db/error.ts
+++ b/src/lib/server/db/error.ts
@@ -1,4 +1,6 @@
type IntegrityErrorMessages =
+ // Category
+ | "Category not found"
// Challenge
| "Challenge already registered"
// Client
@@ -7,6 +9,8 @@ type IntegrityErrorMessages =
// File
| "Directory not found"
| "File not found"
+ | "File not found in category"
+ | "File already added to category"
| "Invalid DEK version"
// HSK
| "HSK already registered"
diff --git a/src/lib/server/db/file.ts b/src/lib/server/db/file.ts
index a42235b..20343b2 100644
--- a/src/lib/server/db/file.ts
+++ b/src/lib/server/db/file.ts
@@ -1,21 +1,25 @@
-import { and, eq, isNull } from "drizzle-orm";
-import db from "./drizzle";
+import { sql, type NotNull } from "kysely";
+import pg from "pg";
import { IntegrityError } from "./error";
-import { directory, directoryLog, file, fileLog, hsk, mek } from "./schema";
+import db from "./kysely";
+import type { Ciphertext } from "./schema";
-type DirectoryId = "root" | number;
+export type DirectoryId = "root" | number;
-export interface NewDirectoryParams {
+interface Directory {
+ id: number;
parentId: DirectoryId;
userId: number;
mekVersion: number;
encDek: string;
dekVersion: Date;
- encName: string;
- encNameIv: string;
+ encName: Ciphertext;
}
-export interface NewFileParams {
+export type NewDirectory = Omit;
+
+interface File {
+ id: number;
parentId: DirectoryId;
userId: number;
path: string;
@@ -26,216 +30,306 @@ export interface NewFileParams {
contentHmac: string | null;
contentType: string;
encContentIv: string;
- encName: string;
- encNameIv: string;
- encCreatedAt: string | null;
- encCreatedAtIv: string | null;
- encLastModifiedAt: string;
- encLastModifiedAtIv: string;
+ encContentHash: string;
+ encName: Ciphertext;
+ encCreatedAt: Ciphertext | null;
+ encLastModifiedAt: Ciphertext;
}
-export const registerDirectory = async (params: NewDirectoryParams) => {
- await db.transaction(
- async (tx) => {
- const meks = await tx
- .select({ version: mek.version })
- .from(mek)
- .where(and(eq(mek.userId, params.userId), eq(mek.state, "active")))
- .limit(1);
- if (meks[0]?.version !== params.mekVersion) {
- throw new IntegrityError("Inactive MEK version");
- }
+export type NewFile = Omit;
- const newDirectories = await tx
- .insert(directory)
- .values({
- parentId: params.parentId === "root" ? null : params.parentId,
- userId: params.userId,
- mekVersion: params.mekVersion,
- encDek: params.encDek,
- dekVersion: params.dekVersion,
- encName: { ciphertext: params.encName, iv: params.encNameIv },
- })
- .returning({ id: directory.id });
- const { id: directoryId } = newDirectories[0]!;
- await tx.insert(directoryLog).values({
- directoryId,
+export const registerDirectory = async (params: NewDirectory) => {
+ await db.transaction().execute(async (trx) => {
+ const mek = await trx
+ .selectFrom("master_encryption_key")
+ .select("version")
+ .where("user_id", "=", params.userId)
+ .where("state", "=", "active")
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (mek?.version !== params.mekVersion) {
+ throw new IntegrityError("Inactive MEK version");
+ }
+
+ const { directoryId } = await trx
+ .insertInto("directory")
+ .values({
+ parent_id: params.parentId !== "root" ? params.parentId : null,
+ user_id: params.userId,
+ master_encryption_key_version: params.mekVersion,
+ encrypted_data_encryption_key: params.encDek,
+ data_encryption_key_version: params.dekVersion,
+ encrypted_name: params.encName,
+ })
+ .returning("id as directoryId")
+ .executeTakeFirstOrThrow();
+ await trx
+ .insertInto("directory_log")
+ .values({
+ directory_id: directoryId,
timestamp: new Date(),
action: "create",
- newName: { ciphertext: params.encName, iv: params.encNameIv },
- });
- },
- { behavior: "exclusive" },
- );
+ new_name: params.encName,
+ })
+ .execute();
+ });
};
export const getAllDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
- return await db
- .select()
- .from(directory)
- .where(
- and(
- eq(directory.userId, userId),
- parentId === "root" ? isNull(directory.parentId) : eq(directory.parentId, parentId),
- ),
- );
+ let query = db.selectFrom("directory").selectAll().where("user_id", "=", userId);
+ query =
+ parentId === "root"
+ ? query.where("parent_id", "is", null)
+ : query.where("parent_id", "=", parentId);
+ const directories = await query.execute();
+ return directories.map(
+ (directory) =>
+ ({
+ id: directory.id,
+ parentId: directory.parent_id ?? "root",
+ userId: directory.user_id,
+ mekVersion: directory.master_encryption_key_version,
+ encDek: directory.encrypted_data_encryption_key,
+ dekVersion: directory.data_encryption_key_version,
+ encName: directory.encrypted_name,
+ }) satisfies Directory,
+ );
};
export const getDirectory = async (userId: number, directoryId: number) => {
- const res = await db
- .select()
- .from(directory)
- .where(and(eq(directory.userId, userId), eq(directory.id, directoryId)))
- .limit(1);
- return res[0] ?? null;
+ const directory = await db
+ .selectFrom("directory")
+ .selectAll()
+ .where("id", "=", directoryId)
+ .where("user_id", "=", userId)
+ .limit(1)
+ .executeTakeFirst();
+ return directory
+ ? ({
+ id: directory.id,
+ parentId: directory.parent_id ?? "root",
+ userId: directory.user_id,
+ mekVersion: directory.master_encryption_key_version,
+ encDek: directory.encrypted_data_encryption_key,
+ dekVersion: directory.data_encryption_key_version,
+ encName: directory.encrypted_name,
+ } satisfies Directory)
+ : null;
};
export const setDirectoryEncName = async (
userId: number,
directoryId: number,
dekVersion: Date,
- encName: string,
- encNameIv: string,
+ encName: Ciphertext,
) => {
- await db.transaction(
- async (tx) => {
- const directories = await tx
- .select({ version: directory.dekVersion })
- .from(directory)
- .where(and(eq(directory.userId, userId), eq(directory.id, directoryId)))
- .limit(1);
- if (!directories[0]) {
- throw new IntegrityError("Directory not found");
- } else if (directories[0].version.getTime() !== dekVersion.getTime()) {
- throw new IntegrityError("Invalid DEK version");
- }
+ await db.transaction().execute(async (trx) => {
+ const directory = await trx
+ .selectFrom("directory")
+ .select("data_encryption_key_version")
+ .where("id", "=", directoryId)
+ .where("user_id", "=", userId)
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (!directory) {
+ throw new IntegrityError("Directory not found");
+ } else if (directory.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+ throw new IntegrityError("Invalid DEK version");
+ }
- await tx
- .update(directory)
- .set({ encName: { ciphertext: encName, iv: encNameIv } })
- .where(and(eq(directory.userId, userId), eq(directory.id, directoryId)));
- await tx.insert(directoryLog).values({
- directoryId,
+ await trx
+ .updateTable("directory")
+ .set({ encrypted_name: encName })
+ .where("id", "=", directoryId)
+ .where("user_id", "=", userId)
+ .execute();
+ await trx
+ .insertInto("directory_log")
+ .values({
+ directory_id: directoryId,
timestamp: new Date(),
action: "rename",
- newName: { ciphertext: encName, iv: encNameIv },
- });
- },
- { behavior: "exclusive" },
- );
+ new_name: encName,
+ })
+ .execute();
+ });
};
export const unregisterDirectory = async (userId: number, directoryId: number) => {
- return await db.transaction(
- async (tx) => {
+ return await db
+ .transaction()
+ .setIsolationLevel("repeatable read") // TODO: Sufficient?
+ .execute(async (trx) => {
const unregisterFiles = async (parentId: number) => {
- return await tx
- .delete(file)
- .where(and(eq(file.userId, userId), eq(file.parentId, parentId)))
- .returning({ id: file.id, path: file.path });
+ return await trx
+ .deleteFrom("file")
+ .where("parent_id", "=", parentId)
+ .where("user_id", "=", userId)
+ .returning(["id", "path"])
+ .execute();
};
const unregisterDirectoryRecursively = async (
directoryId: number,
): Promise<{ id: number; path: string }[]> => {
const files = await unregisterFiles(directoryId);
- const subDirectories = await tx
- .select({ id: directory.id })
- .from(directory)
- .where(and(eq(directory.userId, userId), eq(directory.parentId, directoryId)));
+ const subDirectories = await trx
+ .selectFrom("directory")
+ .select("id")
+ .where("parent_id", "=", directoryId)
+ .where("user_id", "=", userId)
+ .execute();
const subDirectoryFilePaths = await Promise.all(
subDirectories.map(async ({ id }) => await unregisterDirectoryRecursively(id)),
);
- const deleteRes = await tx.delete(directory).where(eq(directory.id, directoryId));
- if (deleteRes.changes === 0) {
+ const deleteRes = await trx
+ .deleteFrom("directory")
+ .where("id", "=", directoryId)
+ .where("user_id", "=", userId)
+ .executeTakeFirst();
+ if (deleteRes.numDeletedRows === 0n) {
throw new IntegrityError("Directory not found");
}
return files.concat(...subDirectoryFilePaths);
};
return await unregisterDirectoryRecursively(directoryId);
- },
- { behavior: "exclusive" },
- );
+ });
};
-export const registerFile = async (params: NewFileParams) => {
- if (
- (params.hskVersion && !params.contentHmac) ||
- (!params.hskVersion && params.contentHmac) ||
- (params.encCreatedAt && !params.encCreatedAtIv) ||
- (!params.encCreatedAt && params.encCreatedAtIv)
- ) {
+export const registerFile = async (params: NewFile) => {
+ if ((params.hskVersion && !params.contentHmac) || (!params.hskVersion && params.contentHmac)) {
throw new Error("Invalid arguments");
}
- await db.transaction(
- async (tx) => {
- const meks = await tx
- .select({ version: mek.version })
- .from(mek)
- .where(and(eq(mek.userId, params.userId), eq(mek.state, "active")))
- .limit(1);
- if (meks[0]?.version !== params.mekVersion) {
- throw new IntegrityError("Inactive MEK version");
- }
+ return await db.transaction().execute(async (trx) => {
+ const mek = await trx
+ .selectFrom("master_encryption_key")
+ .select("version")
+ .where("user_id", "=", params.userId)
+ .where("state", "=", "active")
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (mek?.version !== params.mekVersion) {
+ throw new IntegrityError("Inactive MEK version");
+ }
- if (params.hskVersion) {
- const hsks = await tx
- .select({ version: hsk.version })
- .from(hsk)
- .where(and(eq(hsk.userId, params.userId), eq(hsk.state, "active")))
- .limit(1);
- if (hsks[0]?.version !== params.hskVersion) {
- throw new IntegrityError("Inactive HSK version");
- }
+ if (params.hskVersion) {
+ const hsk = await trx
+ .selectFrom("hmac_secret_key")
+ .select("version")
+ .where("user_id", "=", params.userId)
+ .where("state", "=", "active")
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (hsk?.version !== params.hskVersion) {
+ throw new IntegrityError("Inactive HSK version");
}
+ }
- const newFiles = await tx
- .insert(file)
- .values({
- path: params.path,
- parentId: params.parentId === "root" ? null : params.parentId,
- userId: params.userId,
- mekVersion: params.mekVersion,
- hskVersion: params.hskVersion,
- contentHmac: params.contentHmac,
- contentType: params.contentType,
- encDek: params.encDek,
- dekVersion: params.dekVersion,
- encContentIv: params.encContentIv,
- encName: { ciphertext: params.encName, iv: params.encNameIv },
- encCreatedAt:
- params.encCreatedAt && params.encCreatedAtIv
- ? { ciphertext: params.encCreatedAt, iv: params.encCreatedAtIv }
- : null,
- encLastModifiedAt: {
- ciphertext: params.encLastModifiedAt,
- iv: params.encLastModifiedAtIv,
- },
- })
- .returning({ id: file.id });
- const { id: fileId } = newFiles[0]!;
- await tx.insert(fileLog).values({
- fileId,
+ const { fileId } = await trx
+ .insertInto("file")
+ .values({
+ parent_id: params.parentId !== "root" ? params.parentId : null,
+ user_id: params.userId,
+ path: params.path,
+ master_encryption_key_version: params.mekVersion,
+ encrypted_data_encryption_key: params.encDek,
+ data_encryption_key_version: params.dekVersion,
+ hmac_secret_key_version: params.hskVersion,
+ content_hmac: params.contentHmac,
+ content_type: params.contentType,
+ encrypted_content_iv: params.encContentIv,
+ encrypted_content_hash: params.encContentHash,
+ encrypted_name: params.encName,
+ encrypted_created_at: params.encCreatedAt,
+ encrypted_last_modified_at: params.encLastModifiedAt,
+ })
+ .returning("id as fileId")
+ .executeTakeFirstOrThrow();
+ await trx
+ .insertInto("file_log")
+ .values({
+ file_id: fileId,
timestamp: new Date(),
action: "create",
- newName: { ciphertext: params.encName, iv: params.encNameIv },
- });
- },
- { behavior: "exclusive" },
- );
+ new_name: params.encName,
+ })
+ .execute();
+ return { id: fileId };
+ });
};
export const getAllFilesByParent = async (userId: number, parentId: DirectoryId) => {
- return await db
- .select()
- .from(file)
- .where(
- and(
- eq(file.userId, userId),
- parentId === "root" ? isNull(file.parentId) : eq(file.parentId, parentId),
- ),
- );
+ let query = db.selectFrom("file").selectAll().where("user_id", "=", userId);
+ query =
+ parentId === "root"
+ ? query.where("parent_id", "is", null)
+ : query.where("parent_id", "=", parentId);
+ const files = await query.execute();
+ return files.map(
+ (file) =>
+ ({
+ id: file.id,
+ parentId: file.parent_id ?? "root",
+ userId: file.user_id,
+ path: file.path,
+ mekVersion: file.master_encryption_key_version,
+ encDek: file.encrypted_data_encryption_key,
+ dekVersion: file.data_encryption_key_version,
+ hskVersion: file.hmac_secret_key_version,
+ contentHmac: file.content_hmac,
+ contentType: file.content_type,
+ encContentIv: file.encrypted_content_iv,
+ encContentHash: file.encrypted_content_hash,
+ encName: file.encrypted_name,
+ encCreatedAt: file.encrypted_created_at,
+ encLastModifiedAt: file.encrypted_last_modified_at,
+ }) satisfies File,
+ );
+};
+
+export const getAllFilesByCategory = async (
+ userId: number,
+ categoryId: number,
+ recurse: boolean,
+) => {
+ const files = await db
+ .withRecursive("cte", (db) =>
+ db
