Merge pull request #190 from mbret/develop

mbret · web-flow · commit 9bae3fe0ca5e · 2024-11-15T19:39:20.000+01:00
release
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -27,7 +27,6 @@
   },
   "devDependencies": {
     "@rollup/plugin-replace": "^6.0.1",
-    "@types/crypto-js": "^4.1.1",
     "@types/node": "^20",
     "@types/react": "^18.0.28",
     "@types/react-dom": "^18.0.11",
diff --git a/packages/api/package.json b/packages/api/package.json
@@ -31,7 +31,6 @@
     "abort-controller": "^3.0.0",
     "axios": "^1.3.4",
     "cheerio": "^1.0.0-rc.10",
-    "crypto-js": "^4.2.0",
     "dropbox": "^10.34.0",
     "fast-xml-parser": "^4.5.0",
     "firebase": "^11.0.1",
diff --git a/packages/api/src/libs/couch/dbHelpers.ts b/packages/api/src/libs/couch/dbHelpers.ts
@@ -362,7 +362,6 @@ export const getNanoDbForUser = async (name: string, privateKey: string) => {
 export const getNano = async ({ jwtToken }: { jwtToken?: string } = {}) => {
   return createNano({
     url: COUCH_DB_URL,
-    // log: (...args) => console.log('nano', JSON.stringify(...args)),
     requestDefaults: {
       headers: {
         "content-type": "application/json",
diff --git a/packages/api/src/libs/middy/withMiddy.ts b/packages/api/src/libs/middy/withMiddy.ts
@@ -18,7 +18,7 @@ Sentry.init({
   // We recommend adjusting this value in production
   tracesSampleRate: 1.0,
   // Set sampling rate for profiling - this is relative to tracesSampleRate
-  profilesSampleRate: 1.0,
+  profilesSampleRate: 1.0
 })
 
 export const withMiddy = (
diff --git a/packages/shared/package.json b/packages/shared/package.json
@@ -16,8 +16,5 @@
     "start": "vite build --watch --mode development",
     "build": "tsc",
     "test": "vitest run"
-  },
-  "peerDependencies": {
-    "crypto-js": "4.x"
   }
 }
diff --git a/packages/shared/src/crypto.ts b/packages/shared/src/crypto.ts
diff --git a/packages/shared/src/index.ts b/packages/shared/src/index.ts
@@ -75,8 +75,6 @@ export * from "./db/books"
 export * from "./dataSources"
 export * from "./sorting"
 
-export * as crypto from "./crypto"
-
 export { ObokuErrorCode, ObokuSharedError } from "./errors"
 
 export * from "./plugin-imhentai-shared"
diff --git a/packages/shared/tsconfig.json b/packages/shared/tsconfig.json
@@ -20,5 +20,5 @@
     "noUncheckedIndexedAccess": true,
     "useUnknownInCatchVariables": true
   },
-  "include": ["src"]
+  "include": ["src", "../web/src/common/crypto.ts"]
 }
diff --git a/packages/web/package.json b/packages/web/package.json
@@ -20,7 +20,6 @@
     "@tanstack/react-virtual": "^3.8.4",
     "gesturx": "^1.8.2",
     "buffer": "^6.0.3",
-    "crypto-js": "^4.2.0",
     "date-fns": "^4.1.0",
     "dropbox": "^10.34.0",
     "firebase": "^11.0.1",
diff --git a/packages/web/src/auth/UnlockContentsDialog.tsx b/packages/web/src/auth/UnlockContentsDialog.tsx
@@ -7,14 +7,14 @@ import {
   DialogTitle,
   TextField
 } from "@mui/material"
-import { crypto } from "@oboku/shared"
 import { useEffect } from "react"
 import { Controller, SubmitHandler, useForm } from "react-hook-form"
 import { errorToHelperText } from "../common/forms/errorToHelperText"
 import { PreventAutocompleteFields } from "../common/forms/PreventAutocompleteFields"
 import { useModalNavigationControl } from "../navigation/useModalNavigationControl"
 import { libraryStateSignal } from "../library/books/states"
 import { useSettings } from "../settings/helpers"
+import { hashContentPassword } from "../common/crypto"
 
 type Inputs = {
   unlockPassword: string
@@ -44,7 +44,7 @@ export const UnlockContentsDialog = ({
   )
 
   const onSubmit: SubmitHandler<Inputs> = async (data) => {
-    const hashedPassword = crypto.hashContentPassword(data.unlockPassword)
+    const hashedPassword = await hashContentPassword(data.unlockPassword)
 
     if (contentPassword === hashedPassword) {
       libraryStateSignal.setValue((state) => ({
diff --git a/packages/web/src/auth/useSignIn.ts b/packages/web/src/auth/useSignIn.ts
@@ -13,14 +13,20 @@ import { CancelError } from "../errors/errors.shared"
 
 const provider = new GoogleAuthProvider()
 
