Notes/src/services/anonymization.ts

import BUILTIN_ATTRIBUTES from "./builtin_attributes.js";
import fs from "fs-extra";
import dataDir from "./data_dir.js";
import dateUtils from "./date_utils.js";
import Database from "better-sqlite3";
import sql from "./sql.js";
import path from "path";

function getFullAnonymizationScript() {
    // we want to delete all non-builtin attributes because they can contain sensitive names and values
    // on the other hand builtin/system attrs should not contain any sensitive info
    const builtinAttrNames = BUILTIN_ATTRIBUTES
        .filter(attr => !["shareCredentials", "shareAlias"].includes(attr.name))
        .map(attr => `'${attr.name}'`).join(', ');

    const anonymizeScript = `
UPDATE etapi_tokens SET tokenHash = 'API token hash value';
UPDATE notes SET title = 'title' WHERE title NOT IN ('root', '_hidden', '_share');
UPDATE blobs SET content = 'text' WHERE content IS NOT NULL;
UPDATE revisions SET title = 'title';

UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrNames});
UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrNames});
UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL AND prefix != 'recovered';
UPDATE options SET value = 'anonymized' WHERE name IN
                    ('documentId', 'documentSecret', 'encryptedDataKey', 
                     'passwordVerificationHash', 'passwordVerificationSalt', 
                     'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy') 
                      AND value != '';

VACUUM;
`;

    return anonymizeScript;
}

function getLightAnonymizationScript() {
    return `UPDATE blobs SET content = 'text' WHERE content IS NOT NULL AND blobId NOT IN (
                SELECT blobId FROM notes WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')
              UNION ALL
                SELECT blobId FROM revisions WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')
            );

            UPDATE options SET value = 'anonymized' WHERE name IN
                  ('documentId', 'documentSecret', 'encryptedDataKey',
                   'passwordVerificationHash', 'passwordVerificationSalt',
                   'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')
              AND value != '';`;
}

async function createAnonymizedCopy(type: "full" | "light") {
    if (!['full', 'light'].includes(type)) {
        throw new Error(`Unrecognized anonymization type '${type}'`);
    }

    if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {
        fs.mkdirSync(dataDir.ANONYMIZED_DB_DIR, 0o700);
    }

    const anonymizedFile = `${dataDir.ANONYMIZED_DB_DIR}/anonymized-${type}-${dateUtils.getDateTimeForFile()}.db`;

    await sql.copyDatabase(anonymizedFile);

    const db = new Database(anonymizedFile);

    const anonymizationScript = type === 'light'
        ? getLightAnonymizationScript()
        : getFullAnonymizationScript();

    db.exec(anonymizationScript);

    db.close();

    return {
        success: true,
        anonymizedFilePath: anonymizedFile
    };
}

function getExistingAnonymizedDatabases() {
    if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {
        return [];
    }

    return fs.readdirSync(dataDir.ANONYMIZED_DB_DIR)
        .filter(fileName => fileName.includes("anonymized"))
        .map(fileName => ({
            fileName: fileName,
            filePath: path.resolve(dataDir.ANONYMIZED_DB_DIR, fileName)
        }));
}

