kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2026-02-04 16:16:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kmc7468:v0.7.0
Branches Tags
kmc7468:dev kmc7468:demo kmc7468:main kmc7468:add-tanstack-query
kmc7468:v0.9.1 kmc7468:v0.9.0 kmc7468:v0.8.0 kmc7468:v0.7.0 kmc7468:v0.6.0 kmc7468:v0.5.1 kmc7468:v0.5.0 kmc7468:v0.4.0 kmc7468:v0.3.0 kmc7468:v0.2.0 kmc7468:v0.1.0
..
compare: kmc7468:37bd6a9315b705b98fc9dd61b579591e920724f5
Branches Tags
kmc7468:demo kmc7468:main kmc7468:dev kmc7468:add-tanstack-query
kmc7468:v0.9.1 kmc7468:v0.9.0 kmc7468:v0.8.0 kmc7468:v0.7.0 kmc7468:v0.6.0 kmc7468:v0.5.1 kmc7468:v0.5.0 kmc7468:v0.4.0 kmc7468:v0.3.0 kmc7468:v0.2.0 kmc7468:v0.1.0

22 Commits
v0.7.0 ... 37bd6a9315

Author SHA1 Message Date
static
37bd6a9315 검색 기능 구현 2026-01-15 15:11:03 +09:00
static
96d5397cb5 docker.yaml 파일의 오타 수정 2026-01-13 00:37:29 +09:00
static
b952bfae86 릴리즈 때마다 Docker 이미지를 자동으로 빌드하는 Action 추가 2026-01-13 00:28:52 +09:00
static
4cdf2b342f 청크 업로드 성능 개선 및 네트워크 속도를 더 정확하게 측정하도록 개선 2026-01-12 23:37:04 +09:00
static
a4912c8952 사소한 리팩토링 2026-01-12 20:50:19 +09:00
static
00b9858db7 업로드된 청크 목록을 비트맵을 활용해 효율적으로 저장하도록 개선 2026-01-12 18:37:36 +09:00
static
c778a4fb9e 파일 업로드 로직 리팩토링 2 2026-01-12 16:58:28 +09:00
static
e7dc96bb47 HMAC 계산을 Web Worker에서 처리하도록 변경 2026-01-12 15:16:43 +09:00
static
b636d75ea0 파일 업로드 로직 리팩토링 2026-01-12 12:02:20 +09:00
static
27e90ef4d7 이전 버전에서 업로드된 파일을 청크 업로드 방식으로 마이그레이션할 수 있는 기능 추가 2026-01-12 08:40:07 +09:00
static
594c3654c9 파일 및 썸네일 다운로드 Endpoint의 핸들러를 하나로 통합 2026-01-12 05:04:07 +09:00
static
614d0e74b4 패키지 버전 업데이트 2026-01-11 16:01:02 +09:00
static
efc2b08b1f Merge pull request #18 from kmc7468/add-chunked-upload 
Chunked Upload 도입
 2026-01-11 15:56:35 +09:00
static
80368c3a29 사소한 리팩토링 2 2026-01-11 15:54:05 +09:00
static
83369f83e3 DB에 청크 업로드 경로를 저장하도록 변경 2026-01-11 15:16:03 +09:00
static
2801eed556 사소한 리팩토링 2026-01-11 14:35:30 +09:00
static
57c27b76be 썸네일 업로드도 새로운 업로드 방식으로 변경 2026-01-11 14:07:32 +09:00
static
3628e6d21a 업로드할 때에도 스트리밍 방식으로 처리하도록 변경 2026-01-11 13:19:54 +09:00
static
1efcdd68f1 스트리밍 방식으로 동영상을 불러올 때 다운로드 메뉴가 표시되지 않는 버그 수정 2026-01-11 09:25:40 +09:00
static
0c295a2ffa Service Worker를 활용한 스트리밍 방식 파일 복호화 구현 2026-01-11 09:06:49 +09:00
static
4b783a36e9 파일 업로드 방식을 Chunking 방식으로 변경 2026-01-11 04:45:21 +09:00
static
b9e6f17b0c IV를 암호화된 파일 및 썸네일 앞에 합쳐서 전송하도록 변경 2026-01-11 00:29:59 +09:00
115 changed files with 3400 additions and 1138 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -12,6 +12,7 @@ node_modules
/data /data
/library /library
/thumbnails /thumbnails
/uploads
# OS # OS
.DS_Store .DS_Store

1
.env.example
View File

@@ -12,3 +12,4 @@ USER_CLIENT_CHALLENGE_EXPIRES=
SESSION_UPGRADE_CHALLENGE_EXPIRES= SESSION_UPGRADE_CHALLENGE_EXPIRES=
LIBRARY_PATH= LIBRARY_PATH=
THUMBNAILS_PATH= THUMBNAILS_PATH=
UPLOADS_PATH=

45
.github/workflows/docker.yaml vendored Normal file
View File

@@ -0,0 +1,45 @@
name: Docker Image Build
on:
release:
types: [published]
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
uses: docker/metadata-action@v5
id: meta
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{version}}
type=raw,value=latest
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max

1
.gitignore vendored
View File

@@ -10,6 +10,7 @@ node_modules
/data /data
/library /library
/thumbnails /thumbnails
/uploads
# OS # OS
.DS_Store .DS_Store

2
docker-compose.yaml
View File

@@ -9,6 +9,7 @@ services:
volumes: volumes:
- ./data/library:/app/data/library - ./data/library:/app/data/library
- ./data/thumbnails:/app/data/thumbnails - ./data/thumbnails:/app/data/thumbnails
- ./data/uploads:/app/data/uploads
environment: environment:
# ArkVault # ArkVault
- DATABASE_HOST=database - DATABASE_HOST=database
@@ -20,6 +21,7 @@ services:
- SESSION_UPGRADE_CHALLENGE_EXPIRES - SESSION_UPGRADE_CHALLENGE_EXPIRES
- LIBRARY_PATH=/app/data/library - LIBRARY_PATH=/app/data/library
- THUMBNAILS_PATH=/app/data/thumbnails - THUMBNAILS_PATH=/app/data/thumbnails
- UPLOADS_PATH=/app/data/uploads
# SvelteKit # SvelteKit
- ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For} - ADDRESS_HEADER=${TRUST_PROXY:+X-Forwarded-For}
- XFF_DEPTH=${TRUST_PROXY:-} - XFF_DEPTH=${TRUST_PROXY:-}

24
package.json
View File

@@ -1,7 +1,7 @@
{ {
"name": "arkvault", "name": "arkvault",
"private": true, "private": true,
"version": "0.7.0", "version": "0.8.0",
"type": "module", "type": "module",
"scripts": { "scripts": {
"dev": "vite dev", "dev": "vite dev",
@@ -16,13 +16,14 @@
"db:migrate": "kysely migrate" "db:migrate": "kysely migrate"
}, },
"devDependencies": { "devDependencies": {
"@eslint/compat": "^2.0.0", "@eslint/compat": "^2.0.1",
"@eslint/js": "^9.39.2", "@eslint/js": "^9.39.2",
"@iconify-json/material-symbols": "^1.2.50", "@iconify-json/material-symbols": "^1.2.51",
"@noble/hashes": "^2.0.1",
"@sveltejs/adapter-node": "^5.4.0", "@sveltejs/adapter-node": "^5.4.0",
"@sveltejs/kit": "^2.49.2", "@sveltejs/kit": "^2.49.4",
"@sveltejs/vite-plugin-svelte": "^6.2.1", "@sveltejs/vite-plugin-svelte": "^6.2.4",
"@tanstack/svelte-virtual": "^3.13.16", "@tanstack/svelte-virtual": "^3.13.18",
"@trpc/client": "^11.8.1", "@trpc/client": "^11.8.1",
"@types/file-saver": "^2.0.7", "@types/file-saver": "^2.0.7",
"@types/ms": "^0.7.34", "@types/ms": "^0.7.34",
@@ -33,11 +34,11 @@
"dexie": "^4.2.1", "dexie": "^4.2.1",
"eslint": "^9.39.2", "eslint": "^9.39.2",
"eslint-config-prettier": "^10.1.8", "eslint-config-prettier": "^10.1.8",
"eslint-plugin-svelte": "^3.13.1", "eslint-plugin-svelte": "^3.14.0",
"eslint-plugin-tailwindcss": "^3.18.2", "eslint-plugin-tailwindcss": "^3.18.2",
"exifreader": "^4.33.1", "exifreader": "^4.35.0",
"file-saver": "^2.0.5", "file-saver": "^2.0.5",
"globals": "^16.5.0", "globals": "^17.0.0",
"heic2any": "^0.0.4", "heic2any": "^0.0.4",
"kysely-ctl": "^0.19.0", "kysely-ctl": "^0.19.0",
"lru-cache": "^11.2.4", "lru-cache": "^11.2.4",
@@ -50,12 +51,11 @@
"svelte-check": "^4.3.5", "svelte-check": "^4.3.5",
"tailwindcss": "^3.4.19", "tailwindcss": "^3.4.19",
"typescript": "^5.9.3", "typescript": "^5.9.3",
"typescript-eslint": "^8.51.0", "typescript-eslint": "^8.52.0",
"unplugin-icons": "^22.5.0", "unplugin-icons": "^22.5.0",
"vite": "^7.3.0" "vite": "^7.3.1"
}, },
"dependencies": { "dependencies": {
"@fastify/busboy": "^3.2.0",
"@trpc/server": "^11.8.1", "@trpc/server": "^11.8.1",
"argon2": "^0.44.0", "argon2": "^0.44.0",
"kysely": "^0.28.9", "kysely": "^0.28.9",

580
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

2
src/hooks.client.ts
View File

@@ -1,7 +1,6 @@
import type { ClientInit } from "@sveltejs/kit"; import type { ClientInit } from "@sveltejs/kit";
import { cleanupDanglingInfos, getClientKey, getMasterKeys, getHmacSecrets } from "$lib/indexedDB"; import { cleanupDanglingInfos, getClientKey, getMasterKeys, getHmacSecrets } from "$lib/indexedDB";
import { prepareFileCache } from "$lib/modules/file"; import { prepareFileCache } from "$lib/modules/file";
import { prepareOpfs } from "$lib/modules/opfs";
import { clientKeyStore, masterKeyStore, hmacSecretStore } from "$lib/stores"; import { clientKeyStore, masterKeyStore, hmacSecretStore } from "$lib/stores";
const requestPersistentStorage = async () => { const requestPersistentStorage = async () => {
@@ -46,7 +45,6 @@ export const init: ClientInit = async () => {
prepareClientKeyStore(), prepareClientKeyStore(),
prepareMasterKeyStore(), prepareMasterKeyStore(),
prepareHmacSecretStore(), prepareHmacSecretStore(),
prepareOpfs(),
]); ]);
cleanupDanglingInfos(); // Intended cleanupDanglingInfos(); // Intended

2
src/hooks.server.ts
View File

@@ -8,6 +8,7 @@ import {
cleanupExpiredSessionUpgradeChallenges, cleanupExpiredSessionUpgradeChallenges,
} from "$lib/server/db/session"; } from "$lib/server/db/session";
import { authenticate, setAgentInfo } from "$lib/server/middlewares"; import { authenticate, setAgentInfo } from "$lib/server/middlewares";
import { cleanupExpiredUploadSessions } from "$lib/server/services/upload";
export const init: ServerInit = async () => { export const init: ServerInit = async () => {
await migrateDB(); await migrateDB();
@@ -16,6 +17,7 @@ export const init: ServerInit = async () => {
cleanupExpiredUserClientChallenges(); cleanupExpiredUserClientChallenges();
cleanupExpiredSessions(); cleanupExpiredSessions();
cleanupExpiredSessionUpgradeChallenges(); cleanupExpiredSessionUpgradeChallenges();
cleanupExpiredUploadSessions();
}); });
}; };

53
src/lib/components/atoms/Chip.svelte Normal file
View File

@@ -0,0 +1,53 @@
<script lang="ts">
import type { Snippet } from "svelte";
import type { ClassValue } from "svelte/elements";
import IconClose from "~icons/material-symbols/close";
interface Props {
children: Snippet;
class?: ClassValue;
onclick?: () => void;
onRemoveClick?: () => void;
selected?: boolean;
removable?: boolean;
}
let {
children,
class: className,
onclick = () => (selected = !selected),
onRemoveClick,
removable = false,
selected = $bindable(false),
}: Props = $props();
</script>
<!-- svelte-ignore a11y_no_static_element_interactions -->
<!-- svelte-ignore a11y_click_events_have_key_events -->
<div
onclick={onclick && (() => setTimeout(onclick, 100))}
class={[
"inline-flex cursor-pointer items-center gap-x-1 rounded-lg px-3 py-1.5 text-sm font-medium transition active:scale-95",
selected
? "bg-primary-500 text-white active:bg-primary-400"
: "bg-gray-100 text-gray-700 active:bg-gray-200",
className,
]}
>
<span>
{@render children()}
</span>
{#if selected && removable}
<button
onclick={(e) => {
e.stopPropagation();
if (onRemoveClick) {
setTimeout(onRemoveClick, 100);
}
}}
>
<IconClose />
</button>
{/if}
</div>

16
src/lib/components/atoms/RowVirtualizer.svelte
View File

@@ -6,13 +6,22 @@
interface Props { interface Props {
class?: ClassValue; class?: ClassValue;
count: number; count: number;
estimateItemHeight: (index: number) => number;
getItemKey?: (index: number) => string | number;
item: Snippet<[index: number]>; item: Snippet<[index: number]>;
itemHeight: (index: number) => number;
itemGap?: number; itemGap?: number;
placeholder?: Snippet; placeholder?: Snippet;
} }
let { class: className, count, item, itemHeight, itemGap, placeholder }: Props = $props(); let {
class: className,
count,
estimateItemHeight,
getItemKey,
item,
itemGap,
placeholder,
}: Props = $props();
let element: HTMLElement | undefined = $state(); let element: HTMLElement | undefined = $state();
let scrollMargin = $state(0); let scrollMargin = $state(0);
@@ -20,8 +29,9 @@
let virtualizer = $derived( let virtualizer = $derived(
createWindowVirtualizer({ createWindowVirtualizer({
count, count,
estimateSize: itemHeight, estimateSize: estimateItemHeight,
gap: itemGap, gap: itemGap,
getItemKey: getItemKey,
scrollMargin, scrollMargin,
}), }),
); );

2
src/lib/components/atoms/buttons/ActionEntryButton.svelte
View File

@@ -49,7 +49,7 @@
</div> </div>
</div> </div>
<style> <style lang="postcss">
#container:active:not(:has(#action-button:active)) { #container:active:not(:has(#action-button:active)) {
@apply bg-gray-100; @apply bg-gray-100;
} }

1
src/lib/components/atoms/index.ts
View File

@@ -1,5 +1,6 @@
export { default as BottomSheet } from "./BottomSheet.svelte"; export { default as BottomSheet } from "./BottomSheet.svelte";
export * from "./buttons"; export * from "./buttons";
export { default as Chip } from "./Chip.svelte";
export * from "./divs"; export * from "./divs";
export * from "./inputs"; export * from "./inputs";
export { default as Modal } from "./Modal.svelte"; export { default as Modal } from "./Modal.svelte";

2
src/lib/components/atoms/inputs/TextInput.svelte
View File

@@ -28,7 +28,7 @@
</div> </div>
</div> </div>
<style> <style lang="postcss">
input:focus, input:focus,
input:not(:placeholder-shown) { input:not(:placeholder-shown) {
@apply border-primary-300; @apply border-primary-300;

6
src/lib/components/molecules/SubCategories.svelte
View File

@@ -10,9 +10,9 @@
class?: ClassValue; class?: ClassValue;
info: CategoryInfo; info: CategoryInfo;
onSubCategoryClick: (subCategory: SelectedCategory) => void; onSubCategoryClick: (subCategory: SelectedCategory) => void;
onSubCategoryCreateClick: () => void; onSubCategoryCreateClick?: () => void;
onSubCategoryMenuClick?: (category: SelectedCategory) => void; onSubCategoryMenuClick?: (category: SelectedCategory) => void;
subCategoryCreatePosition?: "top" | "bottom"; subCategoryCreatePosition?: "top" | "bottom" | "none";
subCategoryMenuIcon?: Component<SvelteHTMLElements["svg"]>; subCategoryMenuIcon?: Component<SvelteHTMLElements["svg"]>;
} }
@@ -22,7 +22,7 @@
onSubCategoryClick, onSubCategoryClick,
onSubCategoryCreateClick, onSubCategoryCreateClick,
onSubCategoryMenuClick, onSubCategoryMenuClick,
subCategoryCreatePosition = "bottom", subCategoryCreatePosition = "none",
subCategoryMenuIcon, subCategoryMenuIcon,
}: Props = $props(); }: Props = $props();
</script> </script>

19
src/lib/components/molecules/TopBar.svelte
View File

@@ -8,10 +8,11 @@
children?: Snippet; children?: Snippet;
class?: ClassValue; class?: ClassValue;
onBackClick?: () => void; onBackClick?: () => void;
showBackButton?: boolean;
title?: string; title?: string;
} }
let { children, class: className, onBackClick, title }: Props = $props(); let { children, class: className, onBackClick, showBackButton = true, title }: Props = $props();
</script> </script>
<div <div
@@ -20,12 +21,16 @@
className, className,
]} ]}
> >
<button <div class="w-[2.3rem] flex-shrink-0">
onclick={onBackClick || (() => history.back())} {#if showBackButton}
class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]" <button
> onclick={onBackClick ?? (() => history.back())}
<IconArrowBack class="text-2xl" /> class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
</button> >
<IconArrowBack class="text-2xl" />
</button>
{/if}
</div>
{#if title} {#if title}
<p class="flex-grow truncate text-center text-lg font-semibold">{title}</p> <p class="flex-grow truncate text-center text-lg font-semibold">{title}</p>
{/if} {/if}

2
src/lib/constants/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from "./serviceWorker";
export * from "./upload";

1
src/lib/constants/serviceWorker.ts Normal file
View File

@@ -0,0 +1 @@
export const DECRYPTED_FILE_URL_PREFIX = "/_internal/decryptedFile/";

6
src/lib/constants/upload.ts Normal file
View File

@@ -0,0 +1,6 @@
export const AES_GCM_IV_SIZE = 12;
export const AES_GCM_TAG_SIZE = 16;
export const ENCRYPTION_OVERHEAD = AES_GCM_IV_SIZE + AES_GCM_TAG_SIZE;
export const CHUNK_SIZE = 4 * 1024 * 1024; // 4 MiB
export const ENCRYPTED_CHUNK_SIZE = CHUNK_SIZE + ENCRYPTION_OVERHEAD;

6
src/lib/indexedDB/keyStore.ts
View File

@@ -70,12 +70,12 @@ export const storeMasterKeys = async (keys: MasterKey[]) => {
}; };
export const getHmacSecrets = async () => { export const getHmacSecrets = async () => {
return await keyStore.hmacSecret.toArray(); return (await keyStore.hmacSecret.toArray()).filter(({ secret }) => secret.extractable);
}; };
export const storeHmacSecrets = async (secrets: HmacSecret[]) => { export const storeHmacSecrets = async (secrets: HmacSecret[]) => {
if (secrets.some(({ secret }) => secret.extractable)) { if (secrets.some(({ secret }) => !secret.extractable)) {
throw new Error("Hmac secrets must be nonextractable"); throw new Error("Hmac secrets must be extractable");
} }
await keyStore.hmacSecret.bulkPut(secrets); await keyStore.hmacSecret.bulkPut(secrets);
}; };

