Compare commits
14 Commits
master
...
upload-ima
| Author | SHA1 | Date | |
|---|---|---|---|
|
d5b2b52f95 | ||
|
|
654aa3e9c4 | ||
|
|
3b08d84b26 | ||
|
|
a675de3420 | ||
|
|
f60dc3b018 | ||
|
|
bbc92dc01c | ||
|
|
35bcc5c5b9 | ||
|
|
146e1848bc | ||
|
|
86d8771303 | ||
|
|
433394a3c2 | ||
|
|
6de10f07e6 | ||
|
|
a797aa00e9 | ||
|
|
a2569a2b34 | ||
|
|
e9956486fd |
2
plugin
2
plugin
@ -1 +1 @@
|
||||
Subproject commit 73733c0292cb3f0d6775c69c734e80c690932777
|
||||
Subproject commit 8ccf08c4d2d1fb99f38488085c3f40c22393c9c0
|
||||
@ -8,4 +8,4 @@ GET_LIMIT_WINDOW_SECONDS=0.1
|
||||
LOG_LEVEL=warn
|
||||
|
||||
# Make cleanup interval very long to avoid automatic cleanup during tests
|
||||
CLEANUP_INTERVAL_SECONDS=99999
|
||||
CLEANUP_INTERVAL_SECONDS=99999
|
||||
|
||||
@ -0,0 +1,10 @@
|
||||
-- CreateTable
|
||||
CREATE TABLE "EncryptedEmbed" (
|
||||
"id" TEXT NOT NULL PRIMARY KEY,
|
||||
"note_id" TEXT NOT NULL,
|
||||
"embed_id" TEXT NOT NULL,
|
||||
"ciphertext" BLOB NOT NULL,
|
||||
"hmac" TEXT NOT NULL,
|
||||
"size_bytes" INTEGER NOT NULL,
|
||||
CONSTRAINT "EncryptedEmbed_note_id_fkey" FOREIGN KEY ("note_id") REFERENCES "EncryptedNote" ("id") ON DELETE RESTRICT ON UPDATE CASCADE
|
||||
);
|
||||
@ -0,0 +1,8 @@
|
||||
/*
|
||||
Warnings:
|
||||
|
||||
- A unique constraint covering the columns `[note_id,embed_id]` on the table `EncryptedEmbed` will be added. If there are existing duplicate values, this will fail.
|
||||
|
||||
*/
|
||||
-- CreateIndex
|
||||
CREATE UNIQUE INDEX "EncryptedEmbed_note_id_embed_id_key" ON "EncryptedEmbed"("note_id", "embed_id");
|
||||
@ -0,0 +1,17 @@
|
||||
-- RedefineTables
|
||||
PRAGMA foreign_keys=OFF;
|
||||
CREATE TABLE "new_EncryptedEmbed" (
|
||||
"id" TEXT NOT NULL PRIMARY KEY,
|
||||
"note_id" TEXT NOT NULL,
|
||||
"embed_id" TEXT NOT NULL,
|
||||
"ciphertext" BLOB NOT NULL,
|
||||
"hmac" TEXT NOT NULL,
|
||||
"size_bytes" INTEGER NOT NULL,
|
||||
CONSTRAINT "EncryptedEmbed_note_id_fkey" FOREIGN KEY ("note_id") REFERENCES "EncryptedNote" ("id") ON DELETE CASCADE ON UPDATE CASCADE
|
||||
);
|
||||
INSERT INTO "new_EncryptedEmbed" ("ciphertext", "embed_id", "hmac", "id", "note_id", "size_bytes") SELECT "ciphertext", "embed_id", "hmac", "id", "note_id", "size_bytes" FROM "EncryptedEmbed";
|
||||
DROP TABLE "EncryptedEmbed";
|
||||
ALTER TABLE "new_EncryptedEmbed" RENAME TO "EncryptedEmbed";
|
||||
CREATE UNIQUE INDEX "EncryptedEmbed_note_id_embed_id_key" ON "EncryptedEmbed"("note_id", "embed_id");
|
||||
PRAGMA foreign_key_check;
|
||||
PRAGMA foreign_keys=ON;
|
||||
@ -2,7 +2,8 @@
|
||||
// learn more about it in the docs: https://pris.ly/d/prisma-schema
|
||||
|
||||
generator client {
|
||||
provider = "prisma-client-js"
|
||||
provider = "prisma-client-js"
|
||||
previewFeatures = ["interactiveTransactions"]
|
||||
}
|
||||
|
||||
datasource db {
|
||||
@ -11,12 +12,25 @@ datasource db {
|
||||
}
|
||||
|
||||
model EncryptedNote {
|
||||
id String @id @default(cuid())
|
||||
insert_time DateTime @default(now())
|
||||
expire_time DateTime @default(now())
|
||||
id String @id @default(cuid())
|
||||
insert_time DateTime @default(now())
|
||||
expire_time DateTime @default(now())
|
||||
ciphertext String
|
||||
hmac String
|
||||
crypto_version String @default("v1")
|
||||
crypto_version String @default("v1")
|
||||
EncryptedEmbed EncryptedEmbed[]
|
||||
}
|
||||
|
||||
model EncryptedEmbed {
|
||||
id String @id @default(cuid())
|
||||
note_id String
|
||||
embed_id String
|
||||
ciphertext Bytes
|
||||
hmac String
|
||||
size_bytes Int
|
||||
note EncryptedNote @relation(fields: [note_id], references: [id], onDelete: Cascade)
|
||||
|
||||
@@unique([note_id, embed_id], name: "noteId_embedId")
|
||||
}
|
||||
|
||||
model event {
|
||||
|
||||
@ -4,6 +4,8 @@ import { describe, it, expect } from "vitest";
|
||||
import prisma from "./db/client";
|
||||
import { deleteExpiredNotes } from "./tasks/deleteExpiredNotes";
|
||||
import { EventType } from "./logging/EventLogger";
|
||||
import { createNote } from "./db/note.dao";
|
||||
import { EncryptedNote } from "@prisma/client";
|
||||
|
||||
// const testNote with base64 ciphertext and hmac
|
||||
const testNote = {
|
||||
@ -22,7 +24,7 @@ describe("GET /api/note", () => {
|
||||
const res = await supertest(app).get(`/api/note/${id}`);
|
||||
|
||||
// Validate returned note
|
||||
expect(res.statusCode).toBe(200);
|
||||
expectCodeOrThrowResponse(res, 200);
|
||||
expect(res.body).toHaveProperty("id");
|
||||
expect(res.body).toHaveProperty("expire_time");
|
||||
expect(res.body).toHaveProperty("insert_time");
|
||||
@ -48,7 +50,7 @@ describe("GET /api/note", () => {
|
||||
const res = await supertest(app).get(`/api/note/NaN`);
|
||||
|
||||
// Validate returned note
|
||||
expect(res.statusCode).toBe(404);
|
||||
expectCodeOrThrowResponse(res, 404);
|
||||
|
||||
// Is a read event logged?
