Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove base64 encoding #403

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix: remove base64 encoding #403

wants to merge 6 commits into from

Conversation

bjarneo
Copy link
Member

@bjarneo bjarneo commented Feb 26, 2025
edited
Loading

Previously for larger files, the base64 encoding threw an error. This PR will fix that.

However, this will change the entire secret approach, meaning old secrets will no longer work.

Also, I am not sure about this approach. It tries to encrypt everything into memory in the browser, which is not ideal. 200mb files crashed on my MacBook Pro m2.

Streaming is the best solution, but this is a temp solution for most files.

Summary by CodeRabbit

  • Refactor

    • Enhanced data handling across file processing, zip generation, and encryption/decryption by transitioning from Base64 to hexadecimal encoding. These improvements ensure unified formatting, smoother integration, and increased reliability.

  • Chores

    • Removed legacy authentication identifiers that were no longer in use to streamline system operations and reduce maintenance complexity.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Feb 26, 2025
edited
Loading

Walkthrough

This pull request updates the way decrypted and zip file data are processed. In client/api/upload.js and client/helpers/zip.js, the code replaces tweetnacl-util’s Base64 methods with Buffer-based hexadecimal conversion. The constants for user login events in client/util/constants.js have been removed, and in shared/helpers/crypto.js, the encryption key conversion now uses a UTF-8 decoding method with a corrected message slicing approach. Overall, the modifications adjust data encoding/decoding without altering the overall functional flow.

Changes

File(s) Change Summary
client/api/upload.js, client/helpers/zip.js Replaced tweetnacl-util’s Base64 encoding/decoding with Buffer-based hexadecimal conversion for decrypted content and zip file data.
client/util/constants.js Removed exported constants USER_LOGIN_CHANGED and USER_LOGIN, eliminating related login event handling.
shared/helpers/crypto.js Updated the encryption/decryption functions by converting the encryption key with decodeUTF8 instead of Buffer.from and refined message slicing logic.

Poem

I’m a happy little bunny,
Hopping through lines of code so fine,
Changing Base64 to hex with a grin 😊,
Constants gone, encryption now divine,
With UTF-8 magic in every line,
In a forest of updates I cheer and shine!
Hop on, code rabbit style!

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d24322 and dca745b.

📒 Files selected for processing (2)
  • client/api/upload.js (2 hunks)
  • shared/helpers/crypto.js (4 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • client/api/upload.js
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: Scan the docker image
  • GitHub Check: Analyze (javascript)
🔇 Additional comments (9)
shared/helpers/crypto.js (9)

7-7: Removed base64 encoding methods as intended.

The imports have been updated to remove encodeBase64 and decodeBase64 methods from tweetnacl-util, which aligns with the PR objective of removing base64 encoding that was causing errors with larger files.

20-20: Key conversion method has been updated.

Changed from using Buffer-based conversion to using decodeUTF8 for the encryption key, which is more appropriate for string-based user keys and improves consistency with how data is handled elsewhere in the code.

31-31: Changed encoding format from base64 to hex.

Replaced base64 encoding with hex encoding using Buffer. This change should help with handling larger files as mentioned in the PR objectives, since hex encoding is more efficient for binary data and avoids the issues with base64 encoding.

34-34: Updated parameter name to reflect the new data format.

The parameter name change from messageWithNonce to messageWithNonceHex clearly indicates that this function now expects hex-encoded input rather than base64, which improves code readability.

35-35: Consistent key conversion using decodeUTF8.

Using the same conversion method as in the encrypt function maintains consistency across the codebase.

37-37: Updated message decoding to use hex instead of base64.

Changed the decoding method to use hex format by leveraging Buffer, which aligns with the changes made to the encrypt function and helps with processing larger files.

41-41: Fixed array slicing by using the correct length reference.

Now properly using messageWithNonceAsUint8Array.length instead of the original string length, which fixes a potential bug where the incorrect slice length could lead to data corruption.

50-50: Simplified return value to use UTF-8 encoding directly.

Now returning the UTF-8 encoded decrypted message directly, which simplifies the code and maintains consistency with how the data is processed.

1-51: Verify backward compatibility implications.

While all the changes look good from a technical perspective, this PR mentions that these changes will make the system incompatible with old secrets. Ensure that you have a migration plan or clear communication to users about this breaking change.

Also, consider adding a note in the documentation about the memory limitations. The PR mentions that attempting to handle 200 MB files led to crashes, so users should be aware of these constraints when using the application.

✨ Finishing Touches
  • 📝 Generate Docstrings
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Feb 26, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8473333 and 2d24322.

📒 Files selected for processing (4)
  • client/api/upload.js (1 hunks)
  • client/helpers/zip.js (2 hunks)
  • client/util/constants.js (0 hunks)
  • shared/helpers/crypto.js (2 hunks)
💤 Files with no reviewable changes (1)
  • client/util/constants.js
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: Scan the docker image
🔇 Additional comments (6)
client/helpers/zip.js (2)

1-1: Import from buffer module

Good job adding the buffer import to replace the removed tweetnacl-util dependency.

36-36:

❓ Verification inconclusive

Format change from base64 to hex

The function now returns data in hexadecimal format instead of base64. This change is consistent with the PR's goal to remove base64 encoding.

🏁 Script executed:

#!/bin/bash
# Verify all callers of zipFiles are updated to handle hex format
rg "zipFiles\\(" --type js

Length of output: 192

Hex Encoding Verified – Confirm Downstream Handling
The helper change in client/helpers/zip.js to return hexadecimal data is correct and aligns with the PR’s goal of replacing base64 encoding. The grep results show that the only call site besides the export is in client/stores/secretStore.js. Please double-check that this caller (and any downstream logic) correctly processes the hex-encoded string, as opposed to the previous base64 format.

shared/helpers/crypto.js (4)

19-19: Switch from Buffer to tweetnacl-util for key processing

Changed from using Buffer.from to decodeUTF8 for key processing. This creates a more consistent approach by using tweetnacl-util's methods throughout the encryption process.

36-36: Switch from Buffer to tweetnacl-util for key processing

Same change as in the encrypt function - using decodeUTF8 instead of Buffer.from for consistent key processing.

42-42: Bug fix: Using correct length property

Fixed a bug by using messageWithNonceAsUint8Array.length instead of messageWithNonce.length. This ensures the correct array is used for determining the slice length.

52-53:

❓ Verification inconclusive

Verify return value format consistency

The decrypt function returns a UTF-8 encoded string with encodeUTF8(decrypted), but in client/api/upload.js, this return value is being treated as a hex string with Buffer.from(decrypt(...), 'hex'). Please verify this is intentional and that the formats match.

🏁 Script executed:

#!/bin/bash
# Looking at what decrypt returns and how it's used
rg -A 2 "const base64DecryptedMessage" shared/helpers/crypto.js
# Find places where decrypt output is consumed
rg "decrypt\\(.*\\)" --type js --glob !shared/helpers/crypto.js -A 1

Length of output: 832

Verify return value format for decrypt function usage

It appears that the decrypt function returns a UTF-8 encoded string using encodeUTF8(decrypted) (see lines 52–53 in shared/helpers/crypto.js), but in client/api/upload.js the output is interpreted as a hex string via Buffer.from(decrypt(...), 'hex'). Please verify that this discrepancy is intentional. In particular:

  • Confirm whether the decryption result should indeed be a UTF-8 string, in which case the client code in client/api/upload.js should be updated to handle it appropriately.
  • Alternatively, if a hex string is expected, update the decryption logic in shared/helpers/crypto.js to return the appropriately formatted hex string.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bjarneo