From 976a96e5e0e672f8cc20100fd85cee4176105862 Mon Sep 17 00:00:00 2001 From: inportb Date: Sat, 1 Oct 2022 06:24:32 -0400 Subject: [PATCH] Template filesystem --- htdocs/tplfs.mjs | 291 ++++++++++++++++++++++++++++++++++++++++++++++ htdocs/vistax.mjs | 29 +++++ main.py | 2 +- 3 files changed, 321 insertions(+), 1 deletion(-) create mode 100644 htdocs/tplfs.mjs diff --git a/htdocs/tplfs.mjs b/htdocs/tplfs.mjs new file mode 100644 index 0000000..c70d7ff --- /dev/null +++ b/htdocs/tplfs.mjs @@ -0,0 +1,291 @@ +function randstr(length, charset='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789') { + var res = '', i; + if((window.crypto) && (window.crypto.getRandomValues)) { + var values = new Uint32Array(length); + window.crypto.getRandomValues(values); + for(var i = 0; i < length; ++i) res += charset[values[i] % charset.length]; + } else for(var i = 0; i < length; ++i) res += charset[Math.floor(Math.random()*charset.length)]; + return res; +} + +function str_to_ab(str) { + var buf = new ArrayBuffer(str.length); + var bufview = new Uint8Array(buf); + for(var i = str.length - 1; i >= 0; --i) bufview[i] = str.charCodeAt(i); + return buf; +} + +function uint8array_to_b64(arr) { + return btoa(String.fromCharCode.apply(null, arr)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, ''); +} + +function b64_to_uint8array(b64) { + return Uint8Array.from(atob(b64.replace(/\-/g, '+').replace(/_/g, '/')), c => c.charCodeAt(null)); +} + +async function digest(algorithm, value) { + var buffer = str_to_ab(value); + return await window.crypto.subtle.digest(algorithm, str_to_ab(value)); +} + +export function randpassword() { + return randstr(64) + ':' + randstr(16); +} + +function TplFSError(...args) { + this.message = args; +} +TplFSError.prototype = Object.create(Error.prototype); + +function TplFSErrorNotFound(...args) { + this.message = args; +} +TplFSErrorNotFound.prototype = Object.create(TplFSError.prototype); + +function TplFSErrorPerm(...args) { + this.message = args; +} +TplFSErrorPerm.prototype = Object.create(TplFSError.prototype); + +function TplFSErrorInvalid(...args) { + this.message = args; +} +TplFSErrorInvalid.prototype = Object.create(TplFSError.prototype); + +export function TplFS(client, parent, desc) { + this.parent = parent; + this.desc = desc; + this.path = parent ? parent.path + '/' + desc.name : ''; + + async function lock(tries=5, delay=1000) { + var res = null; + for(var i = 1; i <= tries; ++i) { + if((res = await client.TIU_TEMPLATE_LOCK(desc.IEN)) == '1') break; + await new Promise(resolve => setTimeout(resolve, Math.pow(delay, i))); + } + return res; + } + + async function enumerate(ien) { + var res = [ien]; + var items = await client.TIU_TEMPLATE_GETITEMS(ien); + for(var i = items.length - 1; i >= 0; --i) Array.prototype.push.apply(res, await enumerate(items[i].IEN)); + return res; + } + + this.chroot = () => new TplFS(client, null, desc); + + this.list = async (filter=null) => { + var items = await client.TIU_TEMPLATE_GETITEMS(desc.IEN); + if(filter) items = items.filter(filter); + return items.map(x => new TplFS(client, this, x)); + }; + + this.open = async (path) => { + if((typeof path === 'string') || (path instanceof String)) path = path.split('/'); + if(((desc.type == 'C') || (desc.type == 'P')) && (path.length > 0)) { + var items = await client.TIU_TEMPLATE_GETITEMS(desc.IEN), name = path[0]; + var item = items.find(x => x.name == name); + if(item) { + if(path.length > 1) return (new TplFS(client, this, item)).open(path.slice(1)); + else return new TplFS(client, this, item); + } else throw new TplFSErrorNotFound('open', (this.path != '' ? this.path + '/' : '') + name, 'Directory not found'); + } else throw new TplFSErrorInvalid('open', (this.path != '' ? this.path + '/' : '') + path.join('/'), 'Invalid path'); + }; + + this.mkdir = async (path, tries=5, delay=1000) => { + if((typeof path === 'string') || (path instanceof String)) path = path.split('/'); + var node = this; + for(var i = 0; i < path.length; ++i) node = await node.raw_mkdir(path[i], tries, delay); + return node; + }; + + this.create = async (path, data, mkdir=false, tries=5, delay=1000) => { + if((typeof path === 'string') || (path instanceof String)) path = path.split('/'); + if(path.length > 1) return await (mkdir ? await this.mkdir(path.slice(0, -1), tries, delay) : await this.open(path.slice(0, -1))).create(path.slice(-1), data, tries, delay); + else if(path.length == 1) return await this.raw_create(path[0], data, tries, delay); + else throw new TplFSErrorInvalid('create', (this.path != '' ? this.path + '/' : '') + path.join('/'), 'Invalid path'); + }; + + this.remove = async (path, tries=5, delay=1000) => { + if((typeof path === 'string') || (path instanceof String)) path = path.split('/'); + if(path.length > 1) return await (await this.open(path.slice(0, -1))).remove(path.slice(-1), tries, delay); + else if(path.length == 1) return await this.raw_remove(path[0], tries, delay); + else throw new TplFSErrorInvalid('remove', (this.path != '' ? this.path + '/' : '') + path.join('/'), 'Invalid path'); + }; + + this.update = async (path, data) => { + if((typeof path === 'string') || (path instanceof String)) path = path.split('/'); + if(path.length > 0) return await (await this.open(path)).update([], data); + else return await this.raw_update(data); + }; + + this.cat = async (path=[]) => { + if((typeof path === 'string') || (path instanceof String)) path = path.split('/'); + if(path.length > 0) return await (await this.open(path)).raw_cat(); + else return await this.raw_cat(path[0]); + }; + + this.raw_mkdir = async (name, tries=5, delay=1000) => { + if((desc.type == 'C') || (desc.type == 'P')) { + if(name == '.') return this; + else if(name == '..') return this.parent ? this.parent : this; + if(await lock(tries, delay) == '1') try { + var items = await client.TIU_TEMPLATE_GETITEMS(desc.IEN); + var item = items.find(x => x.name == name); + if(item) return new TplFS(client, this, item); + var nodeid = await client.TIU_TEMPLATE_CREATE_MODIFY(0, { '.01': name, '.02': '@', '.03': 'C', '.04': 'I', '.05': '0', '.08': '0', '.09': '0', '.1': '0', '.11': '0', '.12': '0', '.13': '0', '.14': '0', '.15': '@', '.16': '0', '.17': '@', '.18': '@', '.19': '@', '.06': desc.personal_owner, '2,1': '@', '5,1': '@' }); + var nodes = (await client.TIU_TEMPLATE_GETITEMS(desc.IEN)).map(x => x.IEN); + nodes.push(nodeid); + await client.TIU_TEMPLATE_SET_ITEMS(desc.IEN, nodes); + nodeid = (await client.TIU_TEMPLATE_GETITEMS(desc.IEN)).find(x => (x.type == 'C') && (x.name == name)); + if(nodeid) return new TplFS(client, this, nodeid); + else throw new TplFSErrorPerm('mkdir', (this.path != '' ? this.path + '/' : '') + name, 'Failed to create directory'); + } finally { + await client.TIU_TEMPLATE_UNLOCK(desc.IEN); + } else throw new