58
src/lib/modules/crypto/aes.ts
View File

@@ -1,8 +1,15 @@
import { encodeString, decodeString, encodeToBase64, decodeFromBase64 } from "./util"; import { AES_GCM_IV_SIZE } from "$lib/constants";
import {
encodeString,
decodeString,
encodeToBase64,
decodeFromBase64,
concatenateBuffers,
} from "./utils";
export const generateMasterKey = async () => { export const generateMasterKey = async () => {
return { return {
masterKey: await window.crypto.subtle.generateKey( masterKey: await crypto.subtle.generateKey(
{ {
name: "AES-KW", name: "AES-KW",
length: 256, length: 256,
@@ -15,7 +22,7 @@ export const generateMasterKey = async () => {
export const generateDataKey = async () => { export const generateDataKey = async () => {
return { return {
dataKey: await window.crypto.subtle.generateKey( dataKey: await crypto.subtle.generateKey(
{ {
name: "AES-GCM", name: "AES-GCM",
length: 256, length: 256,
@@ -28,9 +35,9 @@ export const generateDataKey = async () => {
}; };
export const makeAESKeyNonextractable = async (key: CryptoKey) => { export const makeAESKeyNonextractable = async (key: CryptoKey) => {
return await window.crypto.subtle.importKey( return await crypto.subtle.importKey(
"raw", "raw",
await window.crypto.subtle.exportKey("raw", key), await crypto.subtle.exportKey("raw", key),
key.algorithm, key.algorithm,
false, false,
key.usages, key.usages,
@@ -38,12 +45,12 @@ export const makeAESKeyNonextractable = async (key: CryptoKey) => {
}; };
export const wrapDataKey = async (dataKey: CryptoKey, masterKey: CryptoKey) => { export const wrapDataKey = async (dataKey: CryptoKey, masterKey: CryptoKey) => {
return encodeToBase64(await window.crypto.subtle.wrapKey("raw", dataKey, masterKey, "AES-KW")); return encodeToBase64(await crypto.subtle.wrapKey("raw", dataKey, masterKey, "AES-KW"));
}; };
export const unwrapDataKey = async (dataKeyWrapped: string, masterKey: CryptoKey) => { export const unwrapDataKey = async (dataKeyWrapped: string, masterKey: CryptoKey) => {
return { return {
dataKey: await window.crypto.subtle.unwrapKey( dataKey: await crypto.subtle.unwrapKey(
"raw", "raw",
decodeFromBase64(dataKeyWrapped), decodeFromBase64(dataKeyWrapped),
masterKey, masterKey,
@@ -56,12 +63,12 @@ export const unwrapDataKey = async (dataKeyWrapped: string, masterKey: CryptoKey
}; };
export const wrapHmacSecret = async (hmacSecret: CryptoKey, masterKey: CryptoKey) => { export const wrapHmacSecret = async (hmacSecret: CryptoKey, masterKey: CryptoKey) => {
return encodeToBase64(await window.crypto.subtle.wrapKey("raw", hmacSecret, masterKey, "AES-KW")); return encodeToBase64(await crypto.subtle.wrapKey("raw", hmacSecret, masterKey, "AES-KW"));
}; };
export const unwrapHmacSecret = async (hmacSecretWrapped: string, masterKey: CryptoKey) => { export const unwrapHmacSecret = async (hmacSecretWrapped: string, masterKey: CryptoKey) => {
return { return {
hmacSecret: await window.crypto.subtle.unwrapKey( hmacSecret: await crypto.subtle.unwrapKey(
"raw", "raw",
decodeFromBase64(hmacSecretWrapped), decodeFromBase64(hmacSecretWrapped),
masterKey, masterKey,
@@ -70,15 +77,15 @@ export const unwrapHmacSecret = async (hmacSecretWrapped: string, masterKey: Cry
name: "HMAC", name: "HMAC",
hash: "SHA-256", hash: "SHA-256",
} satisfies HmacImportParams, } satisfies HmacImportParams,
false, // Nonextractable true, // Extractable
["sign", "verify"], ["sign", "verify"],
), ),
}; };
}; };
export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => { export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => {
const iv = window.crypto.getRandomValues(new Uint8Array(12)); const iv = crypto.getRandomValues(new Uint8Array(12));
const ciphertext = await window.crypto.subtle.encrypt( const ciphertext = await crypto.subtle.encrypt(
{ {
name: "AES-GCM", name: "AES-GCM",
iv, iv,
@@ -86,14 +93,18 @@ export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => {
dataKey, dataKey,
data, data,
); );
return { ciphertext, iv: encodeToBase64(iv.buffer) }; return { ciphertext, iv: iv.buffer };
}; };
export const decryptData = async (ciphertext: BufferSource, iv: string, dataKey: CryptoKey) => { export const decryptData = async (
return await window.crypto.subtle.decrypt( ciphertext: BufferSource,
iv: string | BufferSource,
dataKey: CryptoKey,
) => {
return await crypto.subtle.decrypt(
{ {
name: "AES-GCM", name: "AES-GCM",
iv: decodeFromBase64(iv), iv: typeof iv === "string" ? decodeFromBase64(iv) : iv,
} satisfies AesGcmParams, } satisfies AesGcmParams,
dataKey, dataKey,
ciphertext, ciphertext,
@@ -102,9 +113,22 @@ export const decryptData = async (ciphertext: BufferSource, iv: string, dataKey:
export const encryptString = async (plaintext: string, dataKey: CryptoKey) => { export const encryptString = async (plaintext: string, dataKey: CryptoKey) => {
const { ciphertext, iv } = await encryptData(encodeString(plaintext), dataKey); const { ciphertext, iv } = await encryptData(encodeString(plaintext), dataKey);
return { ciphertext: encodeToBase64(ciphertext), iv }; return { ciphertext: encodeToBase64(ciphertext), iv: encodeToBase64(iv) };
}; };
export const decryptString = async (ciphertext: string, iv: string, dataKey: CryptoKey) => { export const decryptString = async (ciphertext: string, iv: string, dataKey: CryptoKey) => {
return decodeString(await decryptData(decodeFromBase64(ciphertext), iv, dataKey)); return decodeString(await decryptData(decodeFromBase64(ciphertext), iv, dataKey));
}; };
export const encryptChunk = async (chunk: ArrayBuffer, dataKey: CryptoKey) => {
const { ciphertext, iv } = await encryptData(chunk, dataKey);
return concatenateBuffers(iv, ciphertext).buffer;
};
export const decryptChunk = async (encryptedChunk: ArrayBuffer, dataKey: CryptoKey) => {
return await decryptData(
encryptedChunk.slice(AES_GCM_IV_SIZE),
encryptedChunk.slice(0, AES_GCM_IV_SIZE),
dataKey,
);
};

2
src/lib/modules/crypto/index.ts
View File

@@ -1,4 +1,4 @@
export * from "./aes"; export * from "./aes";
export * from "./rsa"; export * from "./rsa";
export * from "./sha"; export * from "./sha";
export * from "./util"; export * from "./utils";

34
src/lib/modules/crypto/rsa.ts
View File

@@ -1,7 +1,7 @@
import { encodeString, encodeToBase64, decodeFromBase64 } from "./util"; import { encodeString, encodeToBase64, decodeFromBase64 } from "./utils";
export const generateEncryptionKeyPair = async () => { export const generateEncryptionKeyPair = async () => {
const keyPair = await window.crypto.subtle.generateKey( const keyPair = await crypto.subtle.generateKey(
{ {
name: "RSA-OAEP", name: "RSA-OAEP",
modulusLength: 4096, modulusLength: 4096,
@@ -18,7 +18,7 @@ export const generateEncryptionKeyPair = async () => {
}; };
export const generateSigningKeyPair = async () => { export const generateSigningKeyPair = async () => {
const keyPair = await window.crypto.subtle.generateKey( const keyPair = await crypto.subtle.generateKey(
{ {
name: "RSA-PSS", name: "RSA-PSS",
modulusLength: 4096, modulusLength: 4096,
@@ -37,7 +37,7 @@ export const generateSigningKeyPair = async () => {
export const exportRSAKey = async (key: CryptoKey) => { export const exportRSAKey = async (key: CryptoKey) => {
const format = key.type === "public" ? ("spki" as const) : ("pkcs8" as const); const format = key.type === "public" ? ("spki" as const) : ("pkcs8" as const);
return { return {
key: await window.crypto.subtle.exportKey(format, key), key: await crypto.subtle.exportKey(format, key),
format, format,
}; };
}; };
@@ -54,14 +54,14 @@ export const importEncryptionKeyPairFromBase64 = async (
name: "RSA-OAEP", name: "RSA-OAEP",
hash: "SHA-256", hash: "SHA-256",
}; };
const encryptKey = await window.crypto.subtle.importKey( const encryptKey = await crypto.subtle.importKey(
"spki", "spki",
decodeFromBase64(encryptKeyBase64), decodeFromBase64(encryptKeyBase64),
algorithm, algorithm,
true, true,
["encrypt", "wrapKey"], ["encrypt", "wrapKey"],
); );
const decryptKey = await window.crypto.subtle.importKey( const decryptKey = await crypto.subtle.importKey(
"pkcs8", "pkcs8",
decodeFromBase64(decryptKeyBase64), decodeFromBase64(decryptKeyBase64),
algorithm, algorithm,
@@ -79,14 +79,14 @@ export const importSigningKeyPairFromBase64 = async (
name: "RSA-PSS", name: "RSA-PSS",
hash: "SHA-256", hash: "SHA-256",
}; };
const signKey = await window.crypto.subtle.importKey( const signKey = await crypto.subtle.importKey(
"pkcs8", "pkcs8",
decodeFromBase64(signKeyBase64), decodeFromBase64(signKeyBase64),
algorithm, algorithm,
true, true,
["sign"], ["sign"],
); );
const verifyKey = await window.crypto.subtle.importKey( const verifyKey = await crypto.subtle.importKey(
"spki", "spki",
decodeFromBase64(verifyKeyBase64), decodeFromBase64(verifyKeyBase64),
algorithm, algorithm,
@@ -98,17 +98,11 @@ export const importSigningKeyPairFromBase64 = async (
export const makeRSAKeyNonextractable = async (key: CryptoKey) => { export const makeRSAKeyNonextractable = async (key: CryptoKey) => {
const { key: exportedKey, format } = await exportRSAKey(key); const { key: exportedKey, format } = await exportRSAKey(key);
return await window.crypto.subtle.importKey( return await crypto.subtle.importKey(format, exportedKey, key.algorithm, false, key.usages);
format,
exportedKey,
key.algorithm,
false,
key.usages,
);
}; };
export const decryptChallenge = async (challenge: string, decryptKey: CryptoKey) => { export const decryptChallenge = async (challenge: string, decryptKey: CryptoKey) => {
return await window.crypto.subtle.decrypt( return await crypto.subtle.decrypt(
{ {
name: "RSA-OAEP", name: "RSA-OAEP",
} satisfies RsaOaepParams, } satisfies RsaOaepParams,
@@ -119,7 +113,7 @@ export const decryptChallenge = async (challenge: string, decryptKey: CryptoKey)
export const wrapMasterKey = async (masterKey: CryptoKey, encryptKey: CryptoKey) => { export const wrapMasterKey = async (masterKey: CryptoKey, encryptKey: CryptoKey) => {
return encodeToBase64( return encodeToBase64(
await window.crypto.subtle.wrapKey("raw", masterKey, encryptKey, { await crypto.subtle.wrapKey("raw", masterKey, encryptKey, {
name: "RSA-OAEP", name: "RSA-OAEP",
} satisfies RsaOaepParams), } satisfies RsaOaepParams),
); );
@@ -131,7 +125,7 @@ export const unwrapMasterKey = async (
extractable = false, extractable = false,
) => { ) => {
return { return {
masterKey: await window.crypto.subtle.unwrapKey( masterKey: await crypto.subtle.unwrapKey(
"raw", "raw",
decodeFromBase64(masterKeyWrapped), decodeFromBase64(masterKeyWrapped),
decryptKey, decryptKey,
@@ -146,7 +140,7 @@ export const unwrapMasterKey = async (
}; };
export const signMessageRSA = async (message: BufferSource, signKey: CryptoKey) => { export const signMessageRSA = async (message: BufferSource, signKey: CryptoKey) => {
return await window.crypto.subtle.sign( return await crypto.subtle.sign(
{ {
name: "RSA-PSS", name: "RSA-PSS",
saltLength: 32, // SHA-256 saltLength: 32, // SHA-256
@@ -161,7 +155,7 @@ export const verifySignatureRSA = async (
signature: BufferSource, signature: BufferSource,
verifyKey: CryptoKey, verifyKey: CryptoKey,
) => { ) => {
return await window.crypto.subtle.verify( return await crypto.subtle.verify(
{ {
name: "RSA-PSS", name: "RSA-PSS",
saltLength: 32, // SHA-256 saltLength: 32, // SHA-256

29
src/lib/modules/crypto/sha.ts
View File

@@ -1,10 +1,13 @@
import HmacWorker from "$workers/hmac?worker";
import type { ComputeMessage, ResultMessage } from "$workers/hmac";
export const digestMessage = async (message: BufferSource) => { export const digestMessage = async (message: BufferSource) => {
return await window.crypto.subtle.digest("SHA-256", message); return await crypto.subtle.digest("SHA-256", message);
}; };
export const generateHmacSecret = async () => { export const generateHmacSecret = async () => {
return { return {
hmacSecret: await window.crypto.subtle.generateKey( hmacSecret: await crypto.subtle.generateKey(
{ {
name: "HMAC", name: "HMAC",
hash: "SHA-256", hash: "SHA-256",
@@ -15,6 +18,24 @@ export const generateHmacSecret = async () => {
}; };
}; };
export const signMessageHmac = async (message: BufferSource, hmacSecret: CryptoKey) => { export const signMessageHmac = async (message: Blob, hmacSecret: CryptoKey) => {
return await window.crypto.subtle.sign("HMAC", hmacSecret, message); const stream = message.stream();
const hmacSecretRaw = new Uint8Array(await crypto.subtle.exportKey("raw", hmacSecret));
const worker = new HmacWorker();
return new Promise<Uint8Array>((resolve, reject) => {
worker.onmessage = ({ data }: MessageEvent<ResultMessage>) => {
resolve(data.result);
worker.terminate();
};
worker.onerror = ({ error }) => {
reject(error);
worker.terminate();
};
worker.postMessage({ stream, key: hmacSecretRaw } satisfies ComputeMessage, {
transfer: [stream, hmacSecretRaw.buffer],
});
});
}; };

4
src/lib/modules/crypto/util.ts → src/lib/modules/crypto/utils.ts
View File

@@ -9,8 +9,8 @@ export const decodeString = (data: ArrayBuffer) => {
return textDecoder.decode(data); return textDecoder.decode(data);
}; };
export const encodeToBase64 = (data: ArrayBuffer) => { export const encodeToBase64 = (data: ArrayBuffer | Uint8Array) => {
return btoa(String.fromCharCode(...new Uint8Array(data))); return btoa(String.fromCharCode(...(data instanceof ArrayBuffer ? new Uint8Array(data) : data)));
}; };
export const decodeFromBase64 = (data: string) => { export const decodeFromBase64 = (data: string) => {

25
src/lib/modules/file/download.svelte.ts
View File

@@ -1,6 +1,7 @@
import axios from "axios"; import axios from "axios";
import { limitFunction } from "p-limit"; import { limitFunction } from "p-limit";
import { decryptData } from "$lib/modules/crypto"; import { ENCRYPTED_CHUNK_SIZE } from "$lib/constants";
import { decryptChunk, concatenateBuffers } from "$lib/modules/crypto";
export interface FileDownloadState { export interface FileDownloadState {
id: number; id: number;
@@ -65,13 +66,21 @@ const decryptFile = limitFunction(
async ( async (
state: FileDownloadState, state: FileDownloadState,
fileEncrypted: ArrayBuffer, fileEncrypted: ArrayBuffer,
fileEncryptedIv: string, encryptedChunkSize: number,
dataKey: CryptoKey, dataKey: CryptoKey,
) => { ) => {
state.status = "decrypting"; state.status = "decrypting";
const fileBuffer = await decryptData(fileEncrypted, fileEncryptedIv, dataKey); const chunks: ArrayBuffer[] = [];
let offset = 0;
while (offset < fileEncrypted.byteLength) {
const nextOffset = Math.min(offset + encryptedChunkSize, fileEncrypted.byteLength);
chunks.push(await decryptChunk(fileEncrypted.slice(offset, nextOffset), dataKey));
offset = nextOffset;
}
const fileBuffer = concatenateBuffers(...chunks).buffer;
state.status = "decrypted"; state.status = "decrypted";
state.result = fileBuffer; state.result = fileBuffer;
return fileBuffer; return fileBuffer;
@@ -79,7 +88,7 @@ const decryptFile = limitFunction(
{ concurrency: 4 }, { concurrency: 4 },
); );
export const downloadFile = async (id: number, fileEncryptedIv: string, dataKey: CryptoKey) => { export const downloadFile = async (id: number, dataKey: CryptoKey, isLegacy: boolean) => {
downloadingFiles.push({ downloadingFiles.push({
id, id,
status: "download-pending", status: "download-pending",
@@ -87,7 +96,13 @@ export const downloadFile = async (id: number, fileEncryptedIv: string, dataKey:
const state = downloadingFiles.at(-1)!; const state = downloadingFiles.at(-1)!;
try { try {
return await decryptFile(state, await requestFileDownload(state, id), fileEncryptedIv, dataKey); const fileEncrypted = await requestFileDownload(state, id);
return await decryptFile(
state,
fileEncrypted,
isLegacy ? fileEncrypted.byteLength : ENCRYPTED_CHUNK_SIZE,
dataKey,
);
} catch (e) { } catch (e) {
state.status = "error"; state.status = "error";
throw e; throw e;

27
src/lib/modules/file/thumbnail.ts
View File

@@ -1,11 +1,10 @@
import { LRUCache } from "lru-cache"; import { LRUCache } from "lru-cache";
import { writable, type Writable } from "svelte/store"; import { writable, type Writable } from "svelte/store";
import { browser } from "$app/environment"; import { browser } from "$app/environment";
import { decryptData } from "$lib/modules/crypto"; import { decryptChunk } from "$lib/modules/crypto";
import type { SummarizedFileInfo } from "$lib/modules/filesystem"; import type { SummarizedFileInfo } from "$lib/modules/filesystem";
import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs"; import { readFile, writeFile, deleteFile, deleteDirectory } from "$lib/modules/opfs";
import { getThumbnailUrl } from "$lib/modules/thumbnail"; import { getThumbnailUrl } from "$lib/modules/thumbnail";
import { isTRPCClientError, trpc } from "$trpc/client";
const loadedThumbnails = new LRUCache<number, Writable<string>>({ max: 100 }); const loadedThumbnails = new LRUCache<number, Writable<string>>({ max: 100 });
const loadingThumbnails = new Map<number, Writable<string | undefined>>(); const loadingThumbnails = new Map<number, Writable<string | undefined>>();
@@ -18,25 +17,13 @@ const fetchFromOpfs = async (fileId: number) => {
}; };
const fetchFromServer = async (fileId: number, dataKey: CryptoKey) => { const fetchFromServer = async (fileId: number, dataKey: CryptoKey) => {
try { const res = await fetch(`/api/file/${fileId}/thumbnail/download`);
const [thumbnailEncrypted, { contentIv: thumbnailEncryptedIv }] = await Promise.all([ if (!res.ok) return null;
fetch(`/api/file/${fileId}/thumbnail/download`),
trpc().file.thumbnail.query({ id: fileId }),
]);
const thumbnailBuffer = await decryptData(
await thumbnailEncrypted.arrayBuffer(),
thumbnailEncryptedIv,
dataKey,
);
void writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer); const thumbnailBuffer = await decryptChunk(await res.arrayBuffer(), dataKey);
return getThumbnailUrl(thumbnailBuffer);
} catch (e) { void writeFile(`/thumbnail/file/${fileId}`, thumbnailBuffer);
if (isTRPCClientError(e) && e.data?.code === "NOT_FOUND") { return getThumbnailUrl(thumbnailBuffer);
return null;
}
throw e;
}
}; };
export const getFileThumbnail = (file: SummarizedFileInfo) => { export const getFileThumbnail = (file: SummarizedFileInfo) => {

