packages/core/api/vault.js

import { CHECK_IDS, EV, sendCheckUserStatusEvent } from "../common";
import getId from "../utils/id";

const ERASE_TIME = 1000 * 60 * 30;
export default class Vault {
  /**
   *
   * @param {import('./index').default} db
   */
  constructor(db) {
    this._db = db;
    this._context = db.context;
    this._key = "Notesnook";
    this._password = "";
    this.ERRORS = {
      noVault: "ERR_NO_VAULT",
      vaultLocked: "ERR_VAULT_LOCKED",
      wrongPassword: "ERR_WRONG_PASSWORD",
    };
    EV.subscribe("user:loggedOut", () => {
      this._password = "";
    });
  }

  /**
   * Creates a new vault (replacing if any older exists)
   * @param {string} password The password
   * @returns {Promise<Boolean>}
   */
  async create(password) {
    const vaultKey = await this._context.read("vaultKey");
    if (!vaultKey || !vaultKey.cipher || !vaultKey.iv) {
      const encryptedData = await this._context.encrypt(
        { password },
        this._key
      );
      await this._context.write("vaultKey", encryptedData);
      this._password = password;
      this._startEraser();
    }
    return true;
  }

  /**
   * Unlocks the vault with the given password
   * @param {string} password The password
   * @throws  ERR_NO_VAULT | ERR_WRONG_PASSWORD
   * @returns {Promise<Boolean>}
   */
  async unlock(password) {
    const vaultKey = await this._context.read("vaultKey");
    if (!(await this.exists(vaultKey))) throw new Error(this.ERRORS.noVault);
    var data;
    try {
      data = await this._context.decrypt({ password }, vaultKey);
    } catch (e) {
      throw new Error(this.ERRORS.wrongPassword);
    }
    if (data !== this._key) {
      throw new Error(this.ERRORS.wrongPassword);
    }
    this._password = password;
    this._startEraser();
    return true;
  }

  async changePassword(oldPassword, newPassword) {
    if (await this.unlock(oldPassword)) {
      const lockedNotes = this._db.notes.all.filter((v) => v.locked);
      for (var note of lockedNotes) {
        await this._unlockNote(note, true);
      }
      await this._context.remove("vaultKey");
      await this.create(newPassword);
      for (var note of lockedNotes) {
        await this._lockNote(note);
      }
    }
  }

  _startEraser() {
    setTimeout(() => {
      this._password = "";
    }, ERASE_TIME);
  }

  /**
   * Locks (add to vault) a note
   * @param {string} noteId The id of the note to lock
   */
  async add(noteId) {
    if (!(await sendCheckUserStatusEvent(CHECK_IDS.vaultAdd))) return;

    await this._check();
    await this._lockNote({ id: noteId });
  }

  /**
   * Permanently unlocks (remove from vault) a note
   * @param {string} noteId The note id
   * @param {string} password The password to unlock note with
   */
  async remove(noteId, password) {
    if (await this.unlock(password)) {
      const note = this._db.notes.note(noteId).data;
      await this._unlockNote(note, true);
    }
  }

  async clear(password) {}

  /**
   * Temporarily unlock (open) a note
   * @param {string} noteId The note id
   * @param {string} password The password to open note with
   */
  async open(noteId, password) {
    if (await this.unlock(password)) {
      const note = this._db.notes.note(noteId).data;
      return this._unlockNote(note, false);
    }
  }

  /**
   * Saves a note into the vault
   * @param {{Object}} note The note to save into the vault
   */
  async save(note) {
    if (!note) return;
    //await this._check();
    //let id = note.id || getId();
    return await this._lockNote(note);
  }

  async exists(vaultKey) {
    if (!vaultKey) vaultKey = await this._context.read("vaultKey");
    return vaultKey && vaultKey.cipher && vaultKey.iv;
  }

  // Private & internal methods

  /** @private */
  _locked() {
    return !this._password || !this._password.length;
  }

