Merge branch 'dev' into add-file-category

2025-12-16 15:08:46 +00:00 · 2025-01-19 10:51:11 +09:00
parent e1262506c4 0002b4e5f2
commit 3da3be3b73
60 changed files with 1912 additions and 1814 deletions
--- a/src/lib/server/db/file.ts
+++ b/src/lib/server/db/file.ts
@@ -27,6 +27,7 @@ export interface NewFileParams {
  contentHmac: string | null;
  contentType: string;
  encContentIv: string;
+  encContentHash: string;
  encName: string;
  encNameIv: string;
  encCreatedAt: string | null;
@@ -130,14 +131,15 @@ export const unregisterDirectory = async (userId: number, directoryId: number) =
  return await db.transaction(
    async (tx) => {
      const unregisterFiles = async (parentId: number) => {
-        const files = await tx
+        return await tx
          .delete(file)
          .where(and(eq(file.userId, userId), eq(file.parentId, parentId)))
-          .returning({ path: file.path });
-        return files.map(({ path }) => path);
+          .returning({ id: file.id, path: file.path });
      };
-      const unregisterDirectoryRecursively = async (directoryId: number): Promise<string[]> => {
-        const filePaths = await unregisterFiles(directoryId);
+      const unregisterDirectoryRecursively = async (
+        directoryId: number,
+      ): Promise<{ id: number; path: string }[]> => {
+        const files = await unregisterFiles(directoryId);
        const subDirectories = await tx
          .select({ id: directory.id })
          .from(directory)
@@ -150,7 +152,7 @@ export const unregisterDirectory = async (userId: number, directoryId: number) =
        if (deleteRes.changes === 0) {
          throw new IntegrityError("Directory not found");
        }
-        return filePaths.concat(...subDirectoryFilePaths);
+        return files.concat(...subDirectoryFilePaths);
      };
      return await unregisterDirectoryRecursively(directoryId);
    },
@@ -198,11 +200,12 @@ export const registerFile = async (params: NewFileParams) => {
          userId: params.userId,
          mekVersion: params.mekVersion,
          hskVersion: params.hskVersion,
-          contentHmac: params.contentHmac,
-          contentType: params.contentType,
          encDek: params.encDek,
          dekVersion: params.dekVersion,
+          contentHmac: params.contentHmac,
+          contentType: params.contentType,
          encContentIv: params.encContentIv,
+          encContentHash: params.encContentHash,
          encName: { ciphertext: params.encName, iv: params.encNameIv },
          encCreatedAt:
            params.encCreatedAt && params.encCreatedAtIv
--- a/src/lib/server/db/schema/file.ts
+++ b/src/lib/server/db/schema/file.ts
@@ -61,6 +61,7 @@ export const file = sqliteTable(
    contentHmac: text("content_hmac"), // Base64
    contentType: text("content_type").notNull(),
    encContentIv: text("encrypted_content_iv").notNull(), // Base64
+    encContentHash: text("encrypted_content_hash").notNull(), // Base64
    encName: ciphertext("encrypted_name").notNull(),
    encCreatedAt: ciphertext("encrypted_created_at"),
    encLastModifiedAt: ciphertext("encrypted_last_modified_at").notNull(),
--- a/src/lib/server/db/schema/hsk.ts
+++ b/src/lib/server/db/schema/hsk.ts
@@ -1,4 +1,5 @@
 import { sqliteTable, text, integer, primaryKey, foreignKey } from "drizzle-orm/sqlite-core";
+import { client } from "./client";
 import { mek } from "./mek";
 import { user } from "./user";

@@ -32,7 +33,7 @@ export const hskLog = sqliteTable(
    hskVersion: integer("hmac_secret_key_version").notNull(),
    timestamp: integer("timestamp", { mode: "timestamp_ms" }).notNull(),
    action: text("action", { enum: ["create"] }).notNull(),
-    actionBy: integer("action_by").references(() => user.id),
+    actionBy: integer("action_by").references(() => client.id),
  },
  (t) => ({
    ref: foreignKey({
--- a/src/lib/server/schemas/directory.ts
+++ b/src/lib/server/schemas/directory.ts
@@ -3,6 +3,7 @@ import { z } from "zod";
 export const directoryInfoResponse = z.object({
  metadata: z
    .object({
+      parent: z.union([z.enum(["root"]), z.number().int().positive()]),
      mekVersion: z.number().int().positive(),
      dek: z.string().base64().nonempty(),
      dekVersion: z.string().datetime(),
@@ -15,6 +16,11 @@ export const directoryInfoResponse = z.object({
 });
 export type DirectoryInfoResponse = z.infer<typeof directoryInfoResponse>;