+ .selectFrom("category")
+ .leftJoin("file_category", "category.id", "file_category.category_id")
+ .select(["id", "parent_id", "user_id", "file_category.file_id"])
+ .select(sql`0`.as("depth"))
+ .where("id", "=", categoryId)
+ .$if(recurse, (qb) =>
+ qb.unionAll((db) =>
+ db
+ .selectFrom("category")
+ .leftJoin("file_category", "category.id", "file_category.category_id")
+ .innerJoin("cte", "category.parent_id", "cte.id")
+ .select([
+ "category.id",
+ "category.parent_id",
+ "category.user_id",
+ "file_category.file_id",
+ ])
+ .select(sql`cte.depth + 1`.as("depth")),
+ ),
+ ),
+ )
+ .selectFrom("cte")
+ .select(["file_id", "depth"])
+ .distinctOn("file_id")
+ .where("user_id", "=", userId)
+ .where("file_id", "is not", null)
+ .$narrowType<{ file_id: NotNull }>()
+ .orderBy(["file_id", "depth"])
+ .execute();
+ return files.map(({ file_id, depth }) => ({ id: file_id, isRecursive: depth > 0 }));
};
export const getAllFileIdsByContentHmac = async (
@@ -243,69 +337,150 @@ export const getAllFileIdsByContentHmac = async (
hskVersion: number,
contentHmac: string,
) => {
- return await db
- .select({ id: file.id })
- .from(file)
- .where(
- and(
- eq(file.userId, userId),
- eq(file.hskVersion, hskVersion),
- eq(file.contentHmac, contentHmac),
- ),
- );
+ const files = await db
+ .selectFrom("file")
+ .select("id")
+ .where("user_id", "=", userId)
+ .where("hmac_secret_key_version", "=", hskVersion)
+ .where("content_hmac", "=", contentHmac)
+ .execute();
+ return files.map(({ id }) => ({ id }));
};
export const getFile = async (userId: number, fileId: number) => {
- const res = await db
- .select()
- .from(file)
- .where(and(eq(file.userId, userId), eq(file.id, fileId)))
- .limit(1);
- return res[0] ?? null;
+ const file = await db
+ .selectFrom("file")
+ .selectAll()
+ .where("id", "=", fileId)
+ .where("user_id", "=", userId)
+ .limit(1)
+ .executeTakeFirst();
+ return file
+ ? ({
+ id: file.id,
+ parentId: file.parent_id ?? "root",
+ userId: file.user_id,
+ path: file.path,
+ mekVersion: file.master_encryption_key_version,
+ encDek: file.encrypted_data_encryption_key,
+ dekVersion: file.data_encryption_key_version,
+ hskVersion: file.hmac_secret_key_version,
+ contentHmac: file.content_hmac,
+ contentType: file.content_type,
+ encContentIv: file.encrypted_content_iv,
+ encContentHash: file.encrypted_content_hash,
+ encName: file.encrypted_name,
+ encCreatedAt: file.encrypted_created_at,
+ encLastModifiedAt: file.encrypted_last_modified_at,
+ } satisfies File)
+ : null;
};
export const setFileEncName = async (
userId: number,
fileId: number,
dekVersion: Date,
- encName: string,
- encNameIv: string,
+ encName: Ciphertext,
) => {
- await db.transaction(
- async (tx) => {
- const files = await tx
- .select({ version: file.dekVersion })
- .from(file)
- .where(and(eq(file.userId, userId), eq(file.id, fileId)))
- .limit(1);
- if (!files[0]) {
- throw new IntegrityError("File not found");
- } else if (files[0].version.getTime() !== dekVersion.getTime()) {
- throw new IntegrityError("Invalid DEK version");
- }
+ await db.transaction().execute(async (trx) => {
+ const file = await trx
+ .selectFrom("file")
+ .select("data_encryption_key_version")
+ .where("id", "=", fileId)
+ .where("user_id", "=", userId)
+ .limit(1)
+ .forUpdate()
+ .executeTakeFirst();
+ if (!file) {
+ throw new IntegrityError("File not found");
+ } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
+ throw new IntegrityError("Invalid DEK version");
+ }
- await tx
- .update(file)
- .set({ encName: { ciphertext: encName, iv: encNameIv } })
- .where(and(eq(file.userId, userId), eq(file.id, fileId)));
- await tx.insert(fileLog).values({
- fileId,
+ await trx
+ .updateTable("file")
+ .set({ encrypted_name: encName })
+ .where("id", "=", fileId)
+ .where("user_id", "=", userId)
+ .execute();
+ await trx
+ .insertInto("file_log")
+ .values({
+ file_id: fileId,
timestamp: new Date(),
action: "rename",
- newName: { ciphertext: encName, iv: encNameIv },
- });
- },
- { behavior: "exclusive" },
- );
+ new_name: encName,
+ })
+ .execute();
+ });
};
export const unregisterFile = async (userId: number, fileId: number) => {
- const files = await db
- .delete(file)
- .where(and(eq(file.userId, userId), eq(file.id, fileId)))
- .returning({ path: file.path });
- if (!files[0]) {
+ const file = await db
+ .deleteFrom("file")
+ .where("id", "=", fileId)
+ .where("user_id", "=", userId)
+ .returning("path")
+ .executeTakeFirst();
+ if (!file) {
throw new IntegrityError("File not found");
}
- return files[0].path;
+ return { path: file.path };
+};
+
+export const addFileToCategory = async (fileId: number, categoryId: number) => {
+ await db.transaction().execute(async (trx) => {
+ try {
+ await trx
+ .insertInto("file_category")
+ .values({ file_id: fileId, category_id: categoryId })
+ .execute();
+ await trx
+ .insertInto("file_log")
+ .values({
+ file_id: fileId,
+ timestamp: new Date(),
+ action: "add-to-category",
+ category_id: categoryId,
+ })
+ .execute();
+ } catch (e) {
+ if (e instanceof pg.DatabaseError && e.code === "23505") {
+ throw new IntegrityError("File already added to category");
+ }
+ throw e;
+ }
+ });
+};
+
+export const getAllFileCategories = async (fileId: number) => {
+ const categories = await db
+ .selectFrom("file_category")
+ .select("category_id")
+ .where("file_id", "=", fileId)
+ .execute();
+ return categories.map(({ category_id }) => ({ id: category_id }));
+};
+
+export const removeFileFromCategory = async (fileId: number, categoryId: number) => {
+ await db.transaction().execute(async (trx) => {
+ const res = await trx
+ .deleteFrom("file_category")
+ .where("file_id", "=", fileId)
+ .where("category_id", "=", categoryId)
+ .executeTakeFirst();
+ if (res.numDeletedRows === 0n) {
+ throw new IntegrityError("File not found in category");
+ }
+
+ await trx
+ .insertInto("file_log")
+ .values({
+ file_id: fileId,
+ timestamp: new Date(),
+ action: "remove-from-category",
+ category_id: categoryId,
+ })
+ .execute();
+ });
};
diff --git a/src/lib/server/db/hsk.ts b/src/lib/server/db/hsk.ts
index faf7dc6..4673cae 100644
--- a/src/lib/server/db/hsk.ts
+++ b/src/lib/server/db/hsk.ts
@@ -1,8 +1,15 @@
-import { SqliteError } from "better-sqlite3";
-import { and, eq } from "drizzle-orm";
-import db from "./drizzle";
+import pg from "pg";
import { IntegrityError } from "./error";
-import { hsk, hskLog } from "./schema";
+import db from "./kysely";
+import type { HskState } from "./schema";
+
+interface Hsk {
+ userId: number;
+ version: number;
+ state: HskState;
+ mekVersion: number;
+ encHsk: string;
+}
export const registerInitialHsk = async (
userId: number,
@@ -10,37 +17,52 @@ export const registerInitialHsk = async (
mekVersion: number,
encHsk: string,
) => {
- await db.transaction(
- async (tx) => {
- try {
- await tx.insert(hsk).values({
- userId,
+ await db.transaction().execute(async (trx) => {
+ try {
+ await trx
+ .insertInto("hmac_secret_key")
+ .values({
+ user_id: userId,
version: 1,
state: "active",
- mekVersion,
- encHsk,
- });
- await tx.insert(hskLog).values({
- userId,
- hskVersion: 1,
+ master_encryption_key_version: mekVersion,
+ encrypted_key: encHsk,
+ })
+ .execute();
+ await trx
+ .insertInto("hmac_secret_key_log")
+ .values({
+ user_id: userId,
+ hmac_secret_key_version: 1,
timestamp: new Date(),
action: "create",
- actionBy: createdBy,
- });
- } catch (e) {
- if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
- throw new IntegrityError("HSK already registered");
- }
- throw e;
+ action_by: createdBy,
+ })
+ .execute();
+ } catch (e) {
+ if (e instanceof pg.DatabaseError && e.code === "23505") {
+ throw new IntegrityError("HSK already registered");
}
- },
- { behavior: "exclusive" },
- );
+ throw e;
+ }
+ });
};
export const getAllValidHsks = async (userId: number) => {
- return await db
- .select()
- .from(hsk)
- .where(and(eq(hsk.userId, userId), eq(hsk.state, "active")));
+ const hsks = await db
+ .selectFrom("hmac_secret_key")
+ .selectAll()
+ .where("user_id", "=", userId)
+ .where("state", "=", "active")
+ .execute();
+ return hsks.map(
+ ({ user_id, version, state, master_encryption_key_version, encrypted_key }) =>
+ ({
+ userId: user_id,
+ version,
+ state: state as "active",
+ mekVersion: master_encryption_key_version,
+ encHsk: encrypted_key,
+ }) satisfies Hsk,
+ );
};
diff --git a/src/lib/server/db/kysely.ts b/src/lib/server/db/kysely.ts
new file mode 100644
index 0000000..302049e
--- /dev/null
+++ b/src/lib/server/db/kysely.ts
@@ -0,0 +1,47 @@
+import { Kysely, PostgresDialect, Migrator } from "kysely";
+import pg from "pg";
+import env from "$lib/server/loadenv";
+import migrations from "./migrations";
+import type { Database } from "./schema";
+
+const dialect = new PostgresDialect({
+ pool: new pg.Pool({
+ host: env.database.host,
+ port: env.database.port,
+ user: env.database.user,
+ password: env.database.password,
+ database: env.database.name,
+ }),
+});
+
+const db = new Kysely({ dialect });
+
+export const migrateDB = async () => {
+ if (env.nodeEnv !== "production") return;
+
+ const migrator = new Migrator({
+ db,
+ provider: {
+ async getMigrations() {
+ return migrations;
+ },
+ },
+ });
+ const { error, results } = await migrator.migrateToLatest();
+ if (error) {
+ const migration = results?.find(({ status }) => status === "Error");
+ if (migration) {
+ console.error(`Migration "${migration.migrationName}" failed.`);
+ }
+ console.error(error);
+ process.exit(1);
+ }
+
+ if (results?.length === 0) {
+ console.log("Database is up-to-date.");
+ } else {
+ console.log("Database migration completed.");
+ }
+};
+
+export default db;
diff --git a/src/lib/server/db/mek.ts b/src/lib/server/db/mek.ts
index 944636e..d6eecb0 100644
--- a/src/lib/server/db/mek.ts
+++ b/src/lib/server/db/mek.ts
@@ -1,8 +1,19 @@
-import { SqliteError } from "better-sqlite3";
-import { and, or, eq } from "drizzle-orm";
-import db from "./drizzle";
+import pg from "pg";
import { IntegrityError } from "./error";
-import { mek, mekLog, clientMek } from "./schema";
+import db from "./kysely";
+import type { MekState } from "./schema";
+
+interface Mek {
+ userId: number;
+ version: number;
+ state: MekState;
+}
+
+interface ClientMekWithDetails extends Mek {
+ clientId: number;
+ encMek: string;
+ encMekSig: string;
+}
export const registerInitialMek = async (
userId: number,
@@ -10,58 +21,80 @@ export const registerInitialMek = async (
encMek: string,
encMekSig: string,
) => {
- await db.transaction(
- async (tx) => {
- try {
- await tx.insert(mek).values({
- userId,
+ await db.transaction().execute(async (trx) => {
+ try {
+ await trx
+ .insertInto("master_encryption_key")
+ .values({
+ user_id: userId,
version: 1,
state: "active",
- });
- await tx.insert(clientMek).values({
- userId,
- clientId: createdBy,
- mekVersion: 1,
- encMek,
- encMekSig,
- });
- await tx.insert(mekLog).values({
- userId,
- mekVersion: 1,
+ })
+ .execute();
+ await trx
+ .insertInto("client_master_encryption_key")
+ .values({
+ user_id: userId,
+ client_id: createdBy,
+ version: 1,
+ encrypted_key: encMek,
+ encrypted_key_signature: encMekSig,
+ })
+ .execute();
+ await trx
+ .insertInto("master_encryption_key_log")
+ .values({
+ user_id: userId,
+ master_encryption_key_version: 1,
timestamp: new Date(),
action: "create",
- actionBy: createdBy,
- });
- } catch (e) {
- if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
- throw new IntegrityError("MEK already registered");
- }
- throw e;
+ action_by: createdBy,
+ })
+ .execute();
+ } catch (e) {
+ if (e instanceof pg.DatabaseError && e.code === "23505") {
+ throw new IntegrityError("MEK already registered");
}
- },
- { behavior: "exclusive" },
- );
+ throw e;
+ }
+ });
};
export const getInitialMek = async (userId: number) => {
- const meks = await db
- .select()
- .from(mek)
- .where(and(eq(mek.userId, userId), eq(mek.version, 1)))
- .limit(1);
- return meks[0] ?? null;
+ const mek = await db
+ .selectFrom("master_encryption_key")
+ .selectAll()
+ .where("user_id", "=", userId)
+ .where("version", "=", 1)
+ .limit(1)
+ .executeTakeFirst();
+ return mek
+ ? ({ userId: mek.user_id, version: mek.version, state: mek.state } satisfies Mek)
+ : null;
};
export const getAllValidClientMeks = async (userId: number, clientId: number) => {
- return await db
- .select()
- .from(clientMek)
- .innerJoin(mek, and(eq(clientMek.userId, mek.userId), eq(clientMek.mekVersion, mek.version)))
- .where(
- and(
- eq(clientMek.userId, userId),
- eq(clientMek.clientId, clientId),
- or(eq(mek.state, "active"), eq(mek.state, "retired")),
- ),
- );
+ const clientMeks = await db
+ .selectFrom("client_master_encryption_key")
+ .innerJoin("master_encryption_key", (join) =>
+ join
+ .onRef("client_master_encryption_key.user_id", "=", "master_encryption_key.user_id")
+ .onRef("client_master_encryption_key.version", "=", "master_encryption_key.version"),
+ )
+ .selectAll()
+ .where("client_master_encryption_key.user_id", "=", userId)
+ .where("client_master_encryption_key.client_id", "=", clientId)
+ .where((eb) => eb.or([eb("state", "=", "active"), eb("state", "=", "retired")]))
+ .execute();
+ return clientMeks.map(
+ ({ user_id, client_id, version, state, encrypted_key, encrypted_key_signature }) =>
+ ({
+ userId: user_id,
+ version,
+ state: state as "active" | "retired",
+ clientId: client_id,
+ encMek: encrypted_key,
+ encMekSig: encrypted_key_signature,
+ }) satisfies ClientMekWithDetails,
+ );
};
diff --git a/src/lib/server/db/migrations/1737357000-Initial.ts b/src/lib/server/db/migrations/1737357000-Initial.ts
new file mode 100644
index 0000000..5caf503
--- /dev/null
+++ b/src/lib/server/db/migrations/1737357000-Initial.ts
@@ -0,0 +1,224 @@
+import { Kysely } from "kysely";
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const up = async (db: Kysely) => {
+ // user.ts
+ await db.schema
