cheykrym/glass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
glass/PLAN.md
samtiz fae6962297 firebase WIP
2025-07-09 04:56:20 +09:00

3.2 KiB
Raw Blame History

Project Plan: Firebase Integration & Encryption

This document outlines the plan to integrate Firebase Firestore as a remote database for logged-in users and implement end-to-end encryption for user data.

Phase 1: encryptionService and Secure Key Management

The goal of this phase is to create a centralized service for data encryption and decryption, with secure management of encryption keys.

  1. Install keytar: Add the keytar package to the project to securely store encryption keys in the OS keychain.
  2. Create encryptionService.js:
    • Location: src/common/services/encryptionService.js
    • Implement encrypt(text) and decrypt(encrypted) functions using Node.js crypto with AES-256-GCM.
  3. Implement Key Management:
    • Create an initializeKey(userId) function within the service.
    • This function will first attempt to retrieve the encryption key from keytar.
    • If keytar fails or no key is found, it will generate a secure, session-only key in memory as a fallback. It will not save the key to an insecure location like electron-store.

Phase 2: Automatic Encryption/Decryption via Firestore Converter

This phase aims to abstract away the encryption/decryption logic from the repository layer, making it automatic.

  1. Create firestoreConverter.js:
    • Location: src/common/repositories/firestoreConverter.js
    • Implement a factory function createEncryptedConverter(fieldsToEncrypt = []).
    • This function will return a Firestore converter object with toFirestore and fromFirestore methods.
    • toFirestore: Will automatically encrypt the specified fields before writing data to Firestore.
    • fromFirestore: Will automatically decrypt the specified fields after reading data from Firestore.

Phase 3: Implement Firebase Repositories

With the encryption layer ready, we will create the Firebase equivalents of the existing SQLite repositories.

  1. Create session/firebase.repository.js:
    • Location: src/common/repositories/session/firebase.repository.js
    • Use the createEncryptedConverter to encrypt fields like title.
    • Implement all functions from the SQLite counterpart (create, getById, getOrCreateActive, etc.) using Firestore APIs.
  2. Create ask/repositories/firebase.repository.js:
    • Location: src/features/ask/repositories/firebase.repository.js
    • Use the createEncryptedConverter to encrypt the content field of AI messages.
    • Implement all functions from the SQLite counterpart (addAiMessage, getAllAiMessagesBySessionId).

Phase 4: Integrate Repository Strategy Pattern

This final phase will activate the logic that switches between local and remote databases based on user authentication status.

  1. Update getRepository() functions:
    • Modify src/common/repositories/session/index.js and src/features/ask/repositories/index.js.
    • In the getRepository() function, use authService.getCurrentUser() to check if the user is logged in (user.isLoggedIn).
    • If logged in, return the firebaseRepository.
    • Otherwise, return the sqliteRepository.
    • Uncomment the require statements for the newly created Firebase repositories.