mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-11-15 10:50:31 +01:00
dc4ad6b5a9
* wip bg workers for live document sync * Add ability to re-embed specific documents across many workspaces via background queue bgworkser is gated behind expieremental system setting flag that needs to be explictly enabled UI for watching/unwatching docments that are embedded. TODO: UI to easily manage all bg tasks and see run results TODO: UI to enable this feature and background endpoints to manage it * create frontend views and paths Move elements to correct experimental scope * update migration to delete runs on removal of watched document * Add watch support to YouTube transcripts (#1716) * Add watch support to YouTube transcripts refactor how sync is done for supported types * Watch specific files in Confluence space (#1718) Add failure-prune check for runs * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * dual build update copy of alert modals * update job interval * Add support for live-sync of Github files * update copy for document sync feature * hide Experimental features from UI * update docs links * [FEAT] Implement new settings menu for experimental features (#1735) * implement new settings menu for experimental features * remove unused context save bar --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> * dont run job on boot * unset workflow changes * Add persistent encryption service Relay key to collector so persistent encryption can be used Encrypt any private data in chunkSources used for replay during resync jobs * update jsDOC * Linting and organization * update modal copy for feature --------- Co-authored-by: Sean Hatfield <seanhatfield5@gmail.com>
55 lines
1.7 KiB
JavaScript
55 lines
1.7 KiB
JavaScript
const crypto = require("crypto");
|
|
const fs = require("fs");
|
|
const path = require("path");
|
|
const keyPath =
|
|
process.env.NODE_ENV === "development"
|
|
? path.resolve(__dirname, `../../../server/storage/comkey`)
|
|
: path.resolve(
|
|
process.env.STORAGE_DIR ??
|
|
path.resolve(__dirname, `../../../server/storage`),
|
|
`comkey`
|
|
);
|
|
|
|
class CommunicationKey {
|
|
#pubKeyName = "ipc-pub.pem";
|
|
#storageLoc = keyPath;
|
|
|
|
constructor() {}
|
|
|
|
log(text, ...args) {
|
|
console.log(`\x1b[36m[CommunicationKeyVerify]\x1b[0m ${text}`, ...args);
|
|
}
|
|
|
|
#readPublicKey() {
|
|
return fs.readFileSync(path.resolve(this.#storageLoc, this.#pubKeyName));
|
|
}
|
|
|
|
// Given a signed payload from private key from /app/server/ this signature should
|
|
// decode to match the textData provided. This class does verification only in collector.
|
|
// Note: The textData is typically the JSON stringified body sent to the document processor API.
|
|
verify(signature = "", textData = "") {
|
|
try {
|
|
let data = textData;
|
|
if (typeof textData !== "string") data = JSON.stringify(data);
|
|
return crypto.verify(
|
|
"RSA-SHA256",
|
|
Buffer.from(data),
|
|
this.#readPublicKey(),
|
|
Buffer.from(signature, "hex")
|
|
);
|
|
} catch {}
|
|
return false;
|
|
}
|
|
|
|
// Use the rolling public-key to decrypt arbitrary data that was encrypted via the private key on the server side CommunicationKey class
|
|
// that we know was done with the same key-pair and the given input is in base64 format already.
|
|
// Returns plaintext string of the data that was encrypted.
|
|
decrypt(base64String = "") {
|
|
return crypto
|
|
.publicDecrypt(this.#readPublicKey(), Buffer.from(base64String, "base64"))
|
|
.toString();
|
|
}
|
|
}
|
|
|
|
module.exports = { CommunicationKey };
|