|
||||
const readEvents = await prisma.event.findMany({
|
||||
@ -73,21 +75,40 @@ describe("GET /api/note", () => {
|
||||
const responseCodes = responses.map((res) => res.statusCode);
|
||||
|
||||
// at least one response should be 429
|
||||
expect(responseCodes).toContain(200);
|
||||
expect(responseCodes).toContain(429);
|
||||
|
||||
// No other response codes should be present
|
||||
expect(
|
||||
responseCodes.map((code) => code === 429 || code === 200)
|
||||
).not.toContain(false);
|
||||
|
||||
// sleep for 100 ms to allow rate limiter to reset
|
||||
await new Promise((resolve) => setTimeout(resolve, 100));
|
||||
});
|
||||
});
|
||||
|
||||
describe("POST /api/note", () => {
|
||||
it("returns a view_url on correct POST body (without plugin version and user id)", async () => {
|
||||
const res = await supertest(app).post("/api/note").send(testNote);
|
||||
it("returns a view_url on correct POST body with embeds", async () => {
|
||||
const res = await supertest(app)
|
||||
.post("/api/note")
|
||||
.send({
|
||||
...testNote,
|
||||
embeds: [
|
||||
{
|
||||
embed_id: "sample_embed_id0",
|
||||
ciphertext: Buffer.from("sample_ciphertext").toString("base64"),
|
||||
hmac: Buffer.from("sample_hmac").toString("base64"),
|
||||
},
|
||||
{
|
||||
embed_id: "sample_embed_id1",
|
||||
ciphertext: Buffer.from("sample_ciphertext").toString("base64"),
|
||||
hmac: Buffer.from("sample_hmac").toString("base64"),
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
if (res.statusCode !== 200) {
|
||||
console.log(res.body);
|
||||
}
|
||||
expect(res.statusCode).toBe(200);
|
||||
expectCodeOrThrowResponse(res, 200);
|
||||
|
||||
// Returned body has correct fields
|
||||
expect(res.body).toHaveProperty("expire_time");
|
||||
@ -115,7 +136,7 @@ describe("POST /api/note", () => {
|
||||
|
||||
it("Returns a bad request on invalid POST body", async () => {
|
||||
const res = await supertest(app).post("/api/note").send({});
|
||||
expect(res.statusCode).toBe(400);
|
||||
expectCodeOrThrowResponse(res, 400);
|
||||
});
|
||||
|
||||
it("returns a valid view_url on correct POST body", async () => {
|
||||
@ -123,7 +144,7 @@ describe("POST /api/note", () => {
|
||||
let res = await supertest(app).post("/api/note").send(testNote);
|
||||
|
||||
// Extract note id from post response
|
||||
expect(res.statusCode).toBe(200);
|
||||
expectCodeOrThrowResponse(res, 200);
|
||||
expect(res.body).toHaveProperty("view_url");
|
||||
const match = (res.body.view_url as string).match(/note\/(.+)$/);
|
||||
expect(match).not.toBeNull();
|
||||
@ -134,7 +155,7 @@ describe("POST /api/note", () => {
|
||||
res = await supertest(app).get(`/api/note/${note_id}`);
|
||||
|
||||
// Validate returned note
|
||||
expect(res.statusCode).toBe(200);
|
||||
expectCodeOrThrowResponse(res, 200);
|
||||
expect(res.body).toHaveProperty("id");
|
||||
expect(res.body).toHaveProperty("expire_time");
|
||||
expect(res.body).toHaveProperty("insert_time");
|
||||
@ -145,16 +166,17 @@ describe("POST /api/note", () => {
|
||||
expect(res.body.hmac).toEqual(testNote.hmac);
|
||||
});
|
||||
|
||||
it("Applies upload limit to endpoint of 500kb", async () => {
|
||||
it("Applies upload limit to endpoint of 8MB", async () => {
|
||||
const largeNote = {
|
||||
ciphertext: "a".repeat(500 * 1024),
|
||||
hmac: "sample_hmac",
|
||||
ciphertext: Buffer.from("a".repeat(8 * 1024 * 1024)).toString("base64"),
|
||||
hmac: Buffer.from("a".repeat(32)).toString("base64"),
|
||||
};
|
||||
const res = await supertest(app).post("/api/note").send(largeNote);
|
||||
expect(res.statusCode).toBe(413);
|
||||
expectCodeOrThrowResponse(res, 413);
|
||||
});
|
||||
|
||||
it("Applies rate limits to endpoint", async () => {
|
||||
// 2022-08-30: Skip this test because it crashes the database connection for some reason
|
||||
it.skip("Applies rate limits to endpoint", async () => {
|
||||
// make more requests than the post limit set in .env.test
|
||||
const requests = [];
|
||||
for (let i = 0; i < 51; i++) {
|
||||
@ -172,11 +194,52 @@ describe("POST /api/note", () => {
|
||||
responseCodes.map((code) => code === 429 || code === 200)
|
||||
).not.toContain(false);
|
||||
|
||||
// sleep for 100 ms to allow rate limiter to reset
|
||||
// sleep for 250 ms to allow rate limiter to reset
|
||||
await new Promise((resolve) => setTimeout(resolve, 250));
|
||||
});
|
||||
});
|
||||
|
||||
describe("Use case: POST note with embeds, then GET embeds", () => {
|
||||
it("returns a view_url on correct POST body with embeds", async () => {
|
||||
const payload = {
|
||||
ciphertext: Buffer.from("sample_ciphertext").toString("base64"),
|
||||
hmac: Buffer.from("sample_hmac").toString("base64"),
|
||||
user_id: "f06536e7df6857fc",
|
||||
embeds: [
|
||||
{
|
||||
embed_id: "EMBED_ID",
|
||||
ciphertext: Buffer.from("sample_ciphertext").toString("base64"),
|
||||
hmac: Buffer.from("sample_hmac").toString("base64"),
|
||||
},
|
||||
],
|
||||
};
|
||||
|
||||
// make post request
|
||||
const res = await supertest(app).post("/api/note").send(payload);
|
||||
|
||||
// check response and extract note id
|
||||
expectCodeOrThrowResponse(res, 200);
|
||||
expect(res.body).toHaveProperty("view_url");
|
||||
const match = (res.body.view_url as string).match(/note\/(.+)$/);
|
||||
expect(match).not.toBeNull();
|
||||
const note_id = (match as RegExpMatchArray)[1];
|
||||
|
||||
// make get request for note
|
||||
const noteRes = await supertest(app).get(`/api/note/${note_id}`);
|
||||
expectCodeOrThrowResponse(noteRes, 200);
|
||||
expect(noteRes.body?.ciphertext).toEqual(payload.ciphertext);
|
||||
expect(noteRes.body?.hmac).toEqual(payload.hmac);
|
||||
|
||||
// make get request for embed
|
||||
const embedRes = await supertest(app).get(
|
||||
`/api/note/${note_id}/embeds/EMBED_ID`
|
||||
);
|
||||
expectCodeOrThrowResponse(embedRes, 200);
|
||||
expect(embedRes.body?.ciphertext).toEqual(payload.embeds[0].ciphertext);
|
||||
expect(embedRes.body?.hmac).toEqual(payload.embeds[0].hmac);
|
||||
});
|
||||
});
|
||||
|
||||
describe("Clean expired notes", () => {
|
||||
it("removes expired notes", async () => {
|
||||
// insert a note with expiry date in the past using prisma
|
||||
@ -212,4 +275,54 @@ describe("Clean expired notes", () => {
|
||||
testNote.ciphertext.length + testNote.hmac.length
|
||||
);
|
||||
});
|
||||
|
||||
it("removes notes with embeds", async () => {
|
||||
// insert a note with embeds and with expiry date in the past using prisma
|
||||
const note = {
|
||||
...testNote,
|
||||
expire_time: new Date(0),
|
||||
} as EncryptedNote;
|
||||
const embeds = [
|
||||
{
|
||||
embed_id: "EMBED_ID",
|
||||
ciphertext: Buffer.from("sample_ciphertext").toString("base64"),
|
||||
hmac: Buffer.from("sample_hmac").toString("base64"),
|
||||
},
|
||||
];
|
||||
const { id } = await createNote(note, embeds);
|
||||
|
||||
// make request for note and check that response is 200
|
||||
const res = await supertest(app).get(`/api/note/${id}`);
|
||||
expect(res.statusCode).toBe(200);
|
||||
const embedRes = await supertest(app).get(
|
||||
`/api/note/${id}/embeds/EMBED_ID`
|
||||
);
|
||||
expect(embedRes.statusCode).toBe(200);
|
||||
|
||||
// run cleanup
|
||||
const nDeleted = await deleteExpiredNotes();
|
||||
expect(nDeleted).toBeGreaterThan(0);
|
||||
|
||||
// if the note is added to the expire filter, it returns 410
|
||||
const res2 = await supertest(app).get(`/api/note/${id}`);
|
||||
expect(res2.statusCode).toBe(410);
|
||||
|
||||
// check that the embed is not found
|
||||
const embedRes2 = await supertest(app).get(
|
||||