+ .createTable("user")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("email", "text", (col) => col.unique().notNull())
+ .addColumn("nickname", "text", (col) => col.notNull())
+ .addColumn("password", "text", (col) => col.notNull())
+ .execute();
+
+ // client.ts
+ await db.schema
+ .createTable("client")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("encryption_public_key", "text", (col) => col.unique().notNull())
+ .addColumn("signature_public_key", "text", (col) => col.unique().notNull())
+ .addUniqueConstraint("client_ak01", ["encryption_public_key", "signature_public_key"])
+ .execute();
+ await db.schema
+ .createTable("user_client")
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+ .addColumn("state", "text", (col) => col.notNull().defaultTo("challenging"))
+ .addPrimaryKeyConstraint("user_client_pk", ["user_id", "client_id"])
+ .execute();
+ await db.schema
+ .createTable("user_client_challenge")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+ .addColumn("answer", "text", (col) => col.unique().notNull())
+ .addColumn("allowed_ip", "text", (col) => col.notNull())
+ .addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
+ .addForeignKeyConstraint(
+ "user_client_challenge_fk01",
+ ["user_id", "client_id"],
+ "user_client",
+ ["user_id", "client_id"],
+ )
+ .execute();
+
+ // session.ts
+ await db.schema
+ .createTable("session")
+ .addColumn("id", "text", (col) => col.primaryKey())
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("client_id", "integer", (col) => col.references("client.id"))
+ .addColumn("created_at", "timestamp(3)", (col) => col.notNull())
+ .addColumn("last_used_at", "timestamp(3)", (col) => col.notNull())
+ .addColumn("last_used_by_ip", "text")
+ .addColumn("last_used_by_agent", "text")
+ .addUniqueConstraint("session_ak01", ["user_id", "client_id"])
+ .execute();
+ await db.schema
+ .createTable("session_upgrade_challenge")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("session_id", "text", (col) => col.references("session.id").unique().notNull())
+ .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+ .addColumn("answer", "text", (col) => col.unique().notNull())
+ .addColumn("allowed_ip", "text", (col) => col.notNull())
+ .addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
+ .execute();
+
+ // mek.ts
+ await db.schema
+ .createTable("master_encryption_key")
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("version", "integer", (col) => col.notNull())
+ .addColumn("state", "text", (col) => col.notNull())
+ .addPrimaryKeyConstraint("master_encryption_key_pk", ["user_id", "version"])
+ .execute();
+ await db.schema
+ .createTable("master_encryption_key_log")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+ .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+ .addColumn("action", "text", (col) => col.notNull())
+ .addColumn("action_by", "integer", (col) => col.references("client.id"))
+ .addForeignKeyConstraint(
+ "master_encryption_key_log_fk01",
+ ["user_id", "master_encryption_key_version"],
+ "master_encryption_key",
+ ["user_id", "version"],
+ )
+ .execute();
+ await db.schema
+ .createTable("client_master_encryption_key")
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("client_id", "integer", (col) => col.references("client.id").notNull())
+ .addColumn("version", "integer", (col) => col.notNull())
+ .addColumn("encrypted_key", "text", (col) => col.notNull())
+ .addColumn("encrypted_key_signature", "text", (col) => col.notNull())
+ .addPrimaryKeyConstraint("client_master_encryption_key_pk", ["user_id", "client_id", "version"])
+ .addForeignKeyConstraint(
+ "client_master_encryption_key_fk01",
+ ["user_id", "version"],
+ "master_encryption_key",
+ ["user_id", "version"],
+ )
+ .execute();
+
+ // hsk.ts
+ await db.schema
+ .createTable("hmac_secret_key")
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("version", "integer", (col) => col.notNull())
+ .addColumn("state", "text", (col) => col.notNull())
+ .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+ .addColumn("encrypted_key", "text", (col) => col.unique().notNull())
+ .addPrimaryKeyConstraint("hmac_secret_key_pk", ["user_id", "version"])
+ .addForeignKeyConstraint(
+ "hmac_secret_key_fk01",
+ ["user_id", "master_encryption_key_version"],
+ "master_encryption_key",
+ ["user_id", "version"],
+ )
+ .execute();
+ await db.schema
+ .createTable("hmac_secret_key_log")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("hmac_secret_key_version", "integer", (col) => col.notNull())
+ .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+ .addColumn("action", "text", (col) => col.notNull())
+ .addColumn("action_by", "integer", (col) => col.references("client.id"))
+ .addForeignKeyConstraint(
+ "hmac_secret_key_log_fk01",
+ ["user_id", "hmac_secret_key_version"],
+ "hmac_secret_key",
+ ["user_id", "version"],
+ )
+ .execute();
+
+ // file.ts
+ await db.schema
+ .createTable("directory")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("parent_id", "integer", (col) => col.references("directory.id"))
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+ .addColumn("encrypted_data_encryption_key", "text", (col) => col.unique().notNull())
+ .addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
+ .addColumn("encrypted_name", "json", (col) => col.notNull())
+ .addForeignKeyConstraint(
+ "directory_fk01",
+ ["user_id", "master_encryption_key_version"],
+ "master_encryption_key",
+ ["user_id", "version"],
+ )
+ .execute();
+ await db.schema
+ .createTable("directory_log")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("directory_id", "integer", (col) =>
+ col.references("directory.id").onDelete("cascade").notNull(),
+ )
+ .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+ .addColumn("action", "text", (col) => col.notNull())
+ .addColumn("new_name", "json")
+ .execute();
+ await db.schema
+ .createTable("file")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("parent_id", "integer", (col) => col.references("directory.id"))
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("path", "text", (col) => col.unique().notNull())
+ .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+ .addColumn("encrypted_data_encryption_key", "text", (col) => col.unique().notNull())
+ .addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
+ .addColumn("hmac_secret_key_version", "integer")
+ .addColumn("content_hmac", "text")
+ .addColumn("content_type", "text", (col) => col.notNull())
+ .addColumn("encrypted_content_iv", "text", (col) => col.notNull())
+ .addColumn("encrypted_content_hash", "text", (col) => col.notNull())
+ .addColumn("encrypted_name", "json", (col) => col.notNull())
+ .addColumn("encrypted_created_at", "json")
+ .addColumn("encrypted_last_modified_at", "json", (col) => col.notNull())
+ .addForeignKeyConstraint(
+ "file_fk01",
+ ["user_id", "master_encryption_key_version"],
+ "master_encryption_key",
+ ["user_id", "version"],
+ )
+ .addForeignKeyConstraint(
+ "file_fk02",
+ ["user_id", "hmac_secret_key_version"],
+ "hmac_secret_key",
+ ["user_id", "version"],
+ )
+ .execute();
+ await db.schema
+ .createTable("file_log")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("file_id", "integer", (col) =>
+ col.references("file.id").onDelete("cascade").notNull(),
+ )
+ .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+ .addColumn("action", "text", (col) => col.notNull())
+ .addColumn("new_name", "json")
+ .execute();
+};
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const down = async (db: Kysely) => {
+ await db.schema.dropTable("file_log").execute();
+ await db.schema.dropTable("file").execute();
+ await db.schema.dropTable("directory_log").execute();
+ await db.schema.dropTable("directory").execute();
+ await db.schema.dropTable("hmac_secret_key_log").execute();
+ await db.schema.dropTable("hmac_secret_key").execute();
+ await db.schema.dropTable("client_master_encryption_key").execute();
+ await db.schema.dropTable("master_encryption_key_log").execute();
+ await db.schema.dropTable("master_encryption_key").execute();
+ await db.schema.dropTable("session_upgrade_challenge").execute();
+ await db.schema.dropTable("session").execute();
+ await db.schema.dropTable("user_client_challenge").execute();
+ await db.schema.dropTable("user_client").execute();
+ await db.schema.dropTable("client").execute();
+ await db.schema.dropTable("user").execute();
+};
diff --git a/src/lib/server/db/migrations/1737422340-AddFileCategory.ts b/src/lib/server/db/migrations/1737422340-AddFileCategory.ts
new file mode 100644
index 0000000..ff811e1
--- /dev/null
+++ b/src/lib/server/db/migrations/1737422340-AddFileCategory.ts
@@ -0,0 +1,65 @@
+import { Kysely } from "kysely";
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const up = async (db: Kysely) => {
+ // category.ts
+ await db.schema
+ .createTable("category")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("parent_id", "integer", (col) => col.references("category.id").onDelete("cascade"))
+ .addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
+ .addColumn("master_encryption_key_version", "integer", (col) => col.notNull())
+ .addColumn("encrypted_data_encryption_key", "text", (col) => col.unique().notNull())
+ .addColumn("data_encryption_key_version", "timestamp(3)", (col) => col.notNull())
+ .addColumn("encrypted_name", "json", (col) => col.notNull())
+ .addForeignKeyConstraint(
+ "category_fk01",
+ ["user_id", "master_encryption_key_version"],
+ "master_encryption_key",
+ ["user_id", "version"],
+ )
+ .execute();
+ await db.schema
+ .createTable("category_log")
+ .addColumn("id", "integer", (col) => col.primaryKey().generatedAlwaysAsIdentity())
+ .addColumn("category_id", "integer", (col) =>
+ col.references("category.id").onDelete("cascade").notNull(),
+ )
+ .addColumn("timestamp", "timestamp(3)", (col) => col.notNull())
+ .addColumn("action", "text", (col) => col.notNull())
+ .addColumn("new_name", "json")
+ .execute();
+
+ // file.ts
+ await db.schema
+ .alterTable("file_log")
+ .addColumn("category_id", "integer", (col) =>
+ col.references("category.id").onDelete("set null"),
+ )
+ .execute();
+ await db.schema
+ .createTable("file_category")
+ .addColumn("file_id", "integer", (col) =>
+ col.references("file.id").onDelete("cascade").notNull(),
+ )
+ .addColumn("category_id", "integer", (col) =>
+ col.references("category.id").onDelete("cascade").notNull(),
+ )
+ .addPrimaryKeyConstraint("file_category_pk", ["file_id", "category_id"])
+ .execute();
+};
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export const down = async (db: Kysely) => {
+ await db
+ .deleteFrom("file_log")
+ .where((eb) =>
+ eb.or([eb("action", "=", "add-to-category"), eb("action", "=", "remove-from-category")]),
+ )
+ .execute();
+
+ await db.schema.dropTable("file_category").execute();
+ await db.schema.alterTable("file_log").dropColumn("category_id").execute();
+ await db.schema.dropTable("category_log").execute();
+ await db.schema.dropTable("category").execute();
+};
diff --git a/src/lib/server/db/migrations/index.ts b/src/lib/server/db/migrations/index.ts
new file mode 100644
index 0000000..aa6ee13
--- /dev/null
+++ b/src/lib/server/db/migrations/index.ts
@@ -0,0 +1,7 @@
+import * as Initial1737357000 from "./1737357000-Initial";
+import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
+
+export default {
+ "1737357000-Initial": Initial1737357000,
+ "1737422340-AddFileCategory": AddFileCategory1737422340,
+};
diff --git a/src/lib/server/db/schema/category.ts b/src/lib/server/db/schema/category.ts
new file mode 100644
index 0000000..2304264
--- /dev/null
+++ b/src/lib/server/db/schema/category.ts
@@ -0,0 +1,27 @@
+import type { Generated } from "kysely";
+import type { Ciphertext } from "./util";
+
+interface CategoryTable {
+ id: Generated;
+ parent_id: number | null;
+ user_id: number;
+ master_encryption_key_version: number;
+ encrypted_data_encryption_key: string; // Base64
+ data_encryption_key_version: Date;
+ encrypted_name: Ciphertext;
+}
+
+interface CategoryLogTable {
+ id: Generated;
+ category_id: number;
+ timestamp: Date;
+ action: "create" | "rename";
+ new_name: Ciphertext | null;
+}
+
+declare module "./index" {
+ interface Database {
+ category: CategoryTable;
+ category_log: CategoryLogTable;
+ }
+}
diff --git a/src/lib/server/db/schema/client.ts b/src/lib/server/db/schema/client.ts
index 1e9eb85..d66e42b 100644
--- a/src/lib/server/db/schema/client.ts
+++ b/src/lib/server/db/schema/client.ts
@@ -1,61 +1,32 @@
-import {
- sqliteTable,
- text,
- integer,
- primaryKey,
- foreignKey,
- unique,
-} from "drizzle-orm/sqlite-core";
-import { user } from "./user";
+import type { ColumnType, Generated } from "kysely";
-export const client = sqliteTable(
- "client",
- {
- id: integer("id").primaryKey({ autoIncrement: true }),
- encPubKey: text("encryption_public_key").notNull().unique(), // Base64
- sigPubKey: text("signature_public_key").notNull().unique(), // Base64
- },
- (t) => ({
- unq: unique().on(t.encPubKey, t.sigPubKey),
- }),
-);
+interface ClientTable {
+ id: Generated;
+ encryption_public_key: string; // Base64
+ signature_public_key: string; // Base64
+}
-export const userClient = sqliteTable(
- "user_client",
- {
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- clientId: integer("client_id")
- .notNull()
- .references(() => client.id),
- state: text("state", { enum: ["challenging", "pending", "active"] })
- .notNull()
- .default("challenging"),
- },
- (t) => ({
- pk: primaryKey({ columns: [t.userId, t.clientId] }),
- }),
-);
+export type UserClientState = "challenging" | "pending" | "active";
-export const userClientChallenge = sqliteTable(
- "user_client_challenge",
- {
- id: integer("id").primaryKey(),
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- clientId: integer("client_id")
- .notNull()
- .references(() => client.id),
- answer: text("answer").notNull().unique(), // Base64
