Mirror
/
remotely-save
mirror of https://github.com/remotely-save/remotely-save.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

new encryption

This commit is contained in:
fyears 2024-03-25 00:21:56 +08:00
parent 6825241071
commit e283efc8f7
25 changed files with 725 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -23,7 +23,7 @@ This is yet another unofficial sync plugin for Obsidian. If you like it or find
- Webdav
- [Here](./docs/services_connectable_or_not.md) shows more connectable (or not-connectable) services in details.
- **Obsidian Mobile supported.** Vaults can be synced across mobile and desktop devices with the cloud service as the "broker".
- **[End-to-end encryption](./docs/encryption.md) supported.** Files would be encrypted using openssl format before being sent to the cloud **if** user specify a password.
- **[End-to-end encryption](./docs/encryption/README.md) supported.** Files would be encrypted using openssl format before being sent to the cloud **if** user specify a password.
- **Scheduled auto sync supported.** You can also manually trigger the sync using sidebar ribbon, or using the command from the command palette (or even bind the hot key combination to the command then press the hot key combination).
- **[Minimal Intrusive](./docs/minimal_intrusive_design.md).**
- **Skip Large files** and **skip paths** by custom regex conditions!

8
docs/encryption/README.md Normal file
View File

@ -0,0 +1,8 @@
# Encryption
Currently (March 2024), Remotely Save supports two end to end encryption format:
1. [RClone Crypt](./rclone.md) format, which is the recommend way now.
2. [OpenSSL enc](./openssl.md) format
Here is also the [comparation](./comparation.md).

23
docs/encryption/comparation.md Normal file
View File

@ -0,0 +1,23 @@
# Comparation Between Encryption Formats
## Warning
**ALWAYS BACKUP YOUR VAULT MANUALLY!!!**
If you switch between RClone Crypt format and OpenSSL enc format, you have to delete the cloud vault files **manually** and **fully**, so that the plugin can re-sync (i.e. re-upload) the newly encrypted versions to the cloud.
## The feature table
| | RClone Crypt | OpenSSL enc | comments |
| ------------------------ | ------------------------------------------------------------------------------------------ | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| key generation | scrypt with fixed salt | PBKDF2 with dynamic salt | scrypt is better than PBKDF2 from the algorithm aspect. But RClone uses fixed salt by default. Also the parameters might affect the result. |
| content encryption | XSalsa20Poly1305 on chunks | AES-256-CBC | XSalsa20Poly1305 is way better than AES-256-CBC. And encryption by chunks should require less resources. |
| file name encryption | EME on each segment of the path | AES-256-CBC on the whole path | RClone has the benefit as well as pitfall that the path structure is preserved. Maybe it's more of a design decision difference? No comment on EME and AES-256-CBC. |
| viewing decrypted result | RClone has command that can mount the encrypted vault as if the encryption is transparent. | No convenient way except writing some scripts we are aware of. | RClone is way more convenient. |
## Some notes
1. Anyway, security is a hard problem. The author of Remotely Save doesn't have sufficient knowledge to "judge" which one is the better format. **Use them at your own risk.**
2. Currently the RClone Crypt format is recommended by default in Remotely Save. Just because of the taste from the Remotely Save author, who likes RClone.
3. **Always use a long password.**
4. Both algorithms are selected deliberately to **be compatible with some well-known third-party tools** (instead of some home-made methods) and **have many tests to ensure the correctness**.

18
docs/encryption.md → docs/encryption/openssl.md
View File

@ -1,10 +1,22 @@
# Encryption
# OpenSSL enc format
If a password is set, the files are encrypted before being sent to the cloud.
The encryption algorithm is delibrately designed to be aligned with openssl format.
## Warning
1. The encryption algorithm is implemented using web-crypto.
**ALWAYS BACKUP YOUR VAULT MANUALLY!!!**
If you switch between RClone Crypt format and OpenSSL enc format, you have to delete the cloud vault files **manually** and **fully**, so that the plugin can re-sync (i.e. re-upload) the newly encrypted versions to the cloud.
## Comparation between encryption formats
See the doc [Comparation](./comparation.md).
## Interoperability with official OpenSSL
This encryption algorithm is delibrately designed to be aligned with openssl format.
1. The encryption algorithm is implemented using web-crypto. Using AES-256-CBC.
2. The file content is encrypted using openssl format. Assuming a file named `sometext.txt`, a password `somepassword`, then the encryption is equivalent to the following command:
```bash

46
docs/encryption/rclone.md Normal file
View File

@ -0,0 +1,46 @@
# RClone Crypt format
The encryption is compatible with RClone Crypt with **base64** name encryption format.
It's developed based on another js project by the same author of Remotely Save: [`@fyears/rclone-crypt`](https://github.com/fyears/rclone-crypt), which is NOT an official library from RClone, and is NOT affiliated with RClone.
Reasonable tests are also ported from official RClone code, to ensure the compatibility and correctness of the encryption.
## Warning
**ALWAYS BACKUP YOUR VAULT MANUALLY!!!**
If you switch between RClone Crypt format and OpenSSL enc format, you have to delete the cloud vault files **manually** and **fully**, so that the plugin can re-sync (i.e. re-upload) the newly encrypted versions to the cloud.
## Comparation between encryption formats
See the doc [Comparation](./comparation.md).
## Interoperability with official RClone
Please pay attention that the plugin uses **base64** of encrypted file names, while official RClone by default uses **base32** file names. The intention is purely for potentially support longer file names.
You could set up the RClone profile by calling `rclone config`. You need to create two profiles, one for your original connection and the other for RClone Crypt.
Finally, a working config file should like this:
```ini
[webdav1]
type = webdav
url = https://example.com/sharefolder1/subfolder1 # the same as the web address in Remotely Save settings.
vendor = other
user = <some webdav username>
pass = <some webdav password, obfuscated>
[webdav1crypt]
type = crypt
remote = nas1test:vaultname # the same as your "Remote Base Directory" (usually the vault name) in Remotely Save settings
password = <some encryption password, obfuscated>
filename_encoding = base64 # don't forget this!!!