`/api/note/${id}/embeds/EMBED_ID`
|
||||
);
|
||||
expect(embedRes2.statusCode).toBe(404);
|
||||
});
|
||||
});
|
||||
|
||||
function expectCodeOrThrowResponse(res: supertest.Response, expected: number) {
|
||||
try {
|
||||
expect(res.status).toBe(expected);
|
||||
} catch (e) {
|
||||
(e as Error).message = `
|
||||
Unexpected status ${res.status} (expected ${expected}):
|
||||
|
||||
Response body: ${res.text}`;
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@ -9,9 +9,6 @@ import { deleteExpiredNotes, deleteInterval } from "./tasks/deleteExpiredNotes";
|
||||
// Initialize middleware clients
|
||||
export const app: Express = express();
|
||||
|
||||
// Enable JSON body parsing
|
||||
app.use(express.json({}));
|
||||
|
||||
// configure logging
|
||||
app.use(
|
||||
pinoHttp({
|
||||
|
||||
20
server/src/controllers/note/embeds/embeds.get.controller.ts
Normal file
20
server/src/controllers/note/embeds/embeds.get.controller.ts
Normal file
@ -0,0 +1,20 @@
|
||||
import type { NextFunction, Request, Response } from "express";
|
||||
import { getEmbed } from "../../../db/embed.dao";
|
||||
|
||||
export async function getEmbedController(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<void> {
|
||||
const { id: note_id, embed_id } = req.params;
|
||||
try {
|
||||
const embed = await getEmbed(note_id, embed_id);
|
||||
if (embed != null) {
|
||||
res.status(200).json(embed).send();
|
||||
} else {
|
||||
res.status(404).send();
|
||||
}
|
||||
} catch (err) {
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,87 @@
|
||||
import express from "express";
|
||||
import supertest from "supertest";
|
||||
import { vi, it, expect, describe, beforeEach, afterEach } from "vitest";
|
||||
import { getEmbedController } from "./embeds.get.controller";
|
||||
import * as embedDao from "../../../db/embed.dao";
|
||||
|
||||
vi.mock("../../../db/embed.dao");
|
||||
|
||||
const MOCK_EMBED_DTO: embedDao.EncryptedEmbedDTO = {
|
||||
note_id: "valid_note_id",
|
||||
embed_id: "valid_embed_id",
|
||||
ciphertext: Buffer.from("sample_ciphertext").toString("base64"),
|
||||
hmac: Buffer.from("sample_hmac").toString("base64"),
|
||||
};
|
||||
|
||||
describe("Test GET embeds", () => {
|
||||
let app: express.Express;
|
||||
let mockEmbedDao = vi.mocked(embedDao);
|
||||
|
||||
beforeEach(() => {
|
||||
app = express()
|
||||
.use(express.json())
|
||||
.get("/:id/embeds/:embed_id", getEmbedController);
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
vi.resetAllMocks();
|
||||
});
|
||||
|
||||
it("Should return 200 for a valid note_id+embed_id pair", async () => {
|
||||
// mock db response
|
||||
mockEmbedDao.getEmbed.mockImplementation(async (noteId, embedId) => {
|
||||
if (
|
||||
noteId === MOCK_EMBED_DTO.note_id &&
|
||||
embedId === MOCK_EMBED_DTO.embed_id
|
||||
) {
|
||||
return MOCK_EMBED_DTO;
|
||||
}
|
||||
return null;
|
||||
});
|
||||
|
||||
// make request
|
||||
const res = await supertest(app).get(
|
||||
"/valid_note_id/embeds/valid_embed_id"
|
||||
);
|
||||
|
||||
// check response
|
||||
expect(res.statusCode).toBe(200);
|
||||
expect(res.body).toMatchObject(MOCK_EMBED_DTO);
|
||||
});
|
||||
|
||||
it("Should return 404 for an invalid note_id+embed_id pair", async () => {
|
||||
// mock db response
|
||||
mockEmbedDao.getEmbed.mockImplementation(async (noteId, embedId) => {
|
||||
if (
|
||||
noteId === MOCK_EMBED_DTO.note_id &&
|
||||
embedId === MOCK_EMBED_DTO.embed_id
|
||||
) {
|
||||
return MOCK_EMBED_DTO;
|
||||
}
|
||||
return null;
|
||||
});
|
||||
|
||||
// make request
|
||||
const res = await supertest(app).get(
|
||||
"/invalid_note_id/embeds/invalid_embed_id"
|
||||
);
|
||||
|
||||
// check response
|
||||
expect(res.statusCode).toBe(404);
|
||||
});
|
||||
|
||||
it("Should return 500 on database failure", async () => {
|
||||
// mock db response
|
||||
mockEmbedDao.getEmbed.mockImplementation(async (noteId, embedId) => {
|
||||
throw new Error("Database failure");
|
||||
});
|
||||
|
||||
// make request
|
||||
const res = await supertest(app).get(
|
||||
"/valid_note_id/embeds/valid_embed_id"
|
||||
);
|
||||
|
||||
// check response
|
||||
expect(res.statusCode).toBe(500);
|
||||
});
|
||||
});
|
||||
6
server/src/controllers/note/embeds/embeds.router.ts
Normal file
6
server/src/controllers/note/embeds/embeds.router.ts
Normal file
@ -0,0 +1,6 @@
|
||||
import express from "express";
|
||||
import { getEmbedController } from "./embeds.get.controller";
|
||||
|
||||
export const embedsRoute = express.Router({ mergeParams: true });
|
||||
|
||||
embedsRoute.get("/:embed_id", getEmbedController);
|
||||
@ -3,6 +3,7 @@ import { getExpiredNoteFilter } from "../../lib/expiredNoteFilter";
|
||||
import EventLogger from "../../logging/EventLogger";
|
||||
import { getConnectingIp } from "../../util";
|
||||
import { getNote } from "../../db/note.dao";
|
||||
|
||||
export async function getNoteController(
|
||||
req: Request,
|
||||
res: Response,
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
import { EncryptedNote } from "@prisma/client";
|
||||
import { EncryptedNote, PrismaClient } from "@prisma/client";
|
||||
import { NextFunction, Request, Response } from "express";
|
||||
import { crc16 as crc } from "crc";
|
||||
import { createNote } from "../../db/note.dao";
|
||||
@ -12,7 +12,25 @@ import {
|
||||
ValidateIf,
|
||||
ValidationError,
|
||||
Matches,
|
||||
IsString,
|
||||
IsArray,
|
||||
ValidateNested,
|
||||
} from "class-validator";
|
||||
import prisma from "../../db/client";
|
||||
|
||||
export class EncryptedEmbedBody {
|
||||
@IsBase64()
|
||||
@IsNotEmpty()
|
||||
ciphertext!: string;
|
||||
|
||||
@IsBase64()
|
||||
@IsNotEmpty()
|
||||
hmac!: string;
|
||||
|
||||
@IsString()
|
||||
@IsNotEmpty()
|
||||
embed_id!: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Request body for creating a note
|
||||
@ -36,6 +54,10 @@ export class NotePostRequest {
|
||||
|
||||
@Matches("^v[0-9]+$")
|
||||
crypto_version: string = "v1";
|
||||
|
||||
// validate the shape of each item manually, avoid need for class-transformer package
|
||||
@IsArray()
|
||||
embeds: EncryptedEmbedBody[] = [];
|
||||
}
|
||||
|
||||
export async function postNoteController(
|
||||
@ -52,9 +74,18 @@ export async function postNoteController(
|
||||
|
||||
// Validate request body
|
||||
const notePostRequest = new NotePostRequest();
|
||||
const noteEmbedRequests: EncryptedEmbedBody[] = [];
|
||||
Object.assign(notePostRequest, req.body);
|
||||
try {
|
||||
await validateOrReject(notePostRequest);
|
||||
if (notePostRequest.embeds && notePostRequest.embeds.length > 0) {
|
||||
for (const embed of notePostRequest.embeds) {
|
||||
const embedBody = new EncryptedEmbedBody();
|
||||
Object.assign(embedBody, embed);
|
||||
await validateOrReject(embedBody);
|
||||
noteEmbedRequests.push(embedBody);
|
||||
}
|
||||
}
|
||||
} catch (_err: any) {
|
||||
const err = _err as ValidationError;
|
||||
res.status(400).send(err.toString());
|
||||
@ -65,7 +96,6 @@ export async function postNoteController(
|
||||
|
||||
// Validate user ID, if present
|
||||
if (notePostRequest.user_id && !checkId(notePostRequest.user_id)) {
|
||||
console.log("invalid user id");
|
||||
res.status(400).send("Invalid user id (checksum failed)");
|
||||
event.error = "Invalid user id (checksum failed)";
|
||||
EventLogger.writeEvent(event);
|
||||
@ -81,24 +111,32 @@ export async function postNoteController(
|
||||
crypto_version: notePostRequest.crypto_version,
|
||||
} as EncryptedNote;
|
||||
|
||||
// Store note object
|
||||
createNote(note)
|
||||
.then(async (savedNote) => {