236
src/lib/modules/file/upload.svelte.ts
View File

@@ -1,26 +1,16 @@
import axios from "axios";
import ExifReader from "exifreader"; import ExifReader from "exifreader";
import { limitFunction } from "p-limit"; import { limitFunction } from "p-limit";
import { import { CHUNK_SIZE } from "$lib/constants";
encodeToBase64, import { encodeToBase64, generateDataKey, wrapDataKey, encryptString } from "$lib/modules/crypto";
generateDataKey, import { signMessageHmac } from "$lib/modules/crypto";
wrapDataKey,
encryptData,
encryptString,
digestMessage,
signMessageHmac,
} from "$lib/modules/crypto";
import { Scheduler } from "$lib/modules/scheduler";
import { generateThumbnail } from "$lib/modules/thumbnail"; import { generateThumbnail } from "$lib/modules/thumbnail";
import type { import { uploadBlob } from "$lib/modules/upload";
FileThumbnailUploadRequest,
FileUploadRequest,
FileUploadResponse,
} from "$lib/server/schemas";
import type { MasterKey, HmacSecret } from "$lib/stores"; import type { MasterKey, HmacSecret } from "$lib/stores";
import { Scheduler } from "$lib/utils";
import { trpc } from "$trpc/client"; import { trpc } from "$trpc/client";
export interface FileUploadState { export interface FileUploadState {
id: string;
name: string; name: string;
parentId: DirectoryId; parentId: DirectoryId;
status: status:
@@ -42,7 +32,7 @@ export type LiveFileUploadState = FileUploadState & {
}; };
const scheduler = new Scheduler< const scheduler = new Scheduler<
{ fileId: number; fileBuffer: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined { fileId: number; fileBuffer?: ArrayBuffer; thumbnailBuffer?: ArrayBuffer } | undefined
>(); >();
let uploadingFiles: FileUploadState[] = $state([]); let uploadingFiles: FileUploadState[] = $state([]);
@@ -61,16 +51,21 @@ export const clearUploadedFiles = () => {
}; };
const requestDuplicateFileScan = limitFunction( const requestDuplicateFileScan = limitFunction(
async (file: File, hmacSecret: HmacSecret, onDuplicate: () => Promise<boolean>) => { async (
const fileBuffer = await file.arrayBuffer(); state: FileUploadState,
const fileSigned = encodeToBase64(await signMessageHmac(fileBuffer, hmacSecret.secret)); file: File,
hmacSecret: HmacSecret,
onDuplicate: () => Promise<boolean>,
) => {
state.status = "encryption-pending";
const fileSigned = encodeToBase64(await signMessageHmac(file, hmacSecret.secret));
const files = await trpc().file.listByHash.query({ const files = await trpc().file.listByHash.query({
hskVersion: hmacSecret.version, hskVersion: hmacSecret.version,
contentHmac: fileSigned, contentHmac: fileSigned,
}); });
if (files.length === 0 || (await onDuplicate())) { if (files.length === 0 || (await onDuplicate())) {
return { fileBuffer, fileSigned }; return { fileSigned };
} else { } else {
return {}; return {};
} }
@@ -110,74 +105,98 @@ const extractExifDateTime = (fileBuffer: ArrayBuffer) => {
return new Date(utcDate - offsetMs); return new Date(utcDate - offsetMs);
}; };
const encryptFile = limitFunction( interface FileMetadata {
async (state: FileUploadState, file: File, fileBuffer: ArrayBuffer, masterKey: MasterKey) => { parentId: "root" | number;
name: string;
createdAt?: Date;
lastModifiedAt: Date;
}
const requestFileMetadataEncryption = limitFunction(
async (
state: FileUploadState,
file: Blob,
fileMetadata: FileMetadata,
masterKey: MasterKey,
hmacSecret: HmacSecret,
) => {
state.status = "encrypting"; state.status = "encrypting";
const fileType = getFileType(file);
let createdAt;
if (fileType.startsWith("image/")) {
createdAt = extractExifDateTime(fileBuffer);
}
const { dataKey, dataKeyVersion } = await generateDataKey(); const { dataKey, dataKeyVersion } = await generateDataKey();
const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key); const dataKeyWrapped = await wrapDataKey(dataKey, masterKey.key);
const fileEncrypted = await encryptData(fileBuffer, dataKey); const [nameEncrypted, createdAtEncrypted, lastModifiedAtEncrypted, thumbnailBuffer] =
const fileEncryptedHash = encodeToBase64(await digestMessage(fileEncrypted.ciphertext)); await Promise.all([
encryptString(fileMetadata.name, dataKey),
fileMetadata.createdAt &&
encryptString(fileMetadata.createdAt.getTime().toString(), dataKey),
encryptString(fileMetadata.lastModifiedAt.getTime().toString(), dataKey),
generateThumbnail(file).then((blob) => blob?.arrayBuffer()),
]);
const nameEncrypted = await encryptString(file.name, dataKey); const { uploadId } = await trpc().upload.startFileUpload.mutate({
const createdAtEncrypted = chunks: Math.ceil(file.size / CHUNK_SIZE),
createdAt && (await encryptString(createdAt.getTime().toString(), dataKey)); parent: fileMetadata.parentId,
const lastModifiedAtEncrypted = await encryptString(file.lastModified.toString(), dataKey); mekVersion: masterKey.version,
dek: dataKeyWrapped,
const thumbnail = await generateThumbnail(fileBuffer, fileType); dekVersion: dataKeyVersion,
const thumbnailBuffer = await thumbnail?.arrayBuffer(); hskVersion: hmacSecret.version,
const thumbnailEncrypted = thumbnailBuffer && (await encryptData(thumbnailBuffer, dataKey)); contentType: file.type,
name: nameEncrypted.ciphertext,
nameIv: nameEncrypted.iv,
createdAt: createdAtEncrypted?.ciphertext,
createdAtIv: createdAtEncrypted?.iv,
lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
lastModifiedAtIv: lastModifiedAtEncrypted.iv,
});
state.status = "upload-pending"; state.status = "upload-pending";
return { uploadId, thumbnailBuffer, dataKey, dataKeyVersion };
return {
dataKeyWrapped,
dataKeyVersion,
fileType,
fileEncrypted,
fileEncryptedHash,
nameEncrypted,
createdAtEncrypted,
lastModifiedAtEncrypted,
thumbnail: thumbnailEncrypted && { plaintext: thumbnailBuffer, ...thumbnailEncrypted },
};
}, },
{ concurrency: 4 }, { concurrency: 4 },
); );
const requestFileUpload = limitFunction( const requestFileUpload = limitFunction(
async (state: FileUploadState, form: FormData, thumbnailForm: FormData | null) => { async (
state: FileUploadState,
uploadId: string,
file: Blob,
fileSigned: string,
thumbnailBuffer: ArrayBuffer | undefined,
dataKey: CryptoKey,
dataKeyVersion: Date,
) => {
state.status = "uploading"; state.status = "uploading";
const res = await axios.post("/api/file/upload", form, { await uploadBlob(uploadId, file, dataKey, {
onUploadProgress: ({ progress, rate, estimated }) => { onProgress(s) {
state.progress = progress; state.progress = s.progress;
state.rate = rate; state.rate = s.rate;
state.estimated = estimated;
}, },
}); });
const { file }: FileUploadResponse = res.data;
if (thumbnailForm) { const { file: fileId } = await trpc().upload.completeFileUpload.mutate({
uploadId,
contentHmac: fileSigned,
});
if (thumbnailBuffer) {
try { try {
await axios.post(`/api/file/${file}/thumbnail/upload`, thumbnailForm); const { uploadId } = await trpc().upload.startFileThumbnailUpload.mutate({
file: fileId,
dekVersion: dataKeyVersion,
});
await uploadBlob(uploadId, new Blob([thumbnailBuffer]), dataKey);
await trpc().upload.completeFileThumbnailUpload.mutate({ uploadId });
} catch (e) { } catch (e) {
// TODO
console.error(e); console.error(e);
} }
} }
state.status = "uploaded"; state.status = "uploaded";
return { fileId };
return { fileId: file };
}, },
{ concurrency: 1 }, { concurrency: 1 },
); );
@@ -185,11 +204,12 @@ const requestFileUpload = limitFunction(
export const uploadFile = async ( export const uploadFile = async (
file: File, file: File,
parentId: "root" | number, parentId: "root" | number,
hmacSecret: HmacSecret,
masterKey: MasterKey, masterKey: MasterKey,
hmacSecret: HmacSecret,
onDuplicate: () => Promise<boolean>, onDuplicate: () => Promise<boolean>,
) => { ) => {
uploadingFiles.push({ uploadingFiles.push({
id: crypto.randomUUID(),
name: file.name, name: file.name,
parentId, parentId,
status: "queued", status: "queued",
@@ -197,70 +217,44 @@ export const uploadFile = async (
const state = uploadingFiles.at(-1)!; const state = uploadingFiles.at(-1)!;
return await scheduler.schedule(file.size, async () => { return await scheduler.schedule(file.size, async () => {
state.status = "encryption-pending";
try { try {
const { fileBuffer, fileSigned } = await requestDuplicateFileScan( const { fileSigned } = await requestDuplicateFileScan(state, file, hmacSecret, onDuplicate);
file,
hmacSecret, if (!fileSigned) {
onDuplicate,
);
if (!fileBuffer || !fileSigned) {
state.status = "canceled"; state.status = "canceled";
uploadingFiles = uploadingFiles.filter((file) => file !== state); uploadingFiles = uploadingFiles.filter((file) => file !== state);
return undefined; return;
} }
const { let fileBuffer;
dataKeyWrapped, const fileType = getFileType(file);
const fileMetadata: FileMetadata = {
parentId,
name: file.name,
lastModifiedAt: new Date(file.lastModified),
};
if (fileType.startsWith("image/")) {
fileBuffer = await file.arrayBuffer();
fileMetadata.createdAt = extractExifDateTime(fileBuffer);
}
const blob = new Blob([file], { type: fileType });
const { uploadId, thumbnailBuffer, dataKey, dataKeyVersion } =
await requestFileMetadataEncryption(state, blob, fileMetadata, masterKey, hmacSecret);
const { fileId } = await requestFileUpload(
state,
uploadId,
blob,
fileSigned,
thumbnailBuffer,
dataKey,
dataKeyVersion, dataKeyVersion,
fileType,
fileEncrypted,
fileEncryptedHash,
nameEncrypted,
createdAtEncrypted,
lastModifiedAtEncrypted,
thumbnail,
} = await encryptFile(state, file, fileBuffer, masterKey);
const form = new FormData();
form.set(
"metadata",
JSON.stringify({
parent: parentId,
mekVersion: masterKey.version,
dek: dataKeyWrapped,
dekVersion: dataKeyVersion.toISOString(),
hskVersion: hmacSecret.version,
contentHmac: fileSigned,
contentType: fileType,
contentIv: fileEncrypted.iv,
name: nameEncrypted.ciphertext,
nameIv: nameEncrypted.iv,
createdAt: createdAtEncrypted?.ciphertext,
createdAtIv: createdAtEncrypted?.iv,
lastModifiedAt: lastModifiedAtEncrypted.ciphertext,
lastModifiedAtIv: lastModifiedAtEncrypted.iv,
} satisfies FileUploadRequest),
); );
form.set("content", new Blob([fileEncrypted.ciphertext]));
form.set("checksum", fileEncryptedHash);
let thumbnailForm = null; return { fileId, fileBuffer, thumbnailBuffer };
if (thumbnail) {
thumbnailForm = new FormData();
thumbnailForm.set(
"metadata",
JSON.stringify({
dekVersion: dataKeyVersion.toISOString(),
contentIv: thumbnail.iv,
} satisfies FileThumbnailUploadRequest),
);
thumbnailForm.set("content", new Blob([thumbnail.ciphertext]));
}
const { fileId } = await requestFileUpload(state, form, thumbnailForm);
return { fileId, fileBuffer, thumbnailBuffer: thumbnail?.plaintext };
} catch (e) { } catch (e) {
state.status = "error"; state.status = "error";
throw e; throw e;

4
src/lib/modules/filesystem/file.ts
View File

@@ -47,10 +47,10 @@ const cache = new FilesystemCache<number, MaybeFileInfo>({
return storeToIndexedDB({ return storeToIndexedDB({
id, id,
isLegacy: file.isLegacy,
parentId: file.parent, parentId: file.parent,
dataKey: metadata.dataKey, dataKey: metadata.dataKey,
contentType: file.contentType, contentType: file.contentType,
contentIv: file.contentIv,
name: metadata.name, name: metadata.name,
createdAt: metadata.createdAt, createdAt: metadata.createdAt,
lastModifiedAt: metadata.lastModifiedAt, lastModifiedAt: metadata.lastModifiedAt,
@@ -116,9 +116,9 @@ const cache = new FilesystemCache<number, MaybeFileInfo>({
return { return {
id, id,
exists: true as const, exists: true as const,
isLegacy: metadataRaw.isLegacy,
parentId: metadataRaw.parent, parentId: metadataRaw.parent,
contentType: metadataRaw.contentType, contentType: metadataRaw.contentType,
contentIv: metadataRaw.contentIv,
categories, categories,
...metadata, ...metadata,
}; };

12
src/lib/modules/filesystem/types.ts
View File

@@ -1,7 +1,7 @@
export type DataKey = { key: CryptoKey; version: Date }; export type DataKey = { key: CryptoKey; version: Date };
type AllUndefined<T> = { [K in keyof T]?: undefined }; type AllUndefined<T> = { [K in keyof T]?: undefined };
interface LocalDirectoryInfo { export interface LocalDirectoryInfo {
id: number; id: number;
parentId: DirectoryId; parentId: DirectoryId;
dataKey?: DataKey; dataKey?: DataKey;
@@ -10,7 +10,7 @@ interface LocalDirectoryInfo {
files: SummarizedFileInfo[]; files: SummarizedFileInfo[];
} }
interface RootDirectoryInfo { export interface RootDirectoryInfo {
id: "root"; id: "root";
parentId?: undefined; parentId?: undefined;
dataKey?: undefined; dataKey?: undefined;
@@ -28,10 +28,10 @@ export type SubDirectoryInfo = Omit<LocalDirectoryInfo, "subDirectories" | "file
export interface FileInfo { export interface FileInfo {
id: number; id: number;
isLegacy?: boolean;
parentId: DirectoryId; parentId: DirectoryId;
dataKey?: DataKey; dataKey?: DataKey;
contentType: string; contentType: string;
contentIv?: string;
name: string; name: string;
createdAt?: Date; createdAt?: Date;
lastModifiedAt: Date; lastModifiedAt: Date;
@@ -42,10 +42,10 @@ export type MaybeFileInfo =
| (FileInfo & { exists: true }) | (FileInfo & { exists: true })
| ({ id: number; exists: false } & AllUndefined<Omit<FileInfo, "id">>); | ({ id: number; exists: false } & AllUndefined<Omit<FileInfo, "id">>);
export type SummarizedFileInfo = Omit<FileInfo, "contentIv" | "categories">; export type SummarizedFileInfo = Omit<FileInfo, "categories">;
export type CategoryFileInfo = SummarizedFileInfo & { isRecursive: boolean }; export type CategoryFileInfo = SummarizedFileInfo & { isRecursive: boolean };
interface LocalCategoryInfo { export interface LocalCategoryInfo {
id: number; id: number;
parentId: DirectoryId; parentId: DirectoryId;
dataKey?: DataKey; dataKey?: DataKey;
@@ -55,7 +55,7 @@ interface LocalCategoryInfo {
isFileRecursive: boolean; isFileRecursive: boolean;
} }
interface RootCategoryInfo { export interface RootCategoryInfo {
id: "root"; id: "root";
parentId?: undefined; parentId?: undefined;
dataKey?: undefined; dataKey?: undefined;

22
src/lib/modules/http.ts Normal file
View File

@@ -0,0 +1,22 @@
export const parseRangeHeader = (value: string | null) => {
if (!value) return undefined;
const firstRange = value.split(",")[0]!.trim();
const parts = firstRange.replace(/bytes=/, "").split("-");
return {
start: parts[0] ? parseInt(parts[0], 10) : undefined,
end: parts[1] ? parseInt(parts[1], 10) : undefined,
};
};
export const getContentRangeHeader = (range?: { start: number; end: number; total: number }) => {
return range && { "Content-Range": `bytes ${range.start}-${range.end}/${range.total}` };
};
export const parseContentDigestHeader = (value: string | null) => {
if (!value) return undefined;
const firstDigest = value.split(",")[0]!.trim();
const match = firstDigest.match(/^sha-256=:([A-Za-z0-9+/=]+):$/);
return match?.[1];
};

6
src/lib/modules/key.ts
View File

@@ -2,7 +2,7 @@ import { z } from "zod";
import { storeClientKey } from "$lib/indexedDB"; import { storeClientKey } from "$lib/indexedDB";
import type { ClientKeys } from "$lib/stores"; import type { ClientKeys } from "$lib/stores";
const serializedClientKeysSchema = z.intersection( const SerializedClientKeysSchema = z.intersection(
z.object({ z.object({
generator: z.literal("ArkVault"), generator: z.literal("ArkVault"),
exportedAt: z.iso.datetime(), exportedAt: z.iso.datetime(),
@@ -16,7 +16,7 @@ const serializedClientKeysSchema = z.intersection(
}), }),
); );
type SerializedClientKeys = z.infer<typeof serializedClientKeysSchema>; type SerializedClientKeys = z.infer<typeof SerializedClientKeysSchema>;
type DeserializedClientKeys = { type DeserializedClientKeys = {
encryptKeyBase64: string; encryptKeyBase64: string;
@@ -43,7 +43,7 @@ export const serializeClientKeys = ({
}; };
export const deserializeClientKeys = (serialized: string) => { export const deserializeClientKeys = (serialized: string) => {
const zodRes = serializedClientKeysSchema.safeParse(JSON.parse(serialized)); const zodRes = SerializedClientKeysSchema.safeParse(JSON.parse(serialized));
if (zodRes.success) { if (zodRes.success) {
return { return {
encryptKeyBase64: zodRes.data.encryptKey, encryptKeyBase64: zodRes.data.encryptKey,

27
src/lib/modules/opfs.ts
View File

@@ -1,13 +1,5 @@
let rootHandle: FileSystemDirectoryHandle | null = null;
export const prepareOpfs = async () => {
rootHandle = await navigator.storage.getDirectory();
};
const getFileHandle = async (path: string, create = true) => { const getFileHandle = async (path: string, create = true) => {
if (!rootHandle) { if (path[0] !== "/") {
throw new Error("OPFS not prepared");
} else if (path[0] !== "/") {
throw new Error("Path must be absolute"); throw new Error("Path must be absolute");
} }
@@ -17,7 +9,7 @@ const getFileHandle = async (path: string, create = true) => {
} }
try { try {
let directoryHandle = rootHandle; let directoryHandle = await navigator.storage.getDirectory();
for (const part of parts.slice(0, -1)) { for (const part of parts.slice(0, -1)) {
if (!part) continue; if (!part) continue;
directoryHandle = await directoryHandle.getDirectoryHandle(part, { create }); directoryHandle = await directoryHandle.getDirectoryHandle(part, { create });
@@ -34,12 +26,15 @@ const getFileHandle = async (path: string, create = true) => {
} }
}; };
export const readFile = async (path: string) => { export const getFile = async (path: string) => {
const { fileHandle } = await getFileHandle(path, false); const { fileHandle } = await getFileHandle(path, false);
if (!fileHandle) return null; if (!fileHandle) return null;
const file = await fileHandle.getFile(); return await fileHandle.getFile();
return await file.arrayBuffer(); };
export const readFile = async (path: string) => {
return (await getFile(path))?.arrayBuffer() ?? null;
}; };
export const writeFile = async (path: string, data: ArrayBuffer) => { export const writeFile = async (path: string, data: ArrayBuffer) => {
@@ -61,9 +56,7 @@ export const deleteFile = async (path: string) => {
}; };
const getDirectoryHandle = async (path: string) => { const getDirectoryHandle = async (path: string) => {
if (!rootHandle) { if (path[0] !== "/") {
throw new Error("OPFS not prepared");
} else if (path[0] !== "/") {
throw new Error("Path must be absolute"); throw new Error("Path must be absolute");
} }
@@ -73,7 +66,7 @@ const getDirectoryHandle = async (path: string) => {
} }
try { try {
let directoryHandle = rootHandle; let directoryHandle = await navigator.storage.getDirectory();
let parentHandle; let parentHandle;
for (const part of parts.slice(1)) { for (const part of parts.slice(1)) {
if (!part) continue; if (!part) continue;

19
src/lib/modules/thumbnail.ts
View File

@@ -52,7 +52,6 @@ const generateImageThumbnail = (imageUrl: string) => {
.catch(reject); .catch(reject);
}; };
image.onerror = reject; image.onerror = reject;
image.src = imageUrl; image.src = imageUrl;
}); });
}; };
@@ -85,31 +84,27 @@ const generateVideoThumbnail = (videoUrl: string, time = 0) => {
}); });
}; };
export const generateThumbnail = async (fileBuffer: ArrayBuffer, fileType: string) => { export const generateThumbnail = async (blob: Blob) => {
let url; let url;
try { try {
if (fileType.startsWith("image/")) { if (blob.type.startsWith("image/")) {
const fileBlob = new Blob([fileBuffer], { type: fileType }); url = URL.createObjectURL(blob);
url = URL.createObjectURL(fileBlob);
try { try {
return await generateImageThumbnail(url); return await generateImageThumbnail(url);
} catch { } catch {
URL.revokeObjectURL(url); URL.revokeObjectURL(url);
url = undefined; url = undefined;
if (fileType === "image/heic") { if (blob.type === "image/heic") {
const { default: heic2any } = await import("heic2any"); const { default: heic2any } = await import("heic2any");
url = URL.createObjectURL( url = URL.createObjectURL((await heic2any({ blob, toType: "image/png" })) as Blob);
(await heic2any({ blob: fileBlob, toType: "image/png" })) as Blob,
);
return await generateImageThumbnail(url); return await generateImageThumbnail(url);
} else { } else {
return null; return null;
} }
} }
} else if (fileType.startsWith("video/")) { } else if (blob.type.startsWith("video/")) {
url = URL.createObjectURL(new Blob([fileBuffer], { type: fileType })); url = URL.createObjectURL(blob);
return await generateVideoThumbnail(url); return await generateVideoThumbnail(url);
} }
return null; return null;

183
src/lib/modules/upload.ts Normal file
View File

@@ -0,0 +1,183 @@
import axios from "axios";
import pLimit from "p-limit";
import { ENCRYPTION_OVERHEAD, CHUNK_SIZE } from "$lib/constants";
import { encryptChunk, digestMessage, encodeToBase64 } from "$lib/modules/crypto";
import { BoundedQueue } from "$lib/utils";
interface UploadStats {
progress: number;
rate: number;
}
interface EncryptedChunk {
index: number;
data: ArrayBuffer;
hash: string;
}
const createSpeedMeter = (timeWindow = 3000, minInterval = 200, warmupPeriod = 500) => {
const samples: { t: number; b: number }[] = [];
let lastSpeed = 0;
let startTime: number | null = null;
return (bytesNow?: number) => {
if (bytesNow === undefined) return lastSpeed;
const now = performance.now();
// Initialize start time on first call
if (startTime === null) {
startTime = now;
}
// Check if enough time has passed since the last sample
const lastSample = samples[samples.length - 1];
if (lastSample && now - lastSample.t < minInterval) {
return lastSpeed;
}
samples.push({ t: now, b: bytesNow });
// Remove old samples outside the time window
const cutoff = now - timeWindow;
while (samples.length > 2 && samples[0]!.t < cutoff) samples.shift();
// Need at least 2 samples to calculate speed
if (samples.length < 2) {
return lastSpeed;
}
const first = samples[0]!;
const dt = now - first.t;
const db = bytesNow - first.b;
if (dt >= minInterval) {
const instantSpeed = (db / dt) * 1000;
// Apply EMA for smoother speed transitions
const alpha = 0.3;
const rawSpeed =
lastSpeed === 0 ? instantSpeed : alpha * instantSpeed + (1 - alpha) * lastSpeed;
// Apply warmup ramp to prevent initial overestimation
const elapsed = now - startTime;
const warmupWeight = Math.min(1, elapsed / warmupPeriod);
lastSpeed = rawSpeed * warmupWeight;
}
return lastSpeed;
};
};
const encryptChunkData = async (
chunk: Blob,
dataKey: CryptoKey,
): Promise<{ data: ArrayBuffer; hash: string }> => {
const encrypted = await encryptChunk(await chunk.arrayBuffer(), dataKey);
const hash = encodeToBase64(await digestMessage(encrypted));
return { data: encrypted, hash };
};
const uploadEncryptedChunk = async (
uploadId: string,
chunkIndex: number,
encrypted: ArrayBuffer,
hash: string,
onChunkProgress: (chunkIndex: number, loaded: number) => void,
) => {
await axios.post(`/api/upload/${uploadId}/chunks/${chunkIndex + 1}`, encrypted, {
headers: {
"Content-Type": "application/octet-stream",
"Content-Digest": `sha-256=:${hash}:`,
},
onUploadProgress(e) {
onChunkProgress(chunkIndex, e.loaded ?? 0);
},
});
onChunkProgress(chunkIndex, encrypted.byteLength);
};
export const uploadBlob = async (
uploadId: string,
blob: Blob,
dataKey: CryptoKey,
options?: { concurrency?: number; onProgress?: (s: UploadStats) => void },
) => {
const onProgress = options?.onProgress;
const networkConcurrency = options?.concurrency ?? 4;
const maxQueueSize = 8;
const totalChunks = Math.ceil(blob.size / CHUNK_SIZE);
const totalBytes = blob.size + totalChunks * ENCRYPTION_OVERHEAD;
const uploadedByChunk = new Array<number>(totalChunks).fill(0);
const speedMeter = createSpeedMeter(3000, 200);
const emit = () => {
if (!onProgress) return;
const uploadedBytes = uploadedByChunk.reduce((a, b) => a + b, 0);
const rate = speedMeter(uploadedBytes);
const progress = Math.min(1, uploadedBytes / totalBytes);
onProgress({ progress, rate });
};
const onChunkProgress = (idx: number, loaded: number) => {
uploadedByChunk[idx] = loaded;
emit();
};
const queue = new BoundedQueue<EncryptedChunk>(maxQueueSize);
let encryptionError: Error | null = null;
// Producer: encrypt chunks and push to queue
const encryptionProducer = async () => {
try {
for (let i = 0; i < totalChunks; i++) {
const chunk = blob.slice(i * CHUNK_SIZE, (i + 1) * CHUNK_SIZE);
const { data, hash } = await encryptChunkData(chunk, dataKey);
await queue.push({ index: i, data, hash });
}
} catch (e) {
encryptionError = e instanceof Error ? e : new Error(String(e));
} finally {
queue.close();
}
};
// Consumer: upload chunks from queue with concurrency limit
const uploadConsumer = async () => {
const limit = pLimit(networkConcurrency);
const activeTasks = new Set<Promise<void>>();
while (true) {
const item = await queue.pop();
if (item === null) break;
if (encryptionError) throw encryptionError;
const task = limit(async () => {
try {
await uploadEncryptedChunk(uploadId, item.index, item.data, item.hash, onChunkProgress);
} finally {
// @ts-ignore
item.data = null;
}
});
activeTasks.add(task);
task.finally(() => activeTasks.delete(task));
if (activeTasks.size >= networkConcurrency) {
await Promise.race(activeTasks);
}
}
await Promise.all(activeTasks);
};
// Run producer and consumer concurrently
await Promise.all([encryptionProducer(), uploadConsumer()]);
onProgress?.({ progress: 1, rate: speedMeter() });
};

