1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
<!--
- SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
<script setup lang="ts">
import type { OCSResponse } from '@nextcloud/typings/ocs'
import { showError, spawnDialog } from '@nextcloud/dialogs'
import { loadState } from '@nextcloud/initial-state'
import { t } from '@nextcloud/l10n'
import { confirmPassword } from '@nextcloud/password-confirmation'
import { generateOcsUrl } from '@nextcloud/router'
import { ref } from 'vue'
import { textExistingFilesNotEncrypted } from './sharedTexts.ts'
import axios from '@nextcloud/axios'
import logger from '../../logger.ts'
import NcCheckboxRadioSwitch from '@nextcloud/vue/components/NcCheckboxRadioSwitch'
import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
import NcSettingsSection from '@nextcloud/vue/components/NcSettingsSection'
import EncryptionWarningDialog from './EncryptionWarningDialog.vue'
interface EncryptionModule {
default?: boolean
displayName: string
}
const allEncryptionModules = loadState<never[]|Record<string, EncryptionModule>>('settings', 'encryption-modules')
/** Available encryption modules on the backend */
const encryptionModules = Array.isArray(allEncryptionModules) ? [] : Object.entries(allEncryptionModules).map(([id, module]) => ({ ...module, id }))
/** ID of the default encryption module */
const defaultCheckedModule = encryptionModules.find((module) => module.default)?.id
/** Is the server side encryptio ready to be enabled */
const encryptionReady = loadState<boolean>('settings', 'encryption-ready')
/** Are external backends enabled (legacy ownCloud stuff) */
const externalBackendsEnabled = loadState<boolean>('settings', 'external-backends-enabled')
/** URL to the admin docs */
const encryptionAdminDoc = loadState<string>('settings', 'encryption-admin-doc')
/** Is the encryption enabled */
const encryptionEnabled = ref(loadState<boolean>('settings', 'encryption-enabled'))
/** Loading state while enabling encryption (e.g. because the confirmation dialog is open) */
const loadingEncryptionState = ref(false)
/**
* Open the encryption-enabling warning (spawns a dialog)
* @param enabled The enabled state of encryption
*/
function displayWarning(enabled: boolean) {
if (loadingEncryptionState.value || enabled === false) {
return
}
loadingEncryptionState.value = true
spawnDialog(EncryptionWarningDialog, {}, async (confirmed) => {
try {
if (confirmed) {
await enableEncryption()
}
} finally {
loadingEncryptionState.value = false
}
})
}
/**
* Update an encryption setting on the backend
* @param key The setting to update
* @param value The new value
*/
async function update(key: string, value: string) {
await confirmPassword()
const url = generateOcsUrl('/apps/provisioning_api/api/v1/config/apps/{appId}/{key}', {
appId: 'core',
key,
})
try {
const { data } = await axios.post<OCSResponse>(url, {
value,
})
if (data.ocs.meta.status !== 'ok') {
throw new Error('Unsuccessful OCS response', { cause: data.ocs })
}
} catch (error) {
showError(t('settings', 'Unable to update server side encryption config'))
logger.error('Unable to update server side encryption config', { error })
return false
}
return true
}
/**
* Choose the default encryption module
*/
async function checkDefaultModule(): Promise<void> {
if (defaultCheckedModule) {
await update('default_encryption_module', defaultCheckedModule)
}
}
/**
* Enable encryption - sends an async POST request
*/
async function enableEncryption(): Promise<void> {
encryptionEnabled.value = await update('encryption_enabled', 'yes')
}
</script>
<template>
<NcSettingsSection :name="t('settings', 'Server-side encryption')"
:description="t('settings', 'Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')"
:doc-url="encryptionAdminDoc">
<NcNoteCard v-if="encryptionEnabled" type="info">
<p>
{{ textExistingFilesNotEncrypted }}
{{ t('settings', 'To encrypt all existing files run this OCC command:') }}
</p>
<code>
<pre>occ encryption:encrypt-all</pre>
</code>
</NcNoteCard>
<NcCheckboxRadioSwitch :class="{ disabled: encryptionEnabled }"
:checked="encryptionEnabled"
:aria-disabled="encryptionEnabled ? 'true' : undefined"
:aria-describedby="encryptionEnabled ? 'server-side-encryption-disable-hint' : undefined"
:loading="loadingEncryptionState"
type="switch"
@update:checked="displayWarning">
{{ t('settings', 'Enable server-side encryption') }}
</NcCheckboxRadioSwitch>
<p v-if="encryptionEnabled" id="server-side-encryption-disable-hint" class="disable-hint">
{{ t('settings', 'Disabling server side encryption is only possible using OCC, please refer to the documentation.') }}
</p>
<NcNoteCard v-if="encryptionModules.length === 0"
type="warning"
:text="t('settings', 'No encryption module loaded, please enable an encryption module in the app menu.')" />
<template v-else-if="encryptionEnabled">
<div v-if="encryptionReady && encryptionModules.length > 0">
<h3>{{ t('settings', 'Select default encryption module:') }}</h3>
<fieldset>
<NcCheckboxRadioSwitch v-for="module in encryptionModules"
:key="module.id"
:checked.sync="defaultCheckedModule"
:value="module.id"
type="radio"
name="default_encryption_module"
@update:checked="checkDefaultModule">
{{ module.displayName }}
</NcCheckboxRadioSwitch>
</fieldset>
</div>
<div v-else-if="externalBackendsEnabled">
{{
t(
'settings',
'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please enable the "Default encryption module" and run {command}',
{ command: '"occ encryption:migrate"' },
)
}}
</div>
</template>
</NcSettingsSection>
</template>
<style scoped>
code {
background-color: var(--color-background-dark);
color: var(--color-main-text);
display: block;
margin-block-start: 0.5rem;
padding: .25lh .5lh;
width: fit-content;
}
.disabled {
opacity: .75;
}
.disabled :deep(*) {
cursor: not-allowed !important;
}
.disable-hint {
color: var(--color-text-maxcontrast);
padding-inline-start: 10px;
}
</style>
|