TplFSErrorPerm('mkdir', this.path, 'Failed to obtain lock'); + } else throw new TplFSErrorInvalid('mkdir', this.path, 'Not a directory'); + }; + + this.raw_create = async (name, data, tries=5, delay=1000) => { + if((desc.type == 'C') || (desc.type == 'P')) { + if((name == '.') || (name == '..')) throw new TplFSErrorInvalid('create', (this.path != '' ? this.path + '/' : '') + name, 'Invalid path'); + if(await lock(tries, delay) == '1') try { + var items = await client.TIU_TEMPLATE_GETITEMS(desc.IEN); + var item = items.find(x => x.name == name); + if((item) && (item.type != 'T')) throw new TplFSErrorInvalid('create', (this.path != '' ? this.path + '/' : '') + name, 'Not a file'); + var nodeid = await client.TIU_TEMPLATE_CREATE_MODIFY(item && item.IEN ? item.IEN : 0, { '.01': name, '.02': '@', '.03': 'T', '.04': 'I', '.05': '0', '.08': '0', '.09': '0', '.1': '0', '.11': '0', '.12': '0', '.13': '0', '.14': '0', '.15': '@', '.16': '0', '.17': '@', '.18': '@', '.19': '@', '.06': desc.personal_owner, '2,1,0': data, '5,1,0': 'TplFS' }); + if((item) && (item.IEN == nodeid)) return new TplFS(client, this, item); + var nodes = items.map(x => x.IEN); + nodes.push(nodeid); + await client.TIU_TEMPLATE_SET_ITEMS(desc.IEN, nodes); + item = (await client.TIU_TEMPLATE_GETITEMS(desc.IEN)).find(x => (x.type == 'T') && (x.name == name)); + if(item) return new TplFS(client, this, item); + else throw new TplFSErrorPerm('create', (this.path != '' ? this.path + '/' : '') + name, 'Failed to create file'); + } finally { + await client.TIU_TEMPLATE_UNLOCK(desc.IEN); + } else throw new TplFSErrorPerm('create', this.path, 'Failed to obtain lock'); + } else throw new TplFSErrorInvalid('create', this.path, 'Not a directory'); + }; + + this.raw_remove = async (name, tries=5, delay=1000) => { + if((desc.type == 'C') || (desc.type == 'P')) { + if((name == '.') || (name == '..')) throw new TplFSErrorInvalid('remove', (this.path != '' ? this.path + '/' : '') + name, 'Invalid path'); + var garbage = null; + if(await lock(tries, delay) == '1') try { + var items = await client.TIU_TEMPLATE_GETITEMS(desc.IEN); + var item = items.find(x => x.name == name); + if(item) { + garbage = await enumerate(item.IEN); + items.splice(items.indexOf(item), 1); + await client.TIU_TEMPLATE_SET_ITEMS(desc.IEN, items.map(x => x.IEN)); + } + } finally { + await client.TIU_TEMPLATE_UNLOCK(desc.IEN); + if(garbage) return await client.TIU_TEMPLATE_DELETE(garbage); + } else throw new TplFSErrorPerm('remove', this.path, 'Failed to obtain lock'); + } else throw new TplFSErrorInvalid('remove', this.path, 'Not a directory'); + }; + + this.raw_update = async (data) => { + if(desc.type == 'T') { + await client.TIU_TEMPLATE_CREATE_MODIFY(desc.IEN, { '.01': desc.name, '.02': '@', '.03': 'T', '.04': 'I', '.05': '0', '.08': '0', '.09': '0', '.1': '0', '.11': '0', '.12': '0', '.13': '0', '.14': '0', '.15': '@', '.16': '0', '.17': '@', '.18': '@', '.19': '@', '.06': desc.personal_owner, '2,1,0': data, '5,1,0': 'TplFS' }); + return this; + } else throw new TplFSErrorInvalid('update', this.path, 'Not a file'); + }; + + this.raw_cat = async () => { + if(desc.type == 'T') return await client.TIU_TEMPLATE_GETBOIL(desc.IEN); + else throw new TplFSErrorInvalid('retrieve', this.path, 'Not a file'); + }; + + this.raw_list = () => client.TIU_TEMPLATE_GETITEMS(desc.IEN); + + this.raw_open = (child) => new TplFS(client, this, child); + + return