4
src/lib/schemas/filesystem.ts Normal file
View File

@@ -0,0 +1,4 @@
import { z } from "zod";
export const DirectoryIdSchema = z.union([z.literal("root"), z.int().positive()]);
export const CategoryIdSchema = z.union([z.literal("root"), z.int().positive()]);

1
src/lib/schemas/index.ts Normal file
View File

@@ -0,0 +1 @@
export * from "./filesystem";

1
src/lib/server/db/error.ts
View File

@@ -9,6 +9,7 @@ type IntegrityErrorMessages =
// File // File
| "Directory not found" | "Directory not found"
| "File not found" | "File not found"
| "File is not legacy"
| "File not found in category" | "File not found in category"
| "File already added to category" | "File already added to category"
| "Invalid DEK version" | "Invalid DEK version"

285
src/lib/server/db/file.ts
View File

@@ -15,8 +15,6 @@ interface Directory {
encName: Ciphertext; encName: Ciphertext;
} }
export type NewDirectory = Omit<Directory, "id">;
interface File { interface File {
id: number; id: number;
parentId: DirectoryId; parentId: DirectoryId;
@@ -28,15 +26,13 @@ interface File {
hskVersion: number | null; hskVersion: number | null;
contentHmac: string | null; contentHmac: string | null;
contentType: string; contentType: string;
encContentIv: string; encContentIv: string | null;
encContentHash: string; encContentHash: string;
encName: Ciphertext; encName: Ciphertext;
encCreatedAt: Ciphertext | null; encCreatedAt: Ciphertext | null;
encLastModifiedAt: Ciphertext; encLastModifiedAt: Ciphertext;
} }
export type NewFile = Omit<File, "id">;
interface FileCategory { interface FileCategory {
id: number; id: number;
parentId: CategoryId; parentId: CategoryId;
@@ -46,7 +42,7 @@ interface FileCategory {
encName: Ciphertext; encName: Ciphertext;
} }
export const registerDirectory = async (params: NewDirectory) => { export const registerDirectory = async (params: Omit<Directory, "id">) => {
await db.transaction().execute(async (trx) => { await db.transaction().execute(async (trx) => {
const mek = await trx const mek = await trx
.selectFrom("master_encryption_key") .selectFrom("master_encryption_key")
@@ -105,6 +101,39 @@ export const getAllDirectoriesByParent = async (userId: number, parentId: Direct
); );
}; };
export const getAllRecursiveDirectoriesByParent = async (userId: number, parentId: DirectoryId) => {
const directories = await db
.withRecursive("directory_tree", (db) =>
db
.selectFrom("directory")
.selectAll()
.$if(parentId === "root", (qb) => qb.where("parent_id", "is", null))
.$if(parentId !== "root", (qb) => qb.where("parent_id", "=", parentId as number))
.where("user_id", "=", userId)
.unionAll((db) =>
db
.selectFrom("directory")
.innerJoin("directory_tree", "directory.parent_id", "directory_tree.id")
.selectAll("directory"),
),
)
.selectFrom("directory_tree")
.selectAll()
.execute();
return directories.map(
(directory) =>
({
id: directory.id,
parentId: directory.parent_id ?? "root",
userId: directory.user_id,
mekVersion: directory.master_encryption_key_version,
encDek: directory.encrypted_data_encryption_key,
dekVersion: directory.data_encryption_key_version,
encName: directory.encrypted_name,
}) satisfies Directory,
);
};
export const getDirectory = async (userId: number, directoryId: number) => { export const getDirectory = async (userId: number, directoryId: number) => {
const directory = await db const directory = await db
.selectFrom("directory") .selectFrom("directory")
@@ -214,69 +243,41 @@ export const unregisterDirectory = async (userId: number, directoryId: number) =
}); });
}; };
export const registerFile = async (params: NewFile) => { export const registerFile = async (trx: typeof db, params: Omit<File, "id">) => {
if ((params.hskVersion && !params.contentHmac) || (!params.hskVersion && params.contentHmac)) { if ((params.hskVersion && !params.contentHmac) || (!params.hskVersion && params.contentHmac)) {
throw new Error("Invalid arguments"); throw new Error("Invalid arguments");
} }
return await db.transaction().execute(async (trx) => { const { fileId } = await trx
const mek = await trx .insertInto("file")
.selectFrom("master_encryption_key") .values({
.select("version") parent_id: params.parentId !== "root" ? params.parentId : null,
.where("user_id", "=", params.userId) user_id: params.userId,
.where("state", "=", "active") path: params.path,
.limit(1) master_encryption_key_version: params.mekVersion,
.forUpdate() encrypted_data_encryption_key: params.encDek,
.executeTakeFirst(); data_encryption_key_version: params.dekVersion,
if (mek?.version !== params.mekVersion) { hmac_secret_key_version: params.hskVersion,
throw new IntegrityError("Inactive MEK version"); content_hmac: params.contentHmac,
} content_type: params.contentType,
encrypted_content_iv: params.encContentIv,
if (params.hskVersion) { encrypted_content_hash: params.encContentHash,
const hsk = await trx encrypted_name: params.encName,
.selectFrom("hmac_secret_key") encrypted_created_at: params.encCreatedAt,
.select("version") encrypted_last_modified_at: params.encLastModifiedAt,
.where("user_id", "=", params.userId) })
.where("state", "=", "active") .returning("id as fileId")
.limit(1) .executeTakeFirstOrThrow();
.forUpdate() await trx
.executeTakeFirst(); .insertInto("file_log")
if (hsk?.version !== params.hskVersion) { .values({
throw new IntegrityError("Inactive HSK version"); file_id: fileId,
} timestamp: new Date(),
} action: "create",
new_name: params.encName,
const { fileId } = await trx })
.insertInto("file") .execute();
.values({ return { id: fileId };
parent_id: params.parentId !== "root" ? params.parentId : null,
user_id: params.userId,
path: params.path,
master_encryption_key_version: params.mekVersion,
encrypted_data_encryption_key: params.encDek,
data_encryption_key_version: params.dekVersion,
hmac_secret_key_version: params.hskVersion,
content_hmac: params.contentHmac,
content_type: params.contentType,
encrypted_content_iv: params.encContentIv,
encrypted_content_hash: params.encContentHash,
encrypted_name: params.encName,
encrypted_created_at: params.encCreatedAt,
encrypted_last_modified_at: params.encLastModifiedAt,
})
.returning("id as fileId")
.executeTakeFirstOrThrow();
await trx
.insertInto("file_log")
.values({
file_id: fileId,
timestamp: new Date(),
action: "create",
new_name: params.encName,
})
.execute();
return { id: fileId };
});
}; };
export const getAllFilesByParent = async (userId: number, parentId: DirectoryId) => { export const getAllFilesByParent = async (userId: number, parentId: DirectoryId) => {
@@ -366,6 +367,16 @@ export const getAllFileIds = async (userId: number) => {
return files.map(({ id }) => id); return files.map(({ id }) => id);
}; };
export const getLegacyFileIds = async (userId: number) => {
const files = await db
.selectFrom("file")
.select("id")
.where("user_id", "=", userId)
.where("encrypted_content_iv", "is not", null)
.execute();
return files.map(({ id }) => id);
};
export const getAllFileIdsByContentHmac = async ( export const getAllFileIdsByContentHmac = async (
userId: number, userId: number,
hskVersion: number, hskVersion: number,
@@ -456,6 +467,105 @@ export const getFilesWithCategories = async (userId: number, fileIds: number[])
); );
}; };
export const searchFiles = async (
userId: number,
filters: {
parentId: DirectoryId;
includeCategoryIds: number[];
excludeCategoryIds: number[];
},
) => {
const ctes: string[] = [];
const conditions: string[] = [];
if (filters.parentId === "root") {
conditions.push(`user_id = ${userId}`);
} else {
ctes.push(`
directory_tree AS (
SELECT id FROM directory WHERE user_id = ${userId} AND id = ${filters.parentId}
UNION ALL
SELECT d.id FROM directory d INNER JOIN directory_tree dt ON d.parent_id = dt.id
)`);
conditions.push(`parent_id IN (SELECT id FROM directory_tree)`);
}
filters.includeCategoryIds.forEach((categoryId, index) => {
ctes.push(`
include_category_tree_${index} AS (
SELECT id FROM category WHERE user_id = ${userId} AND id = ${categoryId}
UNION ALL
SELECT c.id FROM category c INNER JOIN include_category_tree_${index} ct ON c.parent_id = ct.id
)`);
conditions.push(`
EXISTS(
SELECT 1 FROM file_category
WHERE file_id = file.id
AND EXISTS (SELECT 1 FROM include_category_tree_${index} ct WHERE ct.id = category_id)
)`);
});
if (filters.excludeCategoryIds.length > 0) {
ctes.push(`
exclude_category_tree AS (
SELECT id FROM category WHERE user_id = ${userId} AND id IN (${filters.excludeCategoryIds.join(",")})
UNION ALL
SELECT c.id FROM category c INNER JOIN exclude_category_tree ct ON c.parent_id = ct.id
)`);
conditions.push(`
NOT EXISTS(
SELECT 1 FROM file_category
WHERE file_id = id
AND EXISTS (SELECT 1 FROM exclude_category_tree ct WHERE ct.id = category_id)
)`);
}
const query = `
${ctes.length > 0 ? `WITH RECURSIVE ${ctes.join(",")}` : ""}
SELECT * FROM file
WHERE ${conditions.join(" AND ")}
`;
const { rows } = await sql
.raw<{
id: number;
parent_id: number | null;
user_id: number;
path: string;
master_encryption_key_version: number;
encrypted_data_encryption_key: string;
data_encryption_key_version: Date;
hmac_secret_key_version: number;
content_hmac: string;
content_type: string;
encrypted_content_iv: string;
encrypted_content_hash: string;
encrypted_name: Ciphertext;
encrypted_created_at: Ciphertext | null;
encrypted_last_modified_at: Ciphertext;
}>(query)
.execute(db);
return rows.map(
(file) =>
({
id: file.id,
parentId: file.parent_id ?? "root",
userId: file.user_id,
path: file.path,
mekVersion: file.master_encryption_key_version,
encDek: file.encrypted_data_encryption_key,
dekVersion: file.data_encryption_key_version,
hskVersion: file.hmac_secret_key_version,
contentHmac: file.content_hmac,
contentType: file.content_type,
encContentIv: file.encrypted_content_iv,
encContentHash: file.encrypted_content_hash,
encName: file.encrypted_name,
encCreatedAt: file.encrypted_created_at,
encLastModifiedAt: file.encrypted_last_modified_at,
}) satisfies File,
);
};
export const setFileEncName = async ( export const setFileEncName = async (
userId: number, userId: number,
fileId: number, fileId: number,
@@ -514,6 +624,51 @@ export const unregisterFile = async (userId: number, fileId: number) => {
}); });
}; };
export const migrateFileContent = async (
trx: typeof db,
userId: number,
fileId: number,
newPath: string,
dekVersion: Date,
encContentHash: string,
) => {
const file = await trx
.selectFrom("file")
.select(["path", "data_encryption_key_version", "encrypted_content_iv"])
.where("id", "=", fileId)
.where("user_id", "=", userId)
.limit(1)
.forUpdate()
.executeTakeFirst();
if (!file) {
throw new IntegrityError("File not found");
} else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
throw new IntegrityError("Invalid DEK version");
} else if (!file.encrypted_content_iv) {
throw new IntegrityError("File is not legacy");
}
await trx
.updateTable("file")
.set({
path: newPath,
encrypted_content_iv: null,
encrypted_content_hash: encContentHash,
})
.where("id", "=", fileId)
.where("user_id", "=", userId)
.execute();
await trx
.insertInto("file_log")
.values({
file_id: fileId,
timestamp: new Date(),
action: "migrate",
})
.execute();
return { oldPath: file.path };
};
export const addFileToCategory = async (fileId: number, categoryId: number) => { export const addFileToCategory = async (fileId: number, categoryId: number) => {
await db.transaction().execute(async (trx) => { await db.transaction().execute(async (trx) => {
try { try {

1
src/lib/server/db/index.ts
View File

@@ -5,6 +5,7 @@ export * as HskRepo from "./hsk";
export * as MediaRepo from "./media"; export * as MediaRepo from "./media";
export * as MekRepo from "./mek"; export * as MekRepo from "./mek";
export * as SessionRepo from "./session"; export * as SessionRepo from "./session";
export * as UploadRepo from "./upload";
export * as UserRepo from "./user"; export * as UserRepo from "./user";
export * from "./error"; export * from "./error";

77
src/lib/server/db/media.ts
View File

@@ -6,7 +6,7 @@ interface Thumbnail {
id: number; id: number;
path: string; path: string;
updatedAt: Date; updatedAt: Date;
encContentIv: string; encContentIv: string | null;
} }
interface FileThumbnail extends Thumbnail { interface FileThumbnail extends Thumbnail {
@@ -14,54 +14,53 @@ interface FileThumbnail extends Thumbnail {
} }
export const updateFileThumbnail = async ( export const updateFileThumbnail = async (
trx: typeof db,
userId: number, userId: number,
fileId: number, fileId: number,
dekVersion: Date, dekVersion: Date,
path: string, path: string,
encContentIv: string, encContentIv: string | null,
) => { ) => {
return await db.transaction().execute(async (trx) => { const file = await trx
const file = await trx .selectFrom("file")
.selectFrom("file") .select("data_encryption_key_version")
.select("data_encryption_key_version") .where("id", "=", fileId)
.where("id", "=", fileId) .where("user_id", "=", userId)
.where("user_id", "=", userId) .limit(1)
.limit(1) .forUpdate()
.forUpdate() .executeTakeFirst();
.executeTakeFirst(); if (!file) {
if (!file) { throw new IntegrityError("File not found");
throw new IntegrityError("File not found"); } else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) {
} else if (file.data_encryption_key_version.getTime() !== dekVersion.getTime()) { throw new IntegrityError("Invalid DEK version");
throw new IntegrityError("Invalid DEK version"); }
}
const thumbnail = await trx const thumbnail = await trx
.selectFrom("thumbnail") .selectFrom("thumbnail")
.select("path as oldPath") .select("path as oldPath")
.where("file_id", "=", fileId) .where("file_id", "=", fileId)
.limit(1) .limit(1)
.forUpdate() .forUpdate()
.executeTakeFirst(); .executeTakeFirst();
const now = new Date(); const now = new Date();
await trx await trx
.insertInto("thumbnail") .insertInto("thumbnail")
.values({ .values({
file_id: fileId, file_id: fileId,
path,
updated_at: now,
encrypted_content_iv: encContentIv,
})
.onConflict((oc) =>
oc.column("file_id").doUpdateSet({
path, path,
updated_at: now, updated_at: now,
encrypted_content_iv: encContentIv, encrypted_content_iv: encContentIv,
}) }),
.onConflict((oc) => )
oc.column("file_id").doUpdateSet({ .execute();
path, return thumbnail?.oldPath ?? null;
updated_at: now,
encrypted_content_iv: encContentIv,
}),
)
.execute();
return thumbnail?.oldPath ?? null;
});
}; };
export const getFileThumbnail = async (userId: number, fileId: number) => { export const getFileThumbnail = async (userId: number, fileId: number) => {

74
src/lib/server/db/migrations/1768062380-AddChunkedUpload.ts Normal file
View File

@@ -0,0 +1,74 @@
import { Kysely, sql } from "kysely";
// eslint-disable-next-line @typescript-eslint/no-explicit-any
export const up = async (db: Kysely<any>) => {
// file.ts
await db.schema
.alterTable("file")
.alterColumn("encrypted_content_iv", (col) => col.dropNotNull())
.execute();
// media.ts
await db.schema
.alterTable("thumbnail")
.alterColumn("encrypted_content_iv", (col) => col.dropNotNull())
.execute();
// upload.ts
await db.schema
.createTable("upload_session")
.addColumn("id", "uuid", (col) => col.primaryKey())
.addColumn("type", "text", (col) => col.notNull())
.addColumn("user_id", "integer", (col) => col.references("user.id").notNull())
.addColumn("path", "text", (col) => col.notNull())
.addColumn("bitmap", "bytea", (col) => col.notNull())
.addColumn("total_chunks", "integer", (col) => col.notNull())
.addColumn("uploaded_chunks", "integer", (col) =>
col
.generatedAlwaysAs(sql`bit_count(bitmap)`)
.stored()
.notNull(),
)
.addColumn("expires_at", "timestamp(3)", (col) => col.notNull())
.addColumn("parent_id", "integer", (col) => col.references("directory.id"))
.addColumn("master_encryption_key_version", "integer")
.addColumn("encrypted_data_encryption_key", "text")
.addColumn("data_encryption_key_version", "timestamp(3)")
.addColumn("hmac_secret_key_version", "integer")
.addColumn("content_type", "text")
.addColumn("encrypted_name", "json")
.addColumn("encrypted_created_at", "json")
.addColumn("encrypted_last_modified_at", "json")
.addColumn("file_id", "integer", (col) => col.references("file.id"))
.addForeignKeyConstraint(
"upload_session_fk01",
["user_id", "master_encryption_key_version"],
"master_encryption_key",
["user_id", "version"],
)
.addForeignKeyConstraint(
"upload_session_fk02",
["user_id", "hmac_secret_key_version"],
"hmac_secret_key",
["user_id", "version"],
)
.addCheckConstraint(
"upload_session_ck01",
sql`length(bitmap) = ceil(total_chunks / 8.0)::integer`,
)
.addCheckConstraint("upload_session_ck02", sql`uploaded_chunks <= total_chunks`)
.execute();
};
// eslint-disable-next-line @typescript-eslint/no-explicit-any
export const down = async (db: Kysely<any>) => {
await db.schema.dropTable("upload_session").execute();
await db.schema
.alterTable("thumbnail")
.alterColumn("encrypted_content_iv", (col) => col.setNotNull())
.execute();
await db.schema
.alterTable("file")
.alterColumn("encrypted_content_iv", (col) => col.setNotNull())
.execute();
};

2
src/lib/server/db/migrations/index.ts
View File

@@ -1,9 +1,11 @@
import * as Initial1737357000 from "./1737357000-Initial"; import * as Initial1737357000 from "./1737357000-Initial";
import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory"; import * as AddFileCategory1737422340 from "./1737422340-AddFileCategory";
import * as AddThumbnail1738409340 from "./1738409340-AddThumbnail"; import * as AddThumbnail1738409340 from "./1738409340-AddThumbnail";
import * as AddChunkedUpload1768062380 from "./1768062380-AddChunkedUpload";
export default { export default {
"1737357000-Initial": Initial1737357000, "1737357000-Initial": Initial1737357000,
"1737422340-AddFileCategory": AddFileCategory1737422340, "1737422340-AddFileCategory": AddFileCategory1737422340,
"1738409340-AddThumbnail": AddThumbnail1738409340, "1738409340-AddThumbnail": AddThumbnail1738409340,
"1768062380-AddChunkedUpload": AddChunkedUpload1768062380,
}; };

2
src/lib/server/db/schema/category.ts
View File

@@ -1,5 +1,5 @@
import type { Generated } from "kysely"; import type { Generated } from "kysely";
import type { Ciphertext } from "./util"; import type { Ciphertext } from "./utils";
interface CategoryTable { interface CategoryTable {
id: Generated<number>; id: Generated<number>;

