New utilities.

2026-01-05 21:09:15 +00:00 · 2024-02-06 11:03:51 +00:00
parent c024ed13d3
commit 27d71ca2fb
8 changed files with 491 additions and 0 deletions
--- a/utils/flyio/delete-server.sh
+++ b/utils/flyio/delete-server.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+fly scale count 0 -y
+fly apps destroy $(fly status -j | jq -r .Name) -y
--- a/utils/flyio/deploy-server.sh
+++ b/utils/flyio/deploy-server.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+## Script for deploy and automatic setup CouchDB onto fly.io.
+## We need Deno for generating the Setup-URI.
+
+source setenv.sh $@
+
+export hostname="https://$appname.fly.dev"
+
+echo "-- YOUR CONFIGURATION --"
+echo "URL     : $hostname"
+echo "username: $username"
+echo "password: $password"
+echo "region  : $region"
+echo ""
+echo "-- START DEPLOYING --> "
+
+set -e
+fly launch --name=$appname --env="COUCHDB_USER=$username" --copy-config=true --detach --no-deploy --region ${region} --yes
+fly secrets set COUCHDB_PASSWORD=$password
+fly deploy
+
+set +e
+../couchdb/couchdb-init.sh
+# flyctl deploy
+echo "OK!"
+
+if command -v deno >/dev/null 2>&1; then
+    echo "Setup finished! Also, we can set up Self-hosted LiveSync instantly, by the following setup uri."
+    echo "Passphrase of setup-uri is \`welcome\`".
+    echo "--- configured ---"
+    echo "database       : ${database}"
+    echo "E2EE passphrase: ${passphrase}"
+    echo "--- setup uri  ---"
+    deno run -A generate_setupuri.ts
+else
+    echo "Setup finished! Here is the configured values (reprise)!"
+    echo "-- YOUR CONFIGURATION --"
+    echo "URL     : $hostname"
+    echo "username: $username"
+    echo "password: $password"
+    echo "-- YOUR CONFIGURATION --"
+    echo "If we had Deno, we would got the setup uri directly!"
+fi
--- a/utils/flyio/fly.template.toml
+++ b/utils/flyio/fly.template.toml
@@ -0,0 +1,40 @@
+## CouchDB for fly.io image
+
+app = ''
+primary_region = 'nrt'
+swap_size_mb = 512
+
+[build]
+  image = "couchdb:latest"
+
+[mounts]
+  source = "couchdata"
+  destination = "/opt/couchdb/data"
+  initial_size = "1GB"
+  auto_extend_size_threshold = 90
+  auto_extend_size_increment = "1GB"
+  auto_extend_size_limit = "2GB"
+
+[env]
+  COUCHDB_USER = ""
+  ERL_FLAGS = "-couch_ini /opt/couchdb/etc/default.ini /opt/couchdb/etc/default.d/ /opt/couchdb/etc/local.d /opt/couchdb/etc/local.ini /opt/couchdb/data/persistence.ini"
+
+[http_service]
+  internal_port = 5984
+  force_https = true
+  auto_stop_machines = true
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
+
+[[vm]]
+  cpu_kind = 'shared'
+  cpus = 1
+  memory_mb = 256
+
+[[files]]
+  guest_path = "/docker-entrypoint2.sh"
+  raw_value = "#!/bin/bash\ntouch /opt/couchdb/data/persistence.ini\nchmod +w /opt/couchdb/data/persistence.ini\n/docker-entrypoint.sh $@"
+
+[experimental]
+  entrypoint = ["tini", "--", "/docker-entrypoint2.sh"]
--- a/utils/flyio/generate_setupuri.ts
+++ b/utils/flyio/generate_setupuri.ts
@@ -0,0 +1,180 @@
+import { webcrypto } from "node:crypto";
+
+const KEY_RECYCLE_COUNT = 100;
+type KeyBuffer = {
+    key: CryptoKey;
+    salt: Uint8Array;
+    count: number;
+};
+
+let semiStaticFieldBuffer: Uint8Array;
+const nonceBuffer: Uint32Array = new Uint32Array(1);
+const writeString = (string: string) => {
+    // Prepare enough buffer.