this; +} + +TplFS.fromUser = async function(client, user_ien=null) { + if(!user_ien) user_ien = (await client.userinfo()).result[0]; + return new TplFS(client, null, (await client.TIU_TEMPLATE_GETPROOT(user_ien))[0]); +}; + +export function EncFS(fs, data_encrypt, data_decrypt, path_encrypt, path_decrypt) { + this.fs = fs; + if(fs.path) path_decrypt(fs.path).then(value => this.path = value); + + this.list = async (filter=null) => (await fs.list(filter)).map(x => new EncFS(x, data_encrypt, data_decrypt, path_encrypt, path_decrypt)); + this.open = async (path) => new EncFS(await fs.open(await path_encrypt(path)), data_encrypt, data_decrypt, path_encrypt, path_decrypt); + this.mkdir = async (path, tries=5, delay=1000) => new EncFS(await fs.mkdir(await path_encrypt(path), tries=5, delay=1000), data_encrypt, data_decrypt, path_encrypt, path_decrypt); + this.create = async (path, data, mkdir=false, tries=5, delay=1000) => new EncFS(await fs.create(await path_encrypt(path), await data_encrypt(data), mkdir=false, tries=5, delay=1000), data_encrypt, data_decrypt, path_encrypt, path_decrypt); + this.remove = async (path, tries=5, delay=1000) => await fs.remove(await path_encrypt(path), tries=5, delay=1000); + this.update = async (path, data) => new EncFS(await fs.update(await path_encrypt(path), await data_encrypt(data)), data_encrypt, data_decrypt, path_encrypt, path_decrypt); + this.cat = async (path) => await data_decrypt(await fs.cat(await path_encrypt(path))); +} +EncFS.fromPassword = async function(fs, password) { + var password_salt = password.split(':'); + var key_pbkdf2 = await window.crypto.subtle.importKey('raw', str_to_ab(password_salt[0]), 'PBKDF2', false, ['deriveKey']); + var salt = new Uint8Array(str_to_ab(password_salt[1])); + var key_aes_gcm = await window.crypto.subtle.deriveKey( + { + name: 'PBKDF2', + salt: salt, + iterations: 250000, + hash: 'SHA-256', + }, + key_pbkdf2, + { name: 'AES-GCM', length: 256 }, + false, + ['encrypt', 'decrypt'] + ); + async function data_encrypt(data) { + var iv = window.crypto.getRandomValues(new Uint8Array(12)); + var ciphertextbuf = await window.crypto.subtle.encrypt({ name: 'AES-GCM', iv: iv }, key_aes_gcm, str_to_ab(data)); + var res = new Uint8Array(iv.byteLength + ciphertextbuf.byteLength); + res.set(iv, 0); + res.set(new Uint8Array(ciphertextbuf), iv.byteLength); + return uint8array_to_b64(res); + } + async function data_decrypt(data) { + var ciphertextarr = b64_to_uint8array(data); + var res = await window.crypto.subtle.decrypt({ name: 'AES-GCM', iv: ciphertextarr.slice(0, 12) }, key_aes_gcm, ciphertextarr.slice(12)); + return String.fromCharCode.apply(null, new Uint8Array(res)); + } + var key_aes_ctr = await window.crypto.subtle.deriveKey( + { + name: 'PBKDF2', + salt: salt, + iterations: 250000, + hash: 'SHA-256', + }, + key_pbkdf2, + { name: 'AES-CTR', length: 256 }, + false, + ['encrypt', 'decrypt'] + ); + var key_hmac = await window.crypto.subtle.importKey('raw', str_to_ab(password_salt[0]), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign', 'verify']); + async function path_component_encrypt(data) { + var counter = (await window.crypto.subtle.sign({ name: 'HMAC' }, key_hmac, str_to_ab(data))).slice(0, 16); + var ciphertextbuf = await window.crypto.subtle.encrypt({ name: 'AES-CTR', counter: counter, length: 128 }, key_aes_ctr, str_to_ab(data)); + var res = new Uint8Array(counter.byteLength + ciphertextbuf.byteLength); + res.set(new Uint8Array(counter), 0); + res.set(new Uint8Array(ciphertextbuf), counter.byteLength); + return uint8array_to_b64(res); + } + async function path_component_decrypt(data) { + var ciphertextarr = b64_to_uint8array(data); + var res = await window.crypto.subtle.decrypt({ name: 'AES-CTR', counter: ciphertextarr.slice(0, 16), length: 128 }, key_aes_ctr, ciphertextarr.slice(16)); + return String.fromCharCode.apply(null, new Uint8Array(res)); + } + async function path_encrypt(data) { + return (await Promise.all(data.split('/').map(x => path_component_encrypt(x)))).join('/'); + } + async function path_decrypt(data) { + if(data.startsWith('/')) return '/' + await path_decrypt(data.replace(/^\/+/g, '')); + return (await Promise.all(data.split('/').map(x => path_component_decrypt(x)))).join('/'); + } + return new EncFS((await fs.mkdir('ZZZE ' + uint8array_to_b64(new Uint8Array(await digest('SHA-1', password))))).chroot(), data_encrypt, data_decrypt, path_encrypt, path_decrypt); +}; + +export default window.tplfs = { TplFS, EncFS, randpassword }; diff --git a/htdocs/vistax.mjs b/htdocs/vistax.mjs index 21d2da7..2534344 100644 --- a/htdocs/vistax.mjs +++ b/htdocs/vistax.mjs @@ -3,6 +3,7 @@ import { reactive, watch } from 'vue'; import vista from './vista.mjs'; import cookie from './cookie.mjs'; import { lab_parse, lab_reparse_results, measurement_parse, order_parse } from './reportparser.mjs'; +import { TplFS, EncFS, randpassword as tplfs_randpassword } from './tplfs.mjs'; export const state = reactive(cookie.get('state') ? JSON.parse(cookie.get('state')) : {}); if((!state.secret) && (cookie.get('secret'))) state.resources = cookie.get('secret'); @@ -54,6 +55,20 @@ export function converted_boolean(fn, columns=null) { } } +export function parsed_nullarray(fn) { + return async function(...args) { + var res = await fn(...args); + return res !== '' ? res : []; + } +} + +export function parsed_text(fn) { + return async function(...args) { + var res = await fn(...args); + return res !== '' ? res.join('\r\n') : res; + } +} + export function caretseparated(fn, columns=null) { return async function(...args) { if(columns) return (await fn(...args)).map(function(row) { @@ -136,6 +151,10 @@ export function Client(cid, secret) { this.userinfo = () => vista.userinfo(cid); this.authenticate = (avcode=null) => vista.authenticate(cid, avcode); + if(!state.encfs) state.encfs = tplfs_randpassword(); + this.tplfs = async () => this._tplfs ? this._tplfs : (this._tplfs = await TplFS.fromUser(this, (await this.userinfo()).result[0])); + this.encfs = async () => this._encfs ? this._encfs : (this._encfs = await EncFS.fromPassword(await this.tplfs(), state.encfs)); + this.XWB_IM_HERE = unwrapped(logged(() => this.call('XWB_IM_HERE'), 'XWB_IM_HERE')); this.XUS_INTRO_MSG = memoized(unwrapped(logged(() => this.callctx(['XUCOMMAND'], 'XUS_INTRO_MSG'), 'XUS_INTRO_MSG'))); @@ -165,6 +184,16 @@ export function Client(cid, secret) { this.ORWORR_AGET = memoized(caretseparated(sliced(unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'ORWORR_AGET', ...args), 'ORWORR_AGET')), 1), ['ifn', 'dgrp', 'time'])); this.ORWORR_GET4LST = memoized(orderparsed(unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'ORWORR_GET4LST', ...args), 'ORWORR_GET4LST')))); + this.TIU_TEMPLATE_GETROOTS = caretseparated(unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_GETROOTS', ...args), 