- allowedIp: text("allowed_ip").notNull(),
- expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
- },
- (t) => ({
- ref: foreignKey({
- columns: [t.userId, t.clientId],
- foreignColumns: [userClient.userId, userClient.clientId],
- }),
- }),
-);
+interface UserClientTable {
+ user_id: number;
+ client_id: number;
+ state: ColumnType;
+}
+
+interface UserClientChallengeTable {
+ id: Generated;
+ user_id: number;
+ client_id: number;
+ answer: string; // Base64
+ allowed_ip: string;
+ expires_at: ColumnType;
+}
+
+declare module "./index" {
+ interface Database {
+ client: ClientTable;
+ user_client: UserClientTable;
+ user_client_challenge: UserClientChallengeTable;
+ }
+}
diff --git a/src/lib/server/db/schema/file.ts b/src/lib/server/db/schema/file.ts
index 65c5471..a1bf9bd 100644
--- a/src/lib/server/db/schema/file.ts
+++ b/src/lib/server/db/schema/file.ts
@@ -1,87 +1,62 @@
-import { sqliteTable, text, integer, foreignKey } from "drizzle-orm/sqlite-core";
-import { hsk } from "./hsk";
-import { mek } from "./mek";
-import { user } from "./user";
+import type { ColumnType, Generated } from "kysely";
+import type { Ciphertext } from "./util";
-const ciphertext = (name: string) =>
- text(name, { mode: "json" }).$type<{
- ciphertext: string; // Base64
- iv: string; // Base64
- }>();
+interface DirectoryTable {
+ id: Generated;
+ parent_id: number | null;
+ user_id: number;
+ master_encryption_key_version: number;
+ encrypted_data_encryption_key: string; // Base64
+ data_encryption_key_version: Date;
+ encrypted_name: Ciphertext;
+}
-export const directory = sqliteTable(
- "directory",
- {
- id: integer("id").primaryKey({ autoIncrement: true }),
- parentId: integer("parent_id"),
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- mekVersion: integer("master_encryption_key_version").notNull(),
- encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
- dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
- encName: ciphertext("encrypted_name").notNull(),
- },
- (t) => ({
- ref1: foreignKey({
- columns: [t.parentId],
- foreignColumns: [t.id],
- }),
- ref2: foreignKey({
- columns: [t.userId, t.mekVersion],
- foreignColumns: [mek.userId, mek.version],
- }),
- }),
-);
+interface DirectoryLogTable {
+ id: Generated;
+ directory_id: number;
+ timestamp: ColumnType;
+ action: "create" | "rename";
+ new_name: Ciphertext | null;
+}
-export const directoryLog = sqliteTable("directory_log", {
- id: integer("id").primaryKey({ autoIncrement: true }),
- directoryId: integer("directory_id")
- .notNull()
- .references(() => directory.id, { onDelete: "cascade" }),
- timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
- action: text("action", { enum: ["create", "rename"] }).notNull(),
- newName: ciphertext("new_name"),
-});
+interface FileTable {
+ id: Generated;
+ parent_id: number | null;
+ user_id: number;
+ path: string;
+ master_encryption_key_version: number;
+ encrypted_data_encryption_key: string; // Base64
+ data_encryption_key_version: Date;
+ hmac_secret_key_version: number | null;
+ content_hmac: string | null; // Base64
+ content_type: string;
+ encrypted_content_iv: string; // Base64
+ encrypted_content_hash: string; // Base64
+ encrypted_name: Ciphertext;
+ encrypted_created_at: Ciphertext | null;
+ encrypted_last_modified_at: Ciphertext;
+}
-export const file = sqliteTable(
- "file",
- {
- id: integer("id").primaryKey({ autoIncrement: true }),
- parentId: integer("parent_id").references(() => directory.id),
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- path: text("path").notNull().unique(),
- mekVersion: integer("master_encryption_key_version").notNull(),
- encDek: text("encrypted_data_encryption_key").notNull().unique(), // Base64
- dekVersion: integer("data_encryption_key_version", { mode: "timestamp_ms" }).notNull(),
- hskVersion: integer("hmac_secret_key_version"),
- contentHmac: text("content_hmac"), // Base64
- contentType: text("content_type").notNull(),
- encContentIv: text("encrypted_content_iv").notNull(), // Base64
- encName: ciphertext("encrypted_name").notNull(),
- encCreatedAt: ciphertext("encrypted_created_at"),
- encLastModifiedAt: ciphertext("encrypted_last_modified_at").notNull(),
- },
- (t) => ({
- ref1: foreignKey({
- columns: [t.userId, t.mekVersion],
- foreignColumns: [mek.userId, mek.version],
- }),
- ref2: foreignKey({
- columns: [t.userId, t.hskVersion],
- foreignColumns: [hsk.userId, hsk.version],
- }),
- }),
-);
+interface FileLogTable {
+ id: Generated;
+ file_id: number;
+ timestamp: ColumnType;
+ action: "create" | "rename" | "add-to-category" | "remove-from-category";
+ new_name: Ciphertext | null;
+ category_id: number | null;
+}
-export const fileLog = sqliteTable("file_log", {
- id: integer("id").primaryKey({ autoIncrement: true }),
- fileId: integer("file_id")
- .notNull()
- .references(() => file.id, { onDelete: "cascade" }),
- timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
- action: text("action", { enum: ["create", "rename"] }).notNull(),
- newName: ciphertext("new_name"),
-});
+interface FileCategoryTable {
+ file_id: number;
+ category_id: number;
+}
+
+declare module "./index" {
+ interface Database {
+ directory: DirectoryTable;
+ directory_log: DirectoryLogTable;
+ file: FileTable;
+ file_log: FileLogTable;
+ file_category: FileCategoryTable;
+ }
+}
diff --git a/src/lib/server/db/schema/hsk.ts b/src/lib/server/db/schema/hsk.ts
index b78c512..71457b0 100644
--- a/src/lib/server/db/schema/hsk.ts
+++ b/src/lib/server/db/schema/hsk.ts
@@ -1,43 +1,27 @@
-import { sqliteTable, text, integer, primaryKey, foreignKey } from "drizzle-orm/sqlite-core";
-import { mek } from "./mek";
-import { user } from "./user";
+import type { ColumnType, Generated } from "kysely";
-export const hsk = sqliteTable(
- "hmac_secret_key",
- {
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- version: integer("version").notNull(),
- state: text("state", { enum: ["active"] }).notNull(),
- mekVersion: integer("master_encryption_key_version").notNull(),
- encHsk: text("encrypted_key").notNull().unique(), // Base64
- },
- (t) => ({
- pk: primaryKey({ columns: [t.userId, t.version] }),
- ref: foreignKey({
- columns: [t.userId, t.mekVersion],
- foreignColumns: [mek.userId, mek.version],
- }),
- }),
-);
+export type HskState = "active";
-export const hskLog = sqliteTable(
- "hmac_secret_key_log",
- {
- id: integer("id").primaryKey({ autoIncrement: true }),
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- hskVersion: integer("hmac_secret_key_version").notNull(),
- timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
- action: text("action", { enum: ["create"] }).notNull(),
- actionBy: integer("action_by").references(() => user.id),
- },
- (t) => ({
- ref: foreignKey({
- columns: [t.userId, t.hskVersion],
- foreignColumns: [hsk.userId, hsk.version],
- }),
- }),
-);
+interface HskTable {
+ user_id: number;
+ version: number;
+ state: HskState;
+ master_encryption_key_version: number;
+ encrypted_key: string; // Base64
+}
+
+interface HskLogTable {
+ id: Generated;
+ user_id: number;
+ hmac_secret_key_version: number;
+ timestamp: ColumnType;
+ action: "create";
+ action_by: number | null;
+}
+
+declare module "./index" {
+ interface Database {
+ hmac_secret_key: HskTable;
+ hmac_secret_key_log: HskLogTable;
+ }
+}
diff --git a/src/lib/server/db/schema/index.ts b/src/lib/server/db/schema/index.ts
index 40cb9be..d3dd9b1 100644
--- a/src/lib/server/db/schema/index.ts
+++ b/src/lib/server/db/schema/index.ts
@@ -1,6 +1,11 @@
+export * from "./category";
export * from "./client";
export * from "./file";
export * from "./hsk";
export * from "./mek";
export * from "./session";
export * from "./user";
+export * from "./util";
+
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type
+export interface Database {}
diff --git a/src/lib/server/db/schema/mek.ts b/src/lib/server/db/schema/mek.ts
index e496d9e..d1b3c76 100644
--- a/src/lib/server/db/schema/mek.ts
+++ b/src/lib/server/db/schema/mek.ts
@@ -1,60 +1,34 @@
-import { sqliteTable, text, integer, primaryKey, foreignKey } from "drizzle-orm/sqlite-core";
-import { client } from "./client";
-import { user } from "./user";
+import type { ColumnType, Generated } from "kysely";
-export const mek = sqliteTable(
- "master_encryption_key",
- {
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- version: integer("version").notNull(),
- state: text("state", { enum: ["active", "retired", "dead"] }).notNull(),
- retiredAt: integer("retired_at", { mode: "timestamp_ms" }),
- },
- (t) => ({
- pk: primaryKey({ columns: [t.userId, t.version] }),
- }),
-);
+export type MekState = "active" | "retired" | "dead";
-export const mekLog = sqliteTable(
- "master_encryption_key_log",
- {
- id: integer("id").primaryKey({ autoIncrement: true }),
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- mekVersion: integer("master_encryption_key_version").notNull(),
- timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
- action: text("action", { enum: ["create"] }).notNull(),
- actionBy: integer("action_by").references(() => client.id),
- },
- (t) => ({
- ref: foreignKey({
- columns: [t.userId, t.mekVersion],
- foreignColumns: [mek.userId, mek.version],
- }),
- }),
-);
+interface MekTable {
+ user_id: number;
+ version: number;
+ state: MekState;
+}
-export const clientMek = sqliteTable(
- "client_master_encryption_key",
- {
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- clientId: integer("client_id")
- .notNull()
- .references(() => client.id),
- mekVersion: integer("version").notNull(),
- encMek: text("encrypted_key").notNull(), // Base64
- encMekSig: text("encrypted_key_signature").notNull(), // Base64
- },
- (t) => ({
- pk: primaryKey({ columns: [t.userId, t.clientId, t.mekVersion] }),
- ref: foreignKey({
- columns: [t.userId, t.mekVersion],
- foreignColumns: [mek.userId, mek.version],
- }),
- }),
-);
+interface MekLogTable {
+ id: Generated;
+ user_id: number;
+ master_encryption_key_version: number;
+ timestamp: ColumnType;
+ action: "create";
+ action_by: number | null;
+}
+
+interface ClientMekTable {
+ user_id: number;
+ client_id: number;
+ version: number;
+ encrypted_key: string; // Base64
+ encrypted_key_signature: string; // Base64
+}
+
+declare module "./index" {
+ interface Database {
+ master_encryption_key: MekTable;
+ master_encryption_key_log: MekLogTable;
+ client_master_encryption_key: ClientMekTable;
+ }
+}
diff --git a/src/lib/server/db/schema/session.ts b/src/lib/server/db/schema/session.ts
index 5f2129d..301a879 100644
--- a/src/lib/server/db/schema/session.ts
+++ b/src/lib/server/db/schema/session.ts
@@ -1,35 +1,27 @@
-import { sqliteTable, text, integer, unique } from "drizzle-orm/sqlite-core";
-import { client } from "./client";
-import { user } from "./user";
+import type { ColumnType, Generated } from "kysely";
-export const session = sqliteTable(
- "session",
- {
- id: text("id").notNull().primaryKey(),
- userId: integer("user_id")
- .notNull()
- .references(() => user.id),
- clientId: integer("client_id").references(() => client.id),
- createdAt: integer("created_at", { mode: "timestamp_ms" }).notNull(),
- lastUsedAt: integer("last_used_at", { mode: "timestamp_ms" }).notNull(),
- lastUsedByIp: text("last_used_by_ip"),
- lastUsedByUserAgent: text("last_used_by_user_agent"),
- },
- (t) => ({
- unq: unique().on(t.userId, t.clientId),
- }),
-);
+interface SessionTable {
+ id: string;
+ user_id: number;
+ client_id: number | null;
+ created_at: ColumnType;
+ last_used_at: Date;
+ last_used_by_ip: string | null;
+ last_used_by_agent: string | null;
+}
-export const sessionUpgradeChallenge = sqliteTable("session_upgrade_challenge", {
- id: integer("id").primaryKey(),
- sessionId: text("session_id")
- .notNull()
- .references(() => session.id)
- .unique(),
- clientId: integer("client_id")
- .notNull()
- .references(() => client.id),
- answer: text("answer").notNull().unique(), // Base64
- allowedIp: text("allowed_ip").notNull(),
- expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-});
+interface SessionUpgradeChallengeTable {
+ id: Generated;
+ session_id: string;
+ client_id: number;
+ answer: string; // Base64
+ allowed_ip: string;
+ expires_at: ColumnType;
+}
+
+declare module "./index" {
+ interface Database {
+ session: SessionTable;
+ session_upgrade_challenge: SessionUpgradeChallengeTable;
+ }
+}
diff --git a/src/lib/server/db/schema/user.ts b/src/lib/server/db/schema/user.ts
index c98fa01..a5f111f 100644
--- a/src/lib/server/db/schema/user.ts
+++ b/src/lib/server/db/schema/user.ts
@@ -1,8 +1,14 @@
-import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import type { Generated } from "kysely";
-export const user = sqliteTable("user", {
- id: integer("id").primaryKey({ autoIncrement: true }),
- email: text("email").notNull().unique(),
- password: text("password").notNull(),
- nickname: text("nickname").notNull(),
-});
+interface UserTable {
+ id: Generated;
+ email: string;
+ nickname: string;
+ password: string;
+}
+
+declare module "./index" {
+ interface Database {
+ user: UserTable;
+ }
+}
diff --git a/src/lib/server/db/schema/util.ts b/src/lib/server/db/schema/util.ts
new file mode 100644
index 0000000..74f92de
--- /dev/null
+++ b/src/lib/server/db/schema/util.ts
@@ -0,0 +1,4 @@
+export interface Ciphertext {
+ ciphertext: string; // Base64
+ iv: string; // Base64
+}
diff --git a/src/lib/server/db/session.ts b/src/lib/server/db/session.ts
index 819dd86..727f795 100644
--- a/src/lib/server/db/session.ts
+++ b/src/lib/server/db/session.ts
@@ -1,30 +1,31 @@
-import { SqliteError } from "better-sqlite3";
-import { and, eq, ne, gt, lte, isNull } from "drizzle-orm";
+import pg from "pg";
import env from "$lib/server/loadenv";
-import db from "./drizzle";
import { IntegrityError } from "./error";
-import { session, sessionUpgradeChallenge } from "./schema";
+import db from "./kysely";