+    const buffer = new Uint8Array(string.length * 4);
+    const length = string.length;
+    let index = 0;
+    let chr = 0;
+    let idx = 0;
+    while (idx < length) {
+        chr = string.charCodeAt(idx++);
+        if (chr < 128) {
+            buffer[index++] = chr;
+        } else if (chr < 0x800) {
+            // 2 bytes
+            buffer[index++] = 0xC0 | (chr >>> 6);
+            buffer[index++] = 0x80 | (chr & 0x3F);
+        } else if (chr < 0xD800 || chr > 0xDFFF) {
+            // 3 bytes
+            buffer[index++] = 0xE0 | (chr >>> 12);
+            buffer[index++] = 0x80 | ((chr >>> 6) & 0x3F);
+            buffer[index++] = 0x80 | (chr & 0x3F);
+        } else {
+            // 4 bytes - surrogate pair
+            chr = (((chr - 0xD800) << 10) | (string.charCodeAt(idx++) - 0xDC00)) + 0x10000;
+            buffer[index++] = 0xF0 | (chr >>> 18);
+            buffer[index++] = 0x80 | ((chr >>> 12) & 0x3F);
+            buffer[index++] = 0x80 | ((chr >>> 6) & 0x3F);
+            buffer[index++] = 0x80 | (chr & 0x3F);
+        }
+    }
+    return buffer.slice(0, index);
+};
+const KeyBuffs = new Map<string, KeyBuffer>();
+async function getKeyForEncrypt(passphrase: string, autoCalculateIterations: boolean): Promise<[CryptoKey, Uint8Array]> {
+    // For performance, the plugin reuses the key KEY_RECYCLE_COUNT times.
+    const buffKey = `${passphrase}-${autoCalculateIterations}`;
+    const f = KeyBuffs.get(buffKey);
+    if (f) {
+        f.count--;
+        if (f.count > 0) {
+            return [f.key, f.salt];
+        }
+        f.count--;
+    }
+    const passphraseLen = 15 - passphrase.length;
+    const iteration = autoCalculateIterations ? ((passphraseLen > 0 ? passphraseLen : 0) * 1000) + 121 - passphraseLen : 100000;
+    const passphraseBin = new TextEncoder().encode(passphrase);
+    const digest = await webcrypto.subtle.digest({ name: "SHA-256" }, passphraseBin);
+    const keyMaterial = await webcrypto.subtle.importKey("raw", digest, { name: "PBKDF2" }, false, ["deriveKey"]);
+    const salt = webcrypto.getRandomValues(new Uint8Array(16));
+    const key = await webcrypto.subtle.deriveKey(
+        {
+            name: "PBKDF2",
+            salt,
+            iterations: iteration,
+            hash: "SHA-256",
+        },
+        keyMaterial,
+        { name: "AES-GCM", length: 256 },
+        false,
+        ["encrypt"]
+    );
+    KeyBuffs.set(buffKey, {
+        key,
+        salt,
+        count: KEY_RECYCLE_COUNT,
+    });
+    return [key, salt];
+}
+
+function getSemiStaticField(reset?: boolean) {
+    // return fixed field of iv.
+    if (semiStaticFieldBuffer != null && !reset) {
+        return semiStaticFieldBuffer;
+    }
+    semiStaticFieldBuffer = webcrypto.getRandomValues(new Uint8Array(12));
+    return semiStaticFieldBuffer;
+}
+
+function getNonce() {
+    // This is nonce, so do not send same thing.
+    nonceBuffer[0]++;
+    if (nonceBuffer[0] > 10000) {
+        // reset semi-static field.
+        getSemiStaticField(true);
+    }
+    return nonceBuffer;
+}
+function arrayBufferToBase64internalBrowser(buffer: DataView | Uint8Array): Promise<string> {
+    return new Promise((res, rej) => {
+        const blob = new Blob([buffer], { type: "application/octet-binary" });
+        const reader = new FileReader();
+        reader.onload = function (evt) {
+            const dataURI = evt.target?.result?.toString() || "";
+            if (buffer.byteLength != 0 && (dataURI == "" || dataURI == "data:")) return rej(new TypeError("Could not parse the encoded string"));
+            const result = dataURI.substring(dataURI.indexOf(",") + 1);
+            res(result);
+        };
+        reader.readAsDataURL(blob);
+    });
+}
+
+// Map for converting hexString
+const revMap: { [key: string]: number } = {};
+const numMap: { [key: number]: string } = {};
+for (let i = 0; i < 256; i++) {
+    revMap[(`00${i.toString(16)}`.slice(-2))] = i;
+    numMap[i] = (`00${i.toString(16)}`.slice(-2));
+}
+
+
+function uint8ArrayToHexString(src: Uint8Array): string {
+    return [...src].map(e => numMap[e]).join("");
+}
+
+const QUANTUM = 32768;
+async function arrayBufferToBase64Single(buffer: ArrayBuffer): Promise<string> {
+    const buf = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+    if (buf.byteLength < QUANTUM) return btoa(String.fromCharCode.apply(null, [...buf]));
+    return await arrayBufferToBase64internalBrowser(buf);
+}
+
+
+export async function encrypt(input: string, passphrase: string, autoCalculateIterations: boolean) {
+    const [key, salt] = await getKeyForEncrypt(passphrase, autoCalculateIterations);
+    // Create initial vector with semi-fixed part and incremental part
+    // I think it's not good against related-key attacks.