```
You can use the `mount` command to view and see the files in file explorer! On Windows, the command should like this (the remote vault is mounted to drive `X:`):
```bash
rclone mount webdav1crypt: X: --network-mode
```

1
docs/sync_algorithm/v3/intro.md
View File

@ -11,3 +11,4 @@
- [x] sync direction: incremental pull only
- [x] sync protection: warning based on the threshold
- [ ] partial sync: better sync on save
- [x] encrpytion: new encryption method, see [this](../../encryption/)

2
esbuild.config.mjs
View File

@ -1,6 +1,7 @@
import dotenv from "dotenv/config";
import esbuild from "esbuild";
import process from "process";
import inlineWorkerPlugin from "esbuild-plugin-inline-worker";
// import builtins from 'builtin-modules'
const banner = `/*
@ -54,6 +55,7 @@ esbuild
"process.env.NODE_DEBUG": `undefined`, // ugly fix
"process.env.DEBUG": `undefined`, // ugly fix
},
plugins: [inlineWorkerPlugin()],
})
.then((context) => {
if (process.argv.includes("--watch")) {

6
package.json
View File

@ -39,6 +39,7 @@
"cross-env": "^7.0.3",
"dotenv": "^16.3.1",
"esbuild": "^0.19.9",
"esbuild-plugin-inline-worker": "^0.1.1",
"jsdom": "^23.0.1",
"mocha": "^10.2.0",
"npm-check-updates": "^16.14.12",
@ -50,7 +51,8 @@
"typescript": "^5.3.3",
"webdav-server": "^2.6.2",
"webpack": "^5.89.0",
"webpack-cli": "^5.1.4"
"webpack-cli": "^5.1.4",
"worker-loader": "^3.0.8"
},
"dependencies": {
"@aws-sdk/client-s3": "^3.474.0",
@ -58,7 +60,7 @@
"@aws-sdk/signature-v4-crt": "^3.474.0",
"@aws-sdk/types": "^3.468.0",
"@azure/msal-node": "^2.6.0",
"@fyears/rclone-crypt": "^0.0.6",
"@fyears/rclone-crypt": "^0.0.7",
"@fyears/tsqueue": "^1.0.1",
"@microsoft/microsoft-graph-client": "^3.0.7",
"@smithy/fetch-http-handler": "^2.3.1",

251
src/encryptRClone.ts Normal file
View File

@ -0,0 +1,251 @@
import {
Cipher as CipherRCloneCryptPack,
encryptedSize,
} from "@fyears/rclone-crypt";
// @ts-ignore
import EncryptWorker from "./encryptRClone.worker";
interface RecvMsg {
status: "ok" | "error";
outputName?: string;
outputContent?: ArrayBuffer;
error?: any;
}
export const getSizeFromOrigToEnc = encryptedSize;
export class CipherRclone {
readonly password: string;
readonly cipher: CipherRCloneCryptPack;
readonly workers: Worker[];
init: boolean;
workerIdx: number;
constructor(password: string, workerNum: number) {
this.password = password;
this.init = false;
this.workerIdx = 0;
// console.debug("begin creating CipherRCloneCryptPack");
this.cipher = new CipherRCloneCryptPack("base64");
// console.debug("finish creating CipherRCloneCryptPack");
// console.debug("begin creating EncryptWorker");
this.workers = [];
for (let i = 0; i < workerNum; ++i) {
this.workers.push(new (EncryptWorker as any)() as Worker);
}
// console.debug("finish creating EncryptWorker");
}
closeResources() {
for (let i = 0; i < this.workers.length; ++i) {
this.workers[i].terminate();
}
}
async prepareByCallingWorker(): Promise<void> {
if (this.init) {
return;
}
// console.debug("begin prepareByCallingWorker");
await this.cipher.key(this.password, "");
// console.debug("finish getting key");
const res: Promise<void>[] = [];
for (let i = 0; i < this.workers.length; ++i) {
res.push(
new Promise((resolve, reject) => {
const channel = new MessageChannel();
channel.port2.onmessage = (event) => {
// console.debug("main: receiving msg in prepare");
const { status } = event.data as RecvMsg;
if (status === "ok") {
// console.debug("main: receiving init ok in prepare");
this.init = true;
resolve(); // return the class object itself
} else {
reject("error after prepareByCallingWorker");
}
};
channel.port2.onmessageerror = (event) => {
// console.debug("main: receiving error in prepare");
reject(event);
};
// console.debug("main: before postMessage in prepare");
this.workers[i].postMessage(
{
action: "prepare",
dataKeyBuf: this.cipher.dataKey.buffer,
nameKeyBuf: this.cipher.nameKey.buffer,
nameTweakBuf: this.cipher.nameTweak.buffer,
},
[channel.port1 /* buffer no transfered because we need to copy */]
);
})
);
}
await Promise.all(res);
}
async encryptNameByCallingWorker(inputName: string): Promise<string> {
// console.debug("main: start encryptNameByCallingWorker");
await this.prepareByCallingWorker();
// console.debug(
// "main: really start generate promise in encryptNameByCallingWorker"
// );
++this.workerIdx;
const whichWorker = this.workerIdx % this.workers.length;
return await new Promise((resolve, reject) => {
const channel = new MessageChannel();
channel.port2.onmessage = (event) => {
// console.debug("main: receiving msg in encryptNameByCallingWorker");
const { outputName } = event.data as RecvMsg;
if (outputName === undefined) {
reject("unknown outputName after encryptNameByCallingWorker");
} else {
resolve(outputName);
}
};
channel.port2.onmessageerror = (event) => {
// console.debug("main: receiving error in encryptNameByCallingWorker");
reject(event);
};
// console.debug("main: before postMessage in encryptNameByCallingWorker");
this.workers[whichWorker].postMessage(
{
action: "encryptName",
inputName: inputName,
},
[channel.port1]
