mirror of
https://github.com/vrtmrz/obsidian-livesync.git
synced 2026-03-30 21:55:18 +00:00
### New Feature
- Now, we can send custom headers to the server. - Authentication with JWT in CouchDB is now supported. ### Improved - The QR Code for set-up can be shown also from the setting dialogue now. - Conflict checking for preventing unexpected overwriting on the boot-up process has been quite faster. ### Fixed - Some bugs on Dev and Testing modules have been fixed.
This commit is contained in:
vorotamoroz
@@ -1,7 +1,16 @@
|
||||
import { AbstractObsidianModule, type IObsidianModule } from "../AbstractObsidianModule.ts";
|
||||
import { LOG_LEVEL_DEBUG, LOG_LEVEL_NOTICE, LOG_LEVEL_VERBOSE } from "octagonal-wheels/common/logger";
|
||||
import { Notice, requestUrl, type RequestUrlParam, type RequestUrlResponse } from "../../deps.ts";
|
||||
import { type EntryDoc, type FilePathWithPrefix } from "../../lib/src/common/types.ts";
|
||||
import {
|
||||
type CouchDBCredentials,
|
||||
type EntryDoc,
|
||||
type FilePathWithPrefix,
|
||||
type JWTCredentials,
|
||||
type JWTHeader,
|
||||
type JWTParams,
|
||||
type JWTPayload,
|
||||
type PreparedJWT,
|
||||
} from "../../lib/src/common/types.ts";
|
||||
import { getPathFromTFile } from "../../common/utils.ts";
|
||||
import {
|
||||
disableEncryption,
|
||||
@@ -13,7 +22,9 @@ import {
|
||||
import { setNoticeClass } from "../../lib/src/mock_and_interop/wrapper.ts";
|
||||
import { ObsHttpHandler } from "./APILib/ObsHttpHandler.ts";
|
||||
import { PouchDB } from "../../lib/src/pouchdb/pouchdb-browser.ts";
|
||||
import { reactive, reactiveSource } from "octagonal-wheels/dataobject/reactive";
|
||||
import { reactive, reactiveSource } from "octagonal-wheels/dataobject/reactive.js";
|
||||
import { arrayBufferToBase64Single, writeString } from "../../lib/src/string_and_binary/convert.ts";
|
||||
import { Refiner } from "octagonal-wheels/dataobject/Refiner";
|
||||
|
||||
setNoticeClass(Notice);
|
||||
|
||||
@@ -99,29 +110,166 @@ export class ModuleObsidianAPI extends AbstractObsidianModule implements IObsidi
|
||||
}
|
||||
}
|
||||
|
||||
_importKey(auth: JWTCredentials) {
|
||||
if (auth.jwtAlgorithm == "HS256" || auth.jwtAlgorithm == "HS512") {
|
||||
const key = (auth.jwtKey || "").trim();
|
||||
if (key == "") {
|
||||
throw new Error("JWT key is empty");
|
||||
}
|
||||
const binaryDerString = window.atob(key);
|
||||
const binaryDer = new Uint8Array(binaryDerString.length);
|
||||
for (let i = 0; i < binaryDerString.length; i++) {
|
||||
binaryDer[i] = binaryDerString.charCodeAt(i);
|
||||
}
|
||||
const hashName = auth.jwtAlgorithm == "HS256" ? "SHA-256" : "SHA-512";
|
||||
return crypto.subtle.importKey("raw", binaryDer, { name: "HMAC", hash: { name: hashName } }, true, [
|
||||
"sign",
|
||||
]);
|
||||
} else if (auth.jwtAlgorithm == "ES256" || auth.jwtAlgorithm == "ES512") {
|
||||
const pem = auth.jwtKey
|
||||
.replace(/-----BEGIN [^-]+-----/, "")
|
||||
.replace(/-----END [^-]+-----/, "")
|
||||
.replace(/\s+/g, "");
|
||||
// const pem = key.replace(/\s/g, "");
|
||||
const binaryDerString = window.atob(pem);
|
||||
const binaryDer = new Uint8Array(binaryDerString.length);
|
||||
for (let i = 0; i < binaryDerString.length; i++) {
|
||||