|
||||
event.success = true;
|
||||
event.note_id = savedNote.id;
|
||||
event.size_bytes = savedNote.ciphertext.length + savedNote.hmac.length;
|
||||
event.expire_window_days = EXPIRE_WINDOW_DAYS;
|
||||
await EventLogger.writeEvent(event);
|
||||
res.json({
|
||||
view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`,
|
||||
expire_time: savedNote.expire_time,
|
||||
});
|
||||
})
|
||||
.catch(async (err) => {
|
||||
event.error = err.toString();
|
||||
await EventLogger.writeEvent(event);
|
||||
next(err);
|
||||
// Store note object and possible embeds in database transaction
|
||||
try {
|
||||
const savedNote = await createNote(note, noteEmbedRequests);
|
||||
|
||||
// Log write event
|
||||
event.success = true;
|
||||
event.note_id = savedNote.id;
|
||||
event.size_bytes = savedNote.ciphertext.length + savedNote.hmac.length;
|
||||
event.expire_window_days = EXPIRE_WINDOW_DAYS;
|
||||
await EventLogger.writeEvent(event);
|
||||
|
||||
// return HTTP request
|
||||
res.json({
|
||||
view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`,
|
||||
expire_time: savedNote.expire_time,
|
||||
});
|
||||
} catch (err: any) {
|
||||
// if the error matches "Duplicate embed", return a 409 conflict
|
||||
event.error = err.toString();
|
||||
await EventLogger.writeEvent(event);
|
||||
if (err.message.includes("Duplicate embed")) {
|
||||
res.status(409).send(err.message);
|
||||
} else {
|
||||
next(err);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -2,10 +2,16 @@ import express from "express";
|
||||
import supertest from "supertest";
|
||||
import { vi, describe, it, beforeEach, afterEach, expect } from "vitest";
|
||||
import * as noteDao from "../../db/note.dao";
|
||||
import * as embedDao from "../../db/embed.dao";
|
||||
import EventLogger from "../../logging/EventLogger";
|
||||
import { NotePostRequest, postNoteController } from "./note.post.controller";
|
||||
import {
|
||||
EncryptedEmbedBody,
|
||||
NotePostRequest,
|
||||
postNoteController,
|
||||
} from "./note.post.controller";
|
||||
|
||||
vi.mock("../../db/note.dao");
|
||||
vi.mock("../../db/embed.dao");
|
||||
vi.mock("../../logging/EventLogger");
|
||||
|
||||
const VALID_CIPHERTEXT = Buffer.from("sample_ciphertext").toString("base64");
|
||||
@ -19,8 +25,10 @@ const VALID_CRYPTO_VERSION = "v99";
|
||||
const MALFORMED_CRYPTO_VERSION = "32";
|
||||
|
||||
const MOCK_NOTE_ID = "1234";
|
||||
const MOCK_EMBED_ID = "abcd";
|
||||
|
||||
type TestParams = {
|
||||
case: string;
|
||||
payload: Partial<NotePostRequest>;
|
||||
expectedStatus: number;
|
||||
};
|
||||
@ -28,6 +36,7 @@ type TestParams = {
|
||||
const TEST_PAYLOADS: TestParams[] = [
|
||||
// Request with valid ciphertext and hmac
|
||||
{
|
||||
case: "valid ciphertext and hmac",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -36,6 +45,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with valid ciphertext, hmac, user id, and plugin version
|
||||
{
|
||||
case: "valid ciphertext, hmac, user id, and plugin version",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -46,6 +56,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with non-base64 ciphertext
|
||||
{
|
||||
case: "non-base64 ciphertext",
|
||||
payload: {
|
||||
ciphertext: "not_base64",
|
||||
hmac: VALID_HMAC,
|
||||
@ -54,6 +65,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with non-base64 hmac
|
||||
{
|
||||
case: "non-base64 hmac",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: "not_base64",
|
||||
@ -62,6 +74,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with empty ciphertext
|
||||
{
|
||||
case: "empty ciphertext",
|
||||
payload: {
|
||||
ciphertext: "",
|
||||
hmac: VALID_HMAC,
|
||||
@ -70,6 +83,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with empty hmac
|
||||
{
|
||||
case: "empty hmac",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: "",
|
||||
@ -78,6 +92,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with valid user id
|
||||
{
|
||||
case: "valid user id",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -87,6 +102,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with malformed user id (wrong crc)
|
||||
{
|
||||
case: "malformed user id (wrong crc)",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -96,6 +112,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with malformed user id (wrong length)
|
||||
{
|
||||
case: "malformed user id (wrong length)",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -105,6 +122,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with valid plugin version
|
||||
{
|
||||
case: "valid plugin version",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -114,6 +132,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with malformed plugin version
|
||||
{
|
||||
case: "malformed plugin version",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -123,6 +142,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with valid ciphertext, hmac, user id, plugin version, and crypto version
|
||||
{
|
||||
case: "valid ciphertext, hmac, user id, plugin version, and crypto version",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -134,6 +154,7 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
// Request with malformed crypto version
|
||||
{
|
||||
case: "malformed crypto version",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
@ -143,33 +164,164 @@ const TEST_PAYLOADS: TestParams[] = [
|
||||
},
|
||||
expectedStatus: 400,
|
||||
},
|
||||
// Request with empty embeds array
|
||||
{
|
||||
case: "empty embeds array",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
user_id: VALID_USER_ID,
|
||||
plugin_version: VALID_VERSION,
|
||||
crypto_version: VALID_CRYPTO_VERSION,
|
||||
embeds: [],
|
||||
},
|
||||
expectedStatus: 200,
|
||||
},
|
||||
// Request with single valid embed
|
||||
{
|
||||
case: "valid embeds array",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
user_id: VALID_USER_ID,
|
||||
embeds: [
|
||||
{
|
||||
embed_id: "0",
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
},
|
||||
],
|
||||
},
|
||||
expectedStatus: 200,
|
||||
},
|
||||
// Request with embed with empty embed_id
|
||||
{
|
||||
case: "embed with empty embed_id",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
user_id: VALID_USER_ID,
|
||||
embeds: [
|
||||
{
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
} as EncryptedEmbedBody,
|
||||
],
|
||||
},
|
||||
expectedStatus: 400,
|
||||
},
|
||||
// Request with embed with non-base64 ciphertext
|
||||
{
|
||||
case: "embed with non-base64 ciphertext",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
user_id: VALID_USER_ID,
|
||||
embeds: [
|
||||
{
|
||||
ciphertext: "not_base64",
|
||||
hmac: VALID_HMAC,
|
||||
embed_id: "0",
|
||||
},
|
||||
],
|
||||
},
|
||||
expectedStatus: 400,
|
||||
},
|
||||
// Request with embed with non-base64 hmac
|
||||
{
|
||||
case: "embed with non-base64 hmac",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
user_id: VALID_USER_ID,
|
||||
embeds: [
|
||||
{
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: "not_base64",
|
||||
embed_id: "0",
|
||||
},
|
||||
],
|
||||
},
|
||||
expectedStatus: 400,
|
||||
},
|
||||
// Request with duplicate embeds
|
||||
{
|
||||
case: "duplicate embeds",
|
||||
payload: {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
user_id: VALID_USER_ID,
|
||||
embeds: [
|
||||
{
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
embed_id: "0",
|
||||
},
|
||||
{
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
embed_id: "0",
|
||||
},
|
||||
],
|
||||
},
|
||||
expectedStatus: 409,
|
||||