);
});
}
async decryptNameByCallingWorker(inputName: string): Promise<string> {
await this.prepareByCallingWorker();
++this.workerIdx;
const whichWorker = this.workerIdx % this.workers.length;
return await new Promise((resolve, reject) => {
const channel = new MessageChannel();
channel.port2.onmessage = (event) => {
// console.debug("main: receiving msg in decryptNameByCallingWorker");
const { outputName, status } = event.data as RecvMsg;
if (status === "error") {
reject("error");
} else {
if (outputName === undefined) {
reject("unknown outputName after decryptNameByCallingWorker");
} else {
resolve(outputName);
}
}
};
channel.port2.onmessageerror = (event) => {
// console.debug("main: receiving error in decryptNameByCallingWorker");
reject(event);
channel;
};
// console.debug("main: before postMessage in decryptNameByCallingWorker");
this.workers[whichWorker].postMessage(
{
action: "decryptName",
inputName: inputName,
},
[channel.port1]
);
});
}
async encryptContentByCallingWorker(
input: ArrayBuffer
): Promise<ArrayBuffer> {
await this.prepareByCallingWorker();
++this.workerIdx;
const whichWorker = this.workerIdx % this.workers.length;
return await new Promise((resolve, reject) => {
const channel = new MessageChannel();
channel.port2.onmessage = (event) => {
// console.debug("main: receiving msg in encryptContentByCallingWorker");
const { outputContent } = event.data as RecvMsg;
if (outputContent === undefined) {
reject("unknown outputContent after encryptContentByCallingWorker");
} else {
resolve(outputContent);
}
};
channel.port2.onmessageerror = (event) => {
// console.debug("main: receiving error in encryptContentByCallingWorker");
reject(event);
};
// console.debug(
// "main: before postMessage in encryptContentByCallingWorker"
// );
this.workers[whichWorker].postMessage(
{
action: "encryptContent",
inputContent: input,
},
[channel.port1, input]
);
});
}
async decryptContentByCallingWorker(
input: ArrayBuffer
): Promise<ArrayBuffer> {
await this.prepareByCallingWorker();
++this.workerIdx;
const whichWorker = this.workerIdx % this.workers.length;
return await new Promise((resolve, reject) => {
const channel = new MessageChannel();
channel.port2.onmessage = (event) => {
// console.debug("main: receiving msg in decryptContentByCallingWorker");
const { outputContent, status } = event.data as RecvMsg;
if (status === "error") {
reject("error");
} else {
if (outputContent === undefined) {
reject("unknown outputContent after decryptContentByCallingWorker");
} else {
resolve(outputContent);
}
}
};
channel.port2.onmessageerror = (event) => {
// console.debug(
// "main: receiving onmessageerror in decryptContentByCallingWorker"
// );
reject(event);
};
// console.debug(
// "main: before postMessage in decryptContentByCallingWorker"
// );
this.workers[whichWorker].postMessage(
{
action: "decryptContent",
inputContent: input,
},
[channel.port1, input]
);
});
}
}

184
src/encryptRClone.worker.ts Normal file
View File

@ -0,0 +1,184 @@
import { nanoid } from "nanoid";
import { Cipher as CipherRCloneCryptPack } from "@fyears/rclone-crypt";
const ctx: WorkerGlobalScope = self as any;
const workerNanoID = nanoid();
const cipher = new CipherRCloneCryptPack("base64");
// console.debug(`worker [${workerNanoID}]: cipher created`);
async function encryptNameStr(input: string) {
const res = await cipher.encryptFileName(input);
return res;
}
async function decryptNameStr(input: string) {
return await cipher.decryptFileName(input);
}
async function encryptContentBuf(input: ArrayBuffer) {
return (await cipher.encryptData(new Uint8Array(input), undefined)).buffer;
}
async function decryptContentBuf(input: ArrayBuffer) {
return (await cipher.decryptData(new Uint8Array(input))).buffer;
}
ctx.addEventListener("message", async (event: any) => {
const port: MessagePort = event.ports[0];
const {
action,
dataKeyBuf,
nameKeyBuf,
nameTweakBuf,
inputName,
inputContent,
} = event.data as {
action:
| "prepare"
| "encryptContent"
| "decryptContent"
| "encryptName"
| "decryptName";
dataKeyBuf?: ArrayBuffer;
nameKeyBuf?: ArrayBuffer;
nameTweakBuf?: ArrayBuffer;
inputName?: string;
inputContent?: ArrayBuffer;
};
// console.debug(`worker [${workerNanoID}]: receiving action=${action}`);
if (action === "prepare") {
// console.debug(`worker [${workerNanoID}]: prepare: start`);
try {
if (
dataKeyBuf === undefined ||
nameKeyBuf === undefined ||
nameTweakBuf === undefined
) {
// console.debug(`worker [${workerNanoID}]: prepare: no buffer??`);
throw Error(
`worker [${workerNanoID}]: prepare: internal keys not transferred to worker properly`
);
}
// console.debug(`worker [${workerNanoID}]: prepare: so we update`);
cipher.updateInternalKey(
new Uint8Array(dataKeyBuf),
new Uint8Array(nameKeyBuf),
new Uint8Array(nameTweakBuf)
);
port.postMessage({
status: "ok",
});
} catch (error) {
console.error(error);
port.postMessage({
status: "error",
error: error,
});
}
} else if (action === "encryptName") {
try {
if (inputName === undefined) {
throw Error(
`worker [${workerNanoID}]: encryptName: internal inputName not transferred to worker properly`