binaryDer[i] = binaryDerString.charCodeAt(i);
|
||||
}
|
||||
// const binaryDer = base64ToArrayBuffer(pem);
|
||||
const namedCurve = auth.jwtAlgorithm == "ES256" ? "P-256" : "P-521";
|
||||
const param = { name: "ECDSA", namedCurve };
|
||||
return crypto.subtle.importKey("pkcs8", binaryDer, param, true, ["sign"]);
|
||||
} else {
|
||||
throw new Error("Supplied JWT algorithm is not supported.");
|
||||
}
|
||||
}
|
||||
|
||||
_currentCryptoKey = new Refiner<JWTCredentials, CryptoKey>({
|
||||
evaluation: async (auth, previous) => {
|
||||
return await this._importKey(auth);
|
||||
},
|
||||
});
|
||||
|
||||
_jwt = new Refiner<JWTParams, PreparedJWT>({
|
||||
evaluation: async (params, previous) => {
|
||||
const encodedHeader = btoa(JSON.stringify(params.header));
|
||||
const encodedPayload = btoa(JSON.stringify(params.payload));
|
||||
const buff = `${encodedHeader}.${encodedPayload}`.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
|
||||
|
||||
const key = await this._currentCryptoKey.update(params.credentials).value;
|
||||
let token = "";
|
||||
if (params.header.alg == "ES256" || params.header.alg == "ES512") {
|
||||
const jwt = await crypto.subtle.sign(
|
||||
{ name: "ECDSA", hash: { name: "SHA-256" } },
|
||||
key,
|
||||
writeString(buff)
|
||||
);
|
||||
token = (await arrayBufferToBase64Single(jwt))
|
||||
.replace(/\+/g, "-")
|
||||
.replace(/\//g, "_")
|
||||
.replace(/=/g, "");
|
||||
} else if (params.header.alg == "HS256" || params.header.alg == "HS512") {
|
||||
const jwt = await crypto.subtle.sign(
|
||||
{ name: "HMAC", hash: { name: params.header.alg } },
|
||||
key,
|
||||
writeString(buff)
|
||||
);
|
||||
token = (await arrayBufferToBase64Single(jwt))
|
||||
.replace(/\+/g, "-")
|
||||
.replace(/\//g, "_")
|
||||
.replace(/=/g, "");
|
||||
} else {
|
||||
throw new Error("JWT algorithm is not supported.");
|
||||
}
|
||||
return {
|
||||
...params,
|
||||
token: `${buff}.${token}`,
|
||||
} as PreparedJWT;
|
||||
},
|
||||
});
|
||||
|
||||
_jwtParams = new Refiner<JWTCredentials, JWTParams>({
|
||||
evaluation(source, previous) {
|
||||
const kid = source.jwtKid || undefined;
|
||||
const sub = (source.jwtSub || "").trim();
|
||||
if (sub == "") {
|
||||
throw new Error("JWT sub is empty");
|
||||
}
|
||||
const algorithm = source.jwtAlgorithm || "";
|
||||
if (!algorithm) {
|
||||
throw new Error("JWT algorithm is not configured.");
|
||||
}
|
||||
if (algorithm != "HS256" && algorithm != "HS512" && algorithm != "ES256" && algorithm != "ES512") {
|
||||
throw new Error("JWT algorithm is not supported.");
|
||||
}
|
||||
const header: JWTHeader = {
|
||||
alg: source.jwtAlgorithm || "HS256",
|
||||
typ: "JWT",
|
||||
kid,
|
||||
};
|
||||
const iat = ~~(new Date().getTime() / 1000);
|
||||
const exp = iat + (source.jwtExpDuration || 5) * 60; // 5 minutes
|
||||
const payload = {
|
||||
exp,
|
||||
iat,
|
||||
sub: source.jwtSub || "",
|
||||
"_couchdb.roles": ["_admin"],
|
||||
} satisfies JWTPayload;
|
||||
return {
|
||||
header,
|
||||
payload,
|
||||
credentials: source,
|
||||
};
|
||||
},
|
||||
shouldUpdate(isDifferent, source, previous) {
|
||||
if (isDifferent) {
|
||||
return true;
|
||||
}
|
||||
if (!previous) {
|
||||
return true;
|
||||
}
|
||||
// if expired.