export const createSession = async (
userId: number,
clientId: number | null,
sessionId: string,
ip: string | null,
- userAgent: string | null,
+ agent: string | null,
) => {
try {
const now = new Date();
- await db.insert(session).values({
- id: sessionId,
- userId,
- clientId,
- createdAt: now,
- lastUsedAt: now,
- lastUsedByIp: ip || null,
- lastUsedByUserAgent: userAgent || null,
- });
+ await db
+ .insertInto("session")
+ .values({
+ id: sessionId,
+ user_id: userId,
+ client_id: clientId,
+ created_at: now,
+ last_used_at: now,
+ last_used_by_ip: ip || null,
+ last_used_by_agent: agent || null,
+ })
+ .execute();
} catch (e) {
- if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_UNIQUE") {
+ if (e instanceof pg.DatabaseError && e.code === "23505") {
throw new IntegrityError("Session already exists");
}
throw e;
@@ -34,49 +35,55 @@ export const createSession = async (
export const refreshSession = async (
sessionId: string,
ip: string | null,
- userAgent: string | null,
+ agent: string | null,
) => {
const now = new Date();
- const sessions = await db
- .update(session)
+ const session = await db
+ .updateTable("session")
.set({
- lastUsedAt: now,
- lastUsedByIp: ip || undefined,
- lastUsedByUserAgent: userAgent || undefined,
+ last_used_at: now,
+ last_used_by_ip: ip !== "" ? ip : undefined, // Don't update if empty
+ last_used_by_agent: agent !== "" ? agent : undefined, // Don't update if empty
})
- .where(
- and(
- eq(session.id, sessionId),
- gt(session.lastUsedAt, new Date(now.getTime() - env.session.exp)),
- ),
- )
- .returning({ userId: session.userId, clientId: session.clientId });
- if (!sessions[0]) {
+ .where("id", "=", sessionId)
+ .where("last_used_at", ">", new Date(now.getTime() - env.session.exp))
+ .returning(["user_id", "client_id"])
+ .executeTakeFirst();
+ if (!session) {
throw new IntegrityError("Session not found");
}
- return sessions[0];
+ return { userId: session.user_id, clientId: session.client_id };
};
export const upgradeSession = async (sessionId: string, clientId: number) => {
const res = await db
- .update(session)
- .set({ clientId })
- .where(and(eq(session.id, sessionId), isNull(session.clientId)));
- if (res.changes === 0) {
+ .updateTable("session")
+ .set({ client_id: clientId })
+ .where("id", "=", sessionId)
+ .where("client_id", "is", null)
+ .executeTakeFirst();
+ if (res.numUpdatedRows === 0n) {
throw new IntegrityError("Session not found");
}
};
export const deleteSession = async (sessionId: string) => {
- await db.delete(session).where(eq(session.id, sessionId));
+ await db.deleteFrom("session").where("id", "=", sessionId).execute();
};
export const deleteAllOtherSessions = async (userId: number, sessionId: string) => {
- await db.delete(session).where(and(eq(session.userId, userId), ne(session.id, sessionId)));
+ await db
+ .deleteFrom("session")
+ .where("id", "!=", sessionId)
+ .where("user_id", "=", userId)
+ .execute();
};
export const cleanupExpiredSessions = async () => {
- await db.delete(session).where(lte(session.lastUsedAt, new Date(Date.now() - env.session.exp)));
+ await db
+ .deleteFrom("session")
+ .where("last_used_at", "<=", new Date(Date.now() - env.session.exp))
+ .execute();
};
export const registerSessionUpgradeChallenge = async (
@@ -87,15 +94,18 @@ export const registerSessionUpgradeChallenge = async (
expiresAt: Date,
) => {
try {
- await db.insert(sessionUpgradeChallenge).values({
- sessionId,
- clientId,
- answer,
- allowedIp,
- expiresAt,
- });
+ await db
+ .insertInto("session_upgrade_challenge")
+ .values({
+ session_id: sessionId,
+ client_id: clientId,
+ answer,
+ allowed_ip: allowedIp,
+ expires_at: expiresAt,
+ })
+ .execute();
} catch (e) {
- if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_UNIQUE") {
+ if (e instanceof pg.DatabaseError && e.code === "23505") {
throw new IntegrityError("Challenge already registered");
}
throw e;
@@ -107,22 +117,17 @@ export const consumeSessionUpgradeChallenge = async (
answer: string,
ip: string,
) => {
- const challenges = await db
- .delete(sessionUpgradeChallenge)
- .where(
- and(
- eq(sessionUpgradeChallenge.sessionId, sessionId),
- eq(sessionUpgradeChallenge.answer, answer),
- eq(sessionUpgradeChallenge.allowedIp, ip),
- gt(sessionUpgradeChallenge.expiresAt, new Date()),
- ),
- )
- .returning({ clientId: sessionUpgradeChallenge.clientId });
- return challenges[0] ?? null;
+ const challenge = await db
+ .deleteFrom("session_upgrade_challenge")
+ .where("session_id", "=", sessionId)
+ .where("answer", "=", answer)
+ .where("allowed_ip", "=", ip)
+ .where("expires_at", ">", new Date())
+ .returning("client_id")
+ .executeTakeFirst();
+ return challenge ? { clientId: challenge.client_id } : null;
};
export const cleanupExpiredSessionUpgradeChallenges = async () => {
- await db
- .delete(sessionUpgradeChallenge)
- .where(lte(sessionUpgradeChallenge.expiresAt, new Date()));
+ await db.deleteFrom("session_upgrade_challenge").where("expires_at", "<=", new Date()).execute();
};
diff --git a/src/lib/server/db/user.ts b/src/lib/server/db/user.ts
index d970438..3964a94 100644
--- a/src/lib/server/db/user.ts
+++ b/src/lib/server/db/user.ts
@@ -1,21 +1,36 @@
-import { eq } from "drizzle-orm";
-import db from "./drizzle";
-import { user } from "./schema";
+import db from "./kysely";
+
+interface User {
+ id: number;
+ email: string;
+ nickname: string;
+ password: string;
+}
export const getUser = async (userId: number) => {
- const users = await db.select().from(user).where(eq(user.id, userId)).limit(1);
- return users[0] ?? null;
+ const user = await db
+ .selectFrom("user")
+ .selectAll()
+ .where("id", "=", userId)
+ .limit(1)
+ .executeTakeFirst();
+ return user ? (user satisfies User) : null;
};
export const getUserByEmail = async (email: string) => {
- const users = await db.select().from(user).where(eq(user.email, email)).limit(1);
- return users[0] ?? null;
-};
-
-export const setUserPassword = async (userId: number, password: string) => {
- await db.update(user).set({ password }).where(eq(user.id, userId));
+ const user = await db
+ .selectFrom("user")
+ .selectAll()
+ .where("email", "=", email)
+ .limit(1)
+ .executeTakeFirst();
+ return user ? (user satisfies User) : null;
};
export const setUserNickname = async (userId: number, nickname: string) => {
- await db.update(user).set({ nickname }).where(eq(user.id, userId));
+ await db.updateTable("user").set({ nickname }).where("id", "=", userId).execute();
+};
+
+export const setUserPassword = async (userId: number, password: string) => {
+ await db.updateTable("user").set({ password }).where("id", "=", userId).execute();
};
diff --git a/src/lib/server/loadenv.ts b/src/lib/server/loadenv.ts
index 01e442a..d6f4675 100644
--- a/src/lib/server/loadenv.ts
+++ b/src/lib/server/loadenv.ts
@@ -3,11 +3,19 @@ import { building } from "$app/environment";
import { env } from "$env/dynamic/private";
if (!building) {
+ if (!env.DATABASE_PASSWORD) throw new Error("DATABASE_PASSWORD not set");
if (!env.SESSION_SECRET) throw new Error("SESSION_SECRET not set");
}
export default {
- databaseUrl: env.DATABASE_URL || "local.db",
+ nodeEnv: env.NODE_ENV || "development",
+ database: {
+ host: env.DATABASE_HOST,
+ port: env.DATABASE_PORT ? parseInt(env.DATABASE_PORT, 10) : undefined,
+ user: env.DATABASE_USER,
+ password: env.DATABASE_PASSWORD!,
+ name: env.DATABASE_NAME,
+ },
session: {
secret: env.SESSION_SECRET!,
exp: ms(env.SESSION_EXPIRES || "14d"),
diff --git a/src/lib/server/modules/mek.ts b/src/lib/server/modules/mek.ts
index d65ef0a..1605d75 100644
--- a/src/lib/server/modules/mek.ts
+++ b/src/lib/server/modules/mek.ts
@@ -21,5 +21,5 @@ export const verifyClientEncMekSig = async (
}
const data = JSON.stringify({ version, key: encMek });
- return verifySignature(Buffer.from(data), encMekSig, userClient.client.sigPubKey);
+ return verifySignature(Buffer.from(data), encMekSig, userClient.sigPubKey);
};
diff --git a/src/lib/server/schemas/auth.ts b/src/lib/server/schemas/auth.ts
index eae349f..e3d6264 100644
--- a/src/lib/server/schemas/auth.ts
+++ b/src/lib/server/schemas/auth.ts
@@ -7,7 +7,7 @@ export const passwordChangeRequest = z.object({
export type PasswordChangeRequest = z.infer;
export const loginRequest = z.object({
- email: z.string().email().nonempty(),
+ email: z.string().email(),
password: z.string().trim().nonempty(),
});
export type LoginRequest = z.infer;
diff --git a/src/lib/server/schemas/category.ts b/src/lib/server/schemas/category.ts
new file mode 100644
index 0000000..d02fa4f
--- /dev/null
+++ b/src/lib/server/schemas/category.ts
@@ -0,0 +1,55 @@
+import { z } from "zod";
+
+export const categoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+
+export const categoryInfoResponse = z.object({
+ metadata: z
+ .object({
+ parent: categoryIdSchema,
+ mekVersion: z.number().int().positive(),
+ dek: z.string().base64().nonempty(),
+ dekVersion: z.string().datetime(),
+ name: z.string().base64().nonempty(),
+ nameIv: z.string().base64().nonempty(),
+ })
+ .optional(),
+ subCategories: z.number().int().positive().array(),
+});
+export type CategoryInfoResponse = z.infer;
+
+export const categoryFileAddRequest = z.object({
+ file: z.number().int().positive(),
+});
+export type CategoryFileAddRequest = z.infer;
+
+export const categoryFileListResponse = z.object({
+ files: z.array(
+ z.object({
+ file: z.number().int().positive(),
+ isRecursive: z.boolean(),
+ }),
+ ),
+});
+export type CategoryFileListResponse = z.infer;
+
+export const categoryFileRemoveRequest = z.object({
+ file: z.number().int().positive(),
+});
+export type CategoryFileRemoveRequest = z.infer;
+
+export const categoryRenameRequest = z.object({
+ dekVersion: z.string().datetime(),
+ name: z.string().base64().nonempty(),
+ nameIv: z.string().base64().nonempty(),
+});
+export type CategoryRenameRequest = z.infer;
+
+export const categoryCreateRequest = z.object({
+ parent: categoryIdSchema,
+ mekVersion: z.number().int().positive(),
+ dek: z.string().base64().nonempty(),
+ dekVersion: z.string().datetime(),
+ name: z.string().base64().nonempty(),
+ nameIv: z.string().base64().nonempty(),
+});
+export type CategoryCreateRequest = z.infer;
diff --git a/src/lib/server/schemas/directory.ts b/src/lib/server/schemas/directory.ts
index 15a5886..016cfe8 100644
--- a/src/lib/server/schemas/directory.ts
+++ b/src/lib/server/schemas/directory.ts
@@ -1,9 +1,11 @@
import { z } from "zod";
+export const directoryIdSchema = z.union([z.literal("root"), z.number().int().positive()]);
+
export const directoryInfoResponse = z.object({
metadata: z
.object({
- parent: z.union([z.enum(["root"]), z.number().int().positive()]),
+ parent: directoryIdSchema,
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekVersion: z.string().datetime(),
@@ -29,7 +31,7 @@ export const directoryRenameRequest = z.object({
export type DirectoryRenameRequest = z.infer;
export const directoryCreateRequest = z.object({
- parent: z.union([z.enum(["root"]), z.number().int().positive()]),
+ parent: directoryIdSchema,
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekVersion: z.string().datetime(),
diff --git a/src/lib/server/schemas/file.ts b/src/lib/server/schemas/file.ts
index 781baf2..b6aa648 100644
--- a/src/lib/server/schemas/file.ts
+++ b/src/lib/server/schemas/file.ts
@@ -1,13 +1,15 @@
import mime from "mime";
import { z } from "zod";
+import { directoryIdSchema } from "./directory";
export const fileInfoResponse = z.object({
- parent: z.union([z.enum(["root"]), z.number().int().positive()]),
+ parent: directoryIdSchema,
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekVersion: z.string().datetime(),
contentType: z
.string()
+ .trim()
.nonempty()
.refine((value) => mime.getExtension(value) !== null), // MIME type
contentIv: z.string().base64().nonempty(),
@@ -17,6 +19,7 @@ export const fileInfoResponse = z.object({
createdAtIv: z.string().base64().nonempty().optional(),
lastModifiedAt: z.string().base64().nonempty(),
lastModifiedAtIv: z.string().base64().nonempty(),
+ categories: z.number().int().positive().array(),
});
export type FileInfoResponse = z.infer;
@@ -39,7 +42,7 @@ export const duplicateFileScanResponse = z.object({
export type DuplicateFileScanResponse = z.infer;
export const fileUploadRequest = z.object({
- parent: z.union([z.enum(["root"]), z.number().int().positive()]),
+ parent: directoryIdSchema,
mekVersion: z.number().int().positive(),
dek: z.string().base64().nonempty(),
dekVersion: z.string().datetime(),
@@ -47,6 +50,7 @@ export const fileUploadRequest = z.object({
contentHmac: z.string().base64().nonempty(),
contentType: z
.string()
+ .trim()
.nonempty()
.refine((value) => mime.getExtension(value) !== null), // MIME type
contentIv: z.string().base64().nonempty(),
@@ -58,3 +62,8 @@ export const fileUploadRequest = z.object({
lastModifiedAtIv: z.string().base64().nonempty(),
});
export type FileUploadRequest = z.infer;
+
+export const fileUploadResponse = z.object({
+ file: z.number().int().positive(),
+});
+export type FileUploadResponse = z.infer;
diff --git a/src/lib/server/schemas/index.ts b/src/lib/server/schemas/index.ts
index 6f8270b..1fed0d0 100644
--- a/src/lib/server/schemas/index.ts
+++ b/src/lib/server/schemas/index.ts
@@ -1,4 +1,5 @@
export * from "./auth";
+export * from "./category";
export * from "./client";
export * from "./directory";
export * from "./file";
diff --git a/src/lib/server/schemas/user.ts b/src/lib/server/schemas/user.ts
index b359467..e5cc8c1 100644
--- a/src/lib/server/schemas/user.ts
+++ b/src/lib/server/schemas/user.ts
@@ -1,12 +1,12 @@
import { z } from "zod";
export const userInfoResponse = z.object({
- email: z.string().email().nonempty(),
+ email: z.string().email(),
nickname: z.string().nonempty(),
});
export type UserInfoResponse = z.infer;
export const nicknameChangeRequest = z.object({
- newNickname: z.string().min(2).max(8),
