feat(rtc): generate salt and encrypt-key when create-db-graph

src/main/frontend/components/repo.cljs

@@ -479,7 +479,7 @@
                          (notification/show! [:p "Password and password confirmation do not match!"] :warning false)
                          (do
                            (reset! *creating-db? true)
-                           (p/let [repo (repo-handler/new-db! @*graph-name {:password @*password})]
+                           (p/let [repo (repo-handler/new-db! @*graph-name {:rtc-e2ee-password @*password})]
                              (when @*cloud?
                                (->
                                 (p/do

src/main/frontend/handler/repo.cljs

@@ -189,13 +189,14 @@
   (let [full-graph-name (string/lower-case (str config/db-version-prefix graph-name))]
     (some #(= (some-> (:url %) string/lower-case) full-graph-name) (state/get-repos))))
 
-(defn- create-db [full-graph-name {:keys [file-graph-import? password]}]
+(defn- create-db [full-graph-name {:keys [file-graph-import? rtc-e2ee-password]}]
   (->
    (p/let [config (common-config/create-config-for-db-graph config/config-default-content)
            _ (persist-db/<new full-graph-name
                               (cond-> {:config config
                                        :graph-git-sha config/revision}
-                                file-graph-import? (assoc :import-type :file-graph)))
+                                file-graph-import? (assoc :import-type :file-graph)
+                                rtc-e2ee-password (assoc :rtc-e2ee-password rtc-e2ee-password)))
            _ (start-repo-db-if-not-exists! full-graph-name)
            _ (state/add-repo! {:url full-graph-name :root (config/get-local-dir full-graph-name)})
            _ (restore-and-setup-repo! full-graph-name {:file-graph-import? file-graph-import?})

src/main/frontend/worker/db_worker.cljs

@@ -30,6 +30,7 @@
             [frontend.worker.rtc.client-op :as client-op]
             [frontend.worker.rtc.core :as rtc.core]
             [frontend.worker.rtc.db-listener]
+            [frontend.worker.rtc.encrypt :as rtc-encrypt]
             [frontend.worker.rtc.migrate :as rtc-migrate]
             [frontend.worker.search :as search]
             [frontend.worker.shared-service :as shared-service]
@@ -260,8 +261,8 @@
       (ldb/transact! datascript-conn [{:db/ident :logseq.kv/graph-last-gc-at
                                        :kv/value (common-util/time-ms)}]))))
 
-(defn- create-or-open-db!
-  [repo {:keys [config datoms] :as opts}]
+(defn- <create-or-open-db!
+  [repo {:keys [config datoms rtc-e2ee-password] :as opts}]
   (when-not (worker-state/get-sqlite-conn repo)
     (p/let [[db search-db client-ops-db :as dbs] (get-dbs repo)
             storage (new-sqlite-storage db)
@@ -301,15 +302,12 @@
                 initial-data (sqlite-create-graph/build-db-initial-data
                               config (select-keys opts [:import-type :graph-git-sha]))]
             (ldb/transact! conn initial-data {:initial-db? true})))
+          (let [migration-result (db-migrate/migrate conn)]
+            (when (client-op/rtc-db-graph? repo)
+              (let [client-ops (rtc-migrate/migration-results=>client-ops migration-result)]
+                (client-op/add-ops! repo client-ops))))
 
-        (gc-sqlite-dbs! db client-ops-db conn {})
-
-        (let [migration-result (db-migrate/migrate conn)]
-          (when (client-op/rtc-db-graph? repo)
-            (let [client-ops (rtc-migrate/migration-results=>client-ops migration-result)]
-              (client-op/add-ops! repo client-ops))))
-
-        (db-listener/listen-db-changes! repo (get @*datascript-conns repo))))))
+          (db-listener/listen-db-changes! repo (get @*datascript-conns repo)))))))
 
 (defn- iter->vec [iter']
   (when iter'
@@ -414,7 +412,7 @@
    (when close-other-db?
      (close-other-dbs! repo))
    (when @shared-service/*master-client?
-     (create-or-open-db! repo (dissoc opts :close-other-db?)))
+     (<create-or-open-db! repo (dissoc opts :close-other-db?)))
    nil))
 
 (def-thread-api :thread-api/create-or-open-db

src/main/frontend/worker/rtc/encrypt.cljs

@@ -35,14 +35,15 @@
   [repo]
   (<get-item (graph-encrypt-key-idb-key repo)))
 
-(defn <set-encrypt-key!
+(defn- <set-encrypt-key!
   [repo k]
   (assert (instance? js/CryptoKey k))
   (<set-item! (graph-encrypt-key-idb-key repo) k))
 
-(defn <remove-encrypt-key!
-  [repo]
-  (<remove-item! (graph-encrypt-key-idb-key repo)))
+(comment
+  (defn <remove-encrypt-key!
+    [repo]
+    (<remove-item! (graph-encrypt-key-idb-key repo))))
 
 (defn- array-buffer->base64 [buffer]
   (let [binary (apply str (map js/String.fromCharCode (js/Uint8Array. buffer)))]
@@ -82,6 +83,14 @@
      false
      #js ["encrypt" "decrypt"])))
 
+(defn <persist-encrypt-key!
+  [repo salt password]
+  (p/let [encrypt-key (<salt+password->key salt password)
+          encrypt-key' (<get-encrypt-key repo)
+          _ (assert (nil? encrypt-key'))
+          _ (<set-encrypt-key! repo encrypt-key)]
+    nil))
+
 (defn- <encrypt-text
   [key' plaintext]
   (p/let [iv (js/crypto.getRandomValues (js/Uint8Array. 12))
@@ -152,14 +161,6 @@
          m)))
    (p/promise m) encrypt-attr-set))
 
-(def-thread-api :thread-api/generate&persist-encrypt-key
-  [repo salt password]
-  (p/let [encrypt-key (<salt+password->key salt password)
-          encrypt-key' (<get-encrypt-key repo)
-          _ (assert (nil? encrypt-key'))
-          _ (<set-encrypt-key! repo encrypt-key)]
-    nil))
-
 (comment
   (->
    (p/let [salt (js/crypto.getRandomValues (js/Uint8Array. 16))

src/main/frontend/worker/rtc/full_upload_download_graph.cljs

@@ -146,7 +146,6 @@
 (defn new-task--upload-graph
   [get-ws-create-task repo conn remote-graph-name major-schema-version]
   (m/sp
-    (ldb/transact! conn [(ldb/kv :logseq.kv/graph-rtc-encrypt-salt (rtc-encrypt/gen-salt))])
     (rtc-log-and-state/rtc-log :rtc.log/upload {:sub-type :fetching-presigned-put-url
                                                 :message "fetching presigned put-url"})
     (let [[{:keys [url key]} all-blocks-str]