-const auth = getAuth()
-
 export const useSignIn = () => {
   const { mutateAsync: reCreateDb } = useReCreateDb()
 
   const signIn = useCallback(() => {
     lock("authentication")
 
+    /**
+     * @important
+     * This should be at the root of module but there is a bug where events
+     * get added forever.
+     * @see https://github.com/firebase/firebase-js-sdk/issues/8642
+     */
+    const auth = getAuth()
+
     return from(signInWithPopup(auth, provider)).pipe(
       catchError((e) => {
         if (e.code === "auth/popup-closed-by-user") throw new CancelError()
diff --git a/packages/web/src/common/crypto.ts b/packages/web/src/common/crypto.ts
@@ -0,0 +1,17 @@
+/**
+ * The contentPassword is for user content protection. It is made to work
+ * offline and therefore is not secured yet. This is not intended for
+ * fully secured solution
+ */
+export const hashContentPassword = async (password: string) => {
+  const encoder = new TextEncoder()
+  const data = encoder.encode(password)
+
+  const buffer = await window.crypto.subtle.digest(`SHA-256`, data)
+
+  // Convert ArrayBuffer to hex string
+  const hashArray = Array.from(new Uint8Array(buffer))
+  const hashHex = hashArray.map((b) => b.toString(16).padStart(2, "0")).join("")
+
+  return hashHex
+}
diff --git a/packages/web/src/settings/helpers.ts b/packages/web/src/settings/helpers.ts
@@ -1,10 +1,10 @@
-import { crypto } from "@oboku/shared"
 import { Database } from "../rxdb"
 import { useForeverQuery, useMutation } from "reactjrx"
 import { getLatestDatabase, latestDatabase$ } from "../rxdb/RxDbProvider"
-import { from, map, mergeMap, of, switchMap } from "rxjs"
+import { from, map, mergeMap, switchMap } from "rxjs"
 import { SettingsDocType } from "../rxdb/collections/settings"
 import { getSettingsDocument } from "./dbHelpers"
+import { hashContentPassword } from "../common/crypto"
 
 const getSettingsOrThrow = (database: Database) => {
   return getSettingsDocument(database).pipe(
@@ -21,8 +21,8 @@ const getSettingsOrThrow = (database: Database) => {
 export const useUpdateContentPassword = () => {
   const { mutate: updateSettings } = useUpdateSettings()
 
-  return (password: string) => {
-    const hashed = crypto.hashContentPassword(password)
+  return async (password: string) => {
+    const hashed = await hashContentPassword(password)
 
     updateSettings({
       contentPassword: hashed
@@ -42,15 +42,17 @@ export const useValidateAppPassword = (options: {
 
       return getLatestDatabase().pipe(
         mergeMap((database) => getSettingsOrThrow(database)),
-        mergeMap((settings) => {
-          const hashedInput = crypto.hashContentPassword(input)
-
-          if (hashedInput !== settings.contentPassword) {
-            throw new Error("Invalid password")
-          }
+        mergeMap((settings) =>
+          from(hashContentPassword(input)).pipe(
+            map((hashedInput) => {
+              if (hashedInput !== settings.contentPassword) {
+                throw new Error("Invalid password")
+              }
 
-          return of(null)
-        })
+              return null
+            })
+          )
+        )
       )
     }
   })

Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,5 @@`
`16`	`16`	`"start": "vite build --watch --mode development",`
`17`	`17`	`"build": "tsc",`
`18`	`18`	`"test": "vitest run"`
`19`		`- },`
`20`		`- "peerDependencies": {`
`21`		`- "crypto-js": "4.x"`
`22`	`19`	`}`
`23`	`20`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,5 +20,5 @@`
`20`	`20`	`"noUncheckedIndexedAccess": true,`
`21`	`21`	`"useUnknownInCatchVariables": true`
`22`	`22`	`},`
`23`		`- "include": ["src"]`
	`23`	`+ "include": ["src", "../web/src/common/crypto.ts"]`
`24`	`24`	`}`