3.2 KiB
3.2 KiB
Project Plan: Firebase Integration & Encryption
This document outlines the plan to integrate Firebase Firestore as a remote database for logged-in users and implement end-to-end encryption for user data.
Phase 1: encryptionService
and Secure Key Management
The goal of this phase is to create a centralized service for data encryption and decryption, with secure management of encryption keys.
- Install
keytar
: Add thekeytar
package to the project to securely store encryption keys in the OS keychain. - Create
encryptionService.js
:- Location:
src/common/services/encryptionService.js
- Implement
encrypt(text)
anddecrypt(encrypted)
functions using Node.jscrypto
withAES-256-GCM
.
- Location:
- Implement Key Management:
- Create an
initializeKey(userId)
function within the service. - This function will first attempt to retrieve the encryption key from
keytar
. - If
keytar
fails or no key is found, it will generate a secure, session-only key in memory as a fallback. It will not save the key to an insecure location likeelectron-store
.
- Create an
Phase 2: Automatic Encryption/Decryption via Firestore Converter
This phase aims to abstract away the encryption/decryption logic from the repository layer, making it automatic.
- Create
firestoreConverter.js
:- Location:
src/common/repositories/firestoreConverter.js
- Implement a factory function
createEncryptedConverter(fieldsToEncrypt = [])
. - This function will return a Firestore converter object with
toFirestore
andfromFirestore
methods. toFirestore
: Will automatically encrypt the specified fields before writing data to Firestore.fromFirestore
: Will automatically decrypt the specified fields after reading data from Firestore.
- Location:
Phase 3: Implement Firebase Repositories
With the encryption layer ready, we will create the Firebase equivalents of the existing SQLite repositories.
- Create
session/firebase.repository.js
:- Location:
src/common/repositories/session/firebase.repository.js
- Use the
createEncryptedConverter
to encrypt fields liketitle
. - Implement all functions from the SQLite counterpart (
create
,getById
,getOrCreateActive
, etc.) using Firestore APIs.
- Location:
- Create
ask/repositories/firebase.repository.js
:- Location:
src/features/ask/repositories/firebase.repository.js
- Use the
createEncryptedConverter
to encrypt thecontent
field of AI messages. - Implement all functions from the SQLite counterpart (
addAiMessage
,getAllAiMessagesBySessionId
).
- Location:
Phase 4: Integrate Repository Strategy Pattern
This final phase will activate the logic that switches between local and remote databases based on user authentication status.
- Update
getRepository()
functions:- Modify
src/common/repositories/session/index.js
andsrc/features/ask/repositories/index.js
. - In the
getRepository()
function, useauthService.getCurrentUser()
to check if the user is logged in (user.isLoggedIn
). - If logged in, return the
firebaseRepository
. - Otherwise, return the
sqliteRepository
. - Uncomment the
require
statements for the newly created Firebase repositories.
- Modify