nodebb-plugin-pdf-secure 1.1.4 → 1.1.6

package/lib/controllers.js

@@ -34,14 +34,38 @@ Controllers.servePdfBinary = async function (req, res) {
 			pdfBuffer = await pdfHandler.getSinglePagePdf(data.file);
 		}
 
+		// PARTIAL XOR Encryption: Sadece ilk ve son 8KB'ı şifrele
+		// Bu, PDF'yi açılamaz hale getirir ama performans etkisi minimal
+		const encryptionKey = Buffer.from(nonce.slice(0, 8));
+		const encryptedBuffer = Buffer.from(pdfBuffer); // Copy
+		const chunkSize = 8192; // 8KB
+
+		// İlk 8KB'ı şifrele (PDF header - CRITICAL)
+		const headerEnd = Math.min(chunkSize, pdfBuffer.length);
+		for (let i = 0; i < headerEnd; i++) {
+			encryptedBuffer[i] = pdfBuffer[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+
+		// Son 8KB'ı şifrele (PDF xref table - CRITICAL)
+		const footerStart = Math.max(0, pdfBuffer.length - chunkSize);
+		for (let i = footerStart; i < pdfBuffer.length; i++) {
+			encryptedBuffer[i] = pdfBuffer[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+
 		res.set({
 			'Content-Type': 'application/octet-stream',
-			'Cache-Control': 'no-store, no-cache, must-revalidate, private',
+			'Cache-Control': 'no-store, no-cache, must-revalidate, private, max-age=0',
+			'Pragma': 'no-cache',
+			'Expires': '0',
 			'X-Content-Type-Options': 'nosniff',
+			'X-Download-Options': 'noopen',
+			'X-Frame-Options': 'SAMEORIGIN',
+			'Content-Security-Policy': "default-src 'none'",
 			'Content-Disposition': 'inline',
+			'X-PDF-Encrypted': '1', // İşaretleyici
 		});
 
-		return res.send(pdfBuffer);
+		return res.send(encryptedBuffer);
 	} catch (err) {
 		if (err.message === 'File not found') {
 			return res.status(404).json({ error: 'PDF not found' });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure",
-  "version": "1.1.4",
+  "version": "1.1.6",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/lib/main.js

@@ -31,31 +31,61 @@ console.log('[PDF-Secure] main.js loaded');
 				var filename = parts[parts.length - 1];
 				console.log('[PDF-Secure] Embedding:', filename);
 
-				// Create inline viewer container
+				// Create inline viewer container with INLINE STYLES to ensure they work
 				var container = document.createElement('div');
 				container.className = 'pdf-secure-embed';
+				container.style.cssText = 'margin:16px 0;border-radius:12px;overflow:hidden;background:#1f1f1f;border:1px solid rgba(255,255,255,0.1);box-shadow:0 4px 20px rgba(0,0,0,0.25);';
 
-				// Header with filename
+				// Header with filename - ALL INLINE STYLES
 				var header = document.createElement('div');
 				header.className = 'pdf-secure-embed-header';
-				header.innerHTML =
-					'<div class="pdf-secure-embed-title">' +
-					'<svg viewBox="0 0 24 24"><path d="M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="currentColor"/></svg>' +
-					'<span>' + escapeHtml(decodeURIComponent(link.textContent || filename)) + '</span>' +
-					'</div>' +
-					'<div class="pdf-secure-embed-actions">' +
-					'<button class="pdf-secure-fullscreen-btn" title="Tam Ekran">' +
-					'<svg viewBox="0 0 24 24"><path d="M7 14H5v5h5v-2H7v-3zm-2-4h2V7h3V5H5v5zm12 7h-3v2h5v-5h-2v3zM14 5v2h3v3h2V5h-5z" fill="currentColor"/></svg>' +
-					'</button>' +
-					'</div>';
+				header.style.cssText = 'display:flex;align-items:center;justify-content:space-between;padding:10px 16px;background:linear-gradient(135deg,#2d2d2d 0%,#252525 100%);border-bottom:1px solid rgba(255,255,255,0.08);';
+
+				var title = document.createElement('div');
+				title.className = 'pdf-secure-embed-title';
+				title.style.cssText = 'display:flex;align-items:center;gap:10px;color:#fff;font-size:14px;font-weight:500;';
+
+				// PDF icon with INLINE SIZE
+				var icon = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+				icon.setAttribute('viewBox', '0 0 24 24');
+				icon.style.cssText = 'width:20px;height:20px;min-width:20px;max-width:20px;fill:#e81224;flex-shrink:0;';
+				icon.innerHTML = '<path d="M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z"/>';
+
+				var nameSpan = document.createElement('span');
+				nameSpan.style.cssText = 'white-space:nowrap;overflow:hidden;text-overflow:ellipsis;max-width:400px;';
+				nameSpan.textContent = decodeURIComponent(link.textContent || filename);
+
+				title.appendChild(icon);
+				title.appendChild(nameSpan);
+
+				// Actions (fullscreen button)
+				var actions = document.createElement('div');
+				actions.style.cssText = 'display:flex;gap:8px;';
+
+				var fullscreenBtn = document.createElement('button');
+				fullscreenBtn.className = 'pdf-secure-fullscreen-btn';
+				fullscreenBtn.title = 'Tam Ekran';
+				fullscreenBtn.style.cssText = 'display:flex;align-items:center;justify-content:center;width:32px;height:32px;background:rgba(255,255,255,0.08);border:none;border-radius:6px;cursor:pointer;';
+
+				var fullscreenIcon = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
+				fullscreenIcon.setAttribute('viewBox', '0 0 24 24');
+				fullscreenIcon.style.cssText = 'width:18px;height:18px;min-width:18px;max-width:18px;fill:#fff;';
+				fullscreenIcon.innerHTML = '<path d="M7 14H5v5h5v-2H7v-3zm-2-4h2V7h3V5H5v5zm12 7h-3v2h5v-5h-2v3zM14 5v2h3v3h2V5h-5z"/>';
+				fullscreenBtn.appendChild(fullscreenIcon);
+				actions.appendChild(fullscreenBtn);
+
+				header.appendChild(title);
+				header.appendChild(actions);
 				container.appendChild(header);
 
