npm - nodebb-plugin-pdf-secure - Versions diffs - 1.1.5 → 1.1.6 - Mend

nodebb-plugin-pdf-secure 1.1.5 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/controllers.js CHANGED Viewed

@@ -34,14 +34,38 @@ Controllers.servePdfBinary = async function (req, res) {
 			pdfBuffer = await pdfHandler.getSinglePagePdf(data.file);
 		}
+		// PARTIAL XOR Encryption: Sadece ilk ve son 8KB'ı şifrele
+		// Bu, PDF'yi açılamaz hale getirir ama performans etkisi minimal
+		const encryptionKey = Buffer.from(nonce.slice(0, 8));
+		const encryptedBuffer = Buffer.from(pdfBuffer); // Copy
+		const chunkSize = 8192; // 8KB
+		// İlk 8KB'ı şifrele (PDF header - CRITICAL)
+		const headerEnd = Math.min(chunkSize, pdfBuffer.length);
+		for (let i = 0; i < headerEnd; i++) {
+			encryptedBuffer[i] = pdfBuffer[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+		// Son 8KB'ı şifrele (PDF xref table - CRITICAL)
+		const footerStart = Math.max(0, pdfBuffer.length - chunkSize);
+		for (let i = footerStart; i < pdfBuffer.length; i++) {
+			encryptedBuffer[i] = pdfBuffer[i] ^ encryptionKey[i % encryptionKey.length];
+		}
 		res.set({
 			'Content-Type': 'application/octet-stream',
-			'Cache-Control': 'no-store, no-cache, must-revalidate, private',
+			'Cache-Control': 'no-store, no-cache, must-revalidate, private, max-age=0',
+			'Pragma': 'no-cache',
+			'Expires': '0',
 			'X-Content-Type-Options': 'nosniff',
+			'X-Download-Options': 'noopen',
+			'X-Frame-Options': 'SAMEORIGIN',
+			'Content-Security-Policy': "default-src 'none'",
 			'Content-Disposition': 'inline',
+			'X-PDF-Encrypted': '1', // İşaretleyici
 		});
-		return res.send(pdfBuffer);
+		return res.send(encryptedBuffer);
 	} catch (err) {
 		if (err.message === 'File not found') {
 			return res.status(404).json({ error: 'PDF not found' });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/lib/viewer.js CHANGED Viewed

@@ -32,6 +32,7 @@ function interceptPdfLinks() {
 			var container = document.createElement('div');
 			container.className = 'pdf-secure-inline';
+			container.setAttribute('tabindex', '0'); // Focus için gerekli
 			container.innerHTML =
 				'<div class="pdf-secure-inline-header">' +
 					'<i class="fa fa-file-pdf-o"></i> ' +
@@ -40,7 +41,10 @@ function interceptPdfLinks() {
 				'<div class="pdf-secure-inline-body">' +
 					'<div class="pdf-secure-loading">Loading PDF...</div>' +
 					'<div class="pdf-secure-error"></div>' +
-					'<canvas class="pdf-secure-canvas"></canvas>' +
+					'<div class="pdf-secure-canvas-wrapper">' +
+						'<canvas class="pdf-secure-canvas"></canvas>' +
+						'<div class="pdf-secure-overlay"></div>' +
+					'</div>' +
 				'</div>' +
 				'<div class="pdf-secure-inline-footer">' +
 					'<button class="pdf-secure-prev" disabled>&#8249; Prev</button>' +
@@ -106,8 +110,29 @@ async function loadPdf(container, filename) {
 			return;
 		}
-		var pdfArrayBuffer = await pdfRes.arrayBuffer();
-		console.log('[PDF-Secure][Viewer] Step 2 - PDF loaded:', pdfArrayBuffer.byteLength, 'bytes');
+		var encryptedArrayBuffer = await pdfRes.arrayBuffer();
+		console.log('[PDF-Secure][Viewer] Step 2 - Encrypted data loaded:', encryptedArrayBuffer.byteLength, 'bytes');
+		// PARTIAL XOR Decryption: Sadece ilk ve son 8KB'ı decrypt et
+		var encryptedBytes = new Uint8Array(encryptedArrayBuffer);
+		var encryptionKey = new TextEncoder().encode(nonce.slice(0, 8));
+		var decryptedBytes = new Uint8Array(encryptedBytes); // Copy
+		var chunkSize = 8192; // 8KB
+		// İlk 8KB'ı decrypt et (PDF header)
+		var headerEnd = Math.min(chunkSize, encryptedBytes.length);
+		for (var i = 0; i < headerEnd; i++) {
+			decryptedBytes[i] = encryptedBytes[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+		// Son 8KB'ı decrypt et (PDF xref table)
+		var footerStart = Math.max(0, encryptedBytes.length - chunkSize);
+		for (var i = footerStart; i < encryptedBytes.length; i++) {
+			decryptedBytes[i] = encryptedBytes[i] ^ encryptionKey[i % encryptionKey.length];
+		}
+		var pdfArrayBuffer = decryptedBytes.buffer;
+		console.log('[PDF-Secure][Viewer] Step 2 - Decrypted PDF:', pdfArrayBuffer.byteLength, 'bytes');
 		// Step 3: Render PDF
 		console.log('[PDF-Secure][Viewer] Step 3 - Rendering...');
@@ -122,6 +147,41 @@ async function loadPdf(container, filename) {
 		container.addEventListener('contextmenu', function (e) { e.preventDefault(); });
 		container.addEventListener('dragstart', function (e) { e.preventDefault(); });
 		container.addEventListener('selectstart', function (e) { e.preventDefault(); });
+		container.addEventListener('copy', function (e) { e.preventDefault(); });
+		// Keyboard shortcuts engelleme (Ctrl+S, Ctrl+P, Ctrl+C, Print Screen)
+		container.addEventListener('keydown', function (e) {
+			// Ctrl/Cmd + S (Save)
+			if ((e.ctrlKey || e.metaKey) && e.key === 's') {
+				e.preventDefault();
+				console.log('[PDF-Secure] Save blocked');
+				return false;
+			}
+			// Ctrl/Cmd + P (Print)
+			if ((e.ctrlKey || e.metaKey) && e.key === 'p') {
+				e.preventDefault();
+				console.log('[PDF-Secure] Print blocked');
+				return false;
+			}
+			// Ctrl/Cmd + C (Copy)
+			if ((e.ctrlKey || e.metaKey) && e.key === 'c') {
+				e.preventDefault();
+				console.log('[PDF-Secure] Copy blocked');
+				return false;
+			}
+			// Print Screen
+			if (e.key === 'PrintScreen') {
+				e.preventDefault();
+				console.log('[PDF-Secure] PrintScreen blocked');
+				return false;
+			}
+			// F12 (DevTools)
+			if (e.key === 'F12') {
+				e.preventDefault();
+				console.log('[PDF-Secure] F12 blocked');
+				return false;
+			}
+		});
 		var ctx = canvas.getContext('2d');
 		var currentPage = 1;