);
}
const outputName = await encryptNameStr(inputName);
// console.debug(
// `worker [${workerNanoID}]: after encryptNameStr, before postMessage`
// );
port.postMessage({
status: "ok",
outputName: outputName,
});
} catch (error) {
console.error(`worker [${workerNanoID}]: encryptName=${inputName}`);
console.error(error);
port.postMessage({
status: "error",
error: error,
});
}
} else if (action === "decryptName") {
try {
if (inputName === undefined) {
throw Error(
`worker [${workerNanoID}]: decryptName: internal inputName not transferred to worker properly`
);
}
const outputName = await decryptNameStr(inputName);
// console.debug(
// `worker [${workerNanoID}]: after decryptNameStr, before postMessage`
// );
port.postMessage({
status: "ok",
outputName: outputName,
});
} catch (error) {
console.error(`worker [${workerNanoID}]: decryptName=${inputName}`);
console.error(error);
port.postMessage({
status: "error",
error: error,
});
}
} else if (action === "encryptContent") {
try {
if (inputContent === undefined) {
throw Error(
`worker [${workerNanoID}]: encryptContent: internal inputContent not transferred to worker properly`
);
}
const outputContent = await encryptContentBuf(inputContent);
// console.debug(
// `worker [${workerNanoID}]: after encryptContentBuf, before postMessage`
// );
port.postMessage(
{
status: "ok",
outputContent: outputContent,
},
[outputContent]
);
} catch (error) {
console.error(error);
port.postMessage({
status: "error",
error: error,
});
}
} else if (action === "decryptContent") {
try {
if (inputContent === undefined) {
throw Error(
`worker [${workerNanoID}]: decryptContent: internal inputContent not transferred to worker properly`
);
}
const outputContent = await decryptContentBuf(inputContent);
// console.debug(
// `worker [${workerNanoID}]: after decryptContentBuf, before postMessage`
// );
port.postMessage(
{
status: "ok",
outputContent: outputContent,
},
[outputContent]
);
} catch (error) {
console.error(error);
port.postMessage({
status: "error",
error: error,
});
}
} else {
port.postMessage({
status: "error",
error: `worker [${workerNanoID}]: unknown action=${action}`,
});
}
});

40
src/encryptUnified.ts
View File

@ -1,59 +1,85 @@
import { CipherMethodType } from "./baseTypes";
import * as openssl from "./encryptOpenSSL";
import * as rclone from "./encryptRClone";
import { isVaildText } from "./misc";
export class Cipher {
readonly password: string;
readonly method: CipherMethodType;
cipherRClone?: rclone.CipherRclone;
constructor(password: string, method: CipherMethodType) {
this.password = password ?? "";
this.method = method;
if (method === "rclone-base64") {
this.cipherRClone = new rclone.CipherRclone(password, 5);
}
}
closeResources() {
if (this.method === "rclone-base64" && this.cipherRClone !== undefined) {
this.cipherRClone.closeResources();
}
}
isPasswordEmpty() {
return this.password === "";
}
isFolderAware() {
if (this.method === "openssl-base64") {
return false;
}
if (this.method === "rclone-base64") {
return true;
}
throw Error(`no idea about isFolderAware for method=${this.method}`);
}
async encryptContent(content: ArrayBuffer) {
// console.debug("start encryptContent");
if (this.password === "") {
return content;
}
if (this.method === "openssl-base64") {
return await openssl.encryptArrayBuffer(content, this.password);
} else if (this.method === "rclone-base64") {
throw Error("not implemented yet");
return await this.cipherRClone!.encryptContentByCallingWorker(content);
} else {
throw Error(`not supported encrypt method=${this.method}`);
}
}
async decryptContent(content: ArrayBuffer) {
// console.debug("start decryptContent");
if (this.password === "") {
return content;
}
if (this.method === "openssl-base64") {
return await openssl.decryptArrayBuffer(content, this.password);
} else if (this.method === "rclone-base64") {
throw Error("not implemented yet");
return await this.cipherRClone!.decryptContentByCallingWorker(content);
} else {
throw Error(`not supported encrypt method=${this.method}`);
throw Error(`not supported decrypt method=${this.method}`);
}
}
async encryptName(name: string) {
// console.debug("start encryptName");
if (this.password === "") {
return name;
}
if (this.method === "openssl-base64") {
return await openssl.encryptStringToBase64url(name, this.password);
} else if (this.method === "rclone-base64") {
throw Error("not implemented yet");
return await this.cipherRClone!.encryptNameByCallingWorker(name);
} else {
throw Error(`not supported encrypt method=${this.method}`);
}
}
async decryptName(name: string) {
// console.debug("start decryptName");
if (this.password === "") {
return name;
}
@ -86,9 +112,9 @@ export class Cipher {
}
}
} else if (this.method === "rclone-base64") {
throw Error("not implemented yet");
return await this.cipherRClone!.decryptNameByCallingWorker(name);
} else {
throw Error(`not supported encrypt method=${this.method}`);
throw Error(`not supported decrypt method=${this.method}`);
}
}
@ -99,7 +125,7 @@ export class Cipher {
if (this.method === "openssl-base64") {