-				// Iframe for viewer
+				// Iframe wrapper
 				var iframeWrapper = document.createElement('div');
 				iframeWrapper.className = 'pdf-secure-embed-body';
+				iframeWrapper.style.cssText = 'position:relative;width:100%;height:600px;background:#525659;';
 
 				var iframe = document.createElement('iframe');
 				iframe.className = 'pdf-secure-iframe';
+				iframe.style.cssText = 'width:100%;height:100%;border:none;display:block;';
 				iframe.src = config.relative_path + '/plugins/pdf-secure/viewer?file=' + encodeURIComponent(filename);
 				iframe.setAttribute('frameborder', '0');
 				iframe.setAttribute('allowfullscreen', 'true');
@@ -65,7 +95,7 @@ console.log('[PDF-Secure] main.js loaded');
 				container.appendChild(iframeWrapper);
 
 				// Fullscreen button handler
-				header.querySelector('.pdf-secure-fullscreen-btn').addEventListener('click', function () {
+				fullscreenBtn.addEventListener('click', function () {
 					if (iframe.requestFullscreen) {
 						iframe.requestFullscreen();
 					} else if (iframe.webkitRequestFullscreen) {
@@ -75,63 +105,8 @@ console.log('[PDF-Secure] main.js loaded');
 					}
 				});
 
-				// Check for NodeBB upload container and replace it instead of just the link
-				var uploadContainer = link.closest('.upload-container, .uploaded-file, .attachment, [data-upload], .img-responsive');
-				var nodebbPreview = link.closest('p, div');
-
-				// Also look for sibling image/icon that NodeBB might show
-				var prevSibling = link.previousElementSibling;
-				var parentParagraph = link.parentElement;
-
-				// If the link is inside a paragraph with just the link and maybe an icon, replace the whole paragraph
-				if (parentParagraph && parentParagraph.tagName === 'P') {
-					var textContent = parentParagraph.textContent.trim();
-					var linkText = link.textContent.trim();
-					// If paragraph only contains the link text (maybe with some whitespace), replace the whole paragraph
-					if (textContent === linkText || textContent === filename || textContent === decodeURIComponent(filename)) {
-						parentParagraph.replaceWith(container);
-						return;
-					}
-				}
-
-				// Hide any preceding SVG or image that looks like a file icon
-				if (prevSibling && (prevSibling.tagName === 'SVG' || prevSibling.tagName === 'IMG' || prevSibling.classList.contains('file-icon'))) {
-					prevSibling.style.display = 'none';
-				}
-
-				// If there's an upload container, replace it entirely
-				if (uploadContainer) {
-					uploadContainer.replaceWith(container);
-				} else {
-					link.replaceWith(container);
-				}
-			});
-		});
-
-		// Also hide any remaining large file preview icons that NodeBB might render
-		postContents.forEach(function (content) {
-			// Hide default NodeBB file preview containers for PDFs
-			var fileIcons = content.querySelectorAll('img[src*=".pdf"], svg.file-icon, .file-preview');
-			fileIcons.forEach(function (icon) {
-				// Check if this is near a pdf-secure-embed
-				var nearEmbed = icon.closest('.pdf-secure-embed');
-				if (!nearEmbed) {
-					// Check if there's a pdf-secure-embed nearby
-					var parent = icon.parentElement;
-					if (parent) {
-						var siblingEmbed = parent.querySelector('.pdf-secure-embed');
-						if (siblingEmbed) {
-							icon.style.display = 'none';
-						}
-					}
-				}
+				link.replaceWith(container);
 			});
 		});
 	}
-
-	function escapeHtml(str) {
-		var d = document.createElement('div');
-		d.textContent = str;
-		return d.innerHTML;
-	}
 })();

