Notes/src/services/anonymization.js

const BUILTIN_ATTRIBUTES = require('./builtin_attributes.js');
const fs = require("fs-extra");
const dataDir = require('./data_dir');
const dateUtils = require('./date_utils');
const Database = require("better-sqlite3");
const sql = require('./sql');
const path = require("path");

function getFullAnonymizationScript() {
    // we want to delete all non-builtin attributes because they can contain sensitive names and values
    // on the other hand builtin/system attrs should not contain any sensitive info
    const builtinAttrNames = BUILTIN_ATTRIBUTES
        .filter(attr => !["shareCredentials", "shareAlias"].includes(attr.name))
        .map(attr => `'${attr.name}'`).join(', ');

    const anonymizeScript = `
UPDATE etapi_tokens SET tokenHash = 'API token hash value';
UPDATE notes SET title = 'title' WHERE title NOT IN ('root', '_hidden', '_share');
UPDATE blobs SET content = 'text' WHERE content IS NOT NULL;
UPDATE revisions SET title = 'title';

UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrNames});
UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrNames});
UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL AND prefix != 'recovered';
UPDATE options SET value = 'anonymized' WHERE name IN
                    ('documentId', 'documentSecret', 'encryptedDataKey', 
                     'passwordVerificationHash', 'passwordVerificationSalt', 
                     'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy') 
                      AND value != '';

VACUUM;
`;

    return anonymizeScript;
}

function getLightAnonymizationScript() {
    return `UPDATE blobs SET content = 'text' WHERE content IS NOT NULL AND blobId NOT IN (
                SELECT blobId FROM notes WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')
              UNION ALL
                SELECT blobId FROM revisions WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')
            );

            UPDATE options SET value = 'anonymized' WHERE name IN
                  ('documentId', 'documentSecret', 'encryptedDataKey',
                   'passwordVerificationHash', 'passwordVerificationSalt',
                   'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')
              AND value != '';`;
}

async function createAnonymizedCopy(type) {
    if (!['full', 'light'].includes(type)) {
        throw new Error(`Unrecognized anonymization type '${type}'`);
    }

    if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {
        fs.mkdirSync(dataDir.ANONYMIZED_DB_DIR, 0o700);
    }

    const anonymizedFile = `${dataDir.ANONYMIZED_DB_DIR}/anonymized-${type}-${dateUtils.getDateTimeForFile()}.db`;

    await sql.copyDatabase(anonymizedFile);

    const db = new Database(anonymizedFile);

    const anonymizationScript = type === 'light'
        ? getLightAnonymizationScript()
        : getFullAnonymizationScript();

    db.exec(anonymizationScript);

    db.close();

    return {
        success: true,
        anonymizedFilePath: anonymizedFile
    };
}

function getExistingAnonymizedDatabases() {
    if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {
        return [];
    }

    return fs.readdirSync(dataDir.ANONYMIZED_DB_DIR)
        .filter(fileName => fileName.includes("anonymized"))
        .map(fileName => ({
            fileName: fileName,
            filePath: path.resolve(dataDir.ANONYMIZED_DB_DIR, fileName)
        }));
}

