@actual-app/sync-server 25.4.0-alpha.0

package/src/app-sync/services/files-service.js

@@ -0,0 +1,243 @@
+import { getAccountDb, isAdmin } from '../../account-db.js';
+import { FileNotFound, GenericFileError } from '../errors.js';
+
+class FileBase {
+  constructor(
+    name,
+    groupId,
+    encryptSalt,
+    encryptTest,
+    encryptKeyId,
+    encryptMeta,
+    syncVersion,
+    deleted,
+    owner,
+  ) {
+    this.name = name;
+    this.groupId = groupId;
+    this.encryptSalt = encryptSalt;
+    this.encryptTest = encryptTest;
+    this.encryptKeyId = encryptKeyId;
+    this.encryptMeta = encryptMeta;
+    this.syncVersion = syncVersion;
+    this.deleted = typeof deleted === 'boolean' ? deleted : Boolean(deleted);
+    this.owner = owner;
+  }
+}
+
+class File extends FileBase {
+  constructor({
+    id,
+    name = null,
+    groupId = null,
+    encryptSalt = null,
+    encryptTest = null,
+    encryptKeyId = null,
+    encryptMeta = null,
+    syncVersion = null,
+    deleted = false,
+    owner = null,
+  }) {
+    super(
+      name,
+      groupId,
+      encryptSalt,
+      encryptTest,
+      encryptKeyId,
+      encryptMeta,
+      syncVersion,
+      deleted,
+      owner,
+    );
+    this.id = id;
+  }
+}
+
+/**
+ * Represents a file update. Will only update the fields that are defined.
+ * @class
+ * @extends FileBase
+ */
+class FileUpdate extends FileBase {
+  constructor({
+    name = undefined,
+    groupId = undefined,
+    encryptSalt = undefined,
+    encryptTest = undefined,
+    encryptKeyId = undefined,
+    encryptMeta = undefined,
+    syncVersion = undefined,
+    deleted = undefined,
+    owner = undefined,
+  }) {
+    super(
+      name,
+      groupId,
+      encryptSalt,
+      encryptTest,
+      encryptKeyId,
+      encryptMeta,
+      syncVersion,
+      deleted,
+      owner,
+    );
+  }
+}
+
+const boolToInt = bool => {
+  return bool ? 1 : 0;
+};
+
+class FilesService {
+  constructor(accountDb) {
+    this.accountDb = accountDb;
+  }
+
+  get(fileId) {
+    const rawFile = this.getRaw(fileId);
+    if (!rawFile || (rawFile && rawFile.deleted)) {
+      throw new FileNotFound();
+    }
+
+    return this.validate(rawFile);
+  }
+
+  set(file) {
+    const deletedInt = boolToInt(file.deleted);
+    this.accountDb.mutate(
+      'INSERT INTO files (id, group_id, sync_version, name, encrypt_meta, encrypt_salt, encrypt_test, encrypt_keyid, deleted, owner) VALUES (?, ?, ?, ?, ?, ?, ?, ? ,?, ?)',
+      [
+        file.id,
+        file.groupId,
+        file.syncVersion.toString(),
+        file.name,
+        file.encryptMeta,
+        file.encryptSalt,
+        file.encrypt_test,
+        file.encrypt_keyid,
+        deletedInt,
+        file.owner,
+      ],
+    );
+  }
+
+  find({ userId, limit = 1000 }) {
+    const canSeeAll = isAdmin(userId);
+
+    return (
+      canSeeAll
+        ? this.accountDb.all('SELECT * FROM files WHERE deleted = 0 LIMIT ?', [
+            limit,
+          ])
+        : this.accountDb.all(
+            `SELECT files.*
+        FROM files
+        WHERE files.owner = ? and deleted = 0
+      UNION
+       SELECT files.*
+        FROM files
+        JOIN user_access
+          ON user_access.file_id = files.id
+          AND user_access.user_id = ?
+       WHERE files.deleted = 0 LIMIT ?`,
+            [userId, userId, limit],
+          )
+    ).map(this.validate);
+  }
+
+  findUsersWithAccess(fileId) {
+    const userAccess =
+      this.accountDb.all(
+        `SELECT UA.user_id as userId, users.display_name displayName, users.user_name userName
+              FROM files
+                JOIN user_access UA ON UA.file_id = files.id
+                JOIN users on users.id = UA.user_id
+              WHERE files.id = ?