6
src/lib/server/db/schema/file.ts
View File

@@ -1,5 +1,5 @@
import type { ColumnType, Generated } from "kysely"; import type { ColumnType, Generated } from "kysely";
import type { Ciphertext } from "./util"; import type { Ciphertext } from "./utils";
interface DirectoryTable { interface DirectoryTable {
id: Generated<number>; id: Generated<number>;
@@ -30,7 +30,7 @@ interface FileTable {
hmac_secret_key_version: number | null; hmac_secret_key_version: number | null;
content_hmac: string | null; // Base64 content_hmac: string | null; // Base64
content_type: string; content_type: string;
encrypted_content_iv: string; // Base64 encrypted_content_iv: string | null; // Base64
encrypted_content_hash: string; // Base64 encrypted_content_hash: string; // Base64
encrypted_name: Ciphertext; encrypted_name: Ciphertext;
encrypted_created_at: Ciphertext | null; encrypted_created_at: Ciphertext | null;
@@ -41,7 +41,7 @@ interface FileLogTable {
id: Generated<number>; id: Generated<number>;
file_id: number; file_id: number;
timestamp: ColumnType<Date, Date, never>; timestamp: ColumnType<Date, Date, never>;
action: "create" | "rename" | "add-to-category" | "remove-from-category"; action: "create" | "rename" | "migrate" | "add-to-category" | "remove-from-category";
new_name: Ciphertext | null; new_name: Ciphertext | null;
category_id: number | null; category_id: number | null;
} }

3
src/lib/server/db/schema/index.ts
View File

@@ -5,8 +5,9 @@ export * from "./hsk";
export * from "./media"; export * from "./media";
export * from "./mek"; export * from "./mek";
export * from "./session"; export * from "./session";
export * from "./upload";
export * from "./user"; export * from "./user";
export * from "./util"; export * from "./utils";
// eslint-disable-next-line @typescript-eslint/no-empty-object-type // eslint-disable-next-line @typescript-eslint/no-empty-object-type
export interface Database {} export interface Database {}

2
src/lib/server/db/schema/media.ts
View File

@@ -7,7 +7,7 @@ interface ThumbnailTable {
category_id: number | null; category_id: number | null;
path: string; path: string;
updated_at: Date; updated_at: Date;
encrypted_content_iv: string; // Base64 encrypted_content_iv: string | null; // Base64
} }
declare module "./index" { declare module "./index" {

30
src/lib/server/db/schema/upload.ts Normal file
View File

@@ -0,0 +1,30 @@
import type { Generated } from "kysely";
import type { Ciphertext } from "./utils";
interface UploadSessionTable {
id: string;
type: "file" | "thumbnail" | "migration";
user_id: number;
path: string;
bitmap: Buffer;
total_chunks: number;
uploaded_chunks: Generated<number>;
expires_at: Date;
parent_id: number | null;
master_encryption_key_version: number | null;
encrypted_data_encryption_key: string | null; // Base64
data_encryption_key_version: Date | null;
hmac_secret_key_version: number | null;
content_type: string | null;
encrypted_name: Ciphertext | null;
encrypted_created_at: Ciphertext | null;
encrypted_last_modified_at: Ciphertext | null;
file_id: number | null;
}
declare module "./index" {
interface Database {
upload_session: UploadSessionTable;
}
}

0
src/lib/server/db/schema/util.ts → src/lib/server/db/schema/utils.ts
View File

192
src/lib/server/db/upload.ts Normal file
View File

@@ -0,0 +1,192 @@
import { sql } from "kysely";
import { IntegrityError } from "./error";
import db from "./kysely";
import type { Ciphertext } from "./schema";
interface BaseUploadSession {
id: string;
userId: number;
path: string;
bitmap: Buffer;
totalChunks: number;
uploadedChunks: number;
expiresAt: Date;
}
interface FileUploadSession extends BaseUploadSession {
type: "file";
parentId: DirectoryId;
mekVersion: number;
encDek: string;
dekVersion: Date;
hskVersion: number | null;
contentType: string;
encName: Ciphertext;
encCreatedAt: Ciphertext | null;
encLastModifiedAt: Ciphertext;
}
interface ThumbnailOrMigrationUploadSession extends BaseUploadSession {
type: "thumbnail" | "migration";
fileId: number;
dekVersion: Date;
}
export const createFileUploadSession = async (
params: Omit<FileUploadSession, "type" | "bitmap" | "uploadedChunks">,
) => {
await db.transaction().execute(async (trx) => {
const mek = await trx
.selectFrom("master_encryption_key")
.select("version")
.where("user_id", "=", params.userId)
.where("state", "=", "active")
.limit(1)
.forUpdate()
.executeTakeFirst();
if (mek?.version !== params.mekVersion) {
throw new IntegrityError("Inactive MEK version");
}
if (params.hskVersion) {
const hsk = await trx
.selectFrom("hmac_secret_key")
.select("version")
.where("user_id", "=", params.userId)
.where("state", "=", "active")
.limit(1)
.forUpdate()
.executeTakeFirst();
if (hsk?.version !== params.hskVersion) {
throw new IntegrityError("Inactive HSK version");
}
}
await trx
.insertInto("upload_session")
.values({
id: params.id,
type: "file",
user_id: params.userId,
path: params.path,
bitmap: Buffer.alloc(Math.ceil(params.totalChunks / 8)),
total_chunks: params.totalChunks,
expires_at: params.expiresAt,
parent_id: params.parentId !== "root" ? params.parentId : null,
master_encryption_key_version: params.mekVersion,
encrypted_data_encryption_key: params.encDek,
data_encryption_key_version: params.dekVersion,
hmac_secret_key_version: params.hskVersion,
content_type: params.contentType,
encrypted_name: params.encName,
encrypted_created_at: params.encCreatedAt,
encrypted_last_modified_at: params.encLastModifiedAt,
})
.execute();
});
};
export const createThumbnailOrMigrationUploadSession = async (
params: Omit<ThumbnailOrMigrationUploadSession, "bitmap" | "uploadedChunks">,
) => {
await db.transaction().execute(async (trx) => {
const file = await trx
.selectFrom("file")
.select("data_encryption_key_version")
.where("id", "=", params.fileId)
.where("user_id", "=", params.userId)
.limit(1)
.forUpdate()
.executeTakeFirst();
if (!file) {
throw new IntegrityError("File not found");
} else if (file.data_encryption_key_version.getTime() !== params.dekVersion.getTime()) {
throw new IntegrityError("Invalid DEK version");
}
await trx
.insertInto("upload_session")
.values({
id: params.id,
type: params.type,
user_id: params.userId,
path: params.path,
bitmap: Buffer.alloc(Math.ceil(params.totalChunks / 8)),
total_chunks: params.totalChunks,
expires_at: params.expiresAt,
file_id: params.fileId,
data_encryption_key_version: params.dekVersion,
})
.execute();
});
};
export const getUploadSession = async (sessionId: string, userId: number) => {
const session = await db
.selectFrom("upload_session")
.selectAll()
.where("id", "=", sessionId)
.where("user_id", "=", userId)
.where("expires_at", ">", new Date())
.limit(1)
.executeTakeFirst();
if (!session) {
return null;
} else if (session.type === "file") {
return {
type: "file",
id: session.id,
userId: session.user_id,
path: session.path,
bitmap: session.bitmap,
totalChunks: session.total_chunks,
uploadedChunks: session.uploaded_chunks,
expiresAt: session.expires_at,
parentId: session.parent_id ?? "root",
mekVersion: session.master_encryption_key_version!,
encDek: session.encrypted_data_encryption_key!,
dekVersion: session.data_encryption_key_version!,
hskVersion: session.hmac_secret_key_version,
contentType: session.content_type!,
encName: session.encrypted_name!,
encCreatedAt: session.encrypted_created_at,
encLastModifiedAt: session.encrypted_last_modified_at!,
} satisfies FileUploadSession;
} else {
return {
type: session.type,
id: session.id,
userId: session.user_id,
path: session.path,
bitmap: session.bitmap,
totalChunks: session.total_chunks,
uploadedChunks: session.uploaded_chunks,
expiresAt: session.expires_at,
fileId: session.file_id!,
dekVersion: session.data_encryption_key_version!,
} satisfies ThumbnailOrMigrationUploadSession;
}
};
export const markChunkAsUploaded = async (sessionId: string, chunkIndex: number) => {
await db
.updateTable("upload_session")
.set({
bitmap: sql`set_bit(${sql.ref("bitmap")}, ${chunkIndex - 1}, 1)`,
})
.where("id", "=", sessionId)
.execute();
};
export const deleteUploadSession = async (trx: typeof db, sessionId: string) => {
await trx.deleteFrom("upload_session").where("id", "=", sessionId).execute();
};
export const cleanupExpiredUploadSessions = async () => {
const sessions = await db
.deleteFrom("upload_session")
.where("expires_at", "<=", new Date())
.returning("path")
.execute();
return sessions.map(({ path }) => path);
};

1
src/lib/server/loadenv.ts
View File

@@ -26,4 +26,5 @@ export default {
}, },
libraryPath: env.LIBRARY_PATH || "library", libraryPath: env.LIBRARY_PATH || "library",
thumbnailsPath: env.THUMBNAILS_PATH || "thumbnails", thumbnailsPath: env.THUMBNAILS_PATH || "thumbnails",
uploadsPath: env.UPLOADS_PATH || "uploads",
}; };

8
src/lib/server/modules/filesystem.ts
View File

@@ -1,4 +1,10 @@
import { unlink } from "fs/promises"; import { rm, unlink } from "fs/promises";
export const safeRecursiveRm = async (path: string | null | undefined) => {
if (path) {
await rm(path, { recursive: true }).catch(console.error);
}
};
export const safeUnlink = async (path: string | null | undefined) => { export const safeUnlink = async (path: string | null | undefined) => {
if (path) { if (path) {

3
src/lib/server/schemas/category.ts
View File

@@ -1,3 +0,0 @@
import { z } from "zod";
export const categoryIdSchema = z.union([z.literal("root"), z.int().positive()]);

3
src/lib/server/schemas/directory.ts
View File

@@ -1,3 +0,0 @@
import { z } from "zod";
export const directoryIdSchema = z.union([z.literal("root"), z.int().positive()]);

36
src/lib/server/schemas/file.ts
View File

@@ -1,36 +0,0 @@
import mime from "mime";
import { z } from "zod";
import { directoryIdSchema } from "./directory";
export const fileThumbnailUploadRequest = z.object({
dekVersion: z.iso.datetime(),
contentIv: z.base64().nonempty(),
});
export type FileThumbnailUploadRequest = z.input<typeof fileThumbnailUploadRequest>;
export const fileUploadRequest = z.object({
parent: directoryIdSchema,
mekVersion: z.int().positive(),
dek: z.base64().nonempty(),
dekVersion: z.iso.datetime(),
hskVersion: z.int().positive(),
contentHmac: z.base64().nonempty(),
contentType: z
.string()
.trim()
.nonempty()
.refine((value) => mime.getExtension(value) !== null), // MIME type
contentIv: z.base64().nonempty(),
name: z.base64().nonempty(),
nameIv: z.base64().nonempty(),
createdAt: z.base64().nonempty().optional(),
createdAtIv: z.base64().nonempty().optional(),
lastModifiedAt: z.base64().nonempty(),
lastModifiedAtIv: z.base64().nonempty(),
});
export type FileUploadRequest = z.input<typeof fileUploadRequest>;
export const fileUploadResponse = z.object({
file: z.int().positive(),
});
export type FileUploadResponse = z.output<typeof fileUploadResponse>;

3
src/lib/server/schemas/index.ts
View File

@@ -1,3 +0,0 @@
export * from "./category";
export * from "./directory";
export * from "./file";

168
src/lib/server/services/file.ts
View File

@@ -1,126 +1,74 @@
import { error } from "@sveltejs/kit"; import { error } from "@sveltejs/kit";
import { createHash } from "crypto"; import { createReadStream } from "fs";
import { createReadStream, createWriteStream } from "fs"; import { stat } from "fs/promises";
import { mkdir, stat } from "fs/promises";
import { dirname } from "path";
import { Readable } from "stream"; import { Readable } from "stream";
import { pipeline } from "stream/promises"; import { FileRepo, MediaRepo } from "$lib/server/db";
import { v4 as uuidv4 } from "uuid";
import { FileRepo, MediaRepo, IntegrityError } from "$lib/server/db";
import env from "$lib/server/loadenv";
import { safeUnlink } from "$lib/server/modules/filesystem";
export const getFileStream = async (userId: number, fileId: number) => { const createEncContentStream = async (
path: string,
iv?: Buffer,
range?: { start?: number; end?: number },
) => {
const { size: fileSize } = await stat(path);
const ivSize = iv?.byteLength ?? 0;
const totalSize = fileSize + ivSize;
const start = range?.start ?? 0;
const end = range?.end ?? totalSize - 1;
if (start > end || start < 0 || end >= totalSize) {
error(416, "Invalid range");
}
return {
encContentStream: Readable.toWeb(
Readable.from(
(async function* () {
if (start < ivSize) {
yield iv!.subarray(start, Math.min(end + 1, ivSize));
}
if (end >= ivSize) {
yield* createReadStream(path, {
start: Math.max(0, start - ivSize),
end: end - ivSize,
});
}
})(),
),
),
range: { start, end, total: totalSize },
};
};
export const getFileStream = async (
userId: number,
fileId: number,
range?: { start?: number; end?: number },
) => {
const file = await FileRepo.getFile(userId, fileId); const file = await FileRepo.getFile(userId, fileId);
if (!file) { if (!file) {
error(404, "Invalid file id"); error(404, "Invalid file id");
} }
const { size } = await stat(file.path); return createEncContentStream(
return { file.path,
encContentStream: Readable.toWeb(createReadStream(file.path)), file.encContentIv ? Buffer.from(file.encContentIv, "base64") : undefined,
encContentSize: size, range,
}; );
}; };
export const getFileThumbnailStream = async (userId: number, fileId: number) => { export const getFileThumbnailStream = async (
userId: number,
fileId: number,
range?: { start?: number; end?: number },
) => {
const thumbnail = await MediaRepo.getFileThumbnail(userId, fileId); const thumbnail = await MediaRepo.getFileThumbnail(userId, fileId);
if (!thumbnail) { if (!thumbnail) {
error(404, "File or its thumbnail not found"); error(404, "File or its thumbnail not found");
} }
const { size } = await stat(thumbnail.path); return createEncContentStream(
return { thumbnail.path,
encContentStream: Readable.toWeb(createReadStream(thumbnail.path)), thumbnail.encContentIv ? Buffer.from(thumbnail.encContentIv, "base64") : undefined,
encContentSize: size, range,
}; );
};
export const uploadFileThumbnail = async (
userId: number,
fileId: number,
dekVersion: Date,
encContentIv: string,
encContentStream: Readable,
) => {
const path = `${env.thumbnailsPath}/${userId}/${uuidv4()}`;
await mkdir(dirname(path), { recursive: true });
try {
await pipeline(encContentStream, createWriteStream(path, { flags: "wx", mode: 0o600 }));
const oldPath = await MediaRepo.updateFileThumbnail(
userId,
fileId,
dekVersion,
path,
encContentIv,
);
safeUnlink(oldPath); // Intended
} catch (e) {
await safeUnlink(path);
if (e instanceof IntegrityError) {
if (e.message === "File not found") {
error(404, "File not found");
} else if (e.message === "Invalid DEK version") {
error(400, "Mismatched DEK version");
}
}
throw e;
}
};
export const uploadFile = async (
params: Omit<FileRepo.NewFile, "path" | "encContentHash">,
encContentStream: Readable,
encContentHash: Promise<string>,
) => {
const oneDayAgo = new Date(Date.now() - 24 * 60 * 60 * 1000);
const oneMinuteLater = new Date(Date.now() + 60 * 1000);
if (params.dekVersion <= oneDayAgo || params.dekVersion >= oneMinuteLater) {
error(400, "Invalid DEK version");
}
const path = `${env.libraryPath}/${params.userId}/${uuidv4()}`;
await mkdir(dirname(path), { recursive: true });
try {
const hashStream = createHash("sha256");
const [, hash] = await Promise.all([
pipeline(
encContentStream,
async function* (source) {
for await (const chunk of source) {
hashStream.update(chunk);
yield chunk;
}
},
createWriteStream(path, { flags: "wx", mode: 0o600 }),
),
encContentHash,
]);
if (hashStream.digest("base64") !== hash) {
throw new Error("Invalid checksum");
}
const { id: fileId } = await FileRepo.registerFile({
...params,
path,
encContentHash: hash,
});
return { fileId };
} catch (e) {
await safeUnlink(path);
if (e instanceof IntegrityError && e.message === "Inactive MEK version") {
error(400, "Invalid MEK version");
} else if (
e instanceof Error &&
(e.message === "Invalid request body" || e.message === "Invalid checksum")
) {
error(400, "Invalid request body");
}
throw e;
}
}; };

88
src/lib/server/services/upload.ts Normal file
View File

@@ -0,0 +1,88 @@
import { error } from "@sveltejs/kit";
import { createHash } from "crypto";
import { createWriteStream } from "fs";
import { Readable } from "stream";
import { ENCRYPTION_OVERHEAD, ENCRYPTED_CHUNK_SIZE } from "$lib/constants";
import { UploadRepo } from "$lib/server/db";
import { safeRecursiveRm, safeUnlink } from "$lib/server/modules/filesystem";
const chunkLocks = new Set<string>();
const isChunkUploaded = (bitmap: Buffer, chunkIndex: number) => {
chunkIndex -= 1;
const byte = bitmap[Math.floor(chunkIndex / 8)];
return !!byte && (byte & (1 << (chunkIndex % 8))) !== 0; // Postgres sucks
};
export const uploadChunk = async (
userId: number,
sessionId: string,
chunkIndex: number,
encChunkStream: Readable,
encChunkHash: string,
) => {
const lockKey = `${sessionId}/${chunkIndex}`;
if (chunkLocks.has(lockKey)) {
error(409, "Chunk upload already in progress");
} else {
chunkLocks.add(lockKey);
}
let filePath;
try {
const session = await UploadRepo.getUploadSession(sessionId, userId);
if (!session) {
error(404, "Invalid upload id");
} else if (chunkIndex > session.totalChunks) {
error(400, "Invalid chunk index");
} else if (isChunkUploaded(session.bitmap, chunkIndex)) {
error(409, "Chunk already uploaded");
}
const isLastChunk = chunkIndex === session.totalChunks;
filePath = `${session.path}/${chunkIndex}`;
const hashStream = createHash("sha256");
const writeStream = createWriteStream(filePath, { flags: "wx", mode: 0o600 });
let writtenBytes = 0;
for await (const chunk of encChunkStream) {
hashStream.update(chunk);
writeStream.write(chunk);
writtenBytes += chunk.length;
}
await new Promise<void>((resolve, reject) => {
writeStream.end((e: any) => (e ? reject(e) : resolve()));
});
if (hashStream.digest("base64") !== encChunkHash) {
throw new Error("Invalid checksum");
} else if (
(!isLastChunk && writtenBytes !== ENCRYPTED_CHUNK_SIZE) ||
(isLastChunk && (writtenBytes <= ENCRYPTION_OVERHEAD || writtenBytes > ENCRYPTED_CHUNK_SIZE))
) {
throw new Error("Invalid chunk size");
}
await UploadRepo.markChunkAsUploaded(sessionId, chunkIndex);
} catch (e) {
await safeUnlink(filePath);
if (
e instanceof Error &&
(e.message === "Invalid checksum" || e.message === "Invalid chunk size")
) {
error(400, "Invalid request body");
}
throw e;
} finally {
chunkLocks.delete(lockKey);
}
};
export const cleanupExpiredUploadSessions = async () => {
const paths = await UploadRepo.cleanupExpiredUploadSessions();
await Promise.all(paths.map(safeRecursiveRm));
};

39
src/lib/serviceWorker/client.ts Normal file
View File

@@ -0,0 +1,39 @@
import { DECRYPTED_FILE_URL_PREFIX } from "$lib/constants";
import type { FileMetadata, ServiceWorkerMessage, ServiceWorkerResponse } from "./types";
const PREPARE_TIMEOUT_MS = 5000;
const getServiceWorker = async () => {
const registration = await navigator.serviceWorker.ready;
const sw = registration.active;
if (!sw) {
throw new Error("Service worker not activated");
}
return sw;
};
export const prepareFileDecryption = async (id: number, metadata: FileMetadata) => {
const sw = await getServiceWorker();
return new Promise<void>((resolve, reject) => {
const timeout = setTimeout(
() => reject(new Error("Service worker timeout")),
PREPARE_TIMEOUT_MS,
);
const handler = (event: MessageEvent<ServiceWorkerResponse>) => {
if (event.data.type === "decryption-ready" && event.data.fileId === id) {
clearTimeout(timeout);
navigator.serviceWorker.removeEventListener("message", handler);
resolve();
}
};
navigator.serviceWorker.addEventListener("message", handler);
sw.postMessage({
type: "decryption-prepare",
fileId: id,
...metadata,
} satisfies ServiceWorkerMessage);
});
};
export const getDecryptedFileUrl = (id: number) => `${DECRYPTED_FILE_URL_PREFIX}${id}`;

2
src/lib/serviceWorker/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from "./client";
export * from "./types";

19
src/lib/serviceWorker/types.ts Normal file
View File

@@ -0,0 +1,19 @@
export interface FileMetadata {
isLegacy: boolean;
dataKey: CryptoKey;
encContentSize: number;
contentType: string;
}
export interface DecryptionPrepareMessage extends FileMetadata {
type: "decryption-prepare";
fileId: number;
}
export interface DecryptionReadyMessage {
type: "decryption-ready";
fileId: number;
}
export type ServiceWorkerMessage = DecryptionPrepareMessage;
export type ServiceWorkerResponse = DecryptionReadyMessage;