+ newNickname: z.string().trim().min(2).max(8),
});
export type NicknameChangeRequest = z.infer;
diff --git a/src/lib/server/services/category.ts b/src/lib/server/services/category.ts
new file mode 100644
index 0000000..cb3db7a
--- /dev/null
+++ b/src/lib/server/services/category.ts
@@ -0,0 +1,133 @@
+import { error } from "@sveltejs/kit";
+import {
+ registerCategory,
+ getAllCategoriesByParent,
+ getCategory,
+ setCategoryEncName,
+ unregisterCategory,
+ type CategoryId,
+ type NewCategory,
+} from "$lib/server/db/category";
+import { IntegrityError } from "$lib/server/db/error";
+import {
+ getAllFilesByCategory,
+ getFile,
+ addFileToCategory,
+ removeFileFromCategory,
+} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
+
+export const getCategoryInformation = async (userId: number, categoryId: CategoryId) => {
+ const category = categoryId !== "root" ? await getCategory(userId, categoryId) : undefined;
+ if (category === null) {
+ error(404, "Invalid category id");
+ }
+
+ const categories = await getAllCategoriesByParent(userId, categoryId);
+ return {
+ metadata: category && {
+ parentId: category.parentId ?? ("root" as const),
+ mekVersion: category.mekVersion,
+ encDek: category.encDek,
+ dekVersion: category.dekVersion,
+ encName: category.encName,
+ },
+ categories: categories.map(({ id }) => id),
+ };
+};
+
+export const deleteCategory = async (userId: number, categoryId: number) => {
+ try {
+ await unregisterCategory(userId, categoryId);
+ } catch (e) {
+ if (e instanceof IntegrityError && e.message === "Category not found") {
+ error(404, "Invalid category id");
+ }
+ throw e;
+ }
+};
+
+export const addCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
+ const category = await getCategory(userId, categoryId);
+ const file = await getFile(userId, fileId);
+ if (!category) {
+ error(404, "Invalid category id");
+ } else if (!file) {
+ error(404, "Invalid file id");
+ }
+
+ try {
+ await addFileToCategory(fileId, categoryId);
+ } catch (e) {
+ if (e instanceof IntegrityError && e.message === "File already added to category") {
+ error(400, "File already added");
+ }
+ throw e;
+ }
+};
+
+export const getCategoryFiles = async (userId: number, categoryId: number, recurse: boolean) => {
+ const category = await getCategory(userId, categoryId);
+ if (!category) {
+ error(404, "Invalid category id");
+ }
+
+ const files = await getAllFilesByCategory(userId, categoryId, recurse);
+ return { files };
+};
+
+export const removeCategoryFile = async (userId: number, categoryId: number, fileId: number) => {
+ const category = await getCategory(userId, categoryId);
+ const file = await getFile(userId, fileId);
+ if (!category) {
+ error(404, "Invalid category id");
+ } else if (!file) {
+ error(404, "Invalid file id");
+ }
+
+ try {
+ await removeFileFromCategory(fileId, categoryId);
+ } catch (e) {
+ if (e instanceof IntegrityError && e.message === "File not found in category") {
+ error(400, "File not added");
+ }
+ throw e;
+ }
+};
+
+export const renameCategory = async (
+ userId: number,
+ categoryId: number,
+ dekVersion: Date,
+ newEncName: Ciphertext,
+) => {
+ try {
+ await setCategoryEncName(userId, categoryId, dekVersion, newEncName);
+ } catch (e) {
+ if (e instanceof IntegrityError) {
+ if (e.message === "Category not found") {
+ error(404, "Invalid category id");
+ } else if (e.message === "Invalid DEK version") {
+ error(400, "Invalid DEK version");
+ }
+ }
+ throw e;
+ }
+};
+
+export const createCategory = async (params: NewCategory) => {
+ const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
+ const oneMinuteLater = new Date(Date.now() + 60 * 1000);
+ if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
+ error(400, "Invalid DEK version");
+ }
+
+ try {
+ await registerCategory(params);
+ } catch (e) {
+ if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+ error(400, "Inactive MEK version");
+ }
+ throw e;
+ }
+};
diff --git a/src/lib/server/services/client.ts b/src/lib/server/services/client.ts
index b5b0209..ee1b5b3 100644
--- a/src/lib/server/services/client.ts
+++ b/src/lib/server/services/client.ts
@@ -63,7 +63,7 @@ export const registerUserClient = async (
}
try {
- const clientId = await createClient(encPubKey, sigPubKey, userId);
+ const { id: clientId } = await createClient(encPubKey, sigPubKey, userId);
return { challenge: await createUserClientChallenge(ip, userId, clientId, encPubKey) };
} catch (e) {
if (e instanceof IntegrityError && e.message === "Public key(s) already registered") {
diff --git a/src/lib/server/services/directory.ts b/src/lib/server/services/directory.ts
index 4dc14ce..2525069 100644
--- a/src/lib/server/services/directory.ts
+++ b/src/lib/server/services/directory.ts
@@ -8,10 +8,12 @@ import {
setDirectoryEncName,
unregisterDirectory,
getAllFilesByParent,
- type NewDirectoryParams,
+ type DirectoryId,
+ type NewDirectory,
} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
-export const getDirectoryInformation = async (userId: number, directoryId: "root" | number) => {
+export const getDirectoryInformation = async (userId: number, directoryId: DirectoryId) => {
const directory = directoryId !== "root" ? await getDirectory(userId, directoryId) : undefined;
if (directory === null) {
error(404, "Invalid directory id");
@@ -53,11 +55,10 @@ export const renameDirectory = async (
userId: number,
directoryId: number,
dekVersion: Date,
- newEncName: string,
- newEncNameIv: string,
+ newEncName: Ciphertext,
) => {
try {
- await setDirectoryEncName(userId, directoryId, dekVersion, newEncName, newEncNameIv);
+ await setDirectoryEncName(userId, directoryId, dekVersion, newEncName);
} catch (e) {
if (e instanceof IntegrityError) {
if (e.message === "Directory not found") {
@@ -70,7 +71,7 @@ export const renameDirectory = async (
}
};
-export const createDirectory = async (params: NewDirectoryParams) => {
+export const createDirectory = async (params: NewDirectory) => {
const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
const oneMinuteLater = new Date(Date.now() + 60 * 1000);
if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
diff --git a/src/lib/server/services/file.ts b/src/lib/server/services/file.ts
index 3589bed..d0b35ef 100644
--- a/src/lib/server/services/file.ts
+++ b/src/lib/server/services/file.ts
@@ -1,4 +1,5 @@
import { error } from "@sveltejs/kit";
+import { createHash } from "crypto";
import { createReadStream, createWriteStream } from "fs";
import { mkdir, stat, unlink } from "fs/promises";
import { dirname } from "path";
@@ -12,8 +13,10 @@ import {
getFile,
setFileEncName,
unregisterFile,
- type NewFileParams,
+ getAllFileCategories,
+ type NewFile,
} from "$lib/server/db/file";
+import type { Ciphertext } from "$lib/server/db/schema";
import env from "$lib/server/loadenv";
export const getFileInformation = async (userId: number, fileId: number) => {
@@ -22,6 +25,7 @@ export const getFileInformation = async (userId: number, fileId: number) => {
error(404, "Invalid file id");
}
+ const categories = await getAllFileCategories(fileId);
return {
parentId: file.parentId ?? ("root" as const),
mekVersion: file.mekVersion,
@@ -32,13 +36,14 @@ export const getFileInformation = async (userId: number, fileId: number) => {
encName: file.encName,
encCreatedAt: file.encCreatedAt,
encLastModifiedAt: file.encLastModifiedAt,
+ categories: categories.map(({ id }) => id),
};
};
export const deleteFile = async (userId: number, fileId: number) => {
try {
- const filePath = await unregisterFile(userId, fileId);
- unlink(filePath); // Intended
+ const { path } = await unregisterFile(userId, fileId);
+ unlink(path); // Intended
} catch (e) {
if (e instanceof IntegrityError && e.message === "File not found") {
error(404, "Invalid file id");
@@ -64,11 +69,10 @@ export const renameFile = async (
userId: number,
fileId: number,
dekVersion: Date,
- newEncName: string,
- newEncNameIv: string,
+ newEncName: Ciphertext,
) => {
try {
- await setFileEncName(userId, fileId, dekVersion, newEncName, newEncNameIv);
+ await setFileEncName(userId, fileId, dekVersion, newEncName);
} catch (e) {
if (e instanceof IntegrityError) {
if (e.message === "File not found") {
@@ -95,8 +99,9 @@ const safeUnlink = async (path: string) => {
};
export const uploadFile = async (
- params: Omit,
+ params: Omit,
encContentStream: Readable,
+ encContentHash: Promise,
) => {
const oneDayAgo = new Date(Date.now() - 24 * 60 * 60 * 1000);
const oneMinuteLater = new Date(Date.now() + 60 * 1000);
@@ -108,16 +113,40 @@ export const uploadFile = async (
await mkdir(dirname(path), { recursive: true });
try {
- await pipeline(encContentStream, createWriteStream(path, { flags: "wx", mode: 0o600 }));
- await registerFile({
+ const hashStream = createHash("sha256");
+ const [, hash] = await Promise.all([
+ pipeline(
+ encContentStream,
+ async function* (source) {
+ for await (const chunk of source) {
+ hashStream.update(chunk);
+ yield chunk;
+ }
+ },
+ createWriteStream(path, { flags: "wx", mode: 0o600 }),
+ ),
+ encContentHash,
+ ]);
+ if (hashStream.digest("base64") !== hash) {
+ throw new Error("Invalid checksum");
+ }
+
+ const { id: fileId } = await registerFile({
...params,
path,
+ encContentHash: hash,
});
+ return { fileId };
} catch (e) {
await safeUnlink(path);
if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
error(400, "Invalid MEK version");
+ } else if (
+ e instanceof Error &&
+ (e.message === "Invalid request body" || e.message === "Invalid checksum")
+ ) {
+ error(400, "Invalid request body");
}
throw e;
}
diff --git a/src/lib/server/services/mek.ts b/src/lib/server/services/mek.ts
index e0deeb0..097906a 100644
--- a/src/lib/server/services/mek.ts
+++ b/src/lib/server/services/mek.ts
@@ -7,11 +7,11 @@ import { verifyClientEncMekSig } from "$lib/server/modules/mek";
export const getClientMekList = async (userId: number, clientId: number) => {
const clientMeks = await getAllValidClientMeks(userId, clientId);
return {
- encMeks: clientMeks.map((clientMek) => ({
- version: clientMek.master_encryption_key.version,
- state: clientMek.master_encryption_key.state as "active" | "retired",
- encMek: clientMek.client_master_encryption_key.encMek,
- encMekSig: clientMek.client_master_encryption_key.encMekSig,
+ encMeks: clientMeks.map(({ version, state, encMek, encMekSig }) => ({
+ version,
+ state,
+ encMek,
+ encMekSig,
})),
};
};
diff --git a/src/lib/services/category.ts b/src/lib/services/category.ts
new file mode 100644
index 0000000..587df3f
--- /dev/null
+++ b/src/lib/services/category.ts
@@ -0,0 +1,31 @@
+import { callPostApi } from "$lib/hooks";
+import { generateDataKey, wrapDataKey, encryptString } from "$lib/modules/crypto";
+import type { CategoryCreateRequest, CategoryFileRemoveRequest } from "$lib/server/schemas";
+import type { MasterKey } from "$lib/stores";
+
+export const requestCategoryCreation = async (
+ name: string,
+ parentId: "root" | number,
+ masterKey: MasterKey,
+) => {
+ const { dataKey, dataKeyVersion } = await generateDataKey();
+ const nameEncrypted = await encryptString(name, dataKey);
+
+ const res = await callPostApi("/api/category/create", {
+ parent: parentId,
+ mekVersion: masterKey.version,
+ dek: await wrapDataKey(dataKey, masterKey.key),
+ dekVersion: dataKeyVersion.toISOString(),
+ name: nameEncrypted.ciphertext,
+ nameIv: nameEncrypted.iv,
+ });
+ return res.ok;
+};
+
+export const requestFileRemovalFromCategory = async (fileId: number, categoryId: number) => {
+ const res = await callPostApi(
+ `/api/category/${categoryId}/file/remove`,
+ { file: fileId },
+ );
+ return res.ok;
+};
diff --git a/src/routes/(fullscreen)/+layout.svelte b/src/routes/(fullscreen)/+layout.svelte
index 017f507..9426a87 100644
--- a/src/routes/(fullscreen)/+layout.svelte
+++ b/src/routes/(fullscreen)/+layout.svelte
@@ -1,11 +1,9 @@
-
-
- {@render children()}
-
+
+ {@render children()}
diff --git a/src/routes/(fullscreen)/auth/changePassword/+page.svelte b/src/routes/(fullscreen)/auth/changePassword/+page.svelte
index 2b4875f..25ded91 100644
--- a/src/routes/(fullscreen)/auth/changePassword/+page.svelte
+++ b/src/routes/(fullscreen)/auth/changePassword/+page.svelte
@@ -1,9 +1,7 @@
+
+{#if $category}
+
+
+
+ (category = getCategoryInfo(id, $masterKeyStore?.get(1)?.key!))}
+ onSubCategoryCreateClick={() => (isCategoryCreateModalOpen = true)}
+ subCategoryCreatePosition="top"
+ />
+ {#if $category.id !== "root"}
+
+
+
+ {/if}
+
+
+{/if}
+
+ {
+ if (await requestCategoryCreation(name, $category!.id, $masterKeyStore?.get(1)!)) {
+ category = getCategoryInfo($category!.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
+ }}
+/>
diff --git a/src/routes/(fullscreen)/file/[id]/service.ts b/src/routes/(fullscreen)/file/[id]/service.ts
index fcc5ce7..43f0134 100644
--- a/src/routes/(fullscreen)/file/[id]/service.ts
+++ b/src/routes/(fullscreen)/file/[id]/service.ts
@@ -1,4 +1,8 @@
+import { callPostApi } from "$lib/hooks";
import { getFileCache, storeFileCache, downloadFile } from "$lib/modules/file";
+import type { CategoryFileAddRequest } from "$lib/server/schemas";
+
+export { requestCategoryCreation, requestFileRemovalFromCategory } from "$lib/services/category";
export const requestFileDownload = async (
fileId: number,
@@ -12,3 +16,10 @@ export const requestFileDownload = async (
storeFileCache(fileId, fileBuffer); // Intended
return fileBuffer;
};
+
+export const requestFileAdditionToCategory = async (fileId: number, categoryId: number) => {
+ const res = await callPostApi(`/api/category/${categoryId}/file/add`, {
+ file: fileId,
+ });
+ return res.ok;
+};
diff --git a/src/routes/(fullscreen)/file/downloads/+page.svelte b/src/routes/(fullscreen)/file/downloads/+page.svelte
index a29b147..e1bad0e 100644
--- a/src/routes/(fullscreen)/file/downloads/+page.svelte
+++ b/src/routes/(fullscreen)/file/downloads/+page.svelte
@@ -1,10 +1,11 @@
-
-
-
+
+
+
암호 키 파일을 저장하셨나요?