+    const fixedPart = getSemiStaticField();
+    const invocationPart = getNonce();
+    const iv = new Uint8Array([...fixedPart, ...new Uint8Array(invocationPart.buffer)]);
+    const plainStringified = JSON.stringify(input);
+
+    // const plainStringBuffer: Uint8Array = tex.encode(plainStringified)
+    const plainStringBuffer: Uint8Array = writeString(plainStringified);
+    const encryptedDataArrayBuffer = await webcrypto.subtle.encrypt({ name: "AES-GCM", iv }, key, plainStringBuffer);
+    const encryptedData2 = (await arrayBufferToBase64Single(encryptedDataArrayBuffer));
+    //return data with iv and salt.
+    const ret = `["${encryptedData2}","${uint8ArrayToHexString(iv)}","${uint8ArrayToHexString(salt)}"]`;
+    return ret;
+}
+
+const URIBASE = "obsidian://setuplivesync?settings=";
+async function main() {
+    const conf = {
+        "couchDB_URI": `${Deno.env.get("hostname")}`,
+        "couchDB_USER": `${Deno.env.get("username")}`,
+        "couchDB_PASSWORD": `${Deno.env.get("password")}`,
+        "couchDB_DBNAME": `${Deno.env.get("database")}`,
+        "syncOnStart": true,
+        "gcDelay": 0,
+        "periodicReplication": true,
+        "syncOnFileOpen": true,
+        "encrypt": true,
+        "passphrase": `${Deno.env.get("passphrase")}`,
+        "usePathObfuscation": true,
+        "batchSave": true,
+        "batch_size": 50,
+        "batches_limit": 50,
+        "useHistory": true,
+        "disableRequestURI": true,
+        "customChunkSize": 50,
+        "syncAfterMerge": false,
+        "concurrencyOfReadChunksOnline": 100,
+        "minimumIntervalOfReadChunksOnline": 100,
+    }
+    const encryptedConf = encodeURIComponent(await encrypt(JSON.stringify(conf), "welcome", false));
+    const theURI = `${URIBASE}${encryptedConf}`;
+    console.log(theURI);
+}
+await main();
--- a/utils/flyio/setenv.sh
+++ b/utils/flyio/setenv.sh
@@ -0,0 +1,30 @@
+random_num() {
+    echo $RANDOM
+}
+random_noun() {
+    nouns=("waterfall" "river" "breeze" "moon" "rain" "wind" "sea" "morning" "snow" "lake" "sunset" "pine" "shadow" "leaf" "dawn" "glitter" "forest" "hill" "cloud" "meadow" "sun" "glade" "bird" "brook" "butterfly" "bush" "dew" "dust" "field" "fire" "flower" "firefly" "feather" "grass" "haze" "mountain" "night" "pond" "darkness" "snowflake" "silence" "sound" "sky" "shape" "surf" "thunder" "violet" "water" "wildflower" "wave" "water" "resonance" "sun" "log" "dream" "cherry" "tree" "fog" "frost" "voice" "paper" "frog" "smoke" "star")
+    echo ${nouns[$(($RANDOM % ${#nouns[*]}))]}
+}
+
+random_adjective() {
+    adjectives=("autumn" "hidden" "bitter" "misty" "silent" "empty" "dry" "dark" "summer" "icy" "delicate" "quiet" "white" "cool" "spring" "winter" "patient" "twilight" "dawn" "crimson" "wispy" "weathered" "blue" "billowing" "broken" "cold" "damp" "falling" "frosty" "green" "long" "late" "lingering" "bold" "little" "morning" "muddy" "old" "red" "rough" "still" "small" "sparkling" "thrumming" "shy" "wandering" "withered" "wild" "black" "young" "holy" "solitary" "fragrant" "aged" "snowy" "proud" "floral" "restless" "divine" "polished" "ancient" "purple" "lively" "nameless")
+    echo ${adjectives[$(($RANDOM % ${#adjectives[*]}))]}
+}
+
+cp ./fly.template.toml ./fly.toml
+
+if [ "$1" = "renew" ]; then
+    unset appname
+    unset username
+    unset password
+    unset database
+    unset passphrase
+    unset region
+fi
+
+[ -z $appname ] && export appname=$(random_adjective)-$(random_noun)-$(random_num)
+[ -z $username ] && export username=$(random_adjective)-$(random_noun)-$(random_num)
+[ -z $password ] && export password=$(random_adjective)-$(random_noun)-$(random_num)
+[ -z $database ] && export database="obsidiannotes"
+[ -z $passphrase ] && export passphrase=$(random_adjective)-$(random_noun)-$(random_num)
+[ -z $region ] && export region="nrt"