32
src/lib/services/file.ts
View File

@@ -6,38 +6,42 @@ import {
downloadFile, downloadFile,
deleteFileThumbnailCache, deleteFileThumbnailCache,
} from "$lib/modules/file"; } from "$lib/modules/file";
import type { FileThumbnailUploadRequest } from "$lib/server/schemas"; import { uploadBlob } from "$lib/modules/upload";
import { trpc } from "$trpc/client"; import { trpc } from "$trpc/client";
export const requestFileDownload = async ( export const requestFileDownload = async (
fileId: number, fileId: number,
fileEncryptedIv: string,
dataKey: CryptoKey, dataKey: CryptoKey,
isLegacy: boolean,
) => { ) => {
const cache = await getFileCache(fileId); const cache = await getFileCache(fileId);
if (cache) return cache; if (cache) return cache;
const fileBuffer = await downloadFile(fileId, fileEncryptedIv, dataKey); const fileBuffer = await downloadFile(fileId, dataKey, isLegacy);
storeFileCache(fileId, fileBuffer); // Intended storeFileCache(fileId, fileBuffer); // Intended
return fileBuffer; return fileBuffer;
}; };
export const requestFileThumbnailUpload = async ( export const requestFileThumbnailUpload = async (
fileId: number, fileId: number,
thumbnail: Blob,
dataKey: CryptoKey,
dataKeyVersion: Date, dataKeyVersion: Date,
thumbnailEncrypted: { ciphertext: ArrayBuffer; iv: string },
) => { ) => {
const form = new FormData(); try {
form.set( const { uploadId } = await trpc().upload.startFileThumbnailUpload.mutate({
"metadata", file: fileId,
JSON.stringify({ dekVersion: dataKeyVersion,
dekVersion: dataKeyVersion.toISOString(), });
contentIv: thumbnailEncrypted.iv,
} satisfies FileThumbnailUploadRequest),
);
form.set("content", new Blob([thumbnailEncrypted.ciphertext]));
return await fetch(`/api/file/${fileId}/thumbnail/upload`, { method: "POST", body: form }); await uploadBlob(uploadId, thumbnail, dataKey);
await trpc().upload.completeFileThumbnailUpload.mutate({ uploadId });
return true;
} catch {
// TODO: Error Handling
return false;
}
}; };
export const requestDeletedFilesCleanup = async () => { export const requestDeletedFilesCleanup = async () => {

44
src/lib/utils/concurrency/BoundedQueue.ts Normal file
View File

@@ -0,0 +1,44 @@
export class BoundedQueue<T> {
private isClosed = false;
private reservedCount = 0;
private items: T[] = [];
private waitersNotFull: (() => void)[] = [];
private waitersNotEmpty: (() => void)[] = [];
constructor(private readonly maxSize: number) {}
async push(item: T) {
if (this.isClosed) {
throw new Error("Queue closed");
}
while (this.reservedCount >= this.maxSize) {
await new Promise<void>((resolve) => this.waitersNotFull.push(resolve));
if (this.isClosed) throw new Error("Queue closed");
}
this.reservedCount++;
this.items.push(item);
this.waitersNotEmpty.shift()?.();
}
async pop() {
while (this.items.length === 0) {
if (this.isClosed) return null;
await new Promise<void>((resolve) => this.waitersNotEmpty.push(resolve));
}
const item = this.items.shift()!;
this.reservedCount--;
this.waitersNotFull.shift()?.();
return item;
}
close() {
this.isClosed = true;
while (this.waitersNotEmpty.length > 0) this.waitersNotEmpty.shift()!();
while (this.waitersNotFull.length > 0) this.waitersNotFull.shift()!();
}
}

0
src/lib/utils/HybridPromise.ts → src/lib/utils/concurrency/HybridPromise.ts
View File

0
src/lib/modules/scheduler.ts → src/lib/utils/concurrency/Scheduler.ts
View File

3
src/lib/utils/concurrency/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from "./BoundedQueue";
export * from "./HybridPromise";
export * from "./Scheduler";

2
src/lib/utils/index.ts
View File

@@ -1,4 +1,4 @@
export * from "./concurrency";
export * from "./format"; export * from "./format";
export * from "./gotoStateful"; export * from "./gotoStateful";
export * from "./HybridPromise";
export * from "./sort"; export * from "./sort";

5
src/params/thumbnail.ts Normal file
View File

@@ -0,0 +1,5 @@
import type { ParamMatcher } from "@sveltejs/kit";
export const match: ParamMatcher = (param) => {
return param === "thumbnail";
};

45
src/routes/(fullscreen)/file/[id]/+page.svelte
View File

@@ -5,7 +5,7 @@
import { page } from "$app/state"; import { page } from "$app/state";
import { FullscreenDiv } from "$lib/components/atoms"; import { FullscreenDiv } from "$lib/components/atoms";
import { Categories, IconEntryButton, TopBar } from "$lib/components/molecules"; import { Categories, IconEntryButton, TopBar } from "$lib/components/molecules";
import { getFileInfo, type FileInfo, type MaybeFileInfo } from "$lib/modules/filesystem"; import { getFileInfo, type MaybeFileInfo } from "$lib/modules/filesystem";
import { captureVideoThumbnail } from "$lib/modules/thumbnail"; import { captureVideoThumbnail } from "$lib/modules/thumbnail";
import { getFileDownloadState } from "$lib/modules/file"; import { getFileDownloadState } from "$lib/modules/file";
import { masterKeyStore } from "$lib/stores"; import { masterKeyStore } from "$lib/stores";
@@ -17,6 +17,7 @@
requestFileDownload, requestFileDownload,
requestThumbnailUpload, requestThumbnailUpload,
requestFileAdditionToCategory, requestFileAdditionToCategory,
requestVideoStream,
} from "./service"; } from "./service";
import TopBarMenu from "./TopBarMenu.svelte"; import TopBarMenu from "./TopBarMenu.svelte";
@@ -37,6 +38,7 @@
let viewerType: "image" | "video" | undefined = $state(); let viewerType: "image" | "video" | undefined = $state();
let fileBlob: Blob | undefined = $state(); let fileBlob: Blob | undefined = $state();
let fileBlobUrl: string | undefined = $state(); let fileBlobUrl: string | undefined = $state();
let videoStreamUrl: string | undefined = $state();
let videoElement: HTMLVideoElement | undefined = $state(); let videoElement: HTMLVideoElement | undefined = $state();
const updateViewer = async (buffer: ArrayBuffer, contentType: string) => { const updateViewer = async (buffer: ArrayBuffer, contentType: string) => {
@@ -95,14 +97,27 @@
untrack(() => { untrack(() => {
if (!downloadState && !isDownloadRequested) { if (!downloadState && !isDownloadRequested) {
isDownloadRequested = true; isDownloadRequested = true;
requestFileDownload(data.id, info!.contentIv!, info!.dataKey!.key).then(
async (buffer) => { if (viewerType === "video" && !info!.isLegacy) {
const blob = await updateViewer(buffer, contentType); requestVideoStream(data.id, info!.dataKey!.key, contentType).then((streamUrl) => {
if (!viewerType) { if (streamUrl) {
FileSaver.saveAs(blob, info!.name); videoStreamUrl = streamUrl;
} else {
requestFileDownload(data.id, info!.dataKey!.key, info!.isLegacy!).then((buffer) =>
updateViewer(buffer, contentType),
);
} }
}, });
); } else {
requestFileDownload(data.id, info!.dataKey!.key, info!.isLegacy!).then(
async (buffer) => {
const blob = await updateViewer(buffer, contentType);
if (!viewerType) {
FileSaver.saveAs(blob, info!.name);
}
},
);
}
} }
}); });
} }
@@ -110,7 +125,9 @@
$effect(() => { $effect(() => {
if (info?.exists && downloadState?.status === "decrypted") { if (info?.exists && downloadState?.status === "decrypted") {
untrack(() => !isDownloadRequested && updateViewer(downloadState.result!, info!.contentIv!)); untrack(
() => !isDownloadRequested && updateViewer(downloadState.result!, info!.contentType!),
);
} }
}); });
@@ -133,10 +150,13 @@
</button> </button>
<TopBarMenu <TopBarMenu
bind:isOpen={isMenuOpen} bind:isOpen={isMenuOpen}
directoryId={["category", "gallery"].includes(page.url.searchParams.get("from") ?? "") directoryId={["category", "gallery", "search"].includes(
page.url.searchParams.get("from") ?? "",
)
? info?.parentId ? info?.parentId
: undefined} : undefined}
{fileBlob} {fileBlob}
downloadUrl={videoStreamUrl}
filename={info?.name} filename={info?.name}
/> />
</div> </div>
@@ -159,9 +179,10 @@
{@render viewerLoading("이미지를 불러오고 있어요.")} {@render viewerLoading("이미지를 불러오고 있어요.")}
{/if} {/if}
{:else if viewerType === "video"} {:else if viewerType === "video"}
{#if fileBlobUrl} {#if videoStreamUrl || fileBlobUrl}
<div class="flex flex-col space-y-2"> <div class="flex flex-col space-y-2">
<video bind:this={videoElement} src={fileBlobUrl} controls muted></video> <video bind:this={videoElement} src={videoStreamUrl ?? fileBlobUrl} controls muted
></video>
<IconEntryButton <IconEntryButton
icon={IconCamera} icon={IconCamera}
onclick={() => updateThumbnail(info?.dataKey?.key!, info?.dataKey?.version!)} onclick={() => updateThumbnail(info?.dataKey?.key!, info?.dataKey?.version!)}

22
src/routes/(fullscreen)/file/[id]/TopBarMenu.svelte
View File

@@ -10,17 +10,29 @@
interface Props { interface Props {
directoryId?: "root" | number; directoryId?: "root" | number;
downloadUrl?: string;
fileBlob?: Blob; fileBlob?: Blob;
filename?: string; filename?: string;
isOpen: boolean; isOpen: boolean;
} }
let { directoryId, fileBlob, filename, isOpen = $bindable() }: Props = $props(); let { directoryId, downloadUrl, fileBlob, filename, isOpen = $bindable() }: Props = $props();
const handleDownload = () => {
if (fileBlob && filename) {
FileSaver.saveAs(fileBlob, filename);
} else if (downloadUrl && filename) {
// Use streaming download via Content-Disposition header
const url = new URL(downloadUrl, window.location.origin);
url.searchParams.set("download", filename);
window.open(url.toString(), "_blank");
}
};
</script> </script>
<svelte:window onclick={() => (isOpen = false)} /> <svelte:window onclick={() => (isOpen = false)} />
{#if isOpen && (directoryId || fileBlob)} {#if isOpen && (directoryId || downloadUrl || fileBlob)}
<div <div
class="absolute right-2 top-full z-20 space-y-1 rounded-lg bg-white px-1 py-2 shadow-2xl" class="absolute right-2 top-full z-20 space-y-1 rounded-lg bg-white px-1 py-2 shadow-2xl"
transition:fly={{ y: -8, duration: 200 }} transition:fly={{ y: -8, duration: 200 }}
@@ -49,10 +61,8 @@
), ),
)} )}
{/if} {/if}
{#if fileBlob} {#if fileBlob || downloadUrl}
{@render menuButton(IconCloudDownload, "다운로드", () => { {@render menuButton(IconCloudDownload, "다운로드", handleDownload)}
FileSaver.saveAs(fileBlob, filename);
})}
{/if} {/if}
</div> </div>
</div> </div>

30
src/routes/(fullscreen)/file/[id]/service.ts
View File

@@ -1,23 +1,41 @@
import { encryptData } from "$lib/modules/crypto";
import { storeFileThumbnailCache } from "$lib/modules/file"; import { storeFileThumbnailCache } from "$lib/modules/file";
import { prepareFileDecryption, getDecryptedFileUrl } from "$lib/serviceWorker";
import { requestFileThumbnailUpload } from "$lib/services/file"; import { requestFileThumbnailUpload } from "$lib/services/file";
import { trpc } from "$trpc/client"; import { trpc } from "$trpc/client";
export { requestCategoryCreation, requestFileRemovalFromCategory } from "$lib/services/category"; export { requestCategoryCreation, requestFileRemovalFromCategory } from "$lib/services/category";
export { requestFileDownload } from "$lib/services/file"; export { requestFileDownload } from "$lib/services/file";
export const requestVideoStream = async (
fileId: number,
dataKey: CryptoKey,
contentType: string,
) => {
const res = await fetch(`/api/file/${fileId}/download`, { method: "HEAD" });
if (!res.ok) return null;
const encContentSize = parseInt(res.headers.get("Content-Length") ?? "0", 10);
if (encContentSize <= 0) return null;
try {
await prepareFileDecryption(fileId, { isLegacy: false, dataKey, encContentSize, contentType });
return getDecryptedFileUrl(fileId);
} catch {
// TODO: Error Handling
return null;
}
};
export const requestThumbnailUpload = async ( export const requestThumbnailUpload = async (
fileId: number, fileId: number,
thumbnail: Blob, thumbnail: Blob,
dataKey: CryptoKey, dataKey: CryptoKey,
dataKeyVersion: Date, dataKeyVersion: Date,
) => { ) => {
const thumbnailBuffer = await thumbnail.arrayBuffer(); const res = await requestFileThumbnailUpload(fileId, thumbnail, dataKey, dataKeyVersion);
const thumbnailEncrypted = await encryptData(thumbnailBuffer, dataKey); if (!res) return false;
const res = await requestFileThumbnailUpload(fileId, dataKeyVersion, thumbnailEncrypted);
if (!res.ok) return false;
storeFileThumbnailCache(fileId, thumbnailBuffer); // Intended void thumbnail.arrayBuffer().then((buffer) => storeFileThumbnailCache(fileId, buffer));
return true; return true;
}; };

2
src/routes/(fullscreen)/file/uploads/+page.svelte
View File

@@ -16,7 +16,7 @@
<TopBar /> <TopBar />
<FullscreenDiv> <FullscreenDiv>
<div class="space-y-2 pb-4"> <div class="space-y-2 pb-4">
{#each uploadingFiles as file} {#each uploadingFiles as file (file.id)}
<File state={file} /> <File state={file} />
{/each} {/each}
</div> </div>

2
src/routes/(fullscreen)/gallery/+page.svelte
View File

@@ -63,7 +63,7 @@
<FullscreenDiv> <FullscreenDiv>
<RowVirtualizer <RowVirtualizer
count={rows.length} count={rows.length}
itemHeight={(index) => estimateItemHeight={(index) =>
rows[index]!.type === "header" ? 28 : 181 + (rows[index]!.isLast ? 16 : 4)} rows[index]!.type === "header" ? 28 : 181 + (rows[index]!.isLast ? 16 : 4)}
class="flex flex-grow flex-col" class="flex flex-grow flex-col"
> >

193
src/routes/(fullscreen)/search/+page.svelte Normal file
View File

@@ -0,0 +1,193 @@
<script lang="ts">
import { slide } from "svelte/transition";
import { goto } from "$app/navigation";
import { Chip, FullscreenDiv, RowVirtualizer } from "$lib/components/atoms";
import {
getDirectoryInfo,
type LocalCategoryInfo,
type MaybeDirectoryInfo,
} from "$lib/modules/filesystem";
import { masterKeyStore } from "$lib/stores";
import { HybridPromise, sortEntries } from "$lib/utils";
import Directory from "./Directory.svelte";
import File from "./File.svelte";
import SearchBar from "./SearchBar.svelte";
import SelectCategoryBottomSheet from "./SelectCategoryBottomSheet.svelte";
import { requestSearch, type SearchFilter, type SearchResult } from "./service";
let { data } = $props();
let directoryInfo: MaybeDirectoryInfo | undefined = $state();
let filters = $state({
name: "",
includeImages: false,
includeVideos: false,
includeDirectories: false,
searchInDirectory: false,
categories: [] as SearchFilter["categories"],
});
let hasCategoryFilter = $derived(filters.categories.length > 0);
let hasAnyFilter = $derived(
hasCategoryFilter ||
filters.includeImages ||
filters.includeVideos ||
filters.includeDirectories ||
filters.name.trim().length > 0,
);
let serverResult: SearchResult | undefined = $state();
let result = $derived.by(() => {
if (!serverResult) return [];
const nameFilter = filters.name.trim().toLowerCase();
const hasTypeFilter =
filters.includeImages || filters.includeVideos || filters.includeDirectories;
const directories =
!hasTypeFilter || filters.includeDirectories ? serverResult.directories : [];
const files =
!hasTypeFilter || filters.includeImages || filters.includeVideos
? serverResult.files.filter(
({ contentType }) =>
!hasTypeFilter ||
(filters.includeImages && contentType.startsWith("image/")) ||
(filters.includeVideos && contentType.startsWith("video/")),
)
: [];
return sortEntries(
[...directories, ...files].filter(
({ name }) => !nameFilter || name.toLowerCase().includes(nameFilter),
),
);
});
let isSelectCategoryBottomSheetOpen = $state(false);
let categorySelectMode: "include" | "exclude" = $state("include");
const openSelectCategoryBottomSheet = (mode: "include" | "exclude") => {
categorySelectMode = mode;
isSelectCategoryBottomSheetOpen = true;
};
const addCategoryFilter = (category: LocalCategoryInfo) => {
if (!filters.categories.some(({ info }) => info.id === category.id)) {
filters.categories.push({
info: category,
type: categorySelectMode,
});
isSelectCategoryBottomSheetOpen = false;
}
};
$effect(() => {
if (data.directoryId) {
HybridPromise.resolve(getDirectoryInfo(data.directoryId, $masterKeyStore?.get(1)?.key!)).then(
(res) => {
directoryInfo = res;
filters.searchInDirectory = res.exists;
},
);
} else {
directoryInfo = undefined;
filters.searchInDirectory = false;
}
});
$effect(() => {
if (hasAnyFilter) {
requestSearch(
{
ancestorId: filters.searchInDirectory ? data.directoryId! : "root",
categories: filters.categories,
},
$masterKeyStore?.get(1)?.key!,
).then((res) => {
serverResult = res;
});
}
});
</script>
<svelte:head>
<title>검색</title>
</svelte:head>
<SearchBar bind:value={filters.name} />
<FullscreenDiv class="bg-gray-100 !px-0">
<div class="flex flex-grow flex-col space-y-4">
<div class="space-y-2 bg-white p-4 !pt-0">
<div class="space-y-3">
<div class="flex flex-wrap gap-2">
<Chip bind:selected={filters.includeImages}>사진</Chip>
<Chip bind:selected={filters.includeVideos}>동영상</Chip>
{#if !hasCategoryFilter}
<Chip bind:selected={filters.includeDirectories}>폴더</Chip>
{/if}
{#if directoryInfo?.exists}
<Chip bind:selected={filters.searchInDirectory}>
위치: {directoryInfo.name}
</Chip>
{/if}
</div>
{#if !filters.includeDirectories}
<div class="space-y-2" transition:slide={{ duration: 300 }}>
<p class="text-sm font-medium text-gray-600">카테고리</p>
<div class="flex flex-wrap gap-2">
{#each filters.categories as { info, type }, i (info.id)}
<Chip
selected
removable
onclick={() => {}}
onRemoveClick={() => filters.categories.splice(i, 1)}
>
{#if type === "include"}
포함:
{:else}
제외:
{/if}
{info.name}
</Chip>
{/each}
<Chip onclick={() => openSelectCategoryBottomSheet("include")}>+ 포함</Chip>
<Chip onclick={() => openSelectCategoryBottomSheet("exclude")}>- 제외</Chip>
</div>
</div>
{/if}
</div>
</div>
{#if hasAnyFilter}
<div class="flex flex-grow flex-col space-y-2 bg-white p-4">
<p class="text-lg font-bold text-gray-800">검색 결과</p>
{#if result.length > 0}
<RowVirtualizer
count={result.length}
getItemKey={(index) => `${result[index]!.type}-${result[index]!.id}`}
estimateItemHeight={() => 56}
itemGap={4}
>
{#snippet item(index)}
{@const info = result[index]!}
{#if info.type === "directory"}
<Directory {info} onclick={() => goto(`/directory/${info.id}?from=search`)} />
{:else}
<File {info} onclick={() => goto(`/file/${info.id}?from=search`)} />
{/if}
{/snippet}
</RowVirtualizer>
{:else}
<div class="flex flex-grow items-center justify-center py-8">
<p class="text-gray-500">검색 결과가 없어요.</p>
</div>
{/if}
</div>
{/if}
</div>
</FullscreenDiv>
<SelectCategoryBottomSheet
bind:isOpen={isSelectCategoryBottomSheetOpen}
mode={categorySelectMode}
onSelectCategoryClick={addCategoryFilter}
/>

18
src/routes/(fullscreen)/search/+page.ts Normal file
View File

@@ -0,0 +1,18 @@
import { error } from "@sveltejs/kit";
import { z } from "zod";
import type { PageLoad } from "./$types";
export const load: PageLoad = ({ url }) => {
const directoryId = url.searchParams.get("directoryId");
const zodRes = z
.object({
directoryId: z.coerce.number().int().positive().nullable(),
})
.safeParse({ directoryId });
if (!zodRes.success) error(400, "Invalid query parameters");
return {
directoryId: zodRes.data.directoryId,
};
};

16
src/routes/(fullscreen)/search/Directory.svelte Normal file
View File

@@ -0,0 +1,16 @@
<script lang="ts">
import { ActionEntryButton } from "$lib/components/atoms";
import { DirectoryEntryLabel } from "$lib/components/molecules";
import type { SubDirectoryInfo } from "$lib/modules/filesystem";
interface Props {
info: SubDirectoryInfo;
onclick: () => void;
}
let { info, onclick }: Props = $props();
</script>
<ActionEntryButton class="h-14" {onclick}>
<DirectoryEntryLabel type="directory" name={info.name} />
</ActionEntryButton>