package/static/lib/viewer.js

@@ -32,6 +32,7 @@ function interceptPdfLinks() {
 
 			var container = document.createElement('div');
 			container.className = 'pdf-secure-inline';
+			container.setAttribute('tabindex', '0'); // Focus için gerekli
 			container.innerHTML =
 				'<div class="pdf-secure-inline-header">' +
 					'<i class="fa fa-file-pdf-o"></i> ' +
@@ -40,7 +41,10 @@ function interceptPdfLinks() {
 				'<div class="pdf-secure-inline-body">' +
 					'<div class="pdf-secure-loading">Loading PDF...</div>' +
 					'<div class="pdf-secure-error"></div>' +
-					'<canvas class="pdf-secure-canvas"></canvas>' +
+					'<div class="pdf-secure-canvas-wrapper">' +
+						'<canvas class="pdf-secure-canvas"></canvas>' +
+						'<div class="pdf-secure-overlay"></div>' +
+					'</div>' +
 				'</div>' +
 				'<div class="pdf-secure-inline-footer">' +
 					'<button class="pdf-secure-prev" disabled>&#8249; Prev</button>' +
@@ -106,8 +110,29 @@ async function loadPdf(container, filename) {
 			return;
 		}
 
-		var pdfArrayBuffer = await pdfRes.arrayBuffer();
-		console.log('[PDF-Secure][Viewer] Step 2 - PDF loaded:', pdfArrayBuffer.byteLength, 'bytes');
+		var encryptedArrayBuffer = await pdfRes.arrayBuffer();
+		console.log('[PDF-Secure][Viewer] Step 2 - Encrypted data loaded:', encryptedArrayBuffer.byteLength, 'bytes');
+
+		// PARTIAL XOR Decryption: Sadece ilk ve son 8KB'ı decrypt et
+		var encryptedBytes = new Uint8Array(encryptedArrayBuffer);
+		var encryptionKey = new TextEncoder().encode(nonce.slice(0, 8));
+		var decryptedBytes = new Uint8Array(encryptedBytes); // Copy
+		var chunkSize = 8192; // 8KB
+
+		// İlk 8KB'ı decrypt et (PDF header)
+		var headerEnd = Math.min(chunkSize, encryptedBytes.length);
+		for (var i = 0; i < headerEnd; i++) {
+			decryptedBytes[i] = encryptedBytes[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+
+		// Son 8KB'ı decrypt et (PDF xref table)
+		var footerStart = Math.max(0, encryptedBytes.length - chunkSize);
+		for (var i = footerStart; i < encryptedBytes.length; i++) {
+			decryptedBytes[i] = encryptedBytes[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+
+		var pdfArrayBuffer = decryptedBytes.buffer;
+		console.log('[PDF-Secure][Viewer] Step 2 - Decrypted PDF:', pdfArrayBuffer.byteLength, 'bytes');
 
