kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2026-02-04 16:16:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kmc7468:9635d2a51bc5075b29ec1f0bc861c7bb0c87bd5a
Branches Tags
kmc7468:dev kmc7468:demo kmc7468:main kmc7468:add-tanstack-query
kmc7468:v0.9.1 kmc7468:v0.9.0 kmc7468:v0.8.0 kmc7468:v0.7.0 kmc7468:v0.6.0 kmc7468:v0.5.1 kmc7468:v0.5.0 kmc7468:v0.4.0 kmc7468:v0.3.0 kmc7468:v0.2.0 kmc7468:v0.1.0
...
compare: kmc7468:demo
Branches Tags
kmc7468:demo kmc7468:main kmc7468:dev kmc7468:add-tanstack-query
kmc7468:v0.9.1 kmc7468:v0.9.0 kmc7468:v0.8.0 kmc7468:v0.7.0 kmc7468:v0.6.0 kmc7468:v0.5.1 kmc7468:v0.5.0 kmc7468:v0.4.0 kmc7468:v0.3.0 kmc7468:v0.2.0 kmc7468:v0.1.0

12 Commits
9635d2a51b ... demo

Author SHA1 Message Date
static
66c3f2df71 데모를 위해 파일 용량 제한 추가, 비밀번호 변경 기능 삭제, 악용될 수 있는 API에 로깅 추가 2026-01-18 18:07:53 +09:00
static
385404ece2 Merge pull request #21 from kmc7468/dev 
v0.9.1
 2026-01-18 16:35:41 +09:00
static
ac6aaa18ca Merge pull request #20 from kmc7468/dev 
v0.9.0
 2026-01-18 13:30:15 +09:00
static
7b621d6e98 Merge pull request #19 from kmc7468/dev 
v0.8.0
 2026-01-13 00:29:14 +09:00
static
3906ec4371 Merge pull request #17 from kmc7468/dev 
v0.7.0
 2026-01-06 07:50:16 +09:00
static
90ac5ba4c3 Merge pull request #15 from kmc7468/dev 
v0.6.0
 2025-12-27 14:22:26 +09:00
static
dfffa004ac Merge pull request #13 from kmc7468/dev 
v0.5.1
 2025-07-12 19:56:12 +09:00
static
0cd55a413d Merge pull request #12 from kmc7468/dev 
v0.5.0
 2025-07-12 06:01:08 +09:00
static
361d966a59 Merge pull request #10 from kmc7468/dev 
v0.4.0
 2025-01-30 21:06:50 +09:00
static
aef43b8bfa Merge pull request #6 from kmc7468/dev 
v0.3.0
 2025-01-18 13:29:09 +09:00
static
7f128cccf6 Merge pull request #5 from kmc7468/dev 
v0.2.0
 2025-01-13 03:53:14 +09:00
static
a198e5f6dc Merge pull request #2 from kmc7468/dev 
v0.1.0
 2025-01-09 06:24:31 +09:00
11 changed files with 68 additions and 26 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -13,6 +13,7 @@ node_modules
/library /library
/thumbnails /thumbnails
/uploads /uploads
/log
# OS # OS
.DS_Store .DS_Store

1
.gitignore vendored
View File

@@ -11,6 +11,7 @@ node_modules
/library /library
/thumbnails /thumbnails
/uploads /uploads
/log
# OS # OS
.DS_Store .DS_Store

2
docker-compose.yaml
View File

@@ -10,6 +10,7 @@ services:
- ./data/library:/app/data/library - ./data/library:/app/data/library
- ./data/thumbnails:/app/data/thumbnails - ./data/thumbnails:/app/data/thumbnails
- ./data/uploads:/app/data/uploads - ./data/uploads:/app/data/uploads
- ./data/log:/app/data/log
environment: environment:
# ArkVault # ArkVault
- DATABASE_HOST=database - DATABASE_HOST=database
@@ -22,6 +23,7 @@ services:
- LIBRARY_PATH=/app/data/library - LIBRARY_PATH=/app/data/library
- THUMBNAILS_PATH=/app/data/thumbnails - THUMBNAILS_PATH=/app/data/thumbnails
- UPLOADS_PATH=/app/data/uploads - UPLOADS_PATH=/app/data/uploads
- LOG_DIR=/app/data/log
# SvelteKit # SvelteKit
- ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For} - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
- XFF_DEPTH=${TRUST_PROXY:-} - XFF_DEPTH=${TRUST_PROXY:-}

