anything-llm/collector/utils/comKey/index.js

const crypto = require("crypto");
const fs = require("fs");
const path = require("path");
const keyPath =
  process.env.NODE_ENV === "development"
    ? path.resolve(__dirname, `../../../server/storage/comkey`)
    : path.resolve(
        process.env.STORAGE_DIR ??
          path.resolve(__dirname, `../../../server/storage`),
        `comkey`
      );

class CommunicationKey {
  #pubKeyName = "ipc-pub.pem";
  #storageLoc = keyPath;

  constructor() {}

  log(text, ...args) {
    console.log(`\x1b[36m[CommunicationKeyVerify]\x1b[0m ${text}`, ...args);
  }

  #readPublicKey() {
    return fs.readFileSync(path.resolve(this.#storageLoc, this.#pubKeyName));
  }

  // Given a signed payload from private key from /app/server/ this signature should
  // decode to match the textData provided. This class does verification only in collector.
  // Note: The textData is typically the JSON stringified body sent to the document processor API.
  verify(signature = "", textData = "") {
    try {
      let data = textData;
      if (typeof textData !== "string") data = JSON.stringify(data);
      return crypto.verify(
        "RSA-SHA256",
        Buffer.from(data),
        this.#readPublicKey(),
        Buffer.from(signature, "hex")
      );
    } catch {}
    return false;
  }

  // Use the rolling public-key to decrypt arbitrary data that was encrypted via the private key on the server side CommunicationKey class
  // that we know was done with the same key-pair and the given input is in base64 format already.
  // Returns plaintext string of the data that was encrypted.
  decrypt(base64String = "") {
    return crypto
      .publicDecrypt(this.#readPublicKey(), Buffer.from(base64String, "base64"))
      .toString();
  }
}

module.exports = { CommunicationKey };
RSA-Signing on server<->collector communication via API (#1005) * WIP integrity check between processes * Implement integrity checking on document processor payloads 2024-04-01 22:56:35 +02:00			`const crypto = require("crypto");`
			`const fs = require("fs");`
			`const path = require("path");`
			`const keyPath =`
			`process.env.NODE_ENV === "development"`
			? path.resolve(__dirname, `../../../server/storage/comkey`)
patch comkey path to fallback 2024-04-04 19:47:26 +02:00			`: path.resolve(`
			`process.env.STORAGE_DIR ??`
			path.resolve(__dirname, `../../../server/storage`),
			`comkey`
			`);`
RSA-Signing on server<->collector communication via API (#1005) * WIP integrity check between processes * Implement integrity checking on document processor payloads 2024-04-01 22:56:35 +02:00
			`class CommunicationKey {`
			`#pubKeyName = "ipc-pub.pem";`
			`#storageLoc = keyPath;`

			`constructor() {}`

			`log(text, ...args) {`
			console.log(`\x1b[36m[CommunicationKeyVerify]\x1b[0m ${text}`, ...args);
			`}`

			`#readPublicKey() {`
			`return fs.readFileSync(path.resolve(this.#storageLoc, this.#pubKeyName));`
			`}`

			`// Given a signed payload from private key from /app/server/ this signature should`
			`// decode to match the textData provided. This class does verification only in collector.`
			`// Note: The textData is typically the JSON stringified body sent to the document processor API.`
			`verify(signature = "", textData = "") {`
			`try {`
			`let data = textData;`
			`if (typeof textData !== "string") data = JSON.stringify(data);`
			`return crypto.verify(`
			`"RSA-SHA256",`
			`Buffer.from(data),`
			`this.#readPublicKey(),`
			`Buffer.from(signature, "hex")`
			`);`
			`} catch {}`
			`return false;`
			`}`
[BETA] Live document sync (#1719) * wip bg workers for live document sync * Add ability to re-embed specific documents across many workspaces via background queue bgworkser is gated behind expieremental system setting flag that needs to be explictly enabled UI for watching/unwatching docments that are embedded. TODO: UI to easily manage all bg tasks and see run results TODO: UI to enable this feature and background endpoints to manage it * create frontend views and paths Move elements to correct experimental scope * update migration to delete runs on removal of watched document * Add watch support to YouTube transcripts (#1716) * Add watch support to YouTube transcripts refactor how sync is done for supported types * Watch specific files in Confluence space (#1718) Add failure-prune check for runs * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * dual build update copy of alert modals * update job interval * Add support for live-sync of Github files * update copy for document sync feature * hide Experimental features from UI * update docs links * [FEAT] Implement new settings menu for experimental features (#1735) * implement new settings menu for experimental features * remove unused context save bar --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> * dont run job on boot * unset workflow changes * Add persistent encryption service Relay key to collector so persistent encryption can be used Encrypt any private data in chunkSources used for replay during resync jobs * update jsDOC * Linting and organization * update modal copy for feature --------- Co-authored-by: Sean Hatfield <seanhatfield5@gmail.com> 2024-06-21 22:38:50 +02:00
			`// Use the rolling public-key to decrypt arbitrary data that was encrypted via the private key on the server side CommunicationKey class`
			`// that we know was done with the same key-pair and the given input is in base64 format already.`
			`// Returns plaintext string of the data that was encrypted.`
			`decrypt(base64String = "") {`
			`return crypto`
			`.publicDecrypt(this.#readPublicKey(), Buffer.from(base64String, "base64"))`
			`.toString();`
			`}`
RSA-Signing on server<->collector communication via API (#1005) * WIP integrity check between processes * Implement integrity checking on document processor payloads 2024-04-01 22:56:35 +02:00			`}`

			`module.exports = { CommunicationKey };`