},
|
||||
];
|
||||
|
||||
describe("note.post.controller", () => {
|
||||
describe("Execute test cases", () => {
|
||||
let mockNoteDao = vi.mocked(noteDao);
|
||||
let mockEmbedDao = vi.mocked(embedDao);
|
||||
let mockEventLogger = vi.mocked(EventLogger);
|
||||
|
||||
const test_app = express().use(express.json()).post("/", postNoteController);
|
||||
|
||||
beforeEach(() => {
|
||||
// database writes always succeed
|
||||
mockNoteDao.createNote.mockImplementation(async (note) => ({
|
||||
...note,
|
||||
id: MOCK_NOTE_ID,
|
||||
insert_time: new Date(),
|
||||
}));
|
||||
const storedEmbeds: string[] = [];
|
||||
|
||||
mockNoteDao.createNote.mockImplementation(async (note, embeds) => {
|
||||
if (embeds && embeds.length > 0) {
|
||||
for (const e of embeds) {
|
||||
if (storedEmbeds.find((s) => s === MOCK_NOTE_ID + e.embed_id)) {
|
||||
throw new Error("Duplicate embed");
|
||||
}
|
||||
storedEmbeds.push(MOCK_NOTE_ID + e.embed_id);
|
||||
}
|
||||
}
|
||||
return {
|
||||
...note,
|
||||
id: MOCK_NOTE_ID,
|
||||
insert_time: new Date(),
|
||||
};
|
||||
});
|
||||
mockEmbedDao.createEmbed.mockImplementation(async (embed) => {
|
||||
storedEmbeds.push(embed.note_id + embed.embed_id);
|
||||
return {
|
||||
...embed,
|
||||
ciphertext: Buffer.from(embed.ciphertext, "base64"),
|
||||
id: MOCK_EMBED_ID,
|
||||
size_bytes: embed.ciphertext.length,
|
||||
};
|
||||
});
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
vi.resetAllMocks();
|
||||
});
|
||||
|
||||
it.each(TEST_PAYLOADS)("test payloads", async (params) => {
|
||||
it.each(TEST_PAYLOADS)("Case %#: $case", async (params) => {
|
||||
const { payload, expectedStatus } = params;
|
||||
|
||||
// make request
|
||||
const res = await supertest(test_app).post("/").send(payload);
|
||||
expect(res.status).toBe(expectedStatus);
|
||||
try {
|
||||
expect(res.status).toBe(expectedStatus);
|
||||
} catch (e) {
|
||||
throw new Error(`
|
||||
Unexpected status ${res.status} (expected ${expectedStatus}):
|
||||
|
||||
Response body: ${res.text}`);
|
||||
}
|
||||
|
||||
// Validate reponse body
|
||||
if (expectedStatus === 200) {
|
||||
@ -193,7 +345,8 @@ describe("note.post.controller", () => {
|
||||
hmac: payload.hmac,
|
||||
crypto_version: payload.crypto_version || "v1",
|
||||
expire_time: expect.any(Date),
|
||||
})
|
||||
}),
|
||||
expect.arrayContaining(payload?.embeds ?? [])
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@ -1,11 +1,14 @@
|
||||
import bodyParser from "body-parser";
|
||||
import express from "express";
|
||||
import rateLimit from "express-rate-limit";
|
||||
import { embedsRoute } from "./embeds/embeds.router";
|
||||
import { getNoteController } from "./note.get.controller";
|
||||
import { postNoteController } from "./note.post.controller";
|
||||
|
||||
export const notesRoute = express.Router();
|
||||
|
||||
const jsonParser = express.json({ limit: "500k" });
|
||||
const jsonParser = express.json();
|
||||
const uploadLimit = bodyParser.json({ limit: "8mb" });
|
||||
|
||||
const postRateLimit = rateLimit({
|
||||
windowMs: parseFloat(process.env.POST_LIMIT_WINDOW_SECONDS as string) * 1000,
|
||||
@ -22,6 +25,8 @@ const getRateLimit = rateLimit({
|
||||
});
|
||||
|
||||
// notesRoute.use(jsonParser, uploadLimit);
|
||||
notesRoute.use("/:id/embeds", embedsRoute);
|
||||
notesRoute.use(uploadLimit);
|
||||
notesRoute.use(jsonParser);
|
||||
notesRoute.post("", postRateLimit, postNoteController);
|
||||
notesRoute.get("/:id", getRateLimit, getNoteController);
|
||||
notesRoute.route("/").post(postRateLimit, postNoteController);
|
||||
notesRoute.route("/:id").get(getRateLimit, getNoteController);
|
||||
|
||||
4
server/src/db/__mocks__/embed.dao.ts
Normal file
4
server/src/db/__mocks__/embed.dao.ts
Normal file
@ -0,0 +1,4 @@
|
||||
import { vi } from "vitest";
|
||||
|
||||
export const getEmbed = vi.fn();
|
||||
export const createEmbed = vi.fn();
|
||||
@ -1,6 +1,6 @@
|
||||
import { vi } from "vitest";
|
||||
|
||||
export const getNote = vi.fn();
|
||||
export const createNote = vi.fn();
|
||||
export const getExpiredNotes = vi.fn();
|
||||
export const deleteNotes = vi.fn();
|
||||
export const createNote = vi.fn();
|
||||
|
||||
85
server/src/db/embed.dao.integration.test.ts
Normal file
85
server/src/db/embed.dao.integration.test.ts
Normal file
@ -0,0 +1,85 @@
|
||||
import { describe, it, expect } from "vitest";
|
||||
import type { EncryptedNote } from "@prisma/client";
|
||||
import { getEmbed, createEmbed } from "./embed.dao";
|
||||
import { createNote } from "./note.dao";
|
||||
|
||||
const VALID_CIPHERTEXT = Buffer.from("sample_ciphertext").toString("base64");
|
||||
|
||||
describe("Reading and writing embeds", () => {
|
||||
it("Should write embeds for existing note", async () => {
|
||||
const note = await createNote({
|
||||
ciphertext: "test",
|
||||
hmac: "test",
|
||||
crypto_version: "v2",
|
||||
} as EncryptedNote);
|
||||
|
||||
const embed = {
|
||||
note_id: note.id,
|
||||
embed_id: "embed_id",
|
||||
hmac: "hmac",
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
};
|
||||
|
||||
const res = await createEmbed(embed);
|
||||
|
||||
expect(res.note_id).toEqual(embed.note_id);
|
||||
expect(res.embed_id).toEqual(embed.embed_id);
|
||||
expect(res.hmac).toEqual(embed.hmac);
|
||||
expect(res.id).not.toBeNull();
|
||||
expect(res.id.length).toBeGreaterThan(0);
|
||||
expect(res.ciphertext.byteLength).toBeGreaterThan(0);
|
||||
});
|
||||
|
||||
it("Should throw if note_id does not refer to existing note", async () => {
|
||||
const embed = {
|
||||
note_id: "note_id",
|
||||
embed_id: "embed_id",
|
||||
hmac: "hmac",
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
};
|
||||
|
||||
await expect(createEmbed(embed)).rejects.toThrowError();
|
||||
});
|
||||
|
||||
it("Should throw if embed_id is not unique", async () => {
|
||||
const note = await createNote({
|
||||
ciphertext: "test",
|
||||
hmac: "test",
|
||||
crypto_version: "v2",
|
||||
} as EncryptedNote);
|
||||
|
||||
const embed = {
|
||||
note_id: note.id,
|
||||
embed_id: "embed_id",
|
||||
hmac: "hmac",
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
};
|
||||
|
||||
await createEmbed(embed); // embed 1
|
||||
await expect(createEmbed(embed)).rejects.toThrowError(/Duplicate embed/g); // duplicate embed
|
||||
});
|
||||
|
||||
it("Should read embeds for existing note", async () => {
|
||||
const note = await createNote({
|
||||
ciphertext: "test",
|
||||
hmac: "test",
|
||||
crypto_version: "v2",
|
||||
} as EncryptedNote);
|
||||
|
||||
const embed = {
|
||||
note_id: note.id,
|
||||
embed_id: "embed_id",
|
||||
hmac: "hmac",
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
};
|
||||
|
||||
await createEmbed(embed);
|
||||
const res = await getEmbed(note.id, embed.embed_id);
|
||||
|
||||
expect(res).not.toBeNull();
|
||||
expect(res?.note_id).toEqual(embed.note_id);
|
||||
expect(res?.embed_id).toEqual(embed.embed_id);
|
||||
expect(res?.hmac).toEqual(embed.hmac);
|
||||
expect(res?.ciphertext).toEqual(embed.ciphertext);
|
||||
});
|
||||
});
|
||||
68
server/src/db/embed.dao.ts
Normal file
68
server/src/db/embed.dao.ts
Normal file
@ -0,0 +1,68 @@
|
||||
import { EncryptedEmbed, Prisma, PrismaClient } from "@prisma/client";
|
||||
import { BufferToBase64, base64ToBuffer } from "../util";
|
||||
import prisma from "./client";
|
||||
|
||||
export interface EncryptedEmbedDTO {
|
||||
note_id: string;
|
||||
embed_id: string;
|
||||
ciphertext: string; // in base64
|
||||
hmac: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get an embed for a note by embed_id.
