nodebb-plugin-pdf-secure2 1.2.37 → 1.3.0

package/.claude/settings.local.json

@@ -0,0 +1,11 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:github.com)",
+      "Bash(dir:*)",
+      "Bash(npm pack:*)",
+      "Bash(tar:*)"
+    ]
+  }
+}

package/lib/controllers.js

@@ -1,11 +1,29 @@
 'use strict';
 
 const crypto = require('crypto');
+const path = require('path');
 const nonceStore = require('./nonce-store');
 const pdfHandler = require('./pdf-handler');
+const geminiChat = require('./gemini-chat');
+const groups = require.main.require('./src/groups');
 
 const Controllers = module.exports;
 
+// Rate limiting: per-user message counter
+const rateLimits = new Map(); // uid -> { count, windowStart }
+const RATE_LIMIT_WINDOW = 60 * 1000; // 1 minute
+const RATE_LIMIT_MAX = 30; // messages per window
+
+// Periodic cleanup of expired rate limit entries
+setInterval(() => {
+	const now = Date.now();
+	for (const [uid, entry] of rateLimits.entries()) {
+		if (now - entry.windowStart > RATE_LIMIT_WINDOW * 2) {
+			rateLimits.delete(uid);
+		}
+	}
+}, 5 * 60 * 1000).unref();
+
 // AES-256-GCM encryption - replaces weak XOR obfuscation
 function aesGcmEncrypt(buffer, key, iv) {
 	const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
@@ -63,3 +81,90 @@ Controllers.servePdfBinary = async function (req, res) {
 		return res.status(500).json({ error: 'Internal error' });
 	}
 };
+
+Controllers.handleChat = async function (req, res) {
+	// Authentication gate
+	if (!req.uid) {
+		return res.status(401).json({ error: 'Authentication required' });
+	}
+
+	// Check AI availability
+	if (!geminiChat.isAvailable()) {
+		return res.status(503).json({ error: 'AI chat is not configured' });
+	}
+
+	// Premium/VIP group check
+	const [isAdmin, isGlobalMod, isPremiumMember, isVipMember] = await Promise.all([
+		groups.isMember(req.uid, 'administrators'),
+		groups.isMember(req.uid, 'Global Moderators'),
+		groups.isMember(req.uid, 'Premium'),
+		groups.isMember(req.uid, 'VIP'),
+	]);
+	const isPremium = isAdmin || isGlobalMod || isPremiumMember || isVipMember;
+	if (!isPremium) {
+		return res.status(403).json({ error: 'Premium membership required for AI chat' });
+	}
+
+	// Rate limiting
+	const now = Date.now();
+	let userRate = rateLimits.get(req.uid);
+	if (!userRate || now - userRate.windowStart > RATE_LIMIT_WINDOW) {
+		userRate = { count: 0, windowStart: now };
+		rateLimits.set(req.uid, userRate);
+	}
+	userRate.count += 1;
+	if (userRate.count > RATE_LIMIT_MAX) {
+		return res.status(429).json({ error: 'Rate limit exceeded. Please wait a moment.' });
+	}
+
+	// Body validation
+	const { filename, question, history } = req.body;
+
+	if (!filename || typeof filename !== 'string') {
+		return res.status(400).json({ error: 'Missing or invalid filename' });
+	}
+	const safeName = path.basename(filename);
+	if (!safeName || safeName !== filename || !safeName.toLowerCase().endsWith('.pdf')) {
+		return res.status(400).json({ error: 'Invalid filename' });
+	}
+
+	const trimmedQuestion = typeof question === 'string' ? question.trim() : '';
+	if (!trimmedQuestion || trimmedQuestion.length > 2000) {
+		return res.status(400).json({ error: 'Question is required (max 2000 characters)' });
+	}
+
+	if (history && (!Array.isArray(history) || history.length > 50)) {
+		return res.status(400).json({ error: 'Invalid history (max 50 entries)' });
+	}
+	if (history) {
+		for (const entry of history) {
+			if (!entry || typeof entry !== 'object') {
+				return res.status(400).json({ error: 'Invalid history entry' });
+			}
+			if (entry.role !== 'user' && entry.role !== 'model') {
+				return res.status(400).json({ error: 'Invalid history role' });
+			}
+			if (typeof entry.text !== 'string' || entry.text.length > 4000) {
+				return res.status(400).json({ error: 'Invalid history text' });
+			}
+		}
+	}
+
+	try {
+		const answer = await geminiChat.chat(safeName, trimmedQuestion, history || []);
+		return res.json({ answer });
+	} catch (err) {
+		console.error('[PDF-Secure] Chat error:', err.message);
+
+		if (err.message === 'File not found') {
+			return res.status(404).json({ error: 'PDF not found' });
+		}
+		if (err.status === 429 || err.message.includes('rate limit') || err.message.includes('quota')) {
+			return res.status(429).json({ error: 'AI service rate limit exceeded. Please try again later.' });
+		}
+		if (err.status === 401 || err.status === 403 || err.message.includes('API key')) {
+			return res.status(503).json({ error: 'AI service configuration error' });
+		}
+		return res.status(500).json({ error: 'Failed to get AI response. Please try again.' });
+	}
+};

package/lib/gemini-chat.js

@@ -0,0 +1,231 @@
+'use strict';
+
+const fs = require('fs');
+const pdfHandler = require('./pdf-handler');
+
+const GeminiChat = module.exports;
+
+let ai = null;
+
+// Cache maps
+const fileCache = new Map(); // filename -> {fileUri, uploadedAt}
+const contextCache = new Map(); // filename -> {cacheName, expiresAt}
+const uploadPromises = new Map(); // filename -> Promise (deduplication)
+
+const FILE_TTL = 48 * 60 * 60 * 1000; // 48 hours (Gemini Files API limit)
+const CONTEXT_TTL = 30 * 60 * 1000; // 30 minutes
+const CLEANUP_INTERVAL = 10 * 60 * 1000; // 10 minutes
+const SMALL_PDF_THRESHOLD = 8; // pages - skip caching for small PDFs
+
+const SYSTEM_INSTRUCTION = `You are a helpful assistant that answers questions about the provided PDF document.
+Respond in the same language the user writes their question in.
+Be concise and accurate. When referencing specific information, mention the relevant page or section when possible.`;
+
+const MODEL_NAME = 'gemini-2.5-flash';
+
+// Periodic cleanup of expired entries
+const cleanupTimer = setInterval(() => {
+	const now = Date.now();
+	for (const [key, entry] of fileCache.entries()) {
+		if (now - entry.uploadedAt > FILE_TTL) {
+			fileCache.delete(key);
+		}
+	}
+	for (const [key, entry] of contextCache.entries()) {
+		if (now > entry.expiresAt) {
+			contextCache.delete(key);
+		}
+	}
+}, CLEANUP_INTERVAL);
+cleanupTimer.unref();
+
+GeminiChat.init = function (apiKey) {
+	if (!apiKey) {
+		ai = null;
+		return;
+	}
+	try {
+		const { GoogleGenAI } = require('@google/genai');
+		ai = new GoogleGenAI({ apiKey });
+		console.log('[PDF-Secure] Gemini AI client initialized');
+	} catch (err) {
+		console.error('[PDF-Secure] Failed to initialize Gemini client:', err.message);
+		ai = null;
+	}
+};
+
+GeminiChat.isAvailable = function () {
+	return !!ai;
+};
+
+async function uploadFile(filename) {
+	const filePath = pdfHandler.resolveFilePath(filename);
+	if (!filePath || !fs.existsSync(filePath)) {
+		throw new Error('File not found');
+	}
+
+	const fileBuffer = await fs.promises.readFile(filePath);
+	const uploadResult = await ai.files.upload({
+		file: new Blob([fileBuffer], { type: 'application/pdf' }),
+		config: { displayName: filename },
+	});
+
+	// Wait for file processing
+	let file = uploadResult;
+	while (file.state === 'PROCESSING') {
+		await new Promise(r => setTimeout(r, 2000));
+		file = await ai.files.get({ name: file.name });
+	}
+
+	if (file.state === 'FAILED') {
+		throw new Error('File processing failed');
+	}
+
+	return file;
+}
+
+async function getPageCount(filename) {
+	try {
+		return await pdfHandler.getTotalPages(filename);
+	} catch {
+		return 0;
+	}
+}
+
+GeminiChat.ensureCache = async function (filename) {
+	// Check existing context cache
+	const cached = contextCache.get(filename);
+	if (cached && Date.now() < cached.expiresAt) {
+		return { cacheName: cached.cacheName, useCache: true };
+	}
+
+	// Check if PDF is small enough to skip caching
+	const pageCount = await getPageCount(filename);
+	if (pageCount > 0 && pageCount < SMALL_PDF_THRESHOLD) {
+		// Small PDF: use inline approach
+		return { filename, useCache: false };
+	}
+
+	// Deduplicate concurrent upload requests for the same file
+	if (uploadPromises.has(filename)) {
+		return uploadPromises.get(filename);
+	}
+
+	const promise = (async () => {
+		try {
+			// Ensure file is uploaded
+			let fileEntry = fileCache.get(filename);
+			if (!fileEntry || Date.now() - fileEntry.uploadedAt > FILE_TTL) {
+				const uploaded = await uploadFile(filename);
+				fileEntry = { fileUri: uploaded.uri, uploadedAt: Date.now() };
+				fileCache.set(filename, fileEntry);
+				console.log('[PDF-Secure] File uploaded to Gemini:', filename);
+			}
+
+			// Create context cache
+			const cache = await ai.caches.create({
+				model: MODEL_NAME,
+				config: {
+					contents: [{
+						role: 'user',
+						parts: [{ fileData: { fileUri: fileEntry.fileUri, mimeType: 'application/pdf' } }],
+					}],
+					systemInstruction: SYSTEM_INSTRUCTION,
+					ttl: `${CONTEXT_TTL / 1000}s`,
+				},
+			});
+
+			const cacheEntry = {
+				cacheName: cache.name,
+				expiresAt: Date.now() + CONTEXT_TTL,
+			};
+			contextCache.set(filename, cacheEntry);
+			console.log('[PDF-Secure] Context cache created for:', filename);
+			return { cacheName: cache.name, useCache: true };
+		} finally {
+			uploadPromises.delete(filename);
+		}
+	})();
+
+	uploadPromises.set(filename, promise);
+	return promise;
+};
+
+GeminiChat.chat = async function (filename, question, history) {
+	if (!ai) {
+		throw new Error('AI chat is not configured');
+	}
+
+	const cacheInfo = await GeminiChat.ensureCache(filename);
+
+	// Build conversation contents from history
+	const contents = [];
+	if (Array.isArray(history)) {
+		for (const entry of history) {
+			if (entry.role && entry.text) {
+				contents.push({
+					role: entry.role === 'user' ? 'user' : 'model',
+					parts: [{ text: entry.text }],
+				});
+			}
+		}
+	}
+
+	// Add current question
+	contents.push({
+		role: 'user',
+		parts: [{ text: question }],
+	});
+
+	let response;
+
+	if (cacheInfo.useCache) {
+		// Use cached context
+		response = await ai.models.generateContent({
+			model: MODEL_NAME,
+			contents,
+			config: {
+				cachedContent: cacheInfo.cacheName,
+			},
+		});
+	} else {
+		// Inline PDF for small files
+		const filePath = pdfHandler.resolveFilePath(filename);
+		if (!filePath || !fs.existsSync(filePath)) {
+			throw new Error('File not found');
+		}
+		const fileBuffer = await fs.promises.readFile(filePath);
+		const base64Data = fileBuffer.toString('base64');
+
+		// Prepend PDF as first message
+		const inlineContents = [
+			{
+				role: 'user',
+				parts: [
+					{ inlineData: { mimeType: 'application/pdf', data: base64Data } },
+					{ text: 'I am sharing a PDF document with you. Please use it to answer my questions.' },
+				],
+			},
+			{
+				role: 'model',
+				parts: [{ text: 'I have received the PDF document. I am ready to answer your questions about it.' }],
+			},
+			...contents,
+		];
+
+		response = await ai.models.generateContent({
+			model: MODEL_NAME,
+			contents: inlineContents,
+			config: {
+				systemInstruction: SYSTEM_INSTRUCTION,
+			},
+		});
+	}
+
+	const text = response?.candidates?.[0]?.content?.parts?.[0]?.text;
+	if (!text) {
+		throw new Error('Empty response from AI');
+	}
+
+	return text;
+};