+export const directoryDeleteResponse = z.object({
+  deletedFiles: z.number().int().positive().array(),
+});
+export type DirectoryDeleteResponse = z.infer<typeof directoryDeleteResponse>;
+
 export const directoryRenameRequest = z.object({
  dekVersion: z.string().datetime(),
  name: z.string().base64().nonempty(),
@@ -23,7 +29,7 @@ export const directoryRenameRequest = z.object({
 export type DirectoryRenameRequest = z.infer<typeof directoryRenameRequest>;

 export const directoryCreateRequest = z.object({
-  parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
+  parent: z.union([z.enum(["root"]), z.number().int().positive()]),
  mekVersion: z.number().int().positive(),
  dek: z.string().base64().nonempty(),
  dekVersion: z.string().datetime(),
--- a/src/lib/server/schemas/file.ts
+++ b/src/lib/server/schemas/file.ts
@@ -2,6 +2,7 @@ import mime from "mime";
 import { z } from "zod";

 export const fileInfoResponse = z.object({
+  parent: z.union([z.enum(["root"]), z.number().int().positive()]),
  mekVersion: z.number().int().positive(),
  dek: z.string().base64().nonempty(),
  dekVersion: z.string().datetime(),
@@ -38,7 +39,7 @@ export const duplicateFileScanResponse = z.object({
 export type DuplicateFileScanResponse = z.infer<typeof duplicateFileScanResponse>;

 export const fileUploadRequest = z.object({
-  parentId: z.union([z.enum(["root"]), z.number().int().positive()]),
+  parent: z.union([z.enum(["root"]), z.number().int().positive()]),
  mekVersion: z.number().int().positive(),
  dek: z.string().base64().nonempty(),
  dekVersion: z.string().datetime(),
--- a/src/lib/server/services/directory.ts
+++ b/src/lib/server/services/directory.ts
@@ -19,9 +19,9 @@ export const getDirectoryInformation = async (userId: number, directoryId: "root

  const directories = await getAllDirectoriesByParent(userId, directoryId);
  const files = await getAllFilesByParent(userId, directoryId);
-
  return {
    metadata: directory && {
+      parentId: directory.parentId ?? ("root" as const),
      mekVersion: directory.mekVersion,
      encDek: directory.encDek,
      dekVersion: directory.dekVersion,
@@ -34,8 +34,13 @@ export const getDirectoryInformation = async (userId: number, directoryId: "root

 export const deleteDirectory = async (userId: number, directoryId: number) => {
  try {
-    const filePaths = await unregisterDirectory(userId, directoryId);
-    filePaths.map((path) => unlink(path)); // Intended
+    const files = await unregisterDirectory(userId, directoryId);
+    return {
+      files: files.map(({ id, path }) => {
+        unlink(path); // Intended
+        return id;
+      }),
+    };
  } catch (e) {
    if (e instanceof IntegrityError && e.message === "Directory not found") {
      error(404, "Invalid directory id");
--- a/src/lib/server/services/file.ts
+++ b/src/lib/server/services/file.ts
@@ -1,8 +1,10 @@
 import { error } from "@sveltejs/kit";
+import { createHash } from "crypto";
 import { createReadStream, createWriteStream } from "fs";
 import { mkdir, stat, unlink } from "fs/promises";
 import { dirname } from "path";
-import { Readable, Writable } from "stream";
+import { Readable } from "stream";
+import { pipeline } from "stream/promises";
 import { v4 as uuidv4 } from "uuid";
 import { IntegrityError } from "$lib/server/db/error";
 import {
@@ -22,6 +24,7 @@ export const getFileInformation = async (userId: number, fileId: number) => {
  }

  return {
+    parentId: file.parentId ?? ("root" as const),
    mekVersion: file.mekVersion,
    encDek: file.encDek,
    dekVersion: file.dekVersion,
@@ -93,12 +96,13 @@ const safeUnlink = async (path: string) => {
 };

 export const uploadFile = async (
-  params: Omit<NewFileParams, "path">,
-  encContentStream: ReadableStream<Uint8Array>,
+  params: Omit<NewFileParams, "path" | "encContentHash">,
+  encContentStream: Readable,
+  encContentHash: Promise<string>,
 ) => {
-  const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
+  const oneDayAgo = new Date(Date.now() - 24 * 60 * 60 * 1000);
  const oneMinuteLater = new Date(Date.now() + 60 * 1000);
-  if (params.dekVersion <= oneMinuteAgo || params.dekVersion >= oneMinuteLater) {
+  if (params.dekVersion <= oneDayAgo || params.dekVersion >= oneMinuteLater) {
    error(400, "Invalid DEK version");
  }

@@ -106,20 +110,39 @@ export const uploadFile = async (
  await mkdir(dirname(path), { recursive: true });

  try {
-    await encContentStream.pipeTo(
-      Writable.toWeb(createWriteStream(path, { flags: "wx", mode: 0o600 })),
-    );
+    const hashStream = createHash("sha256");
+    const [_, hash] = await Promise.all([
+      pipeline(
+        encContentStream,
+        async function* (source) {
+          for await (const chunk of source) {
+            hashStream.update(chunk);
+            yield chunk;
+          }
+        },
+        createWriteStream(path, { flags: "wx", mode: 0o600 }),
+      ),
+      encContentHash,
+    ]);
+    if (hashStream.digest("base64") != hash) {
+      throw new Error("Invalid checksum");
+    }
+
    await registerFile({
      ...params,
      path,
+      encContentHash: hash,
    });
  } catch (e) {
    await safeUnlink(path);

-    if (e instanceof IntegrityError) {
-      if (e.message === "Inactive MEK version") {
-        error(400, "Invalid MEK version");
-      }
+    if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
+      error(400, "Invalid MEK version");
+    } else if (
+      e instanceof Error &&
+      (e.message === "Invalid request body" || e.message === "Invalid checksum")
+    ) {
+      error(400, "Invalid request body");
    }
    throw e;
  }