3
src/lib/constants/upload.ts
View File

@@ -4,3 +4,6 @@ export const ENCRYPTION_OVERHEAD = AES_GCM_IV_SIZE + AES_GCM_TAG_SIZE;
export const CHUNK_SIZE = 4 * 1024 * 1024; // 4 MiB export const CHUNK_SIZE = 4 * 1024 * 1024; // 4 MiB
export const ENCRYPTED_CHUNK_SIZE = CHUNK_SIZE + ENCRYPTION_OVERHEAD; export const ENCRYPTED_CHUNK_SIZE = CHUNK_SIZE + ENCRYPTION_OVERHEAD;
export const MAX_FILE_SIZE = 512 * 1024 * 1024; // 512 MiB
export const MAX_CHUNKS = Math.ceil(MAX_FILE_SIZE / CHUNK_SIZE); // 128 chunks

37
src/lib/server/modules/logger.ts Normal file
View File

@@ -0,0 +1,37 @@
import { appendFileSync, existsSync, mkdirSync } from "fs";
import { env } from "$env/dynamic/private";
const LOG_DIR = env.LOG_DIR || "log";
const getLogFilePath = () => {
const date = new Date().toISOString().slice(0, 10); // YYYY-MM-DD
return `${LOG_DIR}/arkvault-${date}.log`;
};
const ensureLogDir = () => {
if (!existsSync(LOG_DIR)) {
mkdirSync(LOG_DIR, { recursive: true });
}
};
const formatLogLine = (type: string, data: Record<string, unknown>) => {
const timestamp = new Date().toISOString();
return JSON.stringify({ timestamp, type, ...data });
};
export const demoLogger = {
log: (type: string, data: Record<string, unknown>) => {
const line = formatLogLine(type, data);
// Output to stdout
console.log(line);
// Output to file
try {
ensureLogDir();
appendFileSync(getLogFilePath(), line + "\n", { encoding: "utf-8" });
} catch (e) {
console.error("Failed to write to log file:", e);
}
},
};

4
src/routes/(fullscreen)/auth/login/+page.svelte
View File

@@ -14,8 +14,8 @@
let { data } = $props(); let { data } = $props();
let email = $state(""); let email = $state("arkvault-demo@minchan.me");
let password = $state(""); let password = $state("arkvault-demo");
let isForceLoginModalOpen = $state(false); let isForceLoginModalOpen = $state(false);

7
src/routes/(main)/menu/+page.svelte
View File

@@ -52,13 +52,6 @@
</div> </div>
<div class="space-y-2"> <div class="space-y-2">
<p class="font-semibold">보안</p> <p class="font-semibold">보안</p>
<MenuEntryButton
onclick={() => goto("/auth/changePassword")}
icon={IconPassword}
iconColor="text-blue-500"
>
비밀번호 바꾸기
</MenuEntryButton>
<MenuEntryButton onclick={logout} icon={IconLogout} iconColor="text-red-500"> <MenuEntryButton onclick={logout} icon={IconLogout} iconColor="text-red-500">
로그아웃 로그아웃
</MenuEntryButton> </MenuEntryButton>