+          UNION ALL
+        SELECT users.id, users.display_name, users.user_name
+              FROM files
+                JOIN users on users.id = files.owner
+              WHERE files.id = ?
+          `,
+        [fileId, fileId],
+      ) || [];
+
+    return userAccess;
+  }
+
+  update(id, fileUpdate) {
+    let query = 'UPDATE files SET';
+    const params = [];
+    const updates = [];
+
+    if (fileUpdate.name !== undefined) {
+      updates.push('name = ?');
+      params.push(fileUpdate.name);
+    }
+    if (fileUpdate.groupId !== undefined) {
+      updates.push('group_id = ?');
+      params.push(fileUpdate.groupId);
+    }
+    if (fileUpdate.encryptSalt !== undefined) {
+      updates.push('encrypt_salt = ?');
+      params.push(fileUpdate.encryptSalt);
+    }
+    if (fileUpdate.encryptTest !== undefined) {
+      updates.push('encrypt_test = ?');
+      params.push(fileUpdate.encryptTest);
+    }
+    if (fileUpdate.encryptKeyId !== undefined) {
+      updates.push('encrypt_keyid = ?');
+      params.push(fileUpdate.encryptKeyId);
+    }
+    if (fileUpdate.encryptMeta !== undefined) {
+      updates.push('encrypt_meta = ?');
+      params.push(fileUpdate.encryptMeta);
+    }
+    if (fileUpdate.syncVersion !== undefined) {
+      updates.push('sync_version = ?');
+      params.push(fileUpdate.syncVersion);
+    }
+    if (fileUpdate.deleted !== undefined) {
+      updates.push('deleted = ?');
+      params.push(boolToInt(fileUpdate.deleted));
+    }
+
+    if (updates.length > 0) {
+      query += ' ' + updates.join(', ') + ' WHERE id = ?';
+      params.push(id);
+
+      const res = this.accountDb.mutate(query, params);
+
+      if (res.changes !== 1) {
+        throw new GenericFileError('Could not update File', { id });
+      }
+    }
+
+    // Return the modified object
+    return this.validate(this.getRaw(id));
+  }
+
+  getRaw(fileId) {
+    return this.accountDb.first(`SELECT * FROM files WHERE id = ?`, [fileId]);
+  }
+
+  validate(rawFile) {
+    return new File({
+      id: rawFile.id,
+      name: rawFile.name,
+      groupId: rawFile.group_id,
+      encryptSalt: rawFile.encrypt_salt,
+      encryptTest: rawFile.encrypt_test,
+      encryptKeyId: rawFile.encrypt_keyid,
+      encryptMeta: rawFile.encrypt_meta,
+      syncVersion: rawFile.sync_version,
+      deleted: Boolean(rawFile.deleted),
+      owner: rawFile.owner,
+    });
+  }
+}
+
+const filesService = new FilesService(getAccountDb());
+
+export { filesService, FilesService, File, FileUpdate };

package/src/app-sync/tests/services/files-service.test.js

@@ -0,0 +1,250 @@
+import crypto from 'node:crypto';
+
+import { getAccountDb } from '../../../account-db.js';
+import { FileNotFound } from '../../errors.js';
+import {
+  FilesService,
+  File,
+  FileUpdate,
+} from '../../services/files-service.js'; // Adjust the path as necessary
+describe('FilesService', () => {
+  let filesService;
+  let accountDb;
+
+  const insertToyExampleData = () => {
+    accountDb.mutate(
+      'INSERT INTO files (id, group_id, sync_version, name, encrypt_meta, encrypt_salt, encrypt_test, encrypt_keyid, deleted) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)',
+      [
+        '1',
+        'group1',
+        1,
+        'file1',
+        '{"key":"value"}',
+        'salt',
+        'test',
+        'keyid',
+        0,
+      ],
+    );
+  };
+
+  const clearDatabase = () => {
+    accountDb.mutate('DELETE FROM user_access');
+    accountDb.mutate('DELETE FROM files');
+  };
+
+  beforeAll(done => {
+    accountDb = getAccountDb();
+    filesService = new FilesService(accountDb);
+    done();
+  });
+
+  beforeEach(done => {
+    insertToyExampleData();
+    done();
+  });
+
+  afterEach(done => {
+    clearDatabase();
+    done();
+  });
+
+  test('get should return a file', () => {
+    const file = filesService.get('1');
+    const expectedFile = new File({
+      id: '1',
+      groupId: 'group1',
+      syncVersion: 1,
+      name: 'file1',
+      encryptMeta: '{"key":"value"}',