'TIU_TEMPLATE_GETROOTS')), ['IEN', 'type', 'status', 'name', 'exclude_from_group_boilerplate', 'blank_lines', 'personal_owner', 'has_children_flag', 'dialog', 'display_only', 'first_line', 'one_item_only', 'hide_dialog_items', 'hide_tree_items', 'indent_items', 'reminder_dialog_ien', 'reminder_dialog_name', 'locked', 'com_object_pointer', 'com_object_parameter', 'link_pointer', 'reminder_dialog_patient_specific_value']); + this.TIU_TEMPLATE_GETPROOT = caretseparated(unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_GETPROOT', ...args), 'TIU_TEMPLATE_GETPROOT')), ['IEN', 'type', 'status', 'name', 'exclude_from_group_boilerplate', 'blank_lines', 'personal_owner', 'has_children_flag', 'dialog', 'display_only', 'first_line', 'one_item_only', 'hide_dialog_items', 'hide_tree_items', 'indent_items', 'reminder_dialog_ien', 'reminder_dialog_name', 'locked', 'com_object_pointer', 'com_object_parameter', 'link_pointer', 'reminder_dialog_patient_specific_value']); + this.TIU_TEMPLATE_GETBOIL = parsed_text(unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_GETBOIL', ...args), 'TIU_TEMPLATE_GETBOIL'))); + this.TIU_TEMPLATE_GETITEMS = caretseparated(parsed_nullarray(unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_GETITEMS', ...args), 'TIU_TEMPLATE_GETITEMS'))), ['IEN', 'type', 'status', 'name', 'exclude_from_group_boilerplate', 'blank_lines', 'personal_owner', 'has_children_flag', 'dialog', 'display_only', 'first_line', 'one_item_only', 'hide_dialog_items', 'hide_tree_items', 'indent_items', 'reminder_dialog_ien', 'reminder_dialog_name', 'locked', 'com_object_pointer', 'com_object_parameter', 'link_pointer', 'reminder_dialog_patient_specific_value']); + this.TIU_TEMPLATE_SET_ITEMS = unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_SET_ITEMS', ...args), 'TIU_TEMPLATE_SET_ITEMS')); + this.TIU_TEMPLATE_CREATE_MODIFY = unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_CREATE/MODIFY', ...args), 'TIU_TEMPLATE_CREATE/MODIFY')); + this.TIU_TEMPLATE_DELETE = unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_DELETE', ...args), 'TIU_TEMPLATE_DELETE')); + this.TIU_TEMPLATE_LOCK = unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_LOCK', ...args), 'TIU_TEMPLATE_LOCK')); + this.TIU_TEMPLATE_UNLOCK = unwrapped(logged((...args) => this.callctx(['OR CPRS GUI CHART'], 'TIU_TEMPLATE_UNLOCK', ...args), 'TIU_TEMPLATE_UNLOCK')); + return this; } Client._registry = {}; diff --git a/main.py b/main.py index 25053e9..ae887a7 100644 --- a/main.py +++ b/main.py @@ -30,7 +30,7 @@ class CacheProxyRPC(util.CacheProxy): persistent = util.Store().memo if volatile is None: volatile = util.Store().memo - self._cache(('__call__', 'close', 'authenticate', 'keepalive', 'XWB_CREATE_CONTEXT', 'XWB_IM_HERE'), None) + self._cache(('__call__', 'close', 'authenticate', 'keepalive', 'XWB_CREATE_CONTEXT', 'XWB_IM_HERE', 'TIU_TEMPLATE_GETROOTS', 'TIU_TEMPLATE_GETPROOT', 'TIU_TEMPLATE_GETBOIL', 'TIU_TEMPLATE_GET_DESCRIPTION', 'TIU_TEMPLATE_GETITEMS', 'TIU_TEMPLATE_SET ITEMS', 'TIU_TEMPLATE_CREATE/MODIFY', 'TIU_TEMPLATE_DELETE', 'TIU_TEMPLATE_LOCK', 'TIU_TEMPLATE_UNLOCK'), None) self._cache(('SDEC_RESOURCE', 'ORWLRR_ALLTESTS_ALL', 'ORWORDG_ALLTREE', 'ORWORDG_REVSTS'), persistent, prefix=prefix, ttl=float('inf')) self._cache(('XWB_GET_BROKER_INFO', 'XUS_INTRO_MSG'), volatile, prefix=prefix, ttl=float('inf')) self._cache(None, volatile, prefix=prefix, ttl=float('-inf'))