51 lines
3.2 KiB
Markdown
51 lines
3.2 KiB
Markdown
# Project Plan: Firebase Integration & Encryption
|
|
|
|
This document outlines the plan to integrate Firebase Firestore as a remote database for logged-in users and implement end-to-end encryption for user data.
|
|
|
|
## Phase 1: `encryptionService` and Secure Key Management
|
|
|
|
The goal of this phase is to create a centralized service for data encryption and decryption, with secure management of encryption keys.
|
|
|
|
1. **Install `keytar`**: Add the `keytar` package to the project to securely store encryption keys in the OS keychain.
|
|
2. **Create `encryptionService.js`**:
|
|
- Location: `src/common/services/encryptionService.js`
|
|
- Implement `encrypt(text)` and `decrypt(encrypted)` functions using Node.js `crypto` with `AES-256-GCM`.
|
|
3. **Implement Key Management**:
|
|
- Create an `initializeKey(userId)` function within the service.
|
|
- This function will first attempt to retrieve the encryption key from `keytar`.
|
|
- If `keytar` fails or no key is found, it will generate a secure, session-only key in memory as a fallback. It will **not** save the key to an insecure location like `electron-store`.
|
|
|
|
## Phase 2: Automatic Encryption/Decryption via Firestore Converter
|
|
|
|
This phase aims to abstract away the encryption/decryption logic from the repository layer, making it automatic.
|
|
|
|
1. **Create `firestoreConverter.js`**:
|
|
- Location: `src/common/repositories/firestoreConverter.js`
|
|
- Implement a factory function `createEncryptedConverter(fieldsToEncrypt = [])`.
|
|
- This function will return a Firestore converter object with `toFirestore` and `fromFirestore` methods.
|
|
- `toFirestore`: Will automatically encrypt the specified fields before writing data to Firestore.
|
|
- `fromFirestore`: Will automatically decrypt the specified fields after reading data from Firestore.
|
|
|
|
## Phase 3: Implement Firebase Repositories
|
|
|
|
With the encryption layer ready, we will create the Firebase equivalents of the existing SQLite repositories.
|
|
|
|
1. **Create `session/firebase.repository.js`**:
|
|
- Location: `src/common/repositories/session/firebase.repository.js`
|
|
- Use the `createEncryptedConverter` to encrypt fields like `title`.
|
|
- Implement all functions from the SQLite counterpart (`create`, `getById`, `getOrCreateActive`, etc.) using Firestore APIs.
|
|
2. **Create `ask/repositories/firebase.repository.js`**:
|
|
- Location: `src/features/ask/repositories/firebase.repository.js`
|
|
- Use the `createEncryptedConverter` to encrypt the `content` field of AI messages.
|
|
- Implement all functions from the SQLite counterpart (`addAiMessage`, `getAllAiMessagesBySessionId`).
|
|
|
|
## Phase 4: Integrate Repository Strategy Pattern
|
|
|
|
This final phase will activate the logic that switches between local and remote databases based on user authentication status.
|
|
|
|
1. **Update `getRepository()` functions**:
|
|
- Modify `src/common/repositories/session/index.js` and `src/features/ask/repositories/index.js`.
|
|
- In the `getRepository()` function, use `authService.getCurrentUser()` to check if the user is logged in (`user.isLoggedIn`).
|
|
- If logged in, return the `firebaseRepository`.
|
|
- Otherwise, return the `sqliteRepository`.
|
|
- Uncomment the `require` statements for the newly created Firebase repositories. |