  /** @private */
  async _check() {
    if (!(await this.exists())) {
      throw new Error(this.ERRORS.noVault);
    }

    if (this._locked()) {
      throw new Error(this.ERRORS.vaultLocked);
    }
  }

  /** @private */
  async _encryptContent(contentId, content, type) {
    let encryptedContent = await this._context.encrypt(
      { password: this._password },
      JSON.stringify(content)
    );

    await this._db.content.add({ id: contentId, data: encryptedContent, type });
  }

  /** @private */
  async _decryptContent(contentId) {
    let encryptedContent = await this._db.content.raw(contentId);

    let decryptedContent = await this._context.decrypt(
      { password: this._password },
      encryptedContent.data
    );

    return { type: encryptedContent.type, data: JSON.parse(decryptedContent) };
  }

  /** @private */
  async _lockNote(note) {
    let { id, content: { type, data } = {}, contentId } = note;

    if (!data || !type || !contentId) {
      note = this._db.notes.note(id);
      if (note.data.locked) return;
      contentId = note.data.contentId;
      let content = await this._db.content.raw(contentId);
      data = content.data;
      type = content.type;
    }

    await this._encryptContent(contentId, data, type);

    return await this._db.notes.add({
      id,
      locked: true,
      headline: "",
      title: note.title,
    });
  }

  /** @private */
  async _unlockNote(note, perm = false) {
    let content = await this._decryptContent(note.contentId);

    if (perm) {
      await this._db.notes.add({
        id: note.id,
        locked: false,
        headline: note.headline,
        contentId: note.contentId,
        content,
      });
      // await this._db.content.add({ id: note.contentId, data: content });
      return;
    }

    return {
      ...note,
      content,
    };
  }

  /** @inner */
  async _getKey() {
    if (await this.exists()) return await this._context.read("vaultKey");
  }

  /** @inner */
  async _setKey(vaultKey) {
    if (!vaultKey) return;
    await this._context.write("vaultKey", vaultKey);
  }
}
refactor: use a single CHECK_IDS 2020-12-05 13:19:41 +05:00			`import { CHECK_IDS, EV, sendCheckUserStatusEvent } from "../common";`
feat: seperate text & delta 2020-03-19 11:30:05 +05:00			`import getId from "../utils/id";`
fix: resolve all circular dependencies (fix #9) 2020-04-12 11:04:30 +05:00
feat: auto clear vault session after 30 minutes 2020-10-03 12:04:04 +05:00			`const ERASE_TIME = 1000 * 60 * 30;`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`export default class Vault {`
			`/**`
			`*`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`* @param {import('./index').default} db`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`*/`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`constructor(db) {`
			`this._db = db;`
			`this._context = db.context;`
refactor: vault api 2020-03-08 11:33:55 +05:00			`this._key = "Notesnook";`
			`this._password = "";`
fix: classProperties not supproted error 2020-03-10 13:54:34 +05:00			`this.ERRORS = {`
			`noVault: "ERR_NO_VAULT",`
			`vaultLocked: "ERR_VAULT_LOCKED",`
crypto: migrate to the new crypto api interface 2020-04-13 11:13:32 +05:00			`wrongPassword: "ERR_WRONG_PASSWORD",`
fix: classProperties not supproted error 2020-03-10 13:54:34 +05:00			`};`
feat: add 1 min rollover auto syncing 2020-11-02 09:50:27 +05:00			`EV.subscribe("user:loggedOut", () => {`
fix: properly clear data from memory on logout 2020-09-19 11:33:31 +05:00			`this._password = "";`
			`});`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/**`
			`* Creates a new vault (replacing if any older exists)`
			`* @param {string} password The password`
feat: vault password can now be changed 2020-11-21 16:09:07 +05:00			`* @returns {Promise<Boolean>}`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`*/`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`async create(password) {`
sync: sync vaultKey 2020-04-15 14:00:05 +05:00			`const vaultKey = await this._context.read("vaultKey");`
			`if (!vaultKey \|\| !vaultKey.cipher \|\| !vaultKey.iv) {`
crypto: migrate to the new crypto api interface 2020-04-13 11:13:32 +05:00			`const encryptedData = await this._context.encrypt(`
			`{ password },`
			`this._key`
			`);`
sync: sync vaultKey 2020-04-15 14:00:05 +05:00			`await this._context.write("vaultKey", encryptedData);`
refactor: vault api 2020-03-08 11:33:55 +05:00			`this._password = password;`
feat: auto clear vault session after 30 minutes 2020-10-03 12:04:04 +05:00			`this._startEraser();`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`
			`return true;`
			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/**`
			`* Unlocks the vault with the given password`
			`* @param {string} password The password`
feat: vault password can now be changed 2020-11-21 16:09:07 +05:00			`* @throws ERR_NO_VAULT \| ERR_WRONG_PASSWORD`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00			`* @returns {Promise<Boolean>}`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`*/`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`async unlock(password) {`
sync: sync vaultKey 2020-04-15 14:00:05 +05:00			`const vaultKey = await this._context.read("vaultKey");`
feat: expose method to check if vault exists 2020-11-21 15:44:56 +05:00			`if (!(await this.exists(vaultKey))) throw new Error(this.ERRORS.noVault);`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`var data;`
			`try {`
sync: sync vaultKey 2020-04-15 14:00:05 +05:00			`data = await this._context.decrypt({ password }, vaultKey);`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`} catch (e) {`
refactor: export errors 2020-03-10 13:52:20 +05:00			`throw new Error(this.ERRORS.wrongPassword);`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`
refactor: vault api 2020-03-08 11:33:55 +05:00			`if (data !== this._key) {`
refactor: export errors 2020-03-10 13:52:20 +05:00			`throw new Error(this.ERRORS.wrongPassword);`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`
refactor: vault api 2020-03-08 11:33:55 +05:00			`this._password = password;`
feat: auto clear vault session after 30 minutes 2020-10-03 12:04:04 +05:00			`this._startEraser();`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`return true;`
			`}`