+      encryptSalt: 'salt',
+      encryptTest: 'test',
+      encryptKeyId: 'keyid',
+      deleted: false,
+    });
+
+    expect(file).toEqual(expectedFile);
+  });
+
+  test('get should throw FileNotFound if file is deleted or does not exist', () => {
+    const fileId = crypto.randomBytes(16).toString('hex');
+    accountDb.mutate(
+      'INSERT INTO files (id, group_id, sync_version, name, encrypt_meta, encrypt_salt, encrypt_test, encrypt_keyid, deleted) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)',
+      [
+        fileId,
+        'group1',
+        1,
+        'file1',
+        '{"key":"value"}',
+        'salt',
+        'test',
+        'keyid',
+        1,
+      ],
+    );
+
+    expect(() => {
+      filesService.get(fileId);
+    }).toThrow(FileNotFound);
+
+    expect(() => {
+      filesService.get(crypto.randomBytes(16).toString('hex'));
+    }).toThrow(FileNotFound);
+  });
+
+  test.each([true, false])(
+    'set should insert a new file with deleted: %p',
+    deleted => {
+      const fileId = crypto.randomBytes(16).toString('hex');
+      const newFile = new File({
+        id: fileId,
+        groupId: 'group2',
+        syncVersion: 1,
+        name: 'file2',
+        encryptMeta: '{"key":"value2"}',
+        deleted,
+      });
+
+      filesService.set(newFile);
+
+      const file = filesService.validate(filesService.getRaw(fileId));
+      const expectedFile = new File({
+        id: fileId,
+        groupId: 'group2',
+        syncVersion: 1,
+        name: 'file2',
+        encryptMeta: '{"key":"value2"}',
+        encryptSalt: null, // default value
+        encryptTest: null, // default value
+        encryptKeyId: null, // default value
+        deleted,
+      });
+
+      expect(file).toEqual(expectedFile);
+    },
+  );
+
+  test('find should return a list of files', () => {
+    const files = filesService.find({ userId: 'genericAdmin' });
+    expect(files.length).toBe(1);
+    expect(files[0]).toEqual(
+      new File({
+        id: '1',
+        groupId: 'group1',
+        syncVersion: 1,
+        name: 'file1',
+        encryptMeta: '{"key":"value"}',
+        encryptSalt: 'salt',
+        encryptTest: 'test',
+        encryptKeyId: 'keyid',
+        deleted: false,
+      }),
+    );
+  });
+
+  test('find should respect the limit parameter', () => {
+    filesService.set(
+      new File({
+        id: crypto.randomBytes(16).toString('hex'),
+        groupId: 'group2',
+        syncVersion: 1,
+        name: 'file2',
+        encryptMeta: '{"key":"value2"}',
+        deleted: false,
+      }),
+    );
+    // Make sure that the file was inserted
+    const allFiles = filesService.find({ userId: 'genericAdmin' });
+    expect(allFiles.length).toBe(2);
+
+    // Limit the number of files returned
+    const limitedFiles = filesService.find({
+      userId: 'genericAdmin',
+      limit: 1,
+    });
+    expect(limitedFiles.length).toBe(1);
+  });
+
+  test('update should modify all attributes of an existing file', () => {
+    const fileUpdate = new FileUpdate({
+      name: 'updatedFile1',
+      groupId: 'updatedGroup1',
+      encryptSalt: 'updatedSalt',
+      encryptTest: 'updatedTest',
+      encryptKeyId: 'updatedKeyId',
+      encryptMeta: '{"key":"updatedValue"}',
+      syncVersion: 2,
+      deleted: true,
+    });
+    const updatedFile = filesService.update('1', fileUpdate);
+
+    expect(updatedFile).toEqual(
+      new File({
+        id: '1',
+        name: 'updatedFile1',
+        groupId: 'updatedGroup1',
+        encryptSalt: 'updatedSalt',
+        encryptTest: 'updatedTest',
+        encryptMeta: '{"key":"updatedValue"}',
+        encryptKeyId: 'updatedKeyId',
+        syncVersion: 2,
+        deleted: true,
+      }),
+    );
+  });
+
+  test('find should return only files accessible to the user', () => {
+    filesService.set(
+      new File({
+        id: crypto.randomBytes(16).toString('hex'),
+        groupId: 'group2',
+        syncVersion: 1,
+        name: 'file2',