|
||||
const d = ~~(new Date().getTime() / 1000);
|
||||
if (previous.payload.exp < d) {
|
||||
// console.warn(`jwt expired ${previous.payload.exp} < ${d}`);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
},
|
||||
});
|
||||
|
||||
async $$connectRemoteCouchDB(
|
||||
uri: string,
|
||||
auth: { username: string; password: string },
|
||||
auth: CouchDBCredentials,
|
||||
disableRequestURI: boolean,
|
||||
passphrase: string | false,
|
||||
useDynamicIterationCount: boolean,
|
||||
performSetup: boolean,
|
||||
skipInfo: boolean,
|
||||
compression: boolean
|
||||
compression: boolean,
|
||||
customHeaders: Record<string, string>
|
||||
): Promise<string | { db: PouchDB.Database<EntryDoc>; info: PouchDB.Core.DatabaseInfo }> {
|
||||
if (!isValidRemoteCouchDBURI(uri)) return "Remote URI is not valid";
|
||||
if (uri.toLowerCase() != uri) return "Remote URI and database name could not contain capital letters.";
|
||||
if (uri.indexOf(" ") !== -1) return "Remote URI and database name could not contain spaces.";
|
||||
const userNameAndPassword = auth.username && auth.password ? `${auth.username}:${auth.password}` : "";
|
||||
if (this.authHeaderSource.value != userNameAndPassword) {
|
||||
this.authHeaderSource.value = userNameAndPassword;
|
||||
let authHeader = "";
|
||||
if ("username" in auth) {
|
||||
const userNameAndPassword = auth.username && auth.password ? `${auth.username}:${auth.password}` : "";
|
||||
if (this.authHeaderSource.value != userNameAndPassword) {
|
||||
this.authHeaderSource.value = userNameAndPassword;
|
||||
}
|
||||
authHeader = this.authHeader.value;
|
||||
} else if ("jwtAlgorithm" in auth) {
|
||||
const params = await this._jwtParams.update(auth).value;
|
||||
const jwt = await this._jwt.update(params).value;
|
||||
const token = jwt.token;
|
||||
authHeader = `Bearer ${token}`;
|
||||
}
|
||||
const authHeader = this.authHeader.value;
|
||||
// const _this = this;
|
||||
|
||||
const conf: PouchDB.HttpAdapter.HttpAdapterConfiguration = {
|
||||
adapter: "http",
|
||||
auth,
|
||||
auth: "username" in auth ? auth : undefined,
|
||||
skip_setup: !performSetup,
|
||||
fetch: async (url: string | Request, opts?: RequestInit) => {
|
||||
let size = "";
|
||||
@@ -146,9 +294,18 @@ export class ModuleObsidianAPI extends AbstractObsidianModule implements IObsidi
|
||||
// --> native Fetch API.
|
||||
|
||||
try {
|
||||
if (this.settings.enableDebugTools) {
|
||||
// Issue #407
|
||||
(opts!.headers as Headers).append("ngrok-skip-browser-warning", "123");
|
||||
if (customHeaders) {
|
||||
for (const [key, value] of Object.entries(customHeaders)) {
|
||||
if (key && value) {
|
||||
(opts!.headers as Headers).append(key, value);
|
||||
}
|
||||
}
|
||||
// // Issue #407
|
||||
// (opts!.headers as Headers).append("ngrok-skip-browser-warning", "123");
|
||||
}
|
||||
// debugger;
|
||||
if (!("username" in auth)) {
|
||||
(opts!.headers as Headers).append("authorization", authHeader);
|
||||
}
|
||||
this.plugin.requestCount.value = this.plugin.requestCount.value + 1;
|
||||
const response: Response = await fetch(url, opts);
|
||||
|
||||
Reference in New Issue
Block a user