package/static/style.less CHANGED Viewed

@@ -136,7 +136,142 @@
 /* Anti-print */
 @media print {
-	.pdf-secure-embed {
+	.pdf-secure-embed,
+	.pdf-secure-inline {
 		display: none !important;
 	}
+}
+/* Inline PDF Viewer Styles */
+.pdf-secure-inline {
+	margin: 20px 0;
+	border: 1px solid #ddd;
+	border-radius: 8px;
+	overflow: hidden;
+	background: #f5f5f5;
+	user-select: none;
+	-webkit-user-select: none;
+	-moz-user-select: none;
+	-ms-user-select: none;
+}
+.pdf-secure-inline-header {
+	display: flex;
+	align-items: center;
+	gap: 8px;
+	padding: 12px 16px;
+	background: linear-gradient(to bottom, #fff, #f8f8f8);
+	border-bottom: 1px solid #ddd;
+	font-weight: 500;
+	color: #333;
+}
+.pdf-secure-inline-header i {
+	color: #e81224;
+	font-size: 18px;
+}
+.pdf-secure-filename {
+	flex: 1;
+	overflow: hidden;
+	text-overflow: ellipsis;
+	white-space: nowrap;
+}
+.pdf-secure-inline-body {
+	position: relative;
+	min-height: 400px;
+	background: #fff;
+	display: flex;
+	align-items: center;
+	justify-content: center;
+}
+.pdf-secure-loading {
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	transform: translate(-50%, -50%);
+	color: #666;
+	font-size: 14px;
+}
+.pdf-secure-error {
+	display: none;
+	position: absolute;
+	top: 50%;
+	left: 50%;
+	transform: translate(-50%, -50%);
+	color: #e81224;
+	font-size: 14px;
+	text-align: center;
+	padding: 20px;
+}
+.pdf-secure-canvas-wrapper {
+	position: relative;
+	display: inline-block;
+	/* Canvas wrapper'ı güvenlik için kapsayıcı */
+}
+.pdf-secure-canvas {
+	display: none;
+	max-width: 100%;
+	height: auto;
+	/* Canvas üzerinde sağ tık ve sürüklemeyi engelle */
+	pointer-events: auto;
+}
+.pdf-secure-overlay {
+	position: absolute;
+	top: 0;
+	left: 0;
+	right: 0;
+	bottom: 0;
+	background: transparent;
+	/* Görünmez koruma katmanı - tüm mouse eventlerini yakalar */
+	pointer-events: auto;
+	cursor: default;
+	z-index: 1;
+}
+.pdf-secure-inline-footer {
+	display: none;
+	align-items: center;
+	justify-content: center;
+	gap: 16px;
+	padding: 12px;
+	background: #f8f8f8;
+	border-top: 1px solid #ddd;
+}
+.pdf-secure-prev,
+.pdf-secure-next {
+	padding: 6px 12px;
+	background: #fff;
+	border: 1px solid #ddd;
+	border-radius: 4px;
+	cursor: pointer;
+	font-size: 14px;
+	color: #333;
+	transition: all 0.2s;
+}
+.pdf-secure-prev:hover:not(:disabled),
+.pdf-secure-next:hover:not(:disabled) {
+	background: #f0f0f0;
+	border-color: #999;
+}
+.pdf-secure-prev:disabled,
+.pdf-secure-next:disabled {
+	opacity: 0.4;
+	cursor: not-allowed;
+}
+.pdf-secure-page-info {
+	font-size: 14px;
+	color: #666;
+	min-width: 60px;
+	text-align: center;
 }