return openssl.getSizeFromOrigToEnc(x);
} else if (this.method === "rclone-base64") {
throw Error("not implemented yet");
return rclone.getSizeFromOrigToEnc(x);
} else {
throw Error(`not supported encrypt method=${this.method}`);
}

10
src/langs/en.json
View File

@ -64,6 +64,8 @@
"modal_password_attn5": "Attention 5/5: The longer the password, the better.",
"modal_password_secondconfirm": "The Second Confirm to change password.",
"modal_password_notice": "New password saved!",
"modal_encryptionmethod_title": "Hold on and PLEASE READ ON...",
"modal_encryptionmethod_shortdesc": "You are changing the encrpytion method but you have set the password before.\nAfter switching the method, you need to <b>manually</b> and <b>fully</b> delete every encrypted vault files in the remote and re-sync (so that re-upload) the newly encrypted files again.",
"modal_remotebasedir_title": "You are changing the remote base directory config",
"modal_remotebasedir_shortdesc": "1. The plugin would NOT automatically move the content from the old directory to the new one directly on the remote. Everything syncs from the beginning again.\n2. If you set the string to the empty, the config would be reset to use the vault folder name (the default config).\n3. The remote directory name itself would not be encrypted even you've set an E2E password.\n4. Some special char like '?', '/', '\\' are not allowed. Spaces in the beginning or in the end are also trimmed.",
"modal_remotebasedir_invaliddirhint": "Your input contains special characters like '?', '/', '\\' which are not allowed.",
@ -111,9 +113,9 @@
"settings_password": "Encryption Password",
"settings_password_desc": "Password for E2E encryption. Empty for no password. You need to click \"Confirm\". Attention: The password and other info are saved locally. After changing the password, you need to manually delete every original files in the remote, and re-sync (so that upload) the encrypted files again.",
"settings_encryptionmethod": "Encryption Method",
"settings_encryptionmethod_desc": "Encryption method for E2E encryption. RClone method is recommended but it doesn't encrypt path structure. OpenSSL is the legacy method of this plugin. Attention: After switching the method, you need to manually delete every original files in the remote and re-sync (so that upload) the encrypted files again.",
"settings_encryptionmethod_rclone": "RClone (recommended)",
"settings_encryptionmethod_openssl": "OpenSSL (legacy)",
"settings_encryptionmethod_desc": "Encryption method for E2E encryption. RClone Crypt format is recommended but it doesn't encrypt path structure. OpenSSL enc is the legacy format of this plugin. <b>Both are not affliated with official RClone and OpenSSL product or community.</b> Attention: After switching the method, you need to manually delete every original files in the remote and re-sync (so that upload) the encrypted files again. More info in the <a href='https://github.com/remotely-save/remotely-save/tree/master/docs/encryption'>online doc</a>.",
"settings_encryptionmethod_rclone": "RClone Crypt (recommended)",
"settings_encryptionmethod_openssl": "OpenSSL enc (legacy)",
"settings_autorun": "Schedule For Auto Run",
"settings_autorun_desc": "The plugin tries to schedule the running after every interval. Battery may be impacted.",
@ -308,7 +310,7 @@
"settings_resetcache_button": "Reset",
"settings_resetcache_notice": "Local internal cache/databases deleted. Please manually reload the plugin.",
"syncalgov3_title": "Remotely Save has HUGE updates on the sync algorithm",
"syncalgov3_texts": "Welcome to use Remotely Save!\nFrom this version, a new algorithm has been developed:\n<ul><li>More robust deletion sync,</li><li>minimal conflict handling,</li><li>no meta data uploaded any more,</li><li>deletion / modification protection,</li><li>backup mode</li><li>...</li></ul>\nStay tune for more! A full introduction is in the <a href='https://github.com/remotely-save/remotely-save/tree/master/docs/sync_algorithm/v3/intro.md'>doc website</a>.\nIf you agree to use this, please read and check two checkboxes then click the \"Agree\" button, and enjoy the plugin!\nIf you do not agree, please click the \"Do Not Agree\" button, the plugin will unload itself.\nAlso, please consider <a href='https://github.com/remotely-save/remotely-save'>visit the GitHub repo and star ⭐ it</a>! Or even <a href='https://github.com/remotely-save/donation'>buy me a coffee</a>. Your support is very important to me! Thanks!",
"syncalgov3_texts": "Welcome to use Remotely Save!\nFrom this version, a new algorithm has been developed:\n<ul><li>More robust deletion sync,</li><li>minimal conflict handling,</li><li>no meta data uploaded any more,</li><li>deletion / modification protection,</li><li>backup mode</li><li>new encryption method</li><li>...</li></ul>\nStay tune for more! A full introduction is in the <a href='https://github.com/remotely-save/remotely-save/tree/master/docs/sync_algorithm/v3/intro.md'>doc website</a>.\nIf you agree to use this, please read and check two checkboxes then click the \"Agree\" button, and enjoy the plugin!\nIf you do not agree, please click the \"Do Not Agree\" button, the plugin will unload itself.\nAlso, please consider <a href='https://github.com/remotely-save/remotely-save'>visit the GitHub repo and star ⭐ it</a>! Or even <a href='https://github.com/remotely-save/donation'>buy me a coffee</a>. Your support is very important to me! Thanks!",
"syncalgov3_checkbox_manual_backup": "I will backup my vault manually firstly.",
"syncalgov3_checkbox_requiremultidevupdate": "I understand I need to update the plugin ACROSS ALL DEVICES to make them work properly.",
"syncalgov3_button_agree": "Agree",

10
src/langs/zh_cn.json
View File

@ -64,6 +64,8 @@
"modal_password_attn5": "注意 5/5密码越长越好。",
"modal_password_secondconfirm": "再次确认保存新密码",
"modal_password_notice": "新密码已保存!",
"modal_encryptionmethod_title": "稍等一下,请阅读下文:",
"modal_encryptionmethod_shortdesc": "您正在修改加密方式,但是您已经设置了密码。\n修改加密方式之后您需要<b>手动</b>和<b>完全</b>删除在远端的之前加密过的库文件,然后重新同步(从而重新上传)新的加密文件。",
"modal_remotebasedir_title": "您正在修改远端基文件夹设置",
"modal_remotebasedir_shortdesc": "1. 本插件并不会自动在远端把内容从旧文件夹移动到新文件夹。所有内容都会重新同步。\n2. 如果你使得文本输入框为空,那么本设置会被重设回库的文件夹名(默认设置)。\n3. 即使您设置了端对端加密的密码,远端文件夹名称本身也不会被加密。\n4. 某些特殊字符,如“?”、“/”、“\\”是不允许的。文本前后的空格也会被自动删去。",
"modal_remotebasedir_invaliddirhint": "您所输入的内容含有某些特殊字符,如“?”、“/”、“\\”,它们是不允许的。",
@ -111,9 +113,9 @@
"settings_password": "密码",
"settings_password_desc": "端到端加密的密码。不填写则代表没密码。您需要点击“确认”来修改。注意:密码和其它信息都会在本地保存。如果您修改了密码,您需要手动删除远端的所有文件,重新同步(从而上传)加密文件。",
"settings_encryptionmethod": "加密方法",
"settings_encryptionmethod_desc": "端到端加密的方法。推荐选用 RClone 方法但是它没有加密文件路径结构。OpenSSL 是本插件一开始就支持的方式。如果您修改了加密方法您需要手动删除远端的所有文件,重新同步(从而上传)加密文件。",
"settings_encryptionmethod_rclone": "RClone(推荐)",
"settings_encryptionmethod_openssl": "OpenSSL(旧方法)",
"settings_encryptionmethod_desc": "端到端加密的方法。推荐选用 RClone Crypt 方法但是它没有加密文件路径结构。OpenSSL enc 是本插件一开始就支持的方式。<b>两种方法都和 RClone、OpenSSL 官方产品和社区无利益相关。</b>如果您修改了加密方法您需要手动删除远端的所有文件,重新同步(从而上传)加密文件。更多详细说明见<a href='https://github.com/remotely-save/remotely-save/tree/master/docs/encryption'>在线文档</a>。",
"settings_encryptionmethod_rclone": "RClone Crypt(推荐)",
"settings_encryptionmethod_openssl": "OpenSSL enc(旧方法)",
"settings_autorun": "自动运行",
"settings_autorun_desc": "每隔一段时间,此插件尝试自动同步。会影响到电池用量。",
"settings_autorun_notset": "(不设置)",
@ -307,7 +309,7 @@
"settings_resetcache_button": "重设",
"settings_resetcache_notice": "本地同步缓存和数据库已被删除。请手动重新载入此插件。",
"syncalgov3_title": "Remotely Save 的同步算法有重大更新",
"syncalgov3_texts": "欢迎使用 Remotely Save\n从这个版本开始插件更新了同步算法\n<ul><li>更稳健的删除同步</li><li>引入冲突处理</li><li>避免上传元数据</li><li>修改删除保护</li><li>备份模式</li><li>……</li></ul>\n敬请期待更多更新详细介绍请参阅<a href='https://github.com/remotely-save/remotely-save/tree/master/docs/sync_algorithm/v3/intro.md'>文档网站</a>。\n如果您同意使用新版本请阅读和勾选两个勾选框然后点击“同意”按钮开始使用插件吧\n如果您不同意请点击“不同意”按钮插件将自动停止运行unload。\n此外请考虑<a href='https://github.com/remotely-save/remotely-save'>访问 GitHub 页面然后点赞 ⭐</a>!您的支持对我十分重要!谢谢!",
"syncalgov3_texts": "欢迎使用 Remotely Save\n从这个版本开始插件更新了同步算法\n<ul><li>更稳健的删除同步</li><li>引入冲突处理</li><li>避免上传元数据</li><li>修改删除保护</li><li>备份模式</li><li>新的加密方式</li><li>……</li></ul>\n敬请期待更多更新详细介绍请参阅<a href='https://github.com/remotely-save/remotely-save/tree/master/docs/sync_algorithm/v3/intro.md'>文档网站</a>。\n如果您同意使用新版本请阅读和勾选两个勾选框然后点击“同意”按钮开始使用插件吧\n如果您不同意请点击“不同意”按钮插件将自动停止运行unload。\n此外请考虑<a href='https://github.com/remotely-save/remotely-save'>访问 GitHub 页面然后点赞 ⭐</a>!您的支持对我十分重要!谢谢!",
"syncalgov3_checkbox_manual_backup": "我将会首先手动备份我的库Vault。",
"syncalgov3_checkbox_requiremultidevupdate": "我理解,我需要在所有设备上都更新此插件使之正常运行。",
"syncalgov3_button_agree": "同意",

10
src/langs/zh_tw.json
View File

@ -64,6 +64,8 @@
"modal_password_attn5": "注意 5/5密碼越長越好。",
"modal_password_secondconfirm": "再次確認儲存新密碼",
"modal_password_notice": "新密碼已儲存!",
"modal_encryptionmethod_title": "稍等一下,請閱讀下文:",
"modal_encryptionmethod_shortdesc": "您正在修改加密方式,但是您已經設定了密碼。\n修改加密方式之後您需要<b>手動</b>和<b>完全</b>刪除在遠端的之前加密過的庫檔案,然後重新同步(從而重新上傳)新的加密檔案。",
"modal_remotebasedir_title": "您正在修改遠端基資料夾設定",
"modal_remotebasedir_shortdesc": "1. 本外掛並不會自動在遠端把內容從舊資料夾移動到新資料夾。所有內容都會重新同步。\n2. 如果你使得文字輸入框為空,那麼本設定會被重設回庫的資料夾名(預設設定)。\n3. 即使您設定了端對端加密的密碼,遠端資料夾名稱本身也不會被加密。\n4. 某些特殊字元,如“?”、“/”、“\\”是不允許的。文字前後的空格也會被自動刪去。",
"modal_remotebasedir_invaliddirhint": "您所輸入的內容含有某些特殊字元,如“?”、“/”、“\\”,它們是不允許的。",
@ -111,9 +113,9 @@
"settings_password": "密碼",
"settings_password_desc": "端到端加密的密碼。不填寫則代表沒密碼。您需要點選“確認”來修改。注意:密碼和其它資訊都會在本地儲存。如果您修改了密碼,您需要手動刪除遠端的所有檔案,重新同步(從而上傳)加密檔案。",
"settings_encryptionmethod": "加密方法",
"settings_encryptionmethod_desc": "端到端加密的方法。推薦選用 RClone 方法但是它沒有加密檔案路徑結構。OpenSSL 是本外掛一開始就支援的方式。如果您修改了加密方法您需要手動刪除遠端的所有檔案,重新同步(從而上傳)加密檔案。",
"settings_encryptionmethod_rclone": "RClone(推薦)",
"settings_encryptionmethod_openssl": "OpenSSL(舊方法)",
"settings_encryptionmethod_desc": "端到端加密的方法。推薦選用 RClone Crypt 方法但是它沒有加密檔案路徑結構。OpenSSL enc 是本外掛一開始就支援的方式。<b>兩種方法都和 RClone、OpenSSL 官方產品和社群無利益相關。</b>如果您修改了加密方法您需要手動刪除遠端的所有檔案,重新同步(從而上傳)加密檔案。更多詳細說明見<a href='https://github.com/remotely-save/remotely-save/tree/master/docs/encryption'>線上文件</a>。",
"settings_encryptionmethod_rclone": "RClone Crypt(推薦)",
"settings_encryptionmethod_openssl": "OpenSSL enc(舊方法)",
