feat(crypto): phase 7.2 — encrypt storeless modules (questions, links, documents, meals)

Five storeless modules whose writes happen directly from view files (no central store yet) get the same encryption treatment by wrapping each .add/.update call site with encryptRecord and each read site with decryptRecord(s). Registry entries are also corrected to match the actual schemas — the previous Phase 1 placeholder names guessed the wrong field names. Registry corrections + flips ---------------------------- - meals: was ['description', 'notes', 'aiAnalysis'] → now ['description', 'portionSize'] (LocalMeal has neither notes nor aiAnalysis on the schema; portionSize is a short user label same sensitivity as description) - documents: was ['title', 'content', 'body'] → now ['title', 'content'] (LocalDocument uses content, no body column) - links: was ['title', 'description', 'targetUrl'] → now ['title', 'description']. originalUrl STAYS PLAINTEXT — the public redirect handler resolves shortCode → originalUrl on every click, encrypting it would force the redirect path to do an async decrypt before issuing the 302 - questions: was ['title', 'body', 'notes'] → now ['title', 'description'] (LocalQuestion uses description) - answers: was ['body'] → now ['content'] (LocalAnswer uses content) All five tables flipped to enabled:true. Write sites wrapped ------------------- Each call site builds the row/diff as a typed object, runs encryptRecord on it, then calls table.add / table.update: - questions/views/DetailView.svelte (saveField) - questions/[id]/+page.svelte (saveEdit + answer.add) - questions/new/+page.svelte (initial create) - uload/+page.svelte (createLink + saveEdit) - uload/views/DetailView.svelte (saveField) - context/documents/+page.svelte (handleCreateDocument) - context/documents/[id]/+page.svelte (handleSave with encrypted diff) - context/spaces/[id]/+page.svelte (handleCreateDocument) - nutriphi/add/+page.svelte (handleSubmit) Pure metadata writes (toggle pinned, toggle isActive, soft-delete via deletedAt) are intentionally NOT wrapped — they touch zero encrypted fields so encryptRecord would be a no-op anyway. Read sites decrypted -------------------- - questions/queries.ts: useAllQuestions, useAnswersByQuestion - questions/views/DetailView.svelte (liveQuery clone) - questions/ListView.svelte (Workbench) - uload/queries.ts: allLinks$, useAllLinks, useLinkById - uload/views/DetailView.svelte (liveQuery clone) - uload/ListView.svelte - uload/settings/+page.svelte (decrypts before serializing the JSON export — otherwise the user would download ciphertext) - context/queries.ts: useAllDocuments, useSpaceDocuments - context/ListView.svelte - cross-app-queries.useRecentDocuments (dashboard widget) - nutriphi/queries.ts: useAllMeals - nutriphi/ListView.svelte The cards/dashboard widget for nutrition only reads m.nutrition (the plaintext numeric breakdown), so it stays untouched. nutriphi/history benefits transparently because it consumes useAllMeