nodebb-plugin-pdf-secure2 1.2.30

package/lib/pdf-handler.js

@@ -0,0 +1,122 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs');
+const { PDFDocument } = require('pdf-lib');
+const nconf = require.main.require('nconf');
+
+const singlePageCache = new Map();
+const pageCountCache = new Map();
+const CACHE_TTL = 60 * 60 * 1000; // 1 hour
+
+// Periodic cleanup of expired cache entries
+setInterval(() => {
+	const now = Date.now();
+	for (const [key, entry] of singlePageCache.entries()) {
+		if (now - entry.createdAt > CACHE_TTL) {
+			singlePageCache.delete(key);
+		}
+	}
+	for (const [key, entry] of pageCountCache.entries()) {
+		if (now - entry.createdAt > CACHE_TTL) {
+			pageCountCache.delete(key);
+		}
+	}
+}, 10 * 60 * 1000).unref(); // cleanup every 10 minutes
+
+const PdfHandler = module.exports;
+
+PdfHandler.resolveFilePath = function (filename) {
+	// Sanitize: only allow basename (prevent directory traversal)
+	const safeName = path.basename(filename);
+	if (!safeName || safeName !== filename || safeName.includes('..')) {
+		return null;
+	}
+
+	const uploadPath = nconf.get('upload_path') || path.join(nconf.get('base_dir'), 'public', 'uploads');
+	const filePath = path.join(uploadPath, 'files', safeName);
+
+	// Verify the resolved path is still within the upload directory
+	const resolvedPath = path.resolve(filePath);
+	const resolvedUploadDir = path.resolve(path.join(uploadPath, 'files'));
+	if (!resolvedPath.startsWith(resolvedUploadDir)) {
+		return null;
+	}
+
+	return filePath;
+};
+
+PdfHandler.getFullPdf = async function (filename) {
+	const filePath = PdfHandler.resolveFilePath(filename);
+	if (!filePath) {
+		throw new Error('Invalid filename');
+	}
+
+	if (!fs.existsSync(filePath)) {
+		throw new Error('File not found');
+	}
+
+	return fs.promises.readFile(filePath);
+};
+
+PdfHandler.getSinglePagePdf = async function (filename) {
+	// Check cache first
+	const cached = singlePageCache.get(filename);
+	if (cached && (Date.now() - cached.createdAt < CACHE_TTL)) {
+		return cached.buffer;
+	}
+
+	const filePath = PdfHandler.resolveFilePath(filename);
+	if (!filePath) {
+		throw new Error('Invalid filename');
+	}
+
+	if (!fs.existsSync(filePath)) {
+		throw new Error('File not found');
+	}
+
+	const existingPdfBytes = await fs.promises.readFile(filePath);
+	const srcDoc = await PDFDocument.load(existingPdfBytes);
+
+	// Cache page count while we have the document loaded (avoids double read)
+	const totalPages = srcDoc.getPageCount();
+	pageCountCache.set(filename, { count: totalPages, createdAt: Date.now() });
+
+	const newDoc = await PDFDocument.create();
+	const [copiedPage] = await newDoc.copyPages(srcDoc, [0]);
+	newDoc.addPage(copiedPage);
+
+	const pdfBytes = await newDoc.save();
+	const buffer = Buffer.from(pdfBytes);
+
+	// Cache the result
+	singlePageCache.set(filename, {
+		buffer: buffer,
+		createdAt: Date.now(),
+	});
+
+	return buffer;
+};
+
+PdfHandler.getTotalPages = async function (filename) {
+	const cached = pageCountCache.get(filename);
+	if (cached && (Date.now() - cached.createdAt < CACHE_TTL)) {
+		return cached.count;
+	}
+
+	const filePath = PdfHandler.resolveFilePath(filename);
+	if (!filePath) {
+		throw new Error('Invalid filename');
+	}
+
+	if (!fs.existsSync(filePath)) {
+		throw new Error('File not found');
+	}
+
+	const pdfBytes = await fs.promises.readFile(filePath);
+	const srcDoc = await PDFDocument.load(pdfBytes);
+	const count = srcDoc.getPageCount();
+
+	pageCountCache.set(filename, { count, createdAt: Date.now() });
+	return count;
+};

package/library.js

@@ -0,0 +1,249 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs');
+const meta = require.main.require('./src/meta');
+const groups = require.main.require('./src/groups');
+const routeHelpers = require.main.require('./src/routes/helpers');
+
+const controllers = require('./lib/controllers');
+const nonceStore = require('./lib/nonce-store');
+const pdfHandler = require('./lib/pdf-handler');
+
+const plugin = {};
+
+// Memory cache for viewer.html
+let viewerHtmlCache = null;
+
+plugin.init = async (params) => {
+	const { router, middleware } = params;
+
+	// Pre-load viewer.html into memory cache
+	const viewerPath = path.join(__dirname, 'static', 'viewer.html');
+	try {
+		viewerHtmlCache = fs.readFileSync(viewerPath, 'utf8');
+		console.log('[PDF-Secure] Viewer template cached in memory');
+	} catch (err) {
+		console.error('[PDF-Secure] Failed to cache viewer template:', err.message);
+	}
+
+	// Double slash bypass protection - catches /uploads//files/ attempts
+	router.use((req, res, next) => {
+		if (req.path.includes('//') && req.path.toLowerCase().includes('.pdf')) {
+			return res.status(403).json({ error: 'Invalid path' });
+		}
+		next();
+	});
+
+	// PDF direct access blocker middleware
+	// Intercepts requests to uploaded PDF files and returns 403
+	// Admin and Global Moderators can bypass this restriction
+	router.get('/assets/uploads/files/:filename', async (req, res, next) => {
+		if (req.params.filename && req.params.filename.toLowerCase().endsWith('.pdf')) {
+			// Admin ve Global Mod'lar direkt erişebilsin
+			if (req.uid) {
+				const [isAdmin, isGlobalMod, isVip] = await Promise.all([
+					groups.isMember(req.uid, 'administrators'),
+					groups.isMember(req.uid, 'Global Moderators'),
+					groups.isMember(req.uid, 'VIP'),
+				]);
+				if (isAdmin || isGlobalMod || isVip) {
+					return next();
+				}
+			}
+			return res.status(403).json({ error: 'Direct PDF access is not allowed. Use the secure viewer.' });
+		}
+		next();
+	});
+
+	// PDF binary endpoint (nonce-validated, authentication required)
+	router.get('/api/v3/plugins/pdf-secure/pdf-data', controllers.servePdfBinary);
+
+	// Admin page route
+	routeHelpers.setupAdminPageRoute(router, '/admin/plugins/pdf-secure', controllers.renderAdminPage);
+
+	// Viewer page route (fullscreen Mozilla PDF.js viewer, authentication required)
+	router.get('/plugins/pdf-secure/viewer', async (req, res) => {
+		// Authentication gate - require logged-in user
+		if (!req.uid) {
+			return res.status(401).json({ error: 'Authentication required' });
+		}
+
+		const { file } = req.query;
+		if (!file) {
+			return res.status(400).send('Missing file parameter');
+		}
+
+		// Sanitize filename
+		const safeName = path.basename(file);
+		if (!safeName || !safeName.toLowerCase().endsWith('.pdf')) {
+			return res.status(400).send('Invalid file');
+		}
+
+		// Check cache
+		if (!viewerHtmlCache) {
+			return res.status(500).send('Viewer not available');
+		}
+
+		// Check if user is Premium or Lite (admins/global mods always premium)
+		let isPremium = false;
+		let isLite = false;
+		if (req.uid) {
+			const [isAdmin, isGlobalMod, isPremiumMember, isVipMember, isLiteMember] = await Promise.all([
+				groups.isMember(req.uid, 'administrators'),
+				groups.isMember(req.uid, 'Global Moderators'),
+				groups.isMember(req.uid, 'Premium'),
+				groups.isMember(req.uid, 'VIP'),
+				groups.isMember(req.uid, 'Lite'),
+			]);
+			isPremium = isAdmin || isGlobalMod || isPremiumMember || isVipMember;
+			// Lite: full PDF access but restricted UI (no annotations, sidebar, etc.)
+			isLite = !isPremium && isLiteMember;
+		}
+
+		// Lite users get full PDF like premium (for nonce/server-side PDF data)
+		const hasFullAccess = isPremium || isLite;
+		const nonceData = nonceStore.generate(req.uid, safeName, hasFullAccess);
+
+		// For non-premium users, get total page count so client can show lock overlay
+		let totalPages = 1;
+		if (!hasFullAccess) {
+			try {
+				totalPages = await pdfHandler.getTotalPages(safeName);
+			} catch (err) {
+				console.error('[PDF-Secure] Failed to get page count:', err.message);
+			}
+		}
+
+		// Serve the viewer template with comprehensive security headers
+		res.set({
+			'X-Frame-Options': 'SAMEORIGIN',
+			'X-Content-Type-Options': 'nosniff',
+			'X-XSS-Protection': '1; mode=block',
+			'Cache-Control': 'no-store, no-cache, must-revalidate, private, max-age=0',