"settings_autorun": "自動執行",
"settings_autorun_desc": "每隔一段時間,此外掛嘗試自動同步。會影響到電池用量。",
"settings_autorun_notset": "(不設定)",
@ -307,7 +309,7 @@
"settings_resetcache_button": "重設",
"settings_resetcache_notice": "本地同步快取和資料庫已被刪除。請手動重新載入此外掛。",
"syncalgov3_title": "Remotely Save 的同步演算法有重大更新",
"syncalgov3_texts": "歡迎使用 Remotely Save\n從這個版本開始外掛更新了同步演算法\n<ul><li>更穩健的刪除同步</li><li>引入衝突處理</li><li>避免上傳元資料</li><li>修改刪除保護</li><li>備份模式</li><li>……</li></ul>\n敬請期待更多更新詳細介紹請參閱<a href='https://github.com/remotely-save/remotely-save/tree/master/docs/sync_algorithm/v3/intro.md'>文件網站</a>。\n如果您同意使用新版本請閱讀和勾選兩個勾選框然後點選“同意”按鈕開始使用外掛吧\n如果您不同意請點選“不同意”按鈕外掛將自動停止執行unload。\n此外請考慮<a href='https://github.com/remotely-save/remotely-save'>訪問 GitHub 頁面然後點贊 ⭐</a>!您的支援對我十分重要!謝謝!",
"syncalgov3_texts": "歡迎使用 Remotely Save\n從這個版本開始外掛更新了同步演算法\n<ul><li>更穩健的刪除同步</li><li>引入衝突處理</li><li>避免上傳元資料</li><li>修改刪除保護</li><li>備份模式</li><li>新的加密方式</li><li>……</li></ul>\n敬請期待更多更新詳細介紹請參閱<a href='https://github.com/remotely-save/remotely-save/tree/master/docs/sync_algorithm/v3/intro.md'>文件網站</a>。\n如果您同意使用新版本請閱讀和勾選兩個勾選框然後點選“同意”按鈕開始使用外掛吧\n如果您不同意請點選“不同意”按鈕外掛將自動停止執行unload。\n此外請考慮<a href='https://github.com/remotely-save/remotely-save'>訪問 GitHub 頁面然後點贊 ⭐</a>!您的支援對我十分重要!謝謝!",
"syncalgov3_checkbox_manual_backup": "我將會首先手動備份我的庫Vault。",
"syncalgov3_checkbox_requiremultidevupdate": "我理解,我需要在所有裝置上都更新此外掛使之正常執行。",
"syncalgov3_button_agree": "同意",

2
src/main.ts
View File

@ -389,6 +389,8 @@ export default class RemotelySavePlugin extends Plugin {
}
}
cipher.closeResources();
if (this.settings.currLogLevel === "info") {
getNotice(t("syncrun_shortstep2"));
} else {

6
src/misc.ts
View File

@ -118,6 +118,12 @@ export const base64ToArrayBuffer = (b64text: string) => {
return bufferToArrayBuffer(Buffer.from(b64text, "base64"));
};
export const copyArrayBuffer = (src: ArrayBuffer) => {
var dst = new ArrayBuffer(src.byteLength);
new Uint8Array(dst).set(new Uint8Array(src));
return dst;
};
/**
* https://stackoverflow.com/questions/43131242
* @param hex

7
src/remoteForDropbox.ts
View File

@ -497,8 +497,8 @@ export const uploadToRemote = async (
throw Error(`you specify uploadRaw, but you also provide a folder key!`);
}
// folder
if (cipher.isPasswordEmpty()) {
// if not encrypted, mkdir a remote folder
if (cipher.isPasswordEmpty() || cipher.isFolderAware()) {
// if not encrypted, || encrypted isFolderAware, mkdir a remote folder
if (foldersCreatedBefore?.has(uploadFile)) {
// created, pass
} else {
@ -530,7 +530,8 @@ export const uploadToRemote = async (
mtimeCli: mtime,
};
} else {
// if encrypted, upload a fake file with the encrypted file name
// if encrypted && !isFolderAware(),
// upload a fake file with the encrypted file name
await retryReq(
() =>
client.dropbox.filesUpload({

12
src/remoteForOnedrive.ts
View File

@ -550,7 +550,7 @@ export class WrappedOnedriveClient {
// 20220401: On Android, requestUrl has issue that text becomes base64.
// Use fetch everywhere instead!
if (false /*VALID_REQURL*/) {
await requestUrl({
const res = await requestUrl({
url: theUrl,
method: "PUT",
body: payload,
@ -560,8 +560,9 @@ export class WrappedOnedriveClient {
Authorization: `Bearer ${await this.authGetter.getAccessToken()}`,
},
});
return res.json as DriveItem | UploadSession;
} else {
await fetch(theUrl, {
const res = await fetch(theUrl, {
method: "PUT",
body: payload,
headers: {
@ -569,6 +570,7 @@ export class WrappedOnedriveClient {
Authorization: `Bearer ${await this.authGetter.getAccessToken()}`,
},
});
return (await res.json()) as DriveItem | UploadSession;
}
};
@ -734,8 +736,8 @@ export const uploadToRemote = async (
throw Error(`you specify uploadRaw, but you also provide a folder key!`);
}
// folder
if (cipher.isPasswordEmpty()) {
// if not encrypted, mkdir a remote folder
if (cipher.isPasswordEmpty() || cipher.isFolderAware()) {
// if not encrypted, || encrypted isFolderAware, mkdir a remote folder
if (foldersCreatedBefore?.has(uploadFile)) {
// created, pass
} else {
@ -763,7 +765,7 @@ export const uploadToRemote = async (
mtimeCli: mtime,
};
} else {
// if encrypted,
// if encrypted && !isFolderAware(),
// upload a fake, random-size file
// with the encrypted file name
const byteLengthRandom = getRandomIntInclusive(

26
src/remoteForS3.ts
View File

@ -233,7 +233,14 @@ const fromS3ObjectToEntity = (
if (x.Key! in mtimeRecords) {
const m2 = mtimeRecords[x.Key!];
if (m2 !== 0) {
mtimeCli = m2;
// to be compatible with RClone, we read and store the time in seconds in new version!
if (m2 >= 1000000000000) {
// it's a millsecond, uploaded by old codes..
mtimeCli = m2;
} else {
// it's a second, uploaded by new codes of the plugin from March 24, 2024
mtimeCli = m2 * 1000;
}
}
}
const key = getLocalNoPrefixPath(x.Key!, remotePrefix);
@ -261,7 +268,14 @@ const fromS3HeadObjectToEntity = (
parseFloat(x.Metadata.mtime || x.Metadata.MTime || "0")
);
if (m2 !== 0) {
mtimeCli = m2;
// to be compatible with RClone, we read and store the time in seconds in new version!
if (m2 >= 1000000000000) {
// it's a millsecond, uploaded by old codes..