암호 키 파일은 유출 방지를 위해 이 화면에서만 저장할 수 있어요. 파일이 잘 저장되었는지 다시
한 번 확인해 주세요.
-
-
-
-
-
+
+
+
-
+
diff --git a/src/routes/(fullscreen)/key/export/BeforeContinueModal.svelte b/src/routes/(fullscreen)/key/export/BeforeContinueModal.svelte
index 7b9d98d..2f00b32 100644
--- a/src/routes/(fullscreen)/key/export/BeforeContinueModal.svelte
+++ b/src/routes/(fullscreen)/key/export/BeforeContinueModal.svelte
@@ -1,31 +1,20 @@
-
-
-
-
내보내지 않고 계속할까요?
-
암호 키 파일은 유출 방지를 위해 이 화면에서만 저장할 수 있어요.
-
-
-
-
-
-
+
+ 암호 키 파일은 유출 방지를 위해 이 화면에서만 저장할 수 있어요.
+
diff --git a/src/routes/(fullscreen)/key/generate/+page.svelte b/src/routes/(fullscreen)/key/generate/+page.svelte
index 330a39e..03d6c6d 100644
--- a/src/routes/(fullscreen)/key/generate/+page.svelte
+++ b/src/routes/(fullscreen)/key/generate/+page.svelte
@@ -1,8 +1,8 @@
-
-
- {@render children()}
-
-
+
+ {@render children()}
+
diff --git a/src/routes/(main)/BottomBar.svelte b/src/routes/(main)/BottomBar.svelte
index db42bd2..60c2b24 100644
--- a/src/routes/(main)/BottomBar.svelte
+++ b/src/routes/(main)/BottomBar.svelte
@@ -1,7 +1,7 @@
-
-
- {#each pages as { path, label, icon: Icon }}
- {@const textColor = !page.url.pathname.startsWith(path) ? "text-gray-600" : ""}
-
- {/each}
-
diff --git a/src/routes/(main)/category/+page.svelte b/src/routes/(main)/category/+page.svelte
deleted file mode 100644
index 73d68b7..0000000
--- a/src/routes/(main)/category/+page.svelte
+++ /dev/null
@@ -1,3 +0,0 @@
-
diff --git a/src/routes/(main)/category/[[id]]/+page.svelte b/src/routes/(main)/category/[[id]]/+page.svelte
new file mode 100644
index 0000000..9bfa2a4
--- /dev/null
+++ b/src/routes/(main)/category/[[id]]/+page.svelte
@@ -0,0 +1,104 @@
+
+
+
+ 카테고리
+
+
+{#if data.id !== "root"}
+
+{/if}
+
+ {#if $info}
+ goto(`/file/${id}`)}
+ onFileRemoveClick={async ({ id }) => {
+ await requestFileRemovalFromCategory(id, data.id as number);
+ info = getCategoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ }}
+ onSubCategoryClick={({ id }) => goto(`/category/${id}`)}
+ onSubCategoryCreateClick={() => (isCategoryCreateModalOpen = true)}
+ onSubCategoryMenuClick={(subCategory) => {
+ context.selectedCategory = subCategory;
+ isCategoryMenuBottomSheetOpen = true;
+ }}
+ />
+ {/if}
+
+
+
{
+ if (await requestCategoryCreation(name, data.id, $masterKeyStore?.get(1)!)) {
+ info = getCategoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
+ }}
+/>
+
+ {
+ isCategoryMenuBottomSheetOpen = false;
+ isCategoryRenameModalOpen = true;
+ }}
+ onDeleteClick={() => {
+ isCategoryMenuBottomSheetOpen = false;
+ isCategoryDeleteModalOpen = true;
+ }}
+/>
+ {
+ if (await requestCategoryRename(context.selectedCategory!, newName)) {
+ info = getCategoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
+ }}
+/>
+ {
+ if (await requestCategoryDeletion(context.selectedCategory!)) {
+ info = getCategoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
+ }}
+/>
diff --git a/src/routes/(main)/category/[[id]]/+page.ts b/src/routes/(main)/category/[[id]]/+page.ts
new file mode 100644
index 0000000..cfa37f8
--- /dev/null
+++ b/src/routes/(main)/category/[[id]]/+page.ts
@@ -0,0 +1,17 @@
+import { error } from "@sveltejs/kit";
+import { z } from "zod";
+import type { PageLoad } from "./$types";
+
+export const load: PageLoad = async ({ params }) => {
+ const zodRes = z
+ .object({
+ id: z.coerce.number().int().positive().optional(),
+ })
+ .safeParse(params);
+ if (!zodRes.success) error(404, "Not found");
+ const { id } = zodRes.data;
+
+ return {
+ id: id ? id : ("root" as const),
+ };
+};
diff --git a/src/routes/(main)/category/[[id]]/CategoryDeleteModal.svelte b/src/routes/(main)/category/[[id]]/CategoryDeleteModal.svelte
new file mode 100644
index 0000000..5e792d1
--- /dev/null
+++ b/src/routes/(main)/category/[[id]]/CategoryDeleteModal.svelte
@@ -0,0 +1,29 @@
+
+
+{#if context.selectedCategory}
+ {@const { name } = context.selectedCategory}
+
+
+ 모든 하위 카테고리도 함께 삭제돼요.
+ 하지만 카테고리에 추가된 파일들은 삭제되지 않아요.
+
+
+{/if}
diff --git a/src/routes/(main)/category/[[id]]/CategoryMenuBottomSheet.svelte b/src/routes/(main)/category/[[id]]/CategoryMenuBottomSheet.svelte
new file mode 100644
index 0000000..73f91ce
--- /dev/null
+++ b/src/routes/(main)/category/[[id]]/CategoryMenuBottomSheet.svelte
@@ -0,0 +1,31 @@
+
+
+{#if context.selectedCategory}
+ {@const { name } = context.selectedCategory}
+
+
+
+
+ 이름 바꾸기
+
+
+ 삭제하기
+
+
+{/if}
diff --git a/src/routes/(main)/category/[[id]]/CategoryRenameModal.svelte b/src/routes/(main)/category/[[id]]/CategoryRenameModal.svelte
new file mode 100644
index 0000000..a3ce045
--- /dev/null
+++ b/src/routes/(main)/category/[[id]]/CategoryRenameModal.svelte
@@ -0,0 +1,17 @@
+
+
+{#if context.selectedCategory}
+ {@const { name } = context.selectedCategory}
+
+{/if}
diff --git a/src/routes/(main)/category/[[id]]/service.svelte.ts b/src/routes/(main)/category/[[id]]/service.svelte.ts
new file mode 100644
index 0000000..b573041
--- /dev/null
+++ b/src/routes/(main)/category/[[id]]/service.svelte.ts
@@ -0,0 +1,34 @@
+import { getContext, setContext } from "svelte";
+import { callPostApi } from "$lib/hooks";
+import { encryptString } from "$lib/modules/crypto";
+import type { SelectedCategory } from "$lib/components/molecules";
+import type { CategoryRenameRequest } from "$lib/server/schemas";
+
+export { requestCategoryCreation, requestFileRemovalFromCategory } from "$lib/services/category";
+
+export const createContext = () => {
+ const context = $state({
+ selectedCategory: undefined as SelectedCategory | undefined,
+ });
+ return setContext("context", context);
+};
+
+export const useContext = () => {
+ return getContext>("context");
+};
+
+export const requestCategoryRename = async (category: SelectedCategory, newName: string) => {
+ const newNameEncrypted = await encryptString(newName, category.dataKey);
+
+ const res = await callPostApi(`/api/category/${category.id}/rename`, {
+ dekVersion: category.dataKeyVersion.toISOString(),
+ name: newNameEncrypted.ciphertext,
+ nameIv: newNameEncrypted.iv,
+ });
+ return res.ok;
+};
+
+export const requestCategoryDeletion = async (category: SelectedCategory) => {
+ const res = await callPostApi(`/api/category/${category.id}/delete`);
+ return res.ok;
+};
diff --git a/src/routes/(main)/directory/[[id]]/+page.svelte b/src/routes/(main)/directory/[[id]]/+page.svelte
index f8bd0c9..98572b3 100644
--- a/src/routes/(main)/directory/[[id]]/+page.svelte
+++ b/src/routes/(main)/directory/[[id]]/+page.svelte
@@ -2,51 +2,45 @@
import { onMount } from "svelte";
import type { Writable } from "svelte/store";
import { goto } from "$app/navigation";
- import { TopBar } from "$lib/components";
- import { FloatingButton } from "$lib/components/buttons";
+ import { FloatingButton } from "$lib/components/atoms";
+ import { TopBar } from "$lib/components/molecules";
import { getDirectoryInfo, type DirectoryInfo } from "$lib/modules/filesystem";
import { masterKeyStore, hmacSecretStore } from "$lib/stores";
- import CreateBottomSheet from "./CreateBottomSheet.svelte";
- import CreateDirectoryModal from "./CreateDirectoryModal.svelte";
- import DeleteDirectoryEntryModal from "./DeleteDirectoryEntryModal.svelte";
+ import DirectoryCreateModal from "./DirectoryCreateModal.svelte";
import DirectoryEntries from "./DirectoryEntries";
- import DirectoryEntryMenuBottomSheet from "./DirectoryEntryMenuBottomSheet.svelte";
import DownloadStatusCard from "./DownloadStatusCard.svelte";
import DuplicateFileModal from "./DuplicateFileModal.svelte";
- import RenameDirectoryEntryModal from "./RenameDirectoryEntryModal.svelte";
+ import EntryCreateBottomSheet from "./EntryCreateBottomSheet.svelte";
+ import EntryDeleteModal from "./EntryDeleteModal.svelte";
+ import EntryMenuBottomSheet from "./EntryMenuBottomSheet.svelte";
+ import EntryRenameModal from "./EntryRenameModal.svelte";
import UploadStatusCard from "./UploadStatusCard.svelte";
import {
+ createContext,
requestHmacSecretDownload,
requestDirectoryCreation,
requestFileUpload,
- requestDirectoryEntryRename,
- requestDirectoryEntryDeletion,
- type SelectedDirectoryEntry,
- } from "./service";
+ requestEntryRename,
+ requestEntryDeletion,
+ } from "./service.svelte";
import IconAdd from "~icons/material-symbols/add";
let { data } = $props();
+ let context = createContext();
let info: Writable | undefined = $state();
let fileInput: HTMLInputElement | undefined = $state();
- let resolveForDuplicateFileModal: ((res: boolean) => void) | undefined = $state();
let duplicatedFile: File | undefined = $state();
- let selectedEntry: SelectedDirectoryEntry | undefined = $state();
+ let resolveForDuplicateFileModal: ((res: boolean) => void) | undefined = $state();
- let isCreateBottomSheetOpen = $state(false);
- let isCreateDirectoryModalOpen = $state(false);
+ let isEntryCreateBottomSheetOpen = $state(false);
+ let isDirectoryCreateModalOpen = $state(false);
let isDuplicateFileModalOpen = $state(false);
- let isDirectoryEntryMenuBottomSheetOpen = $state(false);
- let isRenameDirectoryEntryModalOpen = $state(false);
- let isDeleteDirectoryEntryModalOpen = $state(false);
-
- const createDirectory = async (name: string) => {
- await requestDirectoryCreation(name, data.id, $masterKeyStore?.get(1)!);
- isCreateDirectoryModalOpen = false;
- info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
- };
+ let isEntryMenuBottomSheetOpen = $state(false);
+ let isEntryRenameModalOpen = $state(false);
+ let isEntryDeleteModalOpen = $state(false);
const uploadFile = () => {
const files = fileInput?.files;
@@ -55,22 +49,19 @@
for (const file of files) {
requestFileUpload(file, data.id, $hmacSecretStore?.get(1)!, $masterKeyStore?.get(1)!, () => {
return new Promise((resolve) => {
- resolveForDuplicateFileModal = resolve;
duplicatedFile = file;
+ resolveForDuplicateFileModal = resolve;
isDuplicateFileModalOpen = true;
});
})
.then((res) => {
if (!res) return;
-
// TODO: FIXME
info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!);