export default {
    getFullAnonymizationScript,
    createAnonymizedCopy,
    getExistingAnonymizedDatabases
}
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import BUILTIN_ATTRIBUTES from "./builtin_attributes.js";`
server-esm: Change simple library import statements 2024-07-18 21:37:45 +03:00			`import fs from "fs-extra";`
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import dataDir from "./data_dir.js";`
			`import dateUtils from "./date_utils.js";`
server-esm: Change simple library import statements 2024-07-18 21:37:45 +03:00			`import Database from "better-sqlite3";`
server-esm: Change simple local import statements 2024-07-18 21:35:17 +03:00			`import sql from "./sql.js";`
server-esm: Change simple library import statements 2024-07-18 21:37:45 +03:00			`import path from "path";`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`function getFullAnonymizationScript() {`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`// we want to delete all non-builtin attributes because they can contain sensitive names and values`
improve anonymization 2023-10-03 23:14:02 +02:00			`// on the other hand builtin/system attrs should not contain any sensitive info`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`const builtinAttrNames = BUILTIN_ATTRIBUTES`
improve anonymization 2023-10-03 23:17:15 +02:00			`.filter(attr => !["shareCredentials", "shareAlias"].includes(attr.name))`
always use template strings instead of string concatenation 2022-12-21 15:19:05 +01:00			.map(attr => `'${attr.name}'`).join(', ');
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			const anonymizeScript = `
			`UPDATE etapi_tokens SET tokenHash = 'API token hash value';`
add prefix "_" to "named" IDs 2022-12-21 16:11:00 +01:00			`UPDATE notes SET title = 'title' WHERE title NOT IN ('root', '_hidden', '_share');`
WIP blobs 2023-03-16 11:02:07 +01:00			`UPDATE blobs SET content = 'text' WHERE content IS NOT NULL;`
rename "note revision" to just "revision" 2023-06-04 23:01:40 +02:00			`UPDATE revisions SET title = 'title';`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			`UPDATE attributes SET name = 'name', value = 'value' WHERE type = 'label' AND name NOT IN(${builtinAttrNames});`
			`UPDATE attributes SET name = 'name' WHERE type = 'relation' AND name NOT IN (${builtinAttrNames});`
improved logging 2022-01-31 21:25:18 +01:00			`UPDATE branches SET prefix = 'prefix' WHERE prefix IS NOT NULL AND prefix != 'recovered';`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`UPDATE options SET value = 'anonymized' WHERE name IN`
			`('documentId', 'documentSecret', 'encryptedDataKey',`
			`'passwordVerificationHash', 'passwordVerificationSalt',`
			`'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')`
			`AND value != '';`

			`VACUUM;`
			`;

			`return anonymizeScript;`
			`}`

add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`function getLightAnonymizationScript() {`
WIP blobs 2023-03-16 11:02:07 +01:00			return `UPDATE blobs SET content = 'text' WHERE content IS NOT NULL AND blobId NOT IN (
			`SELECT blobId FROM notes WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')`
			`UNION ALL`
rename "note revision" to just "revision" 2023-06-04 23:01:40 +02:00			`SELECT blobId FROM revisions WHERE mime IN ('application/javascript;env=backend', 'application/javascript;env=frontend')`
stronger light anonymization 2024-01-03 22:10:29 +01:00			`);`

			`UPDATE options SET value = 'anonymized' WHERE name IN`
			`('documentId', 'documentSecret', 'encryptedDataKey',`
			`'passwordVerificationHash', 'passwordVerificationSalt',`
			`'passwordDerivedKeySalt', 'username', 'syncServerHost', 'syncProxy')`
			AND value != '';`;
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`}`

server-ts: Port anonymization service 2024-02-17 19:02:14 +02:00			`async function createAnonymizedCopy(type: "full" \| "light") {`
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`if (!['full', 'light'].includes(type)) {`
			throw new Error(`Unrecognized anonymization type '${type}'`);
			`}`

generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {`
			`fs.mkdirSync(dataDir.ANONYMIZED_DB_DIR, 0o700);`
			`}`

add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			const anonymizedFile = `${dataDir.ANONYMIZED_DB_DIR}/anonymized-${type}-${dateUtils.getDateTimeForFile()}.db`;
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			`await sql.copyDatabase(anonymizedFile);`

			`const db = new Database(anonymizedFile);`

add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`const anonymizationScript = type === 'light'`
			`? getLightAnonymizationScript()`
			`: getFullAnonymizationScript();`

			`db.exec(anonymizationScript);`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00
			`db.close();`

			`return {`
			`success: true,`
			`anonymizedFilePath: anonymizedFile`
			`};`
			`}`

show existing backups and anonymized DBs, #4321 2023-10-18 23:16:47 +02:00			`function getExistingAnonymizedDatabases() {`
			`if (!fs.existsSync(dataDir.ANONYMIZED_DB_DIR)) {`
			`return [];`
			`}`

			`return fs.readdirSync(dataDir.ANONYMIZED_DB_DIR)`
			`.filter(fileName => fileName.includes("anonymized"))`
			`.map(fileName => ({`
			`fileName: fileName,`
			`filePath: path.resolve(dataDir.ANONYMIZED_DB_DIR, fileName)`
			`}));`
			`}`

server-esm: Change some more export object to export default object 2024-07-18 21:47:30 +03:00			`export default {`
add light anonymization option to the existing full anonymization 2022-02-06 13:49:33 +01:00			`getFullAnonymizationScript,`
show existing backups and anonymized DBs, #4321 2023-10-18 23:16:47 +02:00			`createAnonymizedCopy,`
			`getExistingAnonymizedDatabases`
generate anonymization script into a file 2022-01-17 23:47:26 +01:00			`}`