mtimeCli = m2;
} else {
// it's a second, uploaded by new codes of the plugin from March 24, 2024
mtimeCli = m2 * 1000;
}
}
}
// console.debug(
@ -402,8 +416,8 @@ export const uploadToRemote = async (
Body: "",
ContentType: contentType,
Metadata: {
MTime: `${mtime}`,
CTime: `${ctime}`,
MTime: `${mtime / 1000.0}`,
CTime: `${ctime / 1000.0}`,
},
})
);
@ -465,8 +479,8 @@ export const uploadToRemote = async (
Body: body,
ContentType: contentType,
Metadata: {
MTime: `${mtime}`,
CTime: `${ctime}`,
MTime: `${mtime / 1000.0}`,
CTime: `${ctime / 1000.0}`,
},
},
});

14
src/remoteForWebdav.ts
View File

@ -51,10 +51,15 @@ if (VALID_REQURL) {
const reqContentType =
transformedHeaders["accept"] ?? transformedHeaders["content-type"];
const retractedHeaders = { ...transformedHeaders };
if (retractedHeaders.hasOwnProperty("authorization")) {
retractedHeaders["authorization"] = "<retracted>";
}
console.debug(`before request:`);
console.debug(`url: ${options.url}`);
console.debug(`method: ${options.method}`);
console.debug(`headers: ${JSON.stringify(transformedHeaders, null, 2)}`);
console.debug(`headers: ${JSON.stringify(retractedHeaders, null, 2)}`);
console.debug(`reqContentType: ${reqContentType}`);
let r = await requestUrl({
@ -343,8 +348,8 @@ export const uploadToRemote = async (
throw Error(`you specify uploadRaw, but you also provide a folder key!`);
}
// folder
if (cipher.isPasswordEmpty()) {
// if not encrypted, mkdir a remote folder
if (cipher.isPasswordEmpty() || cipher.isFolderAware()) {
// if not encrypted, || encrypted isFolderAware, mkdir a remote folder
await client.client.createDirectory(uploadFile, {
recursive: true,
});
@ -353,7 +358,8 @@ export const uploadToRemote = async (
entity: res,
};
} else {
// if encrypted, upload a fake file with the encrypted file name
// if encrypted && !isFolderAware(),
// upload a fake file with the encrypted file name
await client.client.putFileContents(uploadFile, "", {
overwrite: true,
onUploadProgress: (progress: any) => {

86
src/settings.ts
View File

@ -123,6 +123,60 @@ class PasswordModal extends Modal {
}
}
class EncryptionMethodModal extends Modal {
plugin: RemotelySavePlugin;
newEncryptionMethod: CipherMethodType;
constructor(
app: App,
plugin: RemotelySavePlugin,
newEncryptionMethod: CipherMethodType
) {
super(app);
this.plugin = plugin;
this.newEncryptionMethod = newEncryptionMethod;
}
onOpen() {
let { contentEl } = this;
const t = (x: TransItemType, vars?: any) => {
return this.plugin.i18n.t(x, vars);
};
// contentEl.setText("Add Or change password.");
contentEl.createEl("h2", { text: t("modal_encryptionmethod_title") });
t("modal_encryptionmethod_shortdesc")
.split("\n")
.forEach((val, idx) => {
contentEl.createEl("p", {
text: stringToFragment(val),
});
});
new Setting(contentEl)
.addButton((button) => {
button.setButtonText(t("confirm"));
button.onClick(async () => {
this.plugin.settings.encryptionMethod = this.newEncryptionMethod;
await this.plugin.saveSettings();
this.close();
});
button.setClass("encryptionmethod-second-confirm");
})
.addButton((button) => {
button.setButtonText(t("goback"));
button.onClick(() => {
this.close();
});
});
}
onClose() {
let { contentEl } = this;
contentEl.empty();
}
}
class ChangeRemoteBaseDirModal extends Modal {
readonly plugin: RemotelySavePlugin;
readonly newRemoteBaseDir: string;
@ -1637,23 +1691,27 @@ export class RemotelySaveSettingTab extends PluginSettingTab {
new Setting(basicDiv)
.setName(t("settings_encryptionmethod"))
.setDesc(t("settings_encryptionmethod_desc"))
.setDesc(stringToFragment(t("settings_encryptionmethod_desc")))
.addDropdown((dropdown) => {
dropdown.addOption("rclone", t("settings_encryptionmethod_rclone"));
dropdown.addOption("openssl", t("settings_encryptionmethod_openssl"));
if (this.plugin.settings.encryptionMethod === "rclone-base64") {
dropdown.setValue("rclone");
} else if (this.plugin.settings.encryptionMethod === "openssl-base64") {
dropdown.setValue("openssl");
}
dropdown.addOption(
"rclone-base64",
t("settings_encryptionmethod_rclone")
);
dropdown.addOption(
"openssl-base64",
t("settings_encryptionmethod_openssl")
);
dropdown.onChange(async (val: string) => {
if (val === "rclone") {
this.plugin.settings.encryptionMethod = "rclone-base64";
} else if (val === "openssl") {
this.plugin.settings.encryptionMethod = "openssl-base64";
if (this.plugin.settings.password === "") {
this.plugin.settings.encryptionMethod = val as CipherMethodType;
await this.plugin.saveSettings();
} else {
new EncryptionMethodModal(
this.app,
this.plugin,
val as CipherMethodType
).open();
}
await this.plugin.saveSettings();
});
});

6
src/worker.d.ts vendored Normal file
View File

@ -0,0 +1,6 @@
declare module "*.worker.ts" {
class WebpackWorker extends Worker {
constructor();
}
export default WebpackWorker;
}

4
styles.css
View File

@ -8,6 +8,10 @@
font-weight: bold;
}
.encryptionmethod-second-confirm {
font-weight: bold;
}
.settings-auth-related {
border-top: 1px solid var(--background-modifier-border);
padding-top: 18px;

2
tsconfig.json
View File

@ -14,7 +14,7 @@
"esModuleInterop": true,
"importHelpers": true,
"isolatedModules": true,
"lib": ["dom", "es5", "scripthost", "es2015"]
"lib": ["dom", "es5", "scripthost", "es2015", "webworker"]
},
"include": ["**/*.ts"]
}

7
webpack.config.js
View File

@ -32,6 +32,13 @@ module.exports = {
],
module: {
rules: [
{
test: /\.worker\.ts$/,
loader: "worker-loader",
options: {
inline: "no-fallback",
},
},
{
test: /\.tsx?$/,
use: "ts-loader",