feat: vault password can now be changed 2020-11-21 16:09:07 +05:00			`async changePassword(oldPassword, newPassword) {`
			`if (await this.unlock(oldPassword)) {`
			`const lockedNotes = this._db.notes.all.filter((v) => v.locked);`
			`for (var note of lockedNotes) {`
			`await this._unlockNote(note, true);`
			`}`
			`await this._context.remove("vaultKey");`
			`await this.create(newPassword);`
			`for (var note of lockedNotes) {`
			`await this._lockNote(note);`
			`}`
			`}`
			`}`

feat: auto clear vault session after 30 minutes 2020-10-03 12:04:04 +05:00			`_startEraser() {`
			`setTimeout(() => {`
			`this._password = "";`
			`}, ERASE_TIME);`
			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/**`
			`* Locks (add to vault) a note`
			`* @param {string} noteId The id of the note to lock`
			`*/`
			`async add(noteId) {`
refactor: use a single CHECK_IDS 2020-12-05 13:19:41 +05:00			`if (!(await sendCheckUserStatusEvent(CHECK_IDS.vaultAdd))) return;`
feat: implement user subscription status checking logic 2020-11-11 15:43:09 +05:00
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`await this._check();`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00			`await this._lockNote({ id: noteId });`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/**`
			`* Permanently unlocks (remove from vault) a note`
			`* @param {string} noteId The note id`
			`* @param {string} password The password to unlock note with`
			`*/`
			`async remove(noteId, password) {`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`if (await this.unlock(password)) {`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`const note = this._db.notes.note(noteId).data;`
refactor: vault api 2020-03-08 11:33:55 +05:00			`await this._unlockNote(note, true);`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`
			`}`

feat: vault password can now be changed 2020-11-21 16:09:07 +05:00			`async clear(password) {}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/**`
			`* Temporarily unlock (open) a note`
			`* @param {string} noteId The note id`
			`* @param {string} password The password to open note with`
			`*/`
			`async open(noteId, password) {`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`if (await this.unlock(password)) {`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`const note = this._db.notes.note(noteId).data;`
refactor: vault api 2020-03-08 11:33:55 +05:00			`return this._unlockNote(note, false);`
			`}`
			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/**`
			`* Saves a note into the vault`
			`* @param {{Object}} note The note to save into the vault`
			`*/`
refactor: vault api 2020-03-08 11:33:55 +05:00			`async save(note) {`
			`if (!note) return;`
perf: use Promise.all when encrypting for possibly better perf 2020-09-17 19:58:33 +05:00			`//await this._check();`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00			`//let id = note.id \|\| getId();`
			`return await this._lockNote(note);`
refactor: vault api 2020-03-08 11:33:55 +05:00			`}`

feat: expose method to check if vault exists 2020-11-21 15:44:56 +05:00			`async exists(vaultKey) {`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`if (!vaultKey) vaultKey = await this._context.read("vaultKey");`
			`return vaultKey && vaultKey.cipher && vaultKey.iv;`
			`}`

feat: expose method to check if vault exists 2020-11-21 15:44:56 +05:00			`// Private & internal methods`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/** @private */`
perf: use Promise.all when encrypting for possibly better perf 2020-09-17 19:58:33 +05:00			`_locked() {`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`return !this._password \|\| !this._password.length;`
			`}`

			`/** @private */`
			`async _check() {`
feat: expose method to check if vault exists 2020-11-21 15:44:56 +05:00			`if (!(await this.exists())) {`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`throw new Error(this.ERRORS.noVault);`
			`}`

perf: use Promise.all when encrypting for possibly better perf 2020-09-17 19:58:33 +05:00			`if (this._locked()) {`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`throw new Error(this.ERRORS.vaultLocked);`
			`}`
			`}`