 		// Step 3: Render PDF
 		console.log('[PDF-Secure][Viewer] Step 3 - Rendering...');
@@ -122,6 +147,41 @@ async function loadPdf(container, filename) {
 		container.addEventListener('contextmenu', function (e) { e.preventDefault(); });
 		container.addEventListener('dragstart', function (e) { e.preventDefault(); });
 		container.addEventListener('selectstart', function (e) { e.preventDefault(); });
+		container.addEventListener('copy', function (e) { e.preventDefault(); });
+
+		// Keyboard shortcuts engelleme (Ctrl+S, Ctrl+P, Ctrl+C, Print Screen)
+		container.addEventListener('keydown', function (e) {
+			// Ctrl/Cmd + S (Save)
+			if ((e.ctrlKey || e.metaKey) && e.key === 's') {
+				e.preventDefault();
+				console.log('[PDF-Secure] Save blocked');
+				return false;
+			}
+			// Ctrl/Cmd + P (Print)
+			if ((e.ctrlKey || e.metaKey) && e.key === 'p') {
+				e.preventDefault();
+				console.log('[PDF-Secure] Print blocked');
+				return false;
+			}
+			// Ctrl/Cmd + C (Copy)
+			if ((e.ctrlKey || e.metaKey) && e.key === 'c') {
+				e.preventDefault();
+				console.log('[PDF-Secure] Copy blocked');
+				return false;
+			}
+			// Print Screen
+			if (e.key === 'PrintScreen') {
+				e.preventDefault();
+				console.log('[PDF-Secure] PrintScreen blocked');
+				return false;
+			}
+			// F12 (DevTools)
+			if (e.key === 'F12') {
+				e.preventDefault();
+				console.log('[PDF-Secure] F12 blocked');
+				return false;
+			}
+		});
 
 		var ctx = canvas.getContext('2d');
 		var currentPage = 1;

package/static/style.less

@@ -136,7 +136,142 @@
 
 /* Anti-print */
 @media print {
-	.pdf-secure-embed {
+	.pdf-secure-embed,
+	.pdf-secure-inline {
 		display: none !important;
 	}
+}
+
+/* Inline PDF Viewer Styles */
+.pdf-secure-inline {
+	margin: 20px 0;
+	border: 1px solid #ddd;
+	border-radius: 8px;
+	overflow: hidden;
+	background: #f5f5f5;
+	user-select: none;
+	-webkit-user-select: none;
+	-moz-user-select: none;
+	-ms-user-select: none;
+}
+
+.pdf-secure-inline-header {
+	display: flex;
+	align-items: center;
+	gap: 8px;
+	padding: 12px 16px;
+	background: linear-gradient(to bottom, #fff, #f8f8f8);
+	border-bottom: 1px solid #ddd;
+	font-weight: 500;
+	color: #333;
+}
+
+.pdf-secure-inline-header i {
+	color: #e81224;
+	font-size: 18px;
+}
+
+.pdf-secure-filename {
+	flex: 1;
+	overflow: hidden;
+	text-overflow: ellipsis;
+	white-space: nowrap;
+}
+
+.pdf-secure-inline-body {
+	position: relative;
+	min-height: 400px;
+	background: #fff;
+	display: flex;
+	align-items: center;
+	justify-content: center;
+}
+
+.pdf-secure-loading {
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	transform: translate(-50%, -50%);
+	color: #666;
+	font-size: 14px;
+}
+
+.pdf-secure-error {
+	display: none;
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	transform: translate(-50%, -50%);
+	color: #e81224;
+	font-size: 14px;
+	text-align: center;
+	padding: 20px;
+}
+
+.pdf-secure-canvas-wrapper {
+	position: relative;
+	display: inline-block;
+	/* Canvas wrapper'ı güvenlik için kapsayıcı */
+}
+
+.pdf-secure-canvas {
+	display: none;
+	max-width: 100%;
+	height: auto;
+	/* Canvas üzerinde sağ tık ve sürüklemeyi engelle */
+	pointer-events: auto;
+}
+
+.pdf-secure-overlay {
+	position: absolute;
+	top: 0;
+	left: 0;
+	right: 0;
+	bottom: 0;
+	background: transparent;
+	/* Görünmez koruma katmanı - tüm mouse eventlerini yakalar */
+	pointer-events: auto;
+	cursor: default;
+	z-index: 1;
+}
+
+.pdf-secure-inline-footer {
+	display: none;
+	align-items: center;
+	justify-content: center;
+	gap: 16px;
+	padding: 12px;
+	background: #f8f8f8;
+	border-top: 1px solid #ddd;
+}
+
+.pdf-secure-prev,
+.pdf-secure-next {
+	padding: 6px 12px;
+	background: #fff;
+	border: 1px solid #ddd;
+	border-radius: 4px;
+	cursor: pointer;
+	font-size: 14px;
+	color: #333;
+	transition: all 0.2s;
+}
+
+.pdf-secure-prev:hover:not(:disabled),
+.pdf-secure-next:hover:not(:disabled) {
+	background: #f0f0f0;
+	border-color: #999;
+}
+
+.pdf-secure-prev:disabled,
+.pdf-secure-next:disabled {
+	opacity: 0.4;
+	cursor: not-allowed;
+}
+
+.pdf-secure-page-info {
+	font-size: 14px;
+	color: #666;
+	min-width: 60px;
+	text-align: center;
 }