23
src/trpc/routers/auth.ts
View File

@@ -5,6 +5,7 @@ import { ClientRepo, SessionRepo, UserRepo, IntegrityError } from "$lib/server/d
import env from "$lib/server/loadenv"; import env from "$lib/server/loadenv";
import { cookieOptions } from "$lib/server/modules/auth"; import { cookieOptions } from "$lib/server/modules/auth";
import { generateChallenge, verifySignature, issueSessionId } from "$lib/server/modules/crypto"; import { generateChallenge, verifySignature, issueSessionId } from "$lib/server/modules/crypto";
import { demoLogger } from "$lib/server/modules/logger";
import { router, publicProcedure, roleProcedure } from "../init.server"; import { router, publicProcedure, roleProcedure } from "../init.server";
const authRouter = router({ const authRouter = router({
@@ -24,6 +25,10 @@ const authRouter = router({
const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret); const { sessionId, sessionIdSigned } = await issueSessionId(32, env.session.secret);
await SessionRepo.createSession(user.id, sessionId, ctx.locals.ip, ctx.locals.userAgent); await SessionRepo.createSession(user.id, sessionId, ctx.locals.ip, ctx.locals.userAgent);
ctx.cookies.set("sessionId", sessionIdSigned, cookieOptions); ctx.cookies.set("sessionId", sessionIdSigned, cookieOptions);
if (input.email === "arkvault-demo@minchan.me") {
demoLogger.log("demo:login", { ip: ctx.locals.ip, sessionId });
}
}), }),
logout: roleProcedure["any"].mutation(async ({ ctx }) => { logout: roleProcedure["any"].mutation(async ({ ctx }) => {
@@ -38,22 +43,8 @@ const authRouter = router({
newPassword: z.string().nonempty(), newPassword: z.string().nonempty(),
}), }),
) )
.mutation(async ({ ctx, input }) => { .mutation(() => {
if (input.oldPassword === input.newPassword) { throw new TRPCError({ code: "NOT_IMPLEMENTED" });
throw new TRPCError({ code: "BAD_REQUEST", message: "Same passwords" });
} else if (input.newPassword.length < 8) {
throw new TRPCError({ code: "BAD_REQUEST", message: "Too short password" });
}
const user = await UserRepo.getUser(ctx.session.userId);
if (!user) {
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "Invalid session id" });
} else if (!(await argon2.verify(user.password, input.oldPassword))) {
throw new TRPCError({ code: "FORBIDDEN", message: "Invalid password" });
}
await UserRepo.setUserPassword(ctx.session.userId, await argon2.hash(input.newPassword));
await SessionRepo.deleteAllOtherSessions(ctx.session.userId, ctx.session.sessionId);
}), }),
upgrade: roleProcedure["notClient"] upgrade: roleProcedure["notClient"]

2
src/trpc/routers/directory.ts
View File

@@ -3,6 +3,7 @@ import { z } from "zod";
import { DirectoryIdSchema } from "$lib/schemas"; import { DirectoryIdSchema } from "$lib/schemas";
import { DirectoryRepo, FileRepo, IntegrityError } from "$lib/server/db"; import { DirectoryRepo, FileRepo, IntegrityError } from "$lib/server/db";
import { safeUnlink } from "$lib/server/modules/filesystem"; import { safeUnlink } from "$lib/server/modules/filesystem";
import { demoLogger } from "$lib/server/modules/logger";
import { router, roleProcedure } from "../init.server"; import { router, roleProcedure } from "../init.server";
const directoryRouter = router({ const directoryRouter = router({
@@ -134,6 +135,7 @@ const directoryRouter = router({
const files = await DirectoryRepo.unregisterDirectory(ctx.session.userId, input.id); const files = await DirectoryRepo.unregisterDirectory(ctx.session.userId, input.id);
return { return {
deletedFiles: files.map((file) => { deletedFiles: files.map((file) => {
demoLogger.log("file:delete", { ip: ctx.locals.ip, fileId: file.id, recursive: true });
safeUnlink(file.path); // Intended safeUnlink(file.path); // Intended
safeUnlink(file.thumbnailPath); // Intended safeUnlink(file.thumbnailPath); // Intended
return file.id; return file.id;

2
src/trpc/routers/file.ts
View File

@@ -2,6 +2,7 @@ import { TRPCError } from "@trpc/server";
import { z } from "zod"; import { z } from "zod";
import { FileRepo, MediaRepo, IntegrityError } from "$lib/server/db"; import { FileRepo, MediaRepo, IntegrityError } from "$lib/server/db";
import { safeUnlink } from "$lib/server/modules/filesystem"; import { safeUnlink } from "$lib/server/modules/filesystem";
import { demoLogger } from "$lib/server/modules/logger";
import { router, roleProcedure } from "../init.server"; import { router, roleProcedure } from "../init.server";
const fileRouter = router({ const fileRouter = router({
@@ -174,6 +175,7 @@ const fileRouter = router({
.mutation(async ({ ctx, input }) => { .mutation(async ({ ctx, input }) => {
try { try {
const { path, thumbnailPath } = await FileRepo.unregisterFile(ctx.session.userId, input.id); const { path, thumbnailPath } = await FileRepo.unregisterFile(ctx.session.userId, input.id);
demoLogger.log("file:delete", { ip: ctx.locals.ip, fileId: input.id });
safeUnlink(path); // Intended safeUnlink(path); // Intended
safeUnlink(thumbnailPath); // Intended safeUnlink(thumbnailPath); // Intended
} catch (e) { } catch (e) {

