Skip to content
This repository has been archived by the owner on Nov 20, 2024. It is now read-only.

feat: replace micro-aes-gcm with @noble/chipers [SPMVP-6208] #324

Merged
merged 4 commits into from
Feb 2, 2024
Merged

feat: replace micro-aes-gcm with @noble/chipers [SPMVP-6208] #324

merged 4 commits into from
Feb 2, 2024

Conversation

arielllin
Copy link
Contributor

@arielllin arielllin commented Feb 1, 2024
edited
Loading

Jira

https://storipress-media.atlassian.net/browse/SPMVP-6208

Purpose

micro-aes-gcm 已經停止維護,更換為 @noble/chipers,並確認付費文章有正常加解密

For who

  • reader-facing?
  • publisher-facing?
  • developer-facing?

How did you make it?

Production deployment notes

🎩 Tophat

Do a thorough 🎩. What is tophatting?

Consider testing:

  • Existing functionality which could break due to your changes (e.g. global changes)
  • New functionality being introduced. Ensure it meets intended behavior
  • All different permutations (flows, states, conditions, etc) that are possible
  • If you are modifying something which is used in multiple places, 🎩 all affected areas not just what you intend to change

🎩 Instructions

測試使用 D6RX98VXN 文章id 381 這篇文章

  1. 清除 local storage storipress-token
  2. 確認付費文章未顯示 ⭕
  3. 增加 local storage storipress-token 模擬已登入狀態
  4. 確認付費文章有顯示 ⭕

Related PRs

Checklist before requesting review

  • I have done a self-review of my own code (comment on code is not required but recommended)
  • I confirmed that I added review priority label (priority:high, priority:medium, ...)
  • I did the Tophat steps and confirm the feature is working
  • I have confirmed there is no issue reported by Static Analyzer (Please double check for custom class. For other issues, if you think it's ignorable, please add // eslint-ignore-next-line <rule name> on it)
  • I have confirmed there is no deepsource issue (if you think it's ignorable, please explain why and add a skipcq comment)
  • I confirmed that the unit test is passed (if you break it, please fix it in this PR)

Emoji Guide

For reviewers: Emojis can be added to comments to call out blocking versus non-blocking feedback.

E.g: Praise, minor suggestions, or clarifying questions that don’t block merging the PR.

🟢 Nice refactor!

🟡 Why was the default value removed?

E.g: Blocking feedback must be addressed before merging.

🔴 This change will break something important
Blocking 🔴 ❌ 🚨 RED
Non-blocking 🟡 💡 🤔 💭 Yellow, thinking, etc
Praise 🟢 💚 😍 👍 🙌 Green, hearts, positive emojis, etc

Gif (optional)

image

@arielllin arielllin requested a review from DanSnow February 1, 2024 02:40
arielllin
arielllin commented Feb 1, 2024
View reviewed changes
packages/karbon/src/runtime/composables/storipress-base-client.ts
return storipress
return storipress ?? storipressConfigCtx.use()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

這邊是修正取 storipress config 會 undefined 的問題

截圖 2024-02-01 上午10 42 11

DanSnow
DanSnow suggested changes Feb 1, 2024
View reviewed changes
packages/karbon/src/runtime/api/normalize-article.ts Outdated
@@ -73,6 +73,7 @@ export interface RawArticleLike {
export interface PaidContent {
content: string
key: string
iv: number[]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

這邊可以同樣做 base64 encode 與 decode 嗎?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

調整好了

packages/karbon/src/runtime/api/article.ts Outdated
const compactEncrypter = new CompactEncrypt(
Buffer.from(JSON.stringify({ id, plan, key: Buffer.from(key).toString('base64') })),
).setProtectedHeader({ enc: 'A256GCM', alg: 'dir' })
const encryptedKey = await compactEncrypter.encrypt(Buffer.from(storipress.encryptKey, 'base64'))
paidContent = {
key: encryptedKey,
content: Buffer.from(content).toString('base64'),
iv: Array.from(iv),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

可以參考 content 的方式做 base64 encode

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

調整好了

arielllin and others added 2 commits February 1, 2024 14:18
@arielllin
base64 encoded iv
3f94918
@deepsource-autofix
style: format code with Prettier
06790ab 
This commit fixes the style issues introduced in 3f94918 according to the output
from Prettier.

Details: #324
@arielllin arielllin requested a review from DanSnow February 1, 2024 06:19
@DanSnow DanSnow merged commit d78281e into main Feb 2, 2024
4 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@DanSnow DanSnow DanSnow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arielllin @DanSnow