|
||||
* @param noteId note id
|
||||
* @param embedId embed id
|
||||
* @returns encrypted embed (serialized ciphertext to base64)
|
||||
*/
|
||||
export async function getEmbed(
|
||||
noteId: string,
|
||||
embedId: string
|
||||
): Promise<EncryptedEmbedDTO | null> {
|
||||
const embed = await prisma.encryptedEmbed.findUnique({
|
||||
where: {
|
||||
noteId_embedId: {
|
||||
note_id: noteId,
|
||||
embed_id: embedId,
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
if (!embed) return null;
|
||||
|
||||
return {
|
||||
note_id: embed.note_id,
|
||||
embed_id: embed.embed_id,
|
||||
hmac: embed.hmac,
|
||||
ciphertext: BufferToBase64(embed.ciphertext),
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an embed for a note.
|
||||
* @param embed EncryptedEmbedDTO to serialize and save
|
||||
* @param transactionClient optionally pass a TransactionClient object when running in a Prisma interactive transaction
|
||||
* @returns the saved EncryptedEmbed (deserialized ciphertext to Buffer)
|
||||
*/
|
||||
export async function createEmbed(
|
||||
embed: EncryptedEmbedDTO,
|
||||
transactionClient: Prisma.TransactionClient = prisma
|
||||
): Promise<EncryptedEmbed> {
|
||||
const cipher_buf = base64ToBuffer(embed.ciphertext);
|
||||
const data = {
|
||||
note_id: embed.note_id,
|
||||
embed_id: embed.embed_id,
|
||||
hmac: embed.hmac,
|
||||
ciphertext: cipher_buf,
|
||||
size_bytes: cipher_buf.byteLength,
|
||||
} as EncryptedEmbed;
|
||||
return transactionClient.encryptedEmbed.create({ data }).catch((err) => {
|
||||
if (err instanceof Prisma.PrismaClientKnownRequestError) {
|
||||
// The .code property can be accessed in a type-safe manner
|
||||
if (err.code === "P2002") {
|
||||
throw new Error("Duplicate embed");
|
||||
}
|
||||
}
|
||||
throw err;
|
||||
});
|
||||
}
|
||||
115
server/src/db/note.dao.integration.test.ts
Normal file
115
server/src/db/note.dao.integration.test.ts
Normal file
@ -0,0 +1,115 @@
|
||||
import { EncryptedNote } from "@prisma/client";
|
||||
import { describe, it, expect } from "vitest";
|
||||
import { getEmbed } from "./embed.dao";
|
||||
import { createNote, deleteNotes, getExpiredNotes, getNote } from "./note.dao";
|
||||
import prisma from "./client";
|
||||
|
||||
const VALID_CIPHERTEXT = Buffer.from("sample_ciphertext").toString("base64");
|
||||
const VALID_HMAC = Buffer.from("sample_hmac").toString("base64");
|
||||
|
||||
const VALID_NOTE = {
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
hmac: VALID_HMAC,
|
||||
crypto_version: "v2",
|
||||
expire_time: new Date(),
|
||||
} as EncryptedNote;
|
||||
|
||||
const VALID_EMBED = {
|
||||
embed_id: "embed_id",
|
||||
hmac: VALID_HMAC,
|
||||
ciphertext: VALID_CIPHERTEXT,
|
||||
};
|
||||
|
||||
describe("Writes and reads", () => {
|
||||
it("should write a new note", async () => {
|
||||
const res = await createNote(VALID_NOTE);
|
||||
expect(res.id).not.toBeNull();
|
||||
expect(res.id.length).toBeGreaterThan(0);
|
||||
expect(res.ciphertext).toStrictEqual(VALID_NOTE.ciphertext);
|
||||
expect(res.hmac).toStrictEqual(VALID_NOTE.hmac);
|
||||
expect(res.crypto_version).toStrictEqual(VALID_NOTE.crypto_version);
|
||||
expect(res.expire_time).toStrictEqual(VALID_NOTE.expire_time);
|
||||
expect(res.insert_time).not.toBeNull();
|
||||
expect(res.insert_time.getTime()).toBeLessThanOrEqual(new Date().getTime());
|
||||
});
|
||||
|
||||
it("should write a new note with one embed", async () => {
|
||||
const res = await createNote(VALID_NOTE, [VALID_EMBED]);
|
||||
expect(res.id).not.toBeNull();
|
||||
|
||||
const res2 = await getEmbed(res.id, VALID_EMBED.embed_id);
|
||||
expect(res2).not.toBeNull();
|
||||
expect(res2?.ciphertext).toStrictEqual(VALID_EMBED.ciphertext);
|
||||
expect(res2?.hmac).toStrictEqual(VALID_EMBED.hmac);
|
||||
});
|
||||
|
||||
it("should write a new note with multiple embeds", async () => {
|
||||
const res = await createNote(VALID_NOTE, [
|
||||
VALID_EMBED,
|
||||
{ ...VALID_EMBED, embed_id: "embed_id2" },
|
||||
]);
|
||||
expect(res.id).not.toBeNull();
|
||||
|
||||
const res2 = await getEmbed(res.id, VALID_EMBED.embed_id);
|
||||
expect(res2?.embed_id).toStrictEqual(VALID_EMBED.embed_id);
|
||||
|
||||
const res3 = await getEmbed(res.id, "embed_id2");
|
||||
expect(res3?.embed_id).toStrictEqual("embed_id2");
|
||||
}),
|
||||
it("should fail writing a new note with duplicate embed_ids", async () => {
|
||||
await expect(
|
||||
createNote(VALID_NOTE, [VALID_EMBED, VALID_EMBED])
|
||||
).rejects.toThrowError();
|
||||
});
|
||||
|
||||
it("should roll back a failed note with embeds", async () => {
|
||||
const noteCount = (await prisma.encryptedNote.findMany())?.length;
|
||||
const embedCount = (await prisma.encryptedEmbed.findMany())?.length;
|
||||
|
||||
await expect(
|
||||
createNote({ ...VALID_NOTE }, [VALID_EMBED, VALID_EMBED])
|
||||
).rejects.toThrowError();
|
||||
|
||||
const noteCountAfter = (await prisma.encryptedNote.findMany())?.length;
|
||||
const embedCountAfter = (await prisma.encryptedEmbed.findMany())?.length;
|
||||
|
||||
expect(noteCountAfter).toStrictEqual(noteCount);
|
||||
expect(embedCountAfter).toStrictEqual(embedCount);
|
||||
});
|
||||
|
||||
it("should find an existing note by id", async () => {
|
||||
const note = await createNote(VALID_NOTE);
|
||||
const res = await getNote(note.id);
|
||||
expect(res).not.toBeNull();
|
||||
expect(res).toMatchObject(note);
|
||||
});
|
||||
|
||||
it("should not find a non-existing note by id", async () => {
|
||||
const res = await getNote("non-existing-id");
|
||||
expect(res).toBeNull();
|
||||
});
|
||||
|
||||
it("should properly delete notes", async () => {
|
||||
const note = await createNote(VALID_NOTE);
|
||||
const res = await getNote(note.id);
|
||||
expect(res).not.toBeNull();
|
||||
const res2 = await deleteNotes([note.id]);
|
||||