12
src/trpc/routers/upload.ts
View File

@@ -6,11 +6,13 @@ import mime from "mime";
import { dirname } from "path"; import { dirname } from "path";
import { v4 as uuidv4 } from "uuid"; import { v4 as uuidv4 } from "uuid";
import { z } from "zod"; import { z } from "zod";
import { MAX_CHUNKS } from "$lib/constants";
import { DirectoryIdSchema } from "$lib/schemas"; import { DirectoryIdSchema } from "$lib/schemas";
import { FileRepo, MediaRepo, UploadRepo, IntegrityError } from "$lib/server/db"; import { FileRepo, MediaRepo, UploadRepo, IntegrityError } from "$lib/server/db";
import db from "$lib/server/db/kysely"; import db from "$lib/server/db/kysely";
import env from "$lib/server/loadenv"; import env from "$lib/server/loadenv";
import { safeRecursiveRm, safeUnlink } from "$lib/server/modules/filesystem"; import { safeRecursiveRm, safeUnlink } from "$lib/server/modules/filesystem";
import { demoLogger } from "$lib/server/modules/logger";
import { router, roleProcedure } from "../init.server"; import { router, roleProcedure } from "../init.server";
const UPLOADS_EXPIRES = 24 * 3600 * 1000; // 24 hours const UPLOADS_EXPIRES = 24 * 3600 * 1000; // 24 hours
@@ -28,7 +30,7 @@ const uploadRouter = router({
startFileUpload: roleProcedure["activeClient"] startFileUpload: roleProcedure["activeClient"]
.input( .input(
z.object({ z.object({
chunks: z.int().positive(), chunks: z.int().positive().max(MAX_CHUNKS),
parent: DirectoryIdSchema, parent: DirectoryIdSchema,
mekVersion: z.int().positive(), mekVersion: z.int().positive(),
dek: z.base64().nonempty(), dek: z.base64().nonempty(),
@@ -76,6 +78,7 @@ const uploadRouter = router({
: null, : null,
encLastModifiedAt: { ciphertext: input.lastModifiedAt, iv: input.lastModifiedAtIv }, encLastModifiedAt: { ciphertext: input.lastModifiedAt, iv: input.lastModifiedAtIv },
}); });
demoLogger.log("upload:start", { ip: ctx.locals.ip, uploadId: id });
return { uploadId: id }; return { uploadId: id };
} catch (e) { } catch (e) {
await safeRecursiveRm(path); await safeRecursiveRm(path);
@@ -153,6 +156,7 @@ const uploadRouter = router({
}); });
await safeRecursiveRm(session.path); await safeRecursiveRm(session.path);
demoLogger.log("upload:complete", { ip: ctx.locals.ip, uploadId, fileId });
return { file: fileId }; return { file: fileId };
} catch (e) { } catch (e) {
await safeUnlink(filePath); await safeUnlink(filePath);
@@ -183,6 +187,7 @@ const uploadRouter = router({
fileId: input.file, fileId: input.file,
dekVersion: input.dekVersion, dekVersion: input.dekVersion,
}); });
demoLogger.log("thumbnail:start", { ip: ctx.locals.ip, uploadId: id });
return { uploadId: id }; return { uploadId: id };
} catch (e) { } catch (e) {
await safeRecursiveRm(path); await safeRecursiveRm(path);
@@ -238,6 +243,11 @@ const uploadRouter = router({
await UploadRepo.deleteUploadSession(trx, uploadId); await UploadRepo.deleteUploadSession(trx, uploadId);
return oldPath; return oldPath;
}); });
demoLogger.log("thumbnail:complete", {
ip: ctx.locals.ip,
uploadId,
fileId: session.fileId,
});
await Promise.all([safeUnlink(oldThumbnailPath), safeRecursiveRm(session.path)]); await Promise.all([safeUnlink(oldThumbnailPath), safeRecursiveRm(session.path)]);
} catch (e) { } catch (e) {
await safeUnlink(thumbnailPath); await safeUnlink(thumbnailPath);