mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-11-13 10:00:14 +01:00
dc4ad6b5a9
* wip bg workers for live document sync * Add ability to re-embed specific documents across many workspaces via background queue bgworkser is gated behind expieremental system setting flag that needs to be explictly enabled UI for watching/unwatching docments that are embedded. TODO: UI to easily manage all bg tasks and see run results TODO: UI to enable this feature and background endpoints to manage it * create frontend views and paths Move elements to correct experimental scope * update migration to delete runs on removal of watched document * Add watch support to YouTube transcripts (#1716) * Add watch support to YouTube transcripts refactor how sync is done for supported types * Watch specific files in Confluence space (#1718) Add failure-prune check for runs * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * dual build update copy of alert modals * update job interval * Add support for live-sync of Github files * update copy for document sync feature * hide Experimental features from UI * update docs links * [FEAT] Implement new settings menu for experimental features (#1735) * implement new settings menu for experimental features * remove unused context save bar --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> * dont run job on boot * unset workflow changes * Add persistent encryption service Relay key to collector so persistent encryption can be used Encrypt any private data in chunkSources used for replay during resync jobs * update jsDOC * Linting and organization * update modal copy for feature --------- Co-authored-by: Sean Hatfield <seanhatfield5@gmail.com>
41 lines
2.1 KiB
JavaScript
41 lines
2.1 KiB
JavaScript
const { EncryptionWorker } = require("../utils/EncryptionWorker");
|
|
const { CommunicationKey } = require("../utils/comKey");
|
|
|
|
/**
|
|
* Express Response Object interface with defined encryptionWorker attached to locals property.
|
|
* @typedef {import("express").Response & import("express").Response['locals'] & {encryptionWorker: EncryptionWorker} } ResponseWithSigner
|
|
*/
|
|
|
|
// You can use this middleware to assign the EncryptionWorker to the response locals
|
|
// property so that if can be used to encrypt/decrypt arbitrary data via response object.
|
|
// eg: Encrypting API keys in chunk sources.
|
|
|
|
// The way this functions is that the rolling RSA Communication Key is used server-side to private-key encrypt the raw
|
|
// key of the persistent EncryptionManager credentials. Since EncryptionManager credentials do _not_ roll, we should not send them
|
|
// even between server<>collector in plaintext because if the user configured the server/collector to be public they could technically
|
|
// be exposing the key in transit via the X-Payload-Signer header. Even if this risk is minimal we should not do this.
|
|
|
|
// This middleware uses the CommunicationKey public key to first decrypt the base64 representation of the EncryptionManager credentials
|
|
// and then loads that in to the EncryptionWorker as a buffer so we can use the same credentials across the system. Should we ever break the
|
|
// collector out into its own service this would still work without SSL/TLS.
|
|
|
|
/**
|
|
*
|
|
* @param {import("express").Request} request
|
|
* @param {import("express").Response} response
|
|
* @param {import("express").NextFunction} next
|
|
*/
|
|
function setDataSigner(request, response, next) {
|
|
const comKey = new CommunicationKey();
|
|
const encryptedPayloadSigner = request.header("X-Payload-Signer");
|
|
if (!encryptedPayloadSigner) console.log('Failed to find signed-payload to set encryption worker! Encryption calls will fail.');
|
|
|
|
const decryptedPayloadSignerKey = comKey.decrypt(encryptedPayloadSigner);
|
|
const encryptionWorker = new EncryptionWorker(decryptedPayloadSignerKey);
|
|
response.locals.encryptionWorker = encryptionWorker;
|
|
next();
|
|
}
|
|
|
|
module.exports = {
|
|
setDataSigner
|
|
} |