			`/** @private */`
fix(vault): data is not defined (change to content) 2020-11-18 02:44:18 +05:00			`async _encryptContent(contentId, content, type) {`
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`let encryptedContent = await this._context.encrypt(`
			`{ password: this._password },`
			`JSON.stringify(content)`
			`);`

fix(vault): data is not defined (change to content) 2020-11-18 02:44:18 +05:00			`await this._db.content.add({ id: contentId, data: encryptedContent, type });`
refactor: vault api 2020-03-08 11:33:55 +05:00			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/** @private */`
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`async _decryptContent(contentId) {`
			`let encryptedContent = await this._db.content.raw(contentId);`
feat: seperate text & delta 2020-03-19 11:30:05 +05:00
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`let decryptedContent = await this._context.decrypt(`
			`{ password: this._password },`
			`encryptedContent.data`
			`);`
vault: fix delta data not being parsed if it was string 2020-04-15 12:30:36 +05:00
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`return { type: encryptedContent.type, data: JSON.parse(decryptedContent) };`
refactor: vault api 2020-03-08 11:33:55 +05:00			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/** @private */`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00			`async _lockNote(note) {`
fix(vault): data is not defined (change to content) 2020-11-18 02:44:18 +05:00			`let { id, content: { type, data } = {}, contentId } = note;`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00
fix(vault): data is not defined (change to content) 2020-11-18 02:44:18 +05:00			`if (!data \|\| !type \|\| !contentId) {`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00			`note = this._db.notes.note(id);`
			`if (note.data.locked) return;`
			`contentId = note.data.contentId;`
fix(vault): data is not defined (change to content) 2020-11-18 02:44:18 +05:00			`let content = await this._db.content.raw(contentId);`
			`data = content.data;`
			`type = content.type;`
fix: locking a locked note should return safely 2020-11-18 02:24:23 +05:00			`}`
feat: seperate text & delta 2020-03-19 11:30:05 +05:00
fix(vault): data is not defined (change to content) 2020-11-18 02:44:18 +05:00			`await this._encryptContent(contentId, data, type);`
refactor: vault api 2020-03-08 11:33:55 +05:00
			`return await this._db.notes.add({`
			`id,`
crypto: migrate to the new crypto api interface 2020-04-13 11:13:32 +05:00			`locked: true,`
fix: open locked note not working 2020-04-15 17:16:13 +05:00			`headline: "",`
fix: save title of locked note as well 2020-12-23 13:19:17 +05:00			`title: note.title,`
refactor: vault api 2020-03-08 11:33:55 +05:00			`});`
			`}`

vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`/** @private */`
refactor: vault api 2020-03-08 11:33:55 +05:00			`async _unlockNote(note, perm = false) {`
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`let content = await this._decryptContent(note.contentId);`
refactor: vault api 2020-03-08 11:33:55 +05:00
			`if (perm) {`
			`await this._db.notes.add({`
			`id: note.id,`
crypto: migrate to the new crypto api interface 2020-04-13 11:13:32 +05:00			`locked: false,`
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`headline: note.headline,`
			`contentId: note.contentId,`
			`content,`
refactor: vault api 2020-03-08 11:33:55 +05:00			`});`
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`// await this._db.content.add({ id: note.contentId, data: content });`
feat: seperate text & delta 2020-03-19 11:30:05 +05:00			`return;`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`
refactor: vault api 2020-03-08 11:33:55 +05:00
			`return {`
			`...note,`
feat: migrate from delta to content This is a breaking change. This will allow for extreme flexibility in the future. We have also removed `text` collection as it is unnecessary. Improvements in performance will be noticed while syncing. Known Issues: 1. Since notes lookup depends on note text, it will not work. 2020-11-04 10:17:37 +05:00			`content,`
refactor: vault api 2020-03-08 11:33:55 +05:00			`};`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00
			`/** @inner */`
			`async _getKey() {`
feat: expose method to check if vault exists 2020-11-21 15:44:56 +05:00			`if (await this.exists()) return await this._context.read("vaultKey");`
vault: add jsdoc and reorder methods 2020-04-16 02:36:09 +05:00			`}`

			`/** @inner */`
			`async _setKey(vaultKey) {`
			`if (!vaultKey) return;`
			`await this._context.write("vaultKey", vaultKey);`
			`}`
feat: impl vault for encryption/decryption of notes 2020-03-07 12:29:55 +05:00			`}`