25
src/routes/(fullscreen)/search/File.svelte Normal file
View File

@@ -0,0 +1,25 @@
<script lang="ts">
import { ActionEntryButton } from "$lib/components/atoms";
import { DirectoryEntryLabel } from "$lib/components/molecules";
import { getFileThumbnail } from "$lib/modules/file";
import type { SummarizedFileInfo } from "$lib/modules/filesystem";
import { formatDateTime } from "$lib/utils";
interface Props {
info: SummarizedFileInfo;
onclick: () => void;
}
let { info, onclick }: Props = $props();
let thumbnail = $derived(getFileThumbnail(info));
</script>
<ActionEntryButton class="h-14" {onclick}>
<DirectoryEntryLabel
type="file"
thumbnail={$thumbnail}
name={info.name}
subtext={formatDateTime(info.createdAt ?? info.lastModifiedAt)}
/>
</ActionEntryButton>

27
src/routes/(fullscreen)/search/SearchBar.svelte Normal file
View File

@@ -0,0 +1,27 @@
<script lang="ts">
import type { ClassValue } from "svelte/elements";
import IconArrowBack from "~icons/material-symbols/arrow-back";
interface Props {
class?: ClassValue;
value: string;
}
let { class: className, value = $bindable() }: Props = $props();
</script>
<div class={["sticky top-0 z-10 flex items-center gap-x-2 px-2 py-3 backdrop-blur-2xl", className]}>
<button
onclick={() => history.back()}
class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
>
<IconArrowBack class="text-2xl" />
</button>
<input
bind:value
type="text"
placeholder="검색"
class="mr-1 h-[2.3rem] flex-grow rounded-lg bg-gray-100 px-3 py-1.5 placeholder-gray-600 focus:outline-none"
/>
</div>

54
src/routes/(fullscreen)/search/SelectCategoryBottomSheet.svelte Normal file
View File

@@ -0,0 +1,54 @@
<script lang="ts">
import { BottomDiv, BottomSheet, Button, FullscreenDiv } from "$lib/components/atoms";
import { SubCategories } from "$lib/components/molecules";
import {
getCategoryInfo,
type LocalCategoryInfo,
type MaybeCategoryInfo,
} from "$lib/modules/filesystem";
import { masterKeyStore } from "$lib/stores";
import { HybridPromise } from "$lib/utils";
interface Props {
isOpen: boolean;
mode: "include" | "exclude";
onSelectCategoryClick: (category: LocalCategoryInfo) => void;
}
let { isOpen = $bindable(), mode, onSelectCategoryClick }: Props = $props();
let categoryInfo: MaybeCategoryInfo | undefined = $state();
$effect(() => {
if (isOpen) {
HybridPromise.resolve(getCategoryInfo("root", $masterKeyStore?.get(1)?.key!)).then(
(result) => (categoryInfo = result),
);
}
});
</script>
{#if categoryInfo?.exists}
<BottomSheet bind:isOpen class="flex flex-col">
<FullscreenDiv>
<SubCategories
class="py-4"
info={categoryInfo}
onSubCategoryClick={({ id }) =>
HybridPromise.resolve(getCategoryInfo(id, $masterKeyStore?.get(1)?.key!)).then(
(result) => (categoryInfo = result),
)}
/>
{#if categoryInfo.id !== "root"}
<BottomDiv>
<Button
onclick={() => onSelectCategoryClick(categoryInfo as LocalCategoryInfo)}
class="w-full"
>
{categoryInfo.name} 카테고리 {mode === "include" ? "꼭 포함하기" : "제외하기"}
</Button>
</BottomDiv>
{/if}
</FullscreenDiv>
</BottomSheet>
{/if}

95
src/routes/(fullscreen)/search/service.ts Normal file
View File

@@ -0,0 +1,95 @@
import type { DataKey, LocalCategoryInfo } from "$lib/modules/filesystem";
import {
decryptDirectoryMetadata,
decryptFileMetadata,
} from "$lib/modules/filesystem/internal.svelte";
import { trpc } from "$trpc/client";
export interface SearchFilter {
ancestorId: DirectoryId;
categories: { info: LocalCategoryInfo; type: "include" | "exclude" }[];
}
interface SearchedDirectory {
type: "directory";
id: number;
parentId: DirectoryId;
dataKey?: DataKey;
name: string;
}
interface SearchedFile {
type: "file";
id: number;
parentId: DirectoryId;
dataKey?: DataKey;
contentType: string;
name: string;
createdAt?: Date;
lastModifiedAt: Date;
}
export interface SearchResult {
directories: SearchedDirectory[];
files: SearchedFile[];
}
export const requestSearch = async (filter: SearchFilter, masterKey: CryptoKey) => {
const { directories: directoriesRaw, files: filesRaw } = await trpc().search.search.query({
ancestor: filter.ancestorId,
includeCategories: filter.categories
.filter(({ type }) => type === "include")
.map(({ info }) => info.id),
excludeCategories: filter.categories
.filter(({ type }) => type === "exclude")
.map(({ info }) => info.id),
});
// TODO: FIXME
const [directories, files] = await Promise.all([
Promise.all(
directoriesRaw.map(async (dir) => {
const metadata = await decryptDirectoryMetadata(
{ dek: dir.dek, dekVersion: dir.dekVersion, name: dir.name, nameIv: dir.nameIv },
masterKey,
);
return {
type: "directory" as const,
id: dir.id,
parentId: dir.parent,
dataKey: metadata.dataKey,
name: metadata.name,
};
}),
),
Promise.all(
filesRaw.map(async (file) => {
const metadata = await decryptFileMetadata(
{
dek: file.dek,
dekVersion: file.dekVersion,
name: file.name,
nameIv: file.nameIv,
createdAt: file.createdAt,
createdAtIv: file.createdAtIv,
lastModifiedAt: file.lastModifiedAt,
lastModifiedAtIv: file.lastModifiedAtIv,
},
masterKey,
);
return {
type: "file" as const,
id: file.id,
parentId: file.parent,
dataKey: metadata.dataKey,
contentType: file.contentType,
name: metadata.name,
createdAt: metadata.createdAt,
lastModifiedAt: metadata.lastModifiedAt,
};
}),
),
]);
return { directories, files };
};

7
src/routes/(fullscreen)/settings/migration/+page.server.ts Normal file
View File

@@ -0,0 +1,7 @@
import { createCaller } from "$trpc/router.server";
import type { PageServerLoad } from "./$types";
export const load: PageServerLoad = async (event) => {
const files = await createCaller(event).file.listLegacy();
return { files };
};

79
src/routes/(fullscreen)/settings/migration/+page.svelte Normal file
View File

@@ -0,0 +1,79 @@
<script lang="ts">
import { onMount } from "svelte";
import { goto } from "$app/navigation";
import { BottomDiv, Button, FullscreenDiv } from "$lib/components/atoms";
import { TopBar } from "$lib/components/molecules";
import { bulkGetFileInfo, type MaybeFileInfo } from "$lib/modules/filesystem";
import { masterKeyStore } from "$lib/stores";
import { sortEntries } from "$lib/utils";
import File from "./File.svelte";
import { getMigrationState, clearMigrationStates, requestFileMigration } from "./service.svelte";
let { data } = $props();
let fileInfos: MaybeFileInfo[] = $state([]);
let files = $derived(
fileInfos
.map((info) => ({
info,
state: getMigrationState(info.id),
}))
.filter((file) => file.state?.status !== "uploaded"),
);
const migrateAllFiles = () => {
files.forEach(({ info }) => {
if (info.exists) {
requestFileMigration(info);
}
});
};
onMount(async () => {
fileInfos = sortEntries(
Array.from((await bulkGetFileInfo(data.files, $masterKeyStore?.get(1)?.key!)).values()),
);
});
$effect(() => clearMigrationStates);
</script>
<svelte:head>
<title>암호화 마이그레이션</title>
</svelte:head>
<TopBar title="암호화 마이그레이션" />
<FullscreenDiv>
{#if files.length > 0}
<div class="space-y-4 pb-4">
<p class="break-keep text-gray-800">
이전 버전의 ArkVault에서 업로드된 {files.length}개 파일을 다시 암호화할 수 있어요.
</p>
<div class="space-y-2">
{#each files as { info, state } (info.id)}
{#if info.exists}
<File
{info}
{state}
onclick={({ id }) => goto(`/file/${id}`)}
onMigrateClick={requestFileMigration}
/>
{/if}
{/each}
</div>
</div>
<BottomDiv>
<Button onclick={migrateAllFiles} class="w-full">모두 다시 암호화하기</Button>
</BottomDiv>
{:else}
<div class="flex flex-grow items-center justify-center">
<p class="text-gray-500">
{#if data.files.length === 0}
마이그레이션할 파일이 없어요.
{:else}
파일 목록을 불러오고 있어요.
{/if}
</p>
</div>
{/if}
</FullscreenDiv>

52
src/routes/(fullscreen)/settings/migration/File.svelte Normal file
View File

@@ -0,0 +1,52 @@
<script module lang="ts">
const subtexts = {
queued: "대기 중",
downloading: "다운로드하는 중",
"upload-pending": "업로드를 기다리는 중",
uploaded: "",
error: "실패",
} as const;
</script>
<script lang="ts">
import { ActionEntryButton } from "$lib/components/atoms";
import { DirectoryEntryLabel } from "$lib/components/molecules";
import type { FileInfo } from "$lib/modules/filesystem";
import { formatDateTime, formatNetworkSpeed } from "$lib/utils";
import type { MigrationState } from "./service.svelte";
import IconSync from "~icons/material-symbols/sync";
type FileInfoWithExists = FileInfo & { exists: true };
interface Props {
info: FileInfoWithExists;
onclick: (file: FileInfo) => void;
onMigrateClick: (file: FileInfoWithExists) => void;
state: MigrationState | undefined;
}
let { info, onclick, onMigrateClick, state }: Props = $props();
let subtext = $derived.by(() => {
if (!state) {
return formatDateTime(info.createdAt ?? info.lastModifiedAt);
}
if (state.status === "uploading") {
const progress = Math.floor((state.progress ?? 0) * 100);
const speed = formatNetworkSpeed((state.rate ?? 0) * 8);
return `전송됨 ${progress}% · ${speed}`;
}
return subtexts[state.status] ?? state.status;
});
</script>
<ActionEntryButton
class="h-14"
onclick={() => onclick(info)}
actionButtonIcon={!state || state.status === "error" ? IconSync : undefined}
onActionButtonClick={() => onMigrateClick(info)}
actionButtonClass="text-gray-800"
>
<DirectoryEntryLabel type="file" name={info.name} {subtext} />
</ActionEntryButton>

105
src/routes/(fullscreen)/settings/migration/service.svelte.ts Normal file
View File

@@ -0,0 +1,105 @@
import { limitFunction } from "p-limit";
import { SvelteMap } from "svelte/reactivity";
import { CHUNK_SIZE } from "$lib/constants";
import type { FileInfo } from "$lib/modules/filesystem";
import { uploadBlob } from "$lib/modules/upload";
import { requestFileDownload } from "$lib/services/file";
import { Scheduler } from "$lib/utils";
import { trpc } from "$trpc/client";
export type MigrationStatus =
| "queued"
| "downloading"
| "upload-pending"
| "uploading"
| "uploaded"
| "error";
export interface MigrationState {
status: MigrationStatus;
progress?: number;
rate?: number;
}
const scheduler = new Scheduler();
const states = new SvelteMap<number, MigrationState>();
const createState = (status: MigrationStatus): MigrationState => {
const state = $state({ status });
return state;
};
export const getMigrationState = (fileId: number) => {
return states.get(fileId);
};
export const clearMigrationStates = () => {
for (const [id, state] of states) {
if (state.status === "uploaded" || state.status === "error") {
states.delete(id);
}
}
};
const requestFileUpload = limitFunction(
async (
state: MigrationState,
fileId: number,
fileBuffer: ArrayBuffer,
dataKey: CryptoKey,
dataKeyVersion: Date,
) => {
state.status = "uploading";
const { uploadId } = await trpc().upload.startMigrationUpload.mutate({
file: fileId,
chunks: Math.ceil(fileBuffer.byteLength / CHUNK_SIZE),
dekVersion: dataKeyVersion,
});
await uploadBlob(uploadId, new Blob([fileBuffer]), dataKey, {
onProgress(s) {
state.progress = s.progress;
state.rate = s.rate;
},
});
await trpc().upload.completeMigrationUpload.mutate({ uploadId });
state.status = "uploaded";
},
{ concurrency: 1 },
);
export const requestFileMigration = async (fileInfo: FileInfo) => {
let state = states.get(fileInfo.id);
if (state) {
if (state.status !== "error") return;
state.status = "queued";
state.progress = undefined;
state.rate = undefined;
} else {
state = createState("queued");
states.set(fileInfo.id, state);
}
try {
const dataKey = fileInfo.dataKey;
if (!dataKey) {
throw new Error("Data key not available");
}
let fileBuffer: ArrayBuffer | undefined;
await scheduler.schedule(
async () => {
state.status = "downloading";
fileBuffer = await requestFileDownload(fileInfo.id, dataKey.key, true);
return fileBuffer.byteLength;
},
() => requestFileUpload(state, fileInfo.id, fileBuffer!, dataKey.key, dataKey.version),
);
} catch (e) {
state.status = "error";
throw e;
}
};

1
src/routes/(fullscreen)/settings/thumbnail/File.svelte
View File

@@ -3,7 +3,6 @@
queued: "대기 중", queued: "대기 중",
"generation-pending": "준비 중", "generation-pending": "준비 중",
generating: "생성하는 중", generating: "생성하는 중",
"upload-pending": "업로드를 기다리는 중",
uploading: "업로드하는 중", uploading: "업로드하는 중",
error: "실패", error: "실패",
} as const; } as const;

63
src/routes/(fullscreen)/settings/thumbnail/service.ts
View File

@@ -1,17 +1,15 @@
import { limitFunction } from "p-limit"; import { limitFunction } from "p-limit";
import { SvelteMap } from "svelte/reactivity"; import { SvelteMap } from "svelte/reactivity";
import { encryptData } from "$lib/modules/crypto";
import { storeFileThumbnailCache } from "$lib/modules/file"; import { storeFileThumbnailCache } from "$lib/modules/file";
import type { FileInfo } from "$lib/modules/filesystem"; import type { FileInfo } from "$lib/modules/filesystem";
import { Scheduler } from "$lib/modules/scheduler"; import { generateThumbnail } from "$lib/modules/thumbnail";
import { generateThumbnail as doGenerateThumbnail } from "$lib/modules/thumbnail";
import { requestFileDownload, requestFileThumbnailUpload } from "$lib/services/file"; import { requestFileDownload, requestFileThumbnailUpload } from "$lib/services/file";
import { Scheduler } from "$lib/utils";
export type GenerationStatus = export type GenerationStatus =
| "queued" | "queued"
| "generation-pending" | "generation-pending"
| "generating" | "generating"
| "upload-pending"
| "uploading" | "uploading"
| "uploaded" | "uploaded"
| "error"; | "error";
@@ -31,33 +29,27 @@ export const clearThumbnailGenerationStatuses = () => {
} }
}; };
const generateThumbnail = limitFunction(
async (fileId: number, fileBuffer: ArrayBuffer, fileType: string, dataKey: CryptoKey) => {
statuses.set(fileId, "generating");
const thumbnail = await doGenerateThumbnail(fileBuffer, fileType);
if (!thumbnail) return null;
const thumbnailBuffer = await thumbnail.arrayBuffer();
const thumbnailEncrypted = await encryptData(thumbnailBuffer, dataKey);
statuses.set(fileId, "upload-pending");
return { plaintext: thumbnailBuffer, ...thumbnailEncrypted };
},
{ concurrency: 4 },
);
const requestThumbnailUpload = limitFunction( const requestThumbnailUpload = limitFunction(
async ( async (fileInfo: FileInfo, fileBuffer: ArrayBuffer) => {
fileId: number, statuses.set(fileInfo.id, "generating");
dataKeyVersion: Date,
thumbnail: { plaintext: ArrayBuffer; ciphertext: ArrayBuffer; iv: string },
) => {
statuses.set(fileId, "uploading");
const res = await requestFileThumbnailUpload(fileId, dataKeyVersion, thumbnail); const thumbnail = await generateThumbnail(
if (!res.ok) return false; new Blob([fileBuffer], { type: fileInfo.contentType }),
statuses.set(fileId, "uploaded"); );
storeFileThumbnailCache(fileId, thumbnail.plaintext); // Intended if (!thumbnail) return false;
statuses.set(fileInfo.id, "uploading");
const res = await requestFileThumbnailUpload(
fileInfo.id,
thumbnail,
fileInfo.dataKey?.key!,
fileInfo.dataKey?.version!,
);
if (!res) return false;
statuses.set(fileInfo.id, "uploaded");
void thumbnail.arrayBuffer().then((buffer) => storeFileThumbnailCache(fileInfo.id, buffer));
return true; return true;
}, },
{ concurrency: 4 }, { concurrency: 4 },
@@ -77,20 +69,11 @@ export const requestThumbnailGeneration = async (fileInfo: FileInfo) => {
await scheduler.schedule( await scheduler.schedule(
async () => { async () => {
statuses.set(fileInfo.id, "generation-pending"); statuses.set(fileInfo.id, "generation-pending");
file = await requestFileDownload(fileInfo.id, fileInfo.contentIv!, fileInfo.dataKey?.key!); file = await requestFileDownload(fileInfo.id, fileInfo.dataKey?.key!, fileInfo.isLegacy!);
return file.byteLength; return file.byteLength;
}, },
async () => { async () => {
const thumbnail = await generateThumbnail( if (!(await requestThumbnailUpload(fileInfo, file!))) {
fileInfo.id,
file!,
fileInfo.contentType,
fileInfo.dataKey?.key!,
);
if (
!thumbnail ||
!(await requestThumbnailUpload(fileInfo.id, fileInfo.dataKey?.version!, thumbnail))
) {
statuses.set(fileInfo.id, "error"); statuses.set(fileInfo.id, "error");
} }
}, },

12
src/routes/(main)/category/[[id]]/+page.svelte
View File

@@ -76,7 +76,7 @@
<div class="min-h-full bg-gray-100 pb-[5.5em]"> <div class="min-h-full bg-gray-100 pb-[5.5em]">
{#if info?.exists} {#if info?.exists}
<div class="space-y-4"> <div class="space-y-4">
<div class="space-y-4 bg-white p-4"> <div class="space-y-2 bg-white p-4">
{#if info.id !== "root"} {#if info.id !== "root"}
<p class="text-lg font-bold text-gray-800">하위 카테고리</p> <p class="text-lg font-bold text-gray-800">하위 카테고리</p>
{/if} {/if}
@@ -84,6 +84,7 @@
{info} {info}
onSubCategoryClick={({ id }) => goto(`/category/${id}`)} onSubCategoryClick={({ id }) => goto(`/category/${id}`)}
onSubCategoryCreateClick={() => (isCategoryCreateModalOpen = true)} onSubCategoryCreateClick={() => (isCategoryCreateModalOpen = true)}
subCategoryCreatePosition="bottom"
onSubCategoryMenuClick={(subCategory) => { onSubCategoryMenuClick={(subCategory) => {
context.selectedCategory = subCategory; context.selectedCategory = subCategory;
isCategoryMenuBottomSheetOpen = true; isCategoryMenuBottomSheetOpen = true;
@@ -92,14 +93,19 @@
/> />
</div> </div>
{#if info.id !== "root"} {#if info.id !== "root"}
<div class="space-y-4 bg-white p-4"> <div class="space-y-2 bg-white p-4">
<div class="flex items-center justify-between"> <div class="flex items-center justify-between">
<p class="text-lg font-bold text-gray-800">파일</p> <p class="text-lg font-bold text-gray-800">파일</p>
<CheckBox bind:checked={info.isFileRecursive}> <CheckBox bind:checked={info.isFileRecursive}>
<p class="font-medium">하위 카테고리의 파일</p> <p class="font-medium">하위 카테고리의 파일</p>
</CheckBox> </CheckBox>
</div> </div>
<RowVirtualizer count={files.length} itemHeight={() => 48} itemGap={4}> <RowVirtualizer
count={files.length}
getItemKey={(index) => files[index]!.details.id}
estimateItemHeight={() => 48}
itemGap={4}
>
{#snippet item(index)} {#snippet item(index)}
{@const { details } = files[index]!} {@const { details } = files[index]!}
<File <File