- window.alert(`'${file.name}' 파일이 업로드되었어요.`);
})
.catch((e: Error) => {
// TODO: FIXME
console.error(e);
- window.alert(`'${file.name}' 파일 업로드에 실패했어요.\n${e.message}`);
});
}
@@ -94,13 +85,12 @@
-
+
{#if data.id !== "root"}
-
+
{/if}
{#if $info}
- {@const topMargin = data.id === "root" ? "mt-4" : ""}
-
+
goto("/file/uploads")} />
goto("/file/downloads")} />
@@ -110,8 +100,8 @@
info={$info}
onEntryClick={({ type, id }) => goto(`/${type}/${id}`)}
onEntryMenuClick={(entry) => {
- selectedEntry = entry;
- isDirectoryEntryMenuBottomSheetOpen = true;
+ context.selectedEntry = entry;
+ isEntryMenuBottomSheetOpen = true;
}}
/>
{/key}
@@ -122,65 +112,72 @@
{
- isCreateBottomSheetOpen = true;
+ isEntryCreateBottomSheetOpen = true;
}}
+ class="bottom-24 right-4"
/>
- {
- isCreateBottomSheetOpen = false;
- isCreateDirectoryModalOpen = true;
+ isEntryCreateBottomSheetOpen = false;
+ isDirectoryCreateModalOpen = true;
}}
onFileUploadClick={() => {
- isCreateBottomSheetOpen = false;
+ isEntryCreateBottomSheetOpen = false;
fileInput?.click();
}}
/>
-
+ {
+ if (await requestDirectoryCreation(name, data.id, $masterKeyStore?.get(1)!)) {
+ info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
+ }}
+/>
{
+ onbeforeclose={() => {
resolveForDuplicateFileModal?.(false);
- resolveForDuplicateFileModal = undefined;
- duplicatedFile = undefined;
isDuplicateFileModalOpen = false;
}}
- onDuplicateClick={() => {
+ onUploadClick={() => {
resolveForDuplicateFileModal?.(true);
- resolveForDuplicateFileModal = undefined;
- duplicatedFile = undefined;
isDuplicateFileModalOpen = false;
}}
/>
- {
- isDirectoryEntryMenuBottomSheetOpen = false;
- isRenameDirectoryEntryModalOpen = true;
+ isEntryMenuBottomSheetOpen = false;
+ isEntryRenameModalOpen = true;
}}
onDeleteClick={() => {
- isDirectoryEntryMenuBottomSheetOpen = false;
- isDeleteDirectoryEntryModalOpen = true;
+ isEntryMenuBottomSheetOpen = false;
+ isEntryDeleteModalOpen = true;
}}
/>
- {
- await requestDirectoryEntryRename(selectedEntry!, newName);
- info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
- return true;
+ {
+ if (await requestEntryRename(context.selectedEntry!, newName)) {
+ info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
}}
/>
- {
- await requestDirectoryEntryDeletion(selectedEntry!);
- info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
- return true;
+ if (await requestEntryDeletion(context.selectedEntry!)) {
+ info = getDirectoryInfo(data.id, $masterKeyStore?.get(1)?.key!); // TODO: FIXME
+ return true;
+ }
+ return false;
}}
/>
diff --git a/src/routes/(main)/directory/[[id]]/CreateBottomSheet.svelte b/src/routes/(main)/directory/[[id]]/CreateBottomSheet.svelte
deleted file mode 100644
index c306c8f..0000000
--- a/src/routes/(main)/directory/[[id]]/CreateBottomSheet.svelte
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-
-
-
diff --git a/src/routes/(main)/directory/[[id]]/CreateDirectoryModal.svelte b/src/routes/(main)/directory/[[id]]/CreateDirectoryModal.svelte
deleted file mode 100644
index 52265fe..0000000
--- a/src/routes/(main)/directory/[[id]]/CreateDirectoryModal.svelte
+++ /dev/null
@@ -1,30 +0,0 @@
-
-
-
- 새 폴더
-
-
-
-
-
-
-
-
diff --git a/src/routes/(main)/directory/[[id]]/DeleteDirectoryEntryModal.svelte b/src/routes/(main)/directory/[[id]]/DeleteDirectoryEntryModal.svelte
deleted file mode 100644
index 07fb6dd..0000000
--- a/src/routes/(main)/directory/[[id]]/DeleteDirectoryEntryModal.svelte
+++ /dev/null
@@ -1,63 +0,0 @@
-
-
-
- {#if selectedEntry}
- {@const { type, name } = selectedEntry}
- {@const nameShort = name.length > 20 ? `${name.slice(0, 20)}...` : name}
-
-
-
- {#if type === "directory"}
- '{nameShort}' 폴더를 삭제할까요?
- {:else}
- '{nameShort}' 파일을 삭제할까요?
- {/if}
-
-
- {#if type === "directory"}
- 삭제한 폴더는 복구할 수 없어요.
- 폴더 안의 모든 파일과 폴더도 함께 삭제돼요.
- {:else}
- 삭제한 파일은 복구할 수 없어요.
- {/if}
-
-
-
-
-
-
-
- {#if selectedEntry}
- {@const { type, name } = selectedEntry}
-
-
- {#if type === "directory"}
-
- {:else}
-
- {/if}
-
-
- {name}
-
-
-
- {/if}
-
-
-
-
-
-
-
-
-
'{nameShort}' 파일이 있어요.
-
예전에 이미 업로드된 파일이에요. 그래도 업로드할까요?
-
-
-
-
-
-
예전에 이미 업로드된 파일이에요. 그래도 업로드할까요?
+
+{/if}
diff --git a/src/routes/(main)/directory/[[id]]/EntryCreateBottomSheet.svelte b/src/routes/(main)/directory/[[id]]/EntryCreateBottomSheet.svelte
new file mode 100644
index 0000000..4eda017
--- /dev/null
+++ b/src/routes/(main)/directory/[[id]]/EntryCreateBottomSheet.svelte
@@ -0,0 +1,34 @@
+
+
+
+
+ 폴더 만들기
+
+
+ 파일 업로드
+
+
diff --git a/src/routes/(main)/directory/[[id]]/EntryDeleteModal.svelte b/src/routes/(main)/directory/[[id]]/EntryDeleteModal.svelte
new file mode 100644
index 0000000..ad9ca2c
--- /dev/null
+++ b/src/routes/(main)/directory/[[id]]/EntryDeleteModal.svelte
@@ -0,0 +1,33 @@
+
+
+{#if context.selectedEntry}
+ {@const { name, type } = context.selectedEntry}
+
+
+ {#if type === "directory"}
+ 삭제한 폴더는 복구할 수 없어요.
+ 폴더 안의 모든 파일과 폴더도 함께 삭제돼요.
+ {:else}
+ 삭제한 파일은 복구할 수 없어요.
+ {/if}
+
+
+{/if}
diff --git a/src/routes/(main)/directory/[[id]]/EntryMenuBottomSheet.svelte b/src/routes/(main)/directory/[[id]]/EntryMenuBottomSheet.svelte
new file mode 100644
index 0000000..95e675a
--- /dev/null
+++ b/src/routes/(main)/directory/[[id]]/EntryMenuBottomSheet.svelte
@@ -0,0 +1,31 @@
+
+
+{#if context.selectedEntry}
+ {@const { name, type } = context.selectedEntry}
+
+
+
+
+ 이름 바꾸기
+
+
+ 삭제하기
+
+
+{/if}
diff --git a/src/routes/(main)/directory/[[id]]/EntryRenameModal.svelte b/src/routes/(main)/directory/[[id]]/EntryRenameModal.svelte
new file mode 100644
index 0000000..225884d
--- /dev/null
+++ b/src/routes/(main)/directory/[[id]]/EntryRenameModal.svelte
@@ -0,0 +1,17 @@
+
+
+{#if context.selectedEntry}
+ {@const { name } = context.selectedEntry}
+
+{/if}
diff --git a/src/routes/(main)/directory/[[id]]/RenameDirectoryEntryModal.svelte b/src/routes/(main)/directory/[[id]]/RenameDirectoryEntryModal.svelte
deleted file mode 100644
index 015d157..0000000
--- a/src/routes/(main)/directory/[[id]]/RenameDirectoryEntryModal.svelte
+++ /dev/null
@@ -1,47 +0,0 @@
-
-
-
- 이름 바꾸기
-
-
-
-
-
-
-
-
diff --git a/src/routes/(main)/directory/[[id]]/service.ts b/src/routes/(main)/directory/[[id]]/service.svelte.ts
similarity index 71%
rename from src/routes/(main)/directory/[[id]]/service.ts
rename to src/routes/(main)/directory/[[id]]/service.svelte.ts
index c9a62b2..3c5f689 100644
--- a/src/routes/(main)/directory/[[id]]/service.ts
+++ b/src/routes/(main)/directory/[[id]]/service.svelte.ts
@@ -1,7 +1,8 @@
+import { getContext, setContext } from "svelte";
import { callGetApi, callPostApi } from "$lib/hooks";
import { storeHmacSecrets } from "$lib/indexedDB";
import { generateDataKey, wrapDataKey, unwrapHmacSecret, encryptString } from "$lib/modules/crypto";
-import { deleteFileCache, uploadFile } from "$lib/modules/file";
+import { storeFileCache, deleteFileCache, uploadFile } from "$lib/modules/file";
import type {
DirectoryRenameRequest,
DirectoryCreateRequest,
@@ -11,7 +12,7 @@ import type {
} from "$lib/server/schemas";
import { hmacSecretStore, type MasterKey, type HmacSecret } from "$lib/stores";
-export interface SelectedDirectoryEntry {
+export interface SelectedEntry {
type: "directory" | "file";
id: number;
dataKey: CryptoKey;
@@ -19,6 +20,17 @@ export interface SelectedDirectoryEntry {
name: string;
}
+export const createContext = () => {
+ const context = $state({
+ selectedEntry: undefined as SelectedEntry | undefined,
+ });
+ return setContext("context", context);
+};
+
+export const useContext = () => {
+ return getContext>("context");
+};
+
export const requestHmacSecretDownload = async (masterKey: CryptoKey) => {
// TODO: MEK rotation
@@ -46,7 +58,8 @@ export const requestDirectoryCreation = async (
) => {
const { dataKey, dataKeyVersion } = await generateDataKey();
const nameEncrypted = await encryptString(name, dataKey);
- await callPostApi("/api/directory/create", {
+
+ const res = await callPostApi("/api/directory/create", {
parent: parentId,
mekVersion: masterKey.version,
dek: await wrapDataKey(dataKey, masterKey.key),
@@ -54,6 +67,7 @@ export const requestDirectoryCreation = async (
name: nameEncrypted.ciphertext,
nameIv: nameEncrypted.iv,
});
+ return res.ok;
};
export const requestFileUpload = async (
@@ -63,31 +77,34 @@ export const requestFileUpload = async (
masterKey: MasterKey,
onDuplicate: () => Promise,
) => {
- return await uploadFile(file, parentId, hmacSecret, masterKey, onDuplicate);
+ const res = await uploadFile(file, parentId, hmacSecret, masterKey, onDuplicate);
+ if (!res) return false;
+
+ storeFileCache(res.fileId, res.fileBuffer); // Intended
+ return true;
};
-export const requestDirectoryEntryRename = async (
- entry: SelectedDirectoryEntry,
- newName: string,
-) => {
+export const requestEntryRename = async (entry: SelectedEntry, newName: string) => {
const newNameEncrypted = await encryptString(newName, entry.dataKey);
+ let res;
if (entry.type === "directory") {
- await callPostApi(`/api/directory/${entry.id}/rename`, {
+ res = await callPostApi(`/api/directory/${entry.id}/rename`, {
dekVersion: entry.dataKeyVersion.toISOString(),
name: newNameEncrypted.ciphertext,
nameIv: newNameEncrypted.iv,
});
} else {
- await callPostApi(`/api/file/${entry.id}/rename`, {
+ res = await callPostApi(`/api/file/${entry.id}/rename`, {
dekVersion: entry.dataKeyVersion.toISOString(),
name: newNameEncrypted.ciphertext,
nameIv: newNameEncrypted.iv,
});
}
+ return res.ok;
};
-export const requestDirectoryEntryDeletion = async (entry: SelectedDirectoryEntry) => {
+export const requestEntryDeletion = async (entry: SelectedEntry) => {
const res = await callPostApi(`/api/${entry.type}/${entry.id}/delete`);
if (!res.ok) return false;
diff --git a/src/routes/(main)/menu/MenuEntryButton.svelte b/src/routes/(main)/menu/MenuEntryButton.svelte
index eb236c9..84341e6 100644
--- a/src/routes/(main)/menu/MenuEntryButton.svelte
+++ b/src/routes/(main)/menu/MenuEntryButton.svelte
@@ -1,25 +1,23 @@
-
-
-
-
-
-
- {@render children?.()}
-
-