module.exports = {
    getFullAnonymizationScript,
    createAnonymizedCopy,
    getExistingAnonymizedDatabases
}
use .js extension for require() as a preparation for future migration to ESM 2023-11-22 19:34:48 +01:00			`const BUILTIN_ATTRIBUTES = require('./builtin_attributes.js');`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`const fs = require("fs-extra");`
server-ts: Remove need for 'allowImportingTsExtensions' 2024-02-16 21:17:33 +02:00			`const dataDir = require('./data_dir');`
server-ts: utils.js -> utils.ts 2024-02-16 21:38:09 +02:00			`const dateUtils = require('./date_utils');`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`const Database = require("better-sqlite3");`
server-ts: sql.js -> sql.ts 2024-02-16 22:44:12 +02:00			`const sql = require('./sql');`
show existing backups and anonymized DBs, #4321 2023-10-18 23:16:47 +02:00			`const path = require("path");`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`function getFullAnonymizationScript() {`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`// we want to delete all non-builtin attributes because they can contain sensitive names and values`
improve anonymization 2023-10-03 23:14:02 +02:00			`// on the other hand builtin/system attrs should not contain any sensitive info`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`const builtinAttrNames = BUILTIN_ATTRIBUTES`
improve anonymization 2023-10-03 23:17:15 +02:00			`.filter(attr => !["shareCredentials", "shareAlias"].includes(attr.name))`
always use template strings instead of string concatenation 2022-12-21 15:19:05 +01:00			.map(attr => `'${attr.name}'`).join(', ');
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			const anonymizeScript = `
			`UPDATE etapi_tokens SET tokenHash = 'API token hash value';`
add prefix "_" to "named" IDs 2022-12-21 16:11:00 +01:00			`UPDATE notes SET title = 'title' WHERE title NOT IN ('root', '_hidden', '_share');`
WIP blobs 2023-03-16 11:02:07 +01:00			`UPDATE blobs SET content = 'text' WHERE content IS NOT NULL;`
rename "note revision" to just "revision" 2023-06-04 23:01:40 +02:00			`UPDATE revisions SET title = 'title';`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			`UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrNames});`
			`UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrNames});`
improved logging 2022-01-31 21:25:18 +01:00			`UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL AND prefix != 'recovered';`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`UPDATE options SET value = 'anonymized' WHERE name IN`
			`('documentId', 'documentSecret', 'encryptedDataKey',`
			`'passwordVerificationHash', 'passwordVerificationSalt',`
			`'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')`
			`AND value != '';`

			`VACUUM;`
			`;

			`return anonymizeScript;`
			`}`

add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`function getLightAnonymizationScript() {`
WIP blobs 2023-03-16 11:02:07 +01:00			return `UPDATE blobs SET content = 'text' WHERE content IS NOT NULL AND blobId NOT IN (
			`SELECT blobId FROM notes WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')`
			`UNION ALL`
rename "note revision" to just "revision" 2023-06-04 23:01:40 +02:00			`SELECT blobId FROM revisions WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')`
stronger light anonymization 2024-01-03 22:10:29 +01:00			`);`

			`UPDATE options SET value = 'anonymized' WHERE name IN`
			`('documentId', 'documentSecret', 'encryptedDataKey',`
			`'passwordVerificationHash', 'passwordVerificationSalt',`
			`'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')`
			AND value != '';`;
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`}`

			`async function createAnonymizedCopy(type) {`
			`if (!['full', 'light'].includes(type)) {`
			throw new Error(`Unrecognized anonymization type '${type}'`);
			`}`

generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {`
			`fs.mkdirSync(dataDir.ANONYMIZED_DB_DIR, 0o700);`
			`}`

add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			const anonymizedFile = `${dataDir.ANONYMIZED_DB_DIR}/anonymized-${type}-${dateUtils.getDateTimeForFile()}.db`;
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			`await sql.copyDatabase(anonymizedFile);`

			`const db = new Database(anonymizedFile);`

add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`const anonymizationScript = type === 'light'`
			`? getLightAnonymizationScript()`
			`: getFullAnonymizationScript();`

			`db.exec(anonymizationScript);`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			`db.close();`

			`return {`
			`success: true,`
			`anonymizedFilePath: anonymizedFile`
			`};`
			`}`

show existing backups and anonymized DBs, #4321 2023-10-18 23:16:47 +02:00			`function getExistingAnonymizedDatabases() {`
			`if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {`
			`return [];`
			`}`

			`return fs.readdirSync(dataDir.ANONYMIZED_DB_DIR)`
			`.filter(fileName => fileName.includes("anonymized"))`
			`.map(fileName => ({`
			`fileName: fileName,`
			`filePath: path.resolve(dataDir.ANONYMIZED_DB_DIR, fileName)`
			`}));`
			`}`

generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`module.exports = {`
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`getFullAnonymizationScript,`
show existing backups and anonymized DBs, #4321 2023-10-18 23:16:47 +02:00			`createAnonymizedCopy,`
			`getExistingAnonymizedDatabases`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`}`