37
src/routes/(main)/directory/[[id]]/+page.svelte
View File

@@ -25,6 +25,7 @@
requestEntryDeletion, requestEntryDeletion,
} from "./service.svelte"; } from "./service.svelte";
import IconSearch from "~icons/material-symbols/search";
import IconAdd from "~icons/material-symbols/add"; import IconAdd from "~icons/material-symbols/add";
let { data } = $props(); let { data } = $props();
@@ -43,15 +44,26 @@
let isEntryRenameModalOpen = $state(false); let isEntryRenameModalOpen = $state(false);
let isEntryDeleteModalOpen = $state(false); let isEntryDeleteModalOpen = $state(false);
let isFromFilePage = $derived(page.url.searchParams.get("from") === "file"); let showParentEntry = $derived(
let showTopBar = $derived(data.id !== "root" || isFromFilePage); ["file", "search"].includes(page.url.searchParams.get("from") ?? ""),
);
let showBackButton = $derived(data.id !== "root" || showParentEntry);
const onSearchClick = async () => {
const params = new URLSearchParams();
if (data.id !== "root") {
params.set("directoryId", data.id.toString());
}
const query = params.toString();
await goto(`/search${query ? `?${query}` : ""}`);
};
const uploadFile = () => { const uploadFile = () => {
const files = fileInput?.files; const files = fileInput?.files;
if (!files || files.length === 0) return; if (!files || files.length === 0) return;
for (const file of files) { for (const file of files) {
requestFileUpload(file, data.id, $hmacSecretStore?.get(1)!, $masterKeyStore?.get(1)!, () => { requestFileUpload(file, data.id, $masterKeyStore?.get(1)!, $hmacSecretStore?.get(1)!, () => {
return new Promise((resolve) => { return new Promise((resolve) => {
duplicatedFile = file; duplicatedFile = file;
resolveForDuplicateFileModal = resolve; resolveForDuplicateFileModal = resolve;
@@ -96,11 +108,16 @@
<input bind:this={fileInput} onchange={uploadFile} type="file" multiple class="hidden" /> <input bind:this={fileInput} onchange={uploadFile} type="file" multiple class="hidden" />
<div class="flex h-full flex-col"> <div class="flex h-full flex-col">
{#if showTopBar} <TopBar title={info?.name ?? "내 파일"} {showBackButton} class="flex-shrink-0">
<TopBar title={info?.name} class="flex-shrink-0" /> <button
{/if} onclick={onSearchClick}
class="w-[2.3rem] flex-shrink-0 rounded-full p-1 active:bg-black active:bg-opacity-[0.04]"
>
<IconSearch class="text-2xl" />
</button>
</TopBar>
{#if info?.exists} {#if info?.exists}
<div class={["flex flex-grow flex-col px-4 pb-4", !showTopBar && "pt-4"]}> <div class="flex flex-grow flex-col px-4 pb-4">
<div class="flex gap-x-2"> <div class="flex gap-x-2">
<UploadStatusCard onclick={() => goto("/file/uploads")} /> <UploadStatusCard onclick={() => goto("/file/uploads")} />
<DownloadStatusCard onclick={() => goto("/file/downloads")} /> <DownloadStatusCard onclick={() => goto("/file/downloads")} />
@@ -113,12 +130,12 @@
context.selectedEntry = entry; context.selectedEntry = entry;
isEntryMenuBottomSheetOpen = true; isEntryMenuBottomSheetOpen = true;
}} }}
showParentEntry={isFromFilePage && info.parentId !== undefined} showParentEntry={showParentEntry && data.id !== "root"}
onParentClick={() => onParentClick={() =>
goto( goto(
info!.parentId === "root" info!.parentId === "root"
? "/directory?from=file" ? `/directory?from=${page.url.searchParams.get("from")}`
: `/directory/${info!.parentId}?from=file`, : `/directory/${info!.parentId}?from=${page.url.searchParams.get("from")}`,
)} )}
/> />
{/key} {/key}

11
src/routes/(main)/directory/[[id]]/DirectoryEntries/DirectoryEntries.svelte
View File

@@ -46,7 +46,16 @@
</script> </script>
{#if entries.length > 0} {#if entries.length > 0}
<RowVirtualizer count={entries.length} itemHeight={() => 56} itemGap={4} class="pb-[4.5rem]"> <RowVirtualizer
count={entries.length}
getItemKey={(index) =>
entries[index]!.type !== "parent"
? `${entries[index]!.type}-${entries[index]!.details.id}`
: entries[index]!.type!}
estimateItemHeight={() => 56}
itemGap={4}
class="pb-[4.5rem]"
>
{#snippet item(index)} {#snippet item(index)}
{@const entry = entries[index]!} {@const entry = entries[index]!}
{#if entry.type === "parent"} {#if entry.type === "parent"}

8
src/routes/(main)/directory/[[id]]/service.svelte.ts
View File

@@ -81,14 +81,16 @@ export const requestDirectoryCreation = async (
export const requestFileUpload = async ( export const requestFileUpload = async (
file: File, file: File,
parentId: "root" | number, parentId: "root" | number,
hmacSecret: HmacSecret,
masterKey: MasterKey, masterKey: MasterKey,
hmacSecret: HmacSecret,
onDuplicate: () => Promise<boolean>, onDuplicate: () => Promise<boolean>,
) => { ) => {
const res = await uploadFile(file, parentId, hmacSecret, masterKey, onDuplicate); const res = await uploadFile(file, parentId, masterKey, hmacSecret, onDuplicate);
if (!res) return false; if (!res) return false;
storeFileCache(res.fileId, res.fileBuffer); // Intended if (res.fileBuffer) {
storeFileCache(res.fileId, res.fileBuffer); // Intended
}
if (res.thumbnailBuffer) { if (res.thumbnailBuffer) {
storeFileThumbnailCache(res.fileId, res.thumbnailBuffer); // Intended storeFileThumbnailCache(res.fileId, res.thumbnailBuffer); // Intended
} }

8
src/routes/(main)/menu/+page.svelte
View File

@@ -5,6 +5,7 @@
import IconStorage from "~icons/material-symbols/storage"; import IconStorage from "~icons/material-symbols/storage";
import IconImage from "~icons/material-symbols/image"; import IconImage from "~icons/material-symbols/image";
import IconLockReset from "~icons/material-symbols/lock-reset";
import IconPassword from "~icons/material-symbols/password"; import IconPassword from "~icons/material-symbols/password";
import IconLogout from "~icons/material-symbols/logout"; import IconLogout from "~icons/material-symbols/logout";
@@ -41,6 +42,13 @@
> >
썸네일 썸네일
</MenuEntryButton> </MenuEntryButton>
<MenuEntryButton
onclick={() => goto("/settings/migration")}
icon={IconLockReset}
iconColor="text-teal-500"
>
암호화 마이그레이션
</MenuEntryButton>
</div> </div>
<div class="space-y-2"> <div class="space-y-2">
<p class="font-semibold">보안</p> <p class="font-semibold">보안</p>

44
src/routes/api/file/[id]/[[thumbnail=thumbnail]]/download/+server.ts Normal file
View File

@@ -0,0 +1,44 @@
import { error } from "@sveltejs/kit";
import { z } from "zod";
import { parseRangeHeader, getContentRangeHeader } from "$lib/modules/http";
import { authorize } from "$lib/server/modules/auth";
import { getFileStream, getFileThumbnailStream } from "$lib/server/services/file";
import type { RequestHandler, RouteParams } from "./$types";
const downloadHandler = async (locals: App.Locals, params: RouteParams, request: Request) => {
const { userId } = await authorize(locals, "activeClient");
const zodRes = z
.object({
id: z.coerce.number().int().positive(),
})
.safeParse(params);
if (!zodRes.success) error(400, "Invalid path parameters");
const { id } = zodRes.data;
const getStream = params.thumbnail ? getFileThumbnailStream : getFileStream;
const { encContentStream, range } = await getStream(
userId,
id,
parseRangeHeader(request.headers.get("Range")),
);
return {
stream: encContentStream,
status: range ? 206 : 200,
headers: {
"Accept-Ranges": "bytes",
"Content-Length": String(range.end - range.start + 1),
"Content-Type": "application/octet-stream",
...getContentRangeHeader(range),
},
};
};
export const GET: RequestHandler = async ({ locals, params, request }) => {
const { stream, ...init } = await downloadHandler(locals, params, request);
return new Response(stream as ReadableStream, init);
};
export const HEAD: RequestHandler = async ({ locals, params, request }) => {
return new Response(null, await downloadHandler(locals, params, request));
};

25
src/routes/api/file/[id]/download/+server.ts
View File

@@ -1,25 +0,0 @@
import { error } from "@sveltejs/kit";
import { z } from "zod";
import { authorize } from "$lib/server/modules/auth";
import { getFileStream } from "$lib/server/services/file";
import type { RequestHandler } from "./$types";
export const GET: RequestHandler = async ({ locals, params }) => {
const { userId } = await authorize(locals, "activeClient");
const zodRes = z
.object({
id: z.coerce.number().int().positive(),
})
.safeParse(params);
if (!zodRes.success) error(400, "Invalid path parameters");
const { id } = zodRes.data;
const { encContentStream, encContentSize } = await getFileStream(userId, id);
return new Response(encContentStream as ReadableStream, {
headers: {
"Content-Type": "application/octet-stream",
"Content-Length": encContentSize.toString(),
},
});
};

25
src/routes/api/file/[id]/thumbnail/download/+server.ts
View File

@@ -1,25 +0,0 @@
import { error } from "@sveltejs/kit";
import { z } from "zod";
import { authorize } from "$lib/server/modules/auth";
import { getFileThumbnailStream } from "$lib/server/services/file";
import type { RequestHandler } from "./$types";
export const GET: RequestHandler = async ({ locals, params }) => {
const { userId } = await authorize(locals, "activeClient");
const zodRes = z
.object({
id: z.coerce.number().int().positive(),
})
.safeParse(params);
if (!zodRes.success) error(400, "Invalid path parameters");
const { id } = zodRes.data;
const { encContentStream, encContentSize } = await getFileThumbnailStream(userId, id);
return new Response(encContentStream as ReadableStream, {
headers: {
"Content-Type": "application/octet-stream",
"Content-Length": encContentSize.toString(),
},
});
};

74
src/routes/api/file/[id]/thumbnail/upload/+server.ts
View File

@@ -1,74 +0,0 @@
import Busboy from "@fastify/busboy";
import { error, text } from "@sveltejs/kit";
import { Readable, Writable } from "stream";
import { z } from "zod";
import { authorize } from "$lib/server/modules/auth";
import { fileThumbnailUploadRequest, type FileThumbnailUploadRequest } from "$lib/server/schemas";
import { uploadFileThumbnail } from "$lib/server/services/file";
import type { RequestHandler } from "./$types";
export const POST: RequestHandler = async ({ locals, params, request }) => {
const { userId } = await authorize(locals, "activeClient");
const zodRes = z
.object({
id: z.coerce.number().int().positive(),
})
.safeParse(params);
if (!zodRes.success) error(400, "Invalid path parameters");
const { id } = zodRes.data;
const contentType = request.headers.get("Content-Type");
if (!contentType?.startsWith("multipart/form-data") || !request.body) {
error(400, "Invalid request body");
}
return new Promise<Response>((resolve, reject) => {
const bb = Busboy({ headers: { "content-type": contentType } });
const handler =
<T extends unknown[]>(f: (...args: T) => Promise<void>) =>
(...args: T) => {
f(...args).catch(reject);
};
let metadata: FileThumbnailUploadRequest | null = null;
let content: Readable | null = null;
bb.on(
"field",
handler(async (fieldname, val) => {
if (fieldname === "metadata") {
// Ignore subsequent metadata fields
if (!metadata) {
const zodRes = fileThumbnailUploadRequest.safeParse(JSON.parse(val));
if (!zodRes.success) error(400, "Invalid request body");
metadata = zodRes.data;
}
} else {
error(400, "Invalid request body");
}
}),
);
bb.on(
"file",
handler(async (fieldname, file) => {
if (fieldname !== "content") error(400, "Invalid request body");
if (!metadata || content) error(400, "Invalid request body");
content = file;
await uploadFileThumbnail(
userId,
id,
new Date(metadata.dekVersion),
metadata.contentIv,
content,
);
resolve(text("Thumbnail uploaded", { headers: { "Content-Type": "text/plain" } }));
}),
);
bb.on("error", (e) => {
content?.emit("error", e) ?? reject(e);
});
request.body!.pipeTo(Writable.toWeb(bb)).catch(() => {}); // busboy will handle the error
});
};

108
src/routes/api/file/upload/+server.ts
View File

@@ -1,108 +0,0 @@
import Busboy from "@fastify/busboy";
import { error, json } from "@sveltejs/kit";
import { Readable, Writable } from "stream";
import { authorize } from "$lib/server/modules/auth";
import {
fileUploadRequest,
fileUploadResponse,
type FileUploadResponse,
} from "$lib/server/schemas";
import { uploadFile } from "$lib/server/services/file";
import type { RequestHandler } from "./$types";
type FileMetadata = Parameters<typeof uploadFile>[0];
const parseFileMetadata = (userId: number, json: string) => {
const zodRes = fileUploadRequest.safeParse(JSON.parse(json));
if (!zodRes.success) error(400, "Invalid request body");
const {
parent,
mekVersion,
dek,
dekVersion,
hskVersion,
contentHmac,
contentType,
contentIv,
name,
nameIv,
createdAt,
createdAtIv,
lastModifiedAt,
lastModifiedAtIv,
} = zodRes.data;
if ((createdAt && !createdAtIv) || (!createdAt && createdAtIv))
error(400, "Invalid request body");
return {
userId,
parentId: parent,
mekVersion,
encDek: dek,
dekVersion: new Date(dekVersion),
hskVersion,
contentHmac,
contentType,
encContentIv: contentIv,
encName: { ciphertext: name, iv: nameIv },
encCreatedAt: createdAt && createdAtIv ? { ciphertext: createdAt, iv: createdAtIv } : null,
encLastModifiedAt: { ciphertext: lastModifiedAt, iv: lastModifiedAtIv },
} satisfies FileMetadata;
};
export const POST: RequestHandler = async ({ locals, request }) => {
const { userId } = await authorize(locals, "activeClient");
const contentType = request.headers.get("Content-Type");
if (!contentType?.startsWith("multipart/form-data") || !request.body) {
error(400, "Invalid request body");
}
return new Promise<Response>((resolve, reject) => {
const bb = Busboy({ headers: { "content-type": contentType } });
const handler =
<T extends unknown[]>(f: (...args: T) => Promise<void>) =>
(...args: T) => {
f(...args).catch(reject);
};
let metadata: FileMetadata | null = null;
let content: Readable | null = null;
const checksum = new Promise<string>((resolveChecksum, rejectChecksum) => {
bb.on(
"field",
handler(async (fieldname, val) => {
if (fieldname === "metadata") {
// Ignore subsequent metadata fields
if (!metadata) {
metadata = parseFileMetadata(userId, val);
}
} else if (fieldname === "checksum") {
// Ignore subsequent checksum fields
resolveChecksum(val);
} else {
error(400, "Invalid request body");
}
}),
);
bb.on(
"file",
handler(async (fieldname, file) => {
if (fieldname !== "content") error(400, "Invalid request body");
if (!metadata || content) error(400, "Invalid request body");
content = file;
const { fileId } = await uploadFile(metadata, content, checksum);
resolve(json(fileUploadResponse.parse({ file: fileId } satisfies FileUploadResponse)));
}),
);
bb.on("finish", () => rejectChecksum(new Error("Invalid request body")));
bb.on("error", (e) => {
content?.emit("error", e) ?? reject(e);
rejectChecksum(e);
});
});
request.body!.pipeTo(Writable.toWeb(bb)).catch(() => {}); // busboy will handle the error
});
};

37
src/routes/api/upload/[id]/chunks/[index]/+server.ts Normal file
View File

@@ -0,0 +1,37 @@
import { error, text } from "@sveltejs/kit";
import { Readable } from "stream";
import type { ReadableStream } from "stream/web";
import { z } from "zod";
import { parseContentDigestHeader } from "$lib/modules/http";
import { authorize } from "$lib/server/modules/auth";
import { uploadChunk } from "$lib/server/services/upload";
import type { RequestHandler } from "./$types";
export const POST: RequestHandler = async ({ locals, params, request }) => {
const { userId } = await authorize(locals, "activeClient");
const zodRes = z
.object({
id: z.uuidv4(),
index: z.coerce.number().int().positive(),
})
.safeParse(params);
if (!zodRes.success) error(400, "Invalid path parameters");
const { id: sessionId, index: chunkIndex } = zodRes.data;
const encContentHash = parseContentDigestHeader(request.headers.get("Content-Digest"));
if (!encContentHash) {
error(400, "Invalid request headers");
} else if (!request.body) {
error(400, "Invalid request body");
}
await uploadChunk(
userId,
sessionId,
chunkIndex,
Readable.fromWeb(request.body as ReadableStream),
encContentHash,
);
return text("Chunk uploaded", { headers: { "Content-Type": "text/plain" } });
};

1
src/service-worker/constants.ts Normal file
View File

@@ -0,0 +1 @@
export * from "../lib/constants";

156
src/service-worker/handlers/decryptFile.ts Normal file
View File

@@ -0,0 +1,156 @@
import { DECRYPTED_FILE_URL_PREFIX, CHUNK_SIZE, ENCRYPTED_CHUNK_SIZE } from "../constants";
import { decryptChunk, getEncryptedRange, getDecryptedSize } from "../modules/crypto";
import { parseRangeHeader, getContentRangeHeader } from "../modules/http";
import { getFile } from "../modules/opfs";
import { fileMetadataStore } from "../stores";
import type { FileMetadata } from "../types";
const createResponse = (
stream: ReadableStream<Uint8Array>,
isRangeRequest: boolean,
range: { start: number; end: number; total: number },
contentType?: string,
downloadFilename?: string,
) => {
const headers: Record<string, string> = {
"Accept-Ranges": "bytes",
"Content-Length": String(range.end - range.start + 1),
...(isRangeRequest ? getContentRangeHeader(range) : {}),
};
if (contentType) {
headers["Content-Type"] = contentType;
}
if (downloadFilename) {
headers["Content-Disposition"] =
`attachment; filename*=UTF-8''${encodeURIComponent(downloadFilename)}`;
}
return new Response(stream, {
status: isRangeRequest ? 206 : 200,
headers,
});
};
const streamFromOpfs = async (
file: File,
metadata?: FileMetadata,
range?: { start?: number; end?: number },
downloadFilename?: string,
) => {
const start = range?.start ?? 0;
const end = range?.end ?? file.size - 1;
if (start > end || start < 0 || end >= file.size) {
return new Response("Invalid range", { status: 416 });
}
return createResponse(
file.slice(start, end + 1).stream(),
!!range,
{ start, end, total: file.size },
metadata?.contentType,
downloadFilename,
);
};
const streamFromServer = async (
id: number,
metadata: FileMetadata,
range?: { start?: number; end?: number },
downloadFilename?: string,
) => {
const totalSize = getDecryptedSize(metadata.encContentSize, metadata.isLegacy);
const start = range?.start ?? 0;
const end =
range?.end ??
(range && !metadata.isLegacy ? Math.min(start + CHUNK_SIZE, totalSize) : totalSize) - 1;
if (start > end || start < 0 || end >= totalSize) {
return new Response("Invalid range", { status: 416 });
}
const encryptedRange = getEncryptedRange(start, end, metadata.encContentSize, metadata.isLegacy);
const apiResponse = await fetch(`/api/file/${id}/download`, {
headers: { Range: `bytes=${encryptedRange.start}-${encryptedRange.end}` },
});
if (apiResponse.status !== 206 || !apiResponse.body) {
return new Response("Failed to fetch encrypted file", { status: 502 });
}
if (metadata.isLegacy) {
const fileEncrypted = await apiResponse.arrayBuffer();
const decrypted = await decryptChunk(fileEncrypted, metadata.dataKey);
return createResponse(
new ReadableStream<Uint8Array>({
start(controller) {
controller.enqueue(new Uint8Array(decrypted.slice(start, end + 1)));
controller.close();
},
}),
!!range,
{ start, end, total: totalSize },
metadata.contentType,
);
}
const totalChunks = encryptedRange.lastChunkIndex - encryptedRange.firstChunkIndex + 1;
let currentChunkIndex = 0;
let buffer = new Uint8Array(0);
const decryptingStream = new TransformStream<Uint8Array, Uint8Array>({
async transform(chunk, controller) {
const newBuffer = new Uint8Array(buffer.length + chunk.length);
newBuffer.set(buffer);
newBuffer.set(chunk, buffer.length);
buffer = newBuffer;
while (buffer.length >= ENCRYPTED_CHUNK_SIZE && currentChunkIndex < totalChunks - 1) {
const encryptedChunk = buffer.slice(0, ENCRYPTED_CHUNK_SIZE);
buffer = buffer.slice(ENCRYPTED_CHUNK_SIZE);
const decrypted = await decryptChunk(encryptedChunk.buffer, metadata.dataKey);
const sliceStart = currentChunkIndex === 0 ? start % CHUNK_SIZE : 0;
controller.enqueue(new Uint8Array(decrypted.slice(sliceStart)));
currentChunkIndex++;
}
},
async flush(controller) {
if (buffer.length > 0) {
const decrypted = await decryptChunk(buffer.buffer, metadata.dataKey);
const sliceStart = currentChunkIndex === 0 ? start % CHUNK_SIZE : 0;
const sliceEnd = (end % CHUNK_SIZE) + 1;
controller.enqueue(new Uint8Array(decrypted.slice(sliceStart, sliceEnd)));
}
},
});
return createResponse(
apiResponse.body.pipeThrough(decryptingStream),
!!range,
{ start, end, total: totalSize },
metadata.contentType,
downloadFilename,
);
};
const decryptFileHandler = async (request: Request) => {
const url = new URL(request.url);
const fileId = parseInt(url.pathname.slice(DECRYPTED_FILE_URL_PREFIX.length), 10);
if (isNaN(fileId)) {
throw new Response("Invalid file id", { status: 400 });
}
const downloadFilename = url.searchParams.get("download") ?? undefined;
const metadata = fileMetadataStore.get(fileId);
const range = parseRangeHeader(request.headers.get("Range"));
const cache = await getFile(`/cache/${fileId}`);
if (cache) {
return streamFromOpfs(cache, metadata, range, downloadFilename);
} else if (metadata) {
return streamFromServer(fileId, metadata, range, downloadFilename);
} else {
return new Response("Decryption not prepared", { status: 400 });
}
};
export default decryptFileHandler;

1
src/service-worker/handlers/index.ts Normal file
View File

@@ -0,0 +1 @@
export { default as decryptFile } from "./decryptFile";

Some files were not shown because too many files have changed in this diff Show More