+			'Pragma': 'no-cache',
+			'Expires': '0',
+			'Referrer-Policy': 'no-referrer',
+			'Permissions-Policy': 'accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()',
+			'Content-Security-Policy': "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: blob:; connect-src 'self'; frame-ancestors 'self'",
+		});
+
+		// Inject the filename, nonce, and key into the cached viewer
+		// Key is embedded in HTML - NOT visible in any network API response!
+		const injectedHtml = viewerHtmlCache
+			.replace('</head>', `
+				<style>
+					/* Hide upload overlay since PDF will auto-load */
+					#uploadOverlay { display: none !important; }
+				</style>
+				<script>
+					window.PDF_SECURE_CONFIG = {
+						filename: ${JSON.stringify(safeName)},
+						relativePath: ${JSON.stringify(req.app.get('relative_path') || '')},
+						csrfToken: ${JSON.stringify(req.csrfToken ? req.csrfToken() : '')},
+						nonce: ${JSON.stringify(nonceData.nonce)},
+						dk: ${JSON.stringify(nonceData.dk)},
+						iv: ${JSON.stringify(nonceData.iv)},
+						isPremium: ${JSON.stringify(isPremium)},
+						isLite: ${JSON.stringify(isLite)},
+						uid: ${JSON.stringify(req.uid)},
+						totalPages: ${JSON.stringify(totalPages)}
+					};
+				</script>
+			</head>`);
+
+		res.type('html').send(injectedHtml);
+	});
+};
+
+plugin.addRoutes = async ({ router, middleware, helpers }) => {
+	// Nonce endpoint removed - nonce is now generated in viewer route
+	// This improves security by not exposing any key-related data in API responses
+};
+
+plugin.addAdminNavigation = (header) => {
+	header.plugins.push({
+		route: '/plugins/pdf-secure',
+		icon: 'fa-file-pdf-o',
+		name: 'PDF Secure Viewer',
+	});
+
+	return header;
+};
+
+// Filter meta tags to hide PDF URLs and filenames
+plugin.filterMetaTags = async (hookData) => {
+	if (!hookData || !hookData.tags) {
+		return hookData;
+	}
+
+	// Admin/Global Moderator bypass - no filtering for privileged users
+	if (hookData.req && hookData.req.uid) {
+		const [isAdmin, isGlobalMod] = await Promise.all([
+			groups.isMember(hookData.req.uid, 'administrators'),
+			groups.isMember(hookData.req.uid, 'Global Moderators'),
+		]);
+		if (isAdmin || isGlobalMod) {
+			return hookData;
+		}
+	}
+
+	// Filter out PDF-related meta tags
+	hookData.tags = hookData.tags.filter(tag => {
+		// Remove og:image and og:image:url if it contains .pdf
+		if ((tag.property === 'og:image' || tag.property === 'og:image:url') && tag.content && tag.content.toLowerCase().includes('.pdf')) {
+			return false;
+		}
+		// Remove twitter:image if it contains .pdf
+		if (tag.name === 'twitter:image' && tag.content && tag.content.toLowerCase().includes('.pdf')) {
+			return false;
+		}
+		return true;
+	});
+
+	// Sanitize description to hide .pdf extensions
+	hookData.tags = hookData.tags.map(tag => {
+		if ((tag.name === 'description' || tag.property === 'og:description') && tag.content) {
+			// Replace .pdf extension with empty string in description
+			tag.content = tag.content.replace(/\.pdf/gi, '');
+		}
+		return tag;
+	});
+
+	return hookData;
+};
+
+// Transform PDF links to secure placeholders (server-side)
+// This hides PDF URLs from: page source, API, RSS, ActivityPub
+plugin.transformPdfLinks = async (data) => {
+	if (!data || !data.postData || !data.postData.content) {
+		return data;
+	}
+
+	// Regex to match PDF links: <a href="...xxx.pdf">text</a>
+	// Captures: full URL path, filename, link text
+	const pdfLinkRegex = /<a\s+[^>]*href=["']([^"']*\/([^"'\/]+\.pdf))["'][^>]*>([^<]*)<\/a>/gi;
+
+	data.postData.content = data.postData.content.replace(pdfLinkRegex, (match, fullPath, filename, linkText) => {
+		// Decode filename to prevent double encoding (URL may already be encoded)
+		let decodedFilename;
+		try { decodedFilename = decodeURIComponent(filename); }
+		catch (e) { decodedFilename = filename; }
+
+		// Sanitize for HTML attribute
+		const safeFilename = decodedFilename.replace(/[<>"'&]/g, '');
+		const displayName = linkText.trim() || safeFilename;
+
+		// Return secure placeholder div instead of actual link
+		return `<div class="pdf-secure-placeholder" data-filename="${safeFilename}">
+			<svg viewBox="0 0 24 24" style="width:20px;height:20px;fill:#e81224;vertical-align:middle;margin-right:8px;">
+				<path d="M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z"/>
+			</svg>
+			<span>${displayName}</span>
+		</div>`;
+	});
+
+	return data;
+};
+
+module.exports = plugin;