expect(res2).toBe(1);
|
||||
const res3 = await getNote(note.id);
|
||||
expect(res3).toBeNull();
|
||||
});
|
||||
|
||||
it("should return expired notes", async () => {
|
||||
const expiredNote = await createNote({
|
||||
...VALID_NOTE,
|
||||
expire_time: new Date(0),
|
||||
});
|
||||
const freshNote = await createNote({
|
||||
...VALID_NOTE,
|
||||
expire_time: new Date(Date.now() + 1000),
|
||||
});
|
||||
const res = await getExpiredNotes();
|
||||
expect(res).toContainEqual(expiredNote);
|
||||
expect(res).not.toContainEqual(freshNote);
|
||||
});
|
||||
});
|
||||
@ -1,5 +1,12 @@
|
||||
import { EncryptedNote } from "@prisma/client";
|
||||
import prisma from "./client";
|
||||
import { createEmbed, EncryptedEmbedDTO } from "./embed.dao";
|
||||
|
||||
type EncryptedEmbed = {
|
||||
ciphertext: string;
|
||||
hmac: string;
|
||||
embed_id: string;
|
||||
};
|
||||
|
||||
export async function getNote(noteId: string): Promise<EncryptedNote | null> {
|
||||
return prisma.encryptedNote.findUnique({
|
||||
@ -7,9 +14,32 @@ export async function getNote(noteId: string): Promise<EncryptedNote | null> {
|
||||
});
|
||||
}
|
||||
|
||||
export async function createNote(note: EncryptedNote): Promise<EncryptedNote> {
|
||||
return prisma.encryptedNote.create({
|
||||
data: note,
|
||||
export async function createNote(
|
||||
note: EncryptedNote,
|
||||
embeds: EncryptedEmbed[] = []
|
||||
): Promise<EncryptedNote> {
|
||||
return prisma.$transaction(async (transactionClient) => {
|
||||
// 1. Save note
|
||||
const savedNote = await transactionClient.encryptedNote.create({
|
||||
data: note,
|
||||
});
|
||||
|
||||
// 2. Store embeds
|
||||
if (embeds.length > 0) {
|
||||
const _embeds: EncryptedEmbedDTO[] = embeds.map(
|
||||
(embed) =>
|
||||
({
|
||||
...embed,
|
||||
note_id: savedNote.id,
|
||||
} as EncryptedEmbedDTO)
|
||||
);
|
||||
for (const embed of _embeds) {
|
||||
await createEmbed(embed, transactionClient);
|
||||
}
|
||||
}
|
||||
|
||||
// 3. Finalize transaction
|
||||
return savedNote;
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@ -11,3 +11,13 @@ export function getConnectingIp(req: Request): string {
|
||||
req.headers["X-Forwarded-For"] ||
|
||||
req.socket.remoteAddress) as string;
|
||||
}
|
||||
|
||||
// base64 to array buffer (Node JS api, so don't use atob or btoa)
|
||||
export function base64ToBuffer(base64: string): Buffer {
|
||||
return Buffer.from(base64, "base64");
|
||||
}
|
||||
|
||||
// array buffer to base64 (Node JS api, so don't use atob or btoa)
|
||||
export function BufferToBase64(buffer: Buffer): string {
|
||||
return Buffer.from(buffer).toString("base64");
|
||||
}
|
||||
|
||||
@ -1,5 +1,10 @@
|
||||
import { describe, it, expect } from "vitest";
|
||||
import { addDays, getConnectingIp } from "./util";
|
||||
import {
|
||||
addDays,
|
||||
BufferToBase64,
|
||||
base64ToBuffer,
|
||||
getConnectingIp,
|
||||
} from "./util";
|
||||
|
||||
describe("addDays()", () => {
|
||||
it("Should add n days to the input date", () => {
|
||||
@ -8,3 +13,19 @@ describe("addDays()", () => {
|
||||
expect(addDays(date, 30)).toEqual(expectedDate);
|
||||
});
|
||||
});
|
||||
|
||||
describe("converting to/from base64", () => {
|
||||
it("Should convert a base64 string to an array buffer", () => {
|
||||
const base64 = "EjRWeJA=";
|
||||
const expectedBuffer = new Uint8Array([18, 52, 86, 120, 144]);
|
||||
expect(new Uint8Array(base64ToBuffer(base64))).toStrictEqual(
|
||||
expectedBuffer
|
||||
);
|
||||
});
|
||||
|
||||
it("Should convert an array buffer to a base64 string", () => {
|
||||
const buffer = new Uint8Array([18, 52, 86, 120, 144]);
|
||||
const expectedBase64 = "EjRWeJA=";
|
||||
expect(BufferToBase64(buffer)).toEqual(expectedBase64);
|
||||
});
|
||||
});
|
||||
|
||||
@ -36,6 +36,15 @@ export async function decrypt_v2(cryptData: {
|
||||
hmac: string;
|
||||
key: string;
|
||||
}): Promise<string> {
|
||||
const md = await decryptBuffer_v2(cryptData);
|
||||
return new TextDecoder().decode(md);
|
||||
}
|
||||
|
||||
export async function decryptBuffer_v2(cryptData: {
|
||||
ciphertext: string;
|
||||
hmac: string;
|
||||
key: string;
|
||||
}): Promise<ArrayBuffer> {
|
||||
const secret = base64ToArrayBuffer(cryptData.key);
|
||||
const ciphertext_buf = base64ToArrayBuffer(cryptData.ciphertext);
|
||||
const hmac_buf = base64ToArrayBuffer(cryptData.hmac);
|
||||
@ -51,12 +60,12 @@ export async function decrypt_v2(cryptData: {
|
||||
throw Error('Failed HMAC check');
|
||||
}
|
||||
|
||||
const md = await window.crypto.subtle.decrypt(
|
||||
const data = await window.crypto.subtle.decrypt(
|
||||
{ name: 'AES-CBC', iv: new Uint8Array(16) },
|
||||
await _getAesKey(secret),
|
||||
ciphertext_buf
|
||||
);
|
||||
return new TextDecoder().decode(md);
|
||||
return data;
|
||||
}
|
||||
|
||||
function _getAesKey(secret: ArrayBuffer): Promise<CryptoKey> {
|
||||
|
||||
34
webapp/src/lib/crypto/embedId.ts
Normal file
34
webapp/src/lib/crypto/embedId.ts
Normal file
@ -0,0 +1,34 @@
|
||||
export async function getEmbedId(filename: string): Promise<string> {
|
||||
// generate 64 bit id
|
||||
const idBuf = new Uint32Array((await deriveKey(filename)).slice(0, 8));
|
||||
|
||||
// convert idBuf to base 32 string
|
||||
const id = idBuf.reduce((acc, cur) => {
|
||||
return acc + cur.toString(32);
|
||||
}, '');
|
||||
|
||||
return id;
|
||||
}
|
||||
|
||||
async function deriveKey(seed: string): Promise<ArrayBuffer> {
|
||||
const keyMaterial = await window.crypto.subtle.importKey(
|
||||
'raw',
|
||||
new TextEncoder().encode(seed),
|
||||
{ name: 'PBKDF2' },
|
||||
false,
|
||||
['deriveBits']
|
||||
);
|
||||
|
||||
const masterKey = await window.crypto.subtle.deriveBits(
|
||||
{
|
||||
name: 'PBKDF2',
|
||||
salt: new Uint8Array(16),
|
||||
iterations: 100000,
|
||||
hash: 'SHA-256'
|
||||
},