+        encryptMeta: '{"key":"value2"}',
+        deleted: false,
+        owner: 'genericAdmin',
+      }),
+    );
+
+    filesService.set(
+      new File({
+        id: crypto.randomBytes(16).toString('hex'),
+        groupId: 'group2',
+        syncVersion: 1,
+        name: 'file2',
+        encryptMeta: '{"key":"value2"}',
+        deleted: false,
+        owner: 'genericUser',
+      }),
+    );
+
+    expect(filesService.find({ userId: 'genericUser' })).toHaveLength(1);
+    expect(
+      filesService.find({ userId: 'genericAdmin' }).length,
+    ).toBeGreaterThan(1);
+  });
+
+  test.each([['update-group', null]])(
+    'update should modify a single attribute with groupId = $groupId',
+    newGroupId => {
+      const fileUpdate = new FileUpdate({
+        groupId: newGroupId,
+      });
+      const updatedFile = filesService.update('1', fileUpdate);
+
+      expect(updatedFile).toEqual(
+        new File({
+          id: '1',
+          name: 'file1',
+          groupId: newGroupId,
+          syncVersion: 1,
+          encryptMeta: '{"key":"value"}',
+          encryptSalt: 'salt',
+          encryptTest: 'test',
+          encryptKeyId: 'keyid',
+          deleted: false,
+        }),
+      );
+    },
+  );
+});

package/src/app-sync/validation.js

@@ -0,0 +1,77 @@
+// This is a version representing the internal format of sync
+// messages. When this changes, all sync files need to be reset. We
+// will check this version when syncing and notify the user if they
+// need to reset.
+const SYNC_FORMAT_VERSION = 2;
+
+const validateSyncedFile = (groupId, keyId, currentFile) => {
+  if (
+    currentFile.syncVersion == null ||
+    currentFile.syncVersion < SYNC_FORMAT_VERSION
+  ) {
+    return 'file-old-version';
+  }
+
+  // When resetting sync state, something went wrong. There is no
+  // group id and it's awaiting a file to be uploaded.
+  if (currentFile.groupId == null) {
+    return 'file-needs-upload';
+  }
+
+  // Check to make sure the uploaded file is valid and has been
+  // encrypted with the same key it is registered with (this might
+  // be wrong if there was an error during the key creation
+  // process)
+  const uploadedKeyId = currentFile.encryptMeta
+    ? JSON.parse(currentFile.encryptMeta).keyId
+    : null;
+  if (uploadedKeyId !== currentFile.encryptKeyId) {
+    return 'file-key-mismatch';
+  }
+
+  // The changes being synced are part of an old group, which
+  // means the file has been reset. User needs to re-download.
+  if (groupId !== currentFile.groupId) {
+    return 'file-has-reset';
+  }
+
+  // The data is encrypted with a different key which is
+  // unacceptable. We can't accept these changes. Reject them and
+  // tell the user that they need to generate the correct key
+  // (which necessitates a sync reset so they need to re-download).
+  if (keyId !== currentFile.encryptKeyId) {
+    return 'file-has-new-key';
+  }
+
+  return null;
+};
+
+const validateUploadedFile = (groupId, keyId, currentFile) => {
+  if (!currentFile) {
+    // File is new, so no need to validate
+    return null;
+  }
+  // The uploading file is part of an old group, so reject
+  // it. All of its internal sync state is invalid because its
+  // old. The sync state has been reset, so user needs to
+  // either reset again or download from the current group.
+  if (groupId !== currentFile.groupId) {
+    return 'file-has-reset';
+  }
+
+  // The key that the file is encrypted with is different than
+  // the current registered key. All data must always be
+  // encrypted with the registered key for consistency. Key
+  // changes always necessitate a sync reset, which means this
+  // upload is trying to overwrite another reset. That might
+  // be be fine, but since we definitely cannot accept a file
+  // encrypted with the wrong key, we bail and suggest the
+  // user download the latest file.
+  if (keyId !== currentFile.encryptKeyId) {
+    return 'file-has-new-key';
+  }
+
+  return null;
+};
+
+export { validateSyncedFile, validateUploadedFile };