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "nodebb-plugin-pdf-secure2",
+  "version": "1.2.30",
+  "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
+  "main": "library.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/nodebb/nodebb-plugin-pdf-secure"
+  },
+  "scripts": {
+    "lint": "eslint ."
+  },
+  "keywords": [
+    "nodebb",
+    "plugin",
+    "pdf",
+    "secure",
+    "viewer"
+  ],
+  "husky": {
+    "hooks": {
+      "pre-commit": "lint-staged",
+      "commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
+    }
+  },
+  "lint-staged": {
+    "*.js": [
+      "eslint --fix",
+      "git add"
+    ]
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/nodebb/nodebb-plugin-pdf-secure/issues"
+  },
+  "readmeFilename": "README.md",
+  "nbbpm": {
+    "compatibility": "^3.2.0"
+  },
+  "dependencies": {
+    "pdf-lib": "^1.17.1",
+    "uuid": "^11.1.0"
+  },
+  "devDependencies": {
+    "@commitlint/cli": "20.4.1",
+    "@commitlint/config-angular": "20.4.1",
+    "eslint": "9.39.2",
+    "eslint-config-nodebb": "1.1.11",
+    "husky": "9.1.7",
+    "lint-staged": "16.2.7",
+    "pdfjs-dist": "^4.9.155"
+  }
+}

package/plugin.json

@@ -0,0 +1,37 @@
+{
+	"id": "nodebb-plugin-pdf-secure",
+	"url": "https://github.com/NodeBB/nodebb-plugin-pdf-secure",
+	"library": "./library.js",
+	"hooks": [
+		{
+			"hook": "static:app.load",
+			"method": "init"
+		},
+		{
+			"hook": "static:api.routes",
+			"method": "addRoutes"
+		},
+		{
+			"hook": "filter:admin.header.build",
+			"method": "addAdminNavigation"
+		},
+		{
+			"hook": "filter:meta.getMetaTags",
+			"method": "filterMetaTags"
+		},
+		{
+			"hook": "filter:parse.post",
+			"method": "transformPdfLinks"
+		}
+	],
+	"staticDirs": {
+		"static": "./static"
+	},
+	"less": [
+		"static/style.less"
+	],
+	"scripts": [
+		"static/lib/main.js"
+	],
+	"templates": "./static/templates"
+}

package/renovate.json

@@ -0,0 +1,5 @@
+{
+  "extends": [
+    "config:recommended"
+  ]
+}