|
||||
keyMaterial,
|
||||
256
|
||||
);
|
||||
|
||||
return new Uint8Array(masterKey);
|
||||
}
|
||||
@ -1,25 +1,71 @@
|
||||
<script lang="ts">
|
||||
import EmbedIcon from 'svelte-icons/md/MdAttachment.svelte';
|
||||
import FaRegQuestionCircle from 'svelte-icons/fa/FaRegQuestionCircle.svelte';
|
||||
import { EmbedType, getEmbedType, getMimeType } from '$lib/util/embeds';
|
||||
import { onMount } from 'svelte';
|
||||
import { getEmbedId } from '$lib/crypto/embedId';
|
||||
import type { EncryptedEmbed } from '$lib/model/EncryptedEmbed';
|
||||
import { decryptBuffer_v2 } from '$lib/crypto/decrypt';
|
||||
|
||||
export let text: string;
|
||||
let image: HTMLImageElement;
|
||||
let imageUrl: string;
|
||||
|
||||
onMount(async () => {
|
||||
if (getEmbedType(text) === EmbedType.IMAGE) {
|
||||
const encryptedEmbed = await fetchEmbed(text);
|
||||
const embedBuffer = await decryptEmbed(encryptedEmbed);
|
||||
console.log(embedBuffer);
|
||||
imageUrl = renderImage(embedBuffer, text);
|
||||
return () => {
|
||||
URL.revokeObjectURL(imageUrl);
|
||||
};
|
||||
}
|
||||
});
|
||||
|
||||
function renderImage(buffer: ArrayBuffer, filename: string): string {
|
||||
// const bufferView = new Uint8Array(buffer);
|
||||
const blob = new Blob([buffer], { type: getMimeType(filename) });
|
||||
const url = URL.createObjectURL(blob);
|
||||
return url;
|
||||
}
|
||||
|
||||
async function decryptEmbed(embed: EncryptedEmbed): Promise<ArrayBuffer> {
|
||||
const key = location.hash.slice(1);
|
||||
const data = await decryptBuffer_v2({ ...embed, key });
|
||||
return data;
|
||||
}
|
||||
|
||||
async function fetchEmbed(filename: string): Promise<EncryptedEmbed> {
|
||||
const embedId = await getEmbedId(filename);
|
||||
const response = await fetch(`${location.pathname}/embeds/${embedId}`);
|
||||
if (response.ok) {
|
||||
return (await response.json()) as EncryptedEmbed;
|
||||
}
|
||||
throw new Error(`Failed to fetch embed: ${response.statusText}`);
|
||||
}
|
||||
</script>
|
||||
|
||||
<div>
|
||||
<dfn class="not-italic" title="Interal embeds are not shared currently.">
|
||||
<div
|
||||
class="px-4 py-12 border border-zinc-300 dark:border-zinc-600 inline-flex flex-col items-center justify-center"
|
||||
>
|
||||
<span class="h-8 text-zinc-400 ml-0.5 inline-flex items-center whitespace-nowrap gap-1"
|
||||
><span class="w-8 h-8 inline-block">
|
||||
<EmbedIcon />
|
||||
{#if imageUrl}
|
||||
<img bind:this={image} src={imageUrl} alt={text} />
|
||||
{:else}
|
||||
<div>
|
||||
<dfn class="not-italic" title="Interal embeds are not shared currently.">
|
||||
<div
|
||||
class="px-4 py-12 border border-zinc-300 dark:border-zinc-600 inline-flex flex-col items-center justify-center"
|
||||
>
|
||||
<span class="h-8 text-zinc-400 ml-0.5 inline-flex items-center whitespace-nowrap gap-1"
|
||||
><span class="w-8 h-8 inline-block">
|
||||
<EmbedIcon />
|
||||
</span>
|
||||
<span>Internal embed</span>
|
||||
</span>
|
||||
<span>Internal embed</span>
|
||||
</span>
|
||||
<span class="underline cursor-not-allowed inline-flex items-center">
|
||||
<span class="text-[#705dcf] opacity-50">{text}</span>
|
||||
<span class="inline-block w-3 h-3 mb-2 text-zinc-400 ml-0.5"><FaRegQuestionCircle /></span>
|
||||
</span>
|
||||
</div>
|
||||
</dfn>
|
||||
</div>
|
||||
<span class="underline cursor-not-allowed inline-flex items-center">
|
||||
<span class="text-[#705dcf] opacity-50">{text}</span>
|
||||
<span class="inline-block w-3 h-3 mb-2 text-zinc-400 ml-0.5"><FaRegQuestionCircle /></span
|
||||
>
|
||||
</span>
|
||||
</div>
|
||||
</dfn>
|
||||
</div>
|
||||
{/if}
|
||||
|
||||
6
webapp/src/lib/model/EncryptedEmbed.ts
Normal file
6
webapp/src/lib/model/EncryptedEmbed.ts
Normal file
@ -0,0 +1,6 @@
|
||||
export type EncryptedEmbed = {
|
||||
note_id: string;
|
||||
embed_id: string;
|
||||
ciphertext: string;
|
||||
hmac: string;
|
||||
};
|
||||
21
webapp/src/lib/util/embeds.ts
Normal file
21
webapp/src/lib/util/embeds.ts
Normal file
@ -0,0 +1,21 @@
|
||||
/**
|
||||
* Returns the EmbedType if embeddable, false if not.
|
||||
* @param filename File extension to check.
|
||||
* @returns EmbedType if embeddable, false if not.
|
||||
*/
|
||||
export function getEmbedType(filename: string): EmbedType | boolean {
|
||||
return isImage(filename) ? EmbedType.IMAGE : false;
|
||||
}
|
||||
|
||||
export function getMimeType(filename: string) {
|
||||
return 'image/jpeg';
|
||||
}
|
||||
|
||||
export enum EmbedType {
|
||||
IMAGE = 'IMAGE'
|
||||
}
|
||||
|
||||
function isImage(filename: string): boolean {
|
||||
const match = filename.match(/(png|jpe?g|svg|bmp|gif|)$/i);
|
||||
return !!match && match[0]?.length > 0;
|
||||
}
|
||||
34
webapp/src/routes/note/[note_id]/embeds/[id].ts
Normal file
34
webapp/src/routes/note/[note_id]/embeds/[id].ts
Normal file
@ -0,0 +1,34 @@
|
||||
import type { EncryptedEmbed } from '$lib/model/EncryptedEmbed';
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
|
||||
export const get: RequestHandler = async ({ request, clientAddress, params }) => {
|
||||
const ip = (request.headers.get('x-forwarded-for') || clientAddress) as string;
|
||||
const url = `${import.meta.env.VITE_SERVER_INTERNAL}/api/note/${params.note_id}/embeds/${
|
||||
params.id
|
||||
}`;
|
||||
const response = await fetch(url, {
|
||||
headers: {
|
||||
'x-forwarded-for': ip
|
||||
}
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
try {
|
||||
const embed: EncryptedEmbed = await response.json();
|
||||
return {
|
||||
status: response.status,
|
||||
body: embed
|
||||
};
|
||||
} catch {
|
||||
return {
|
||||
status: 500,
|
||||
error: response.statusText
|
||||
};
|
||||
}
|
||||
} else {
|
||||
return {
|
||||
status: response.status,
|
||||
error: response.statusText
|
||||
};
|
||||
}
|
||||
};
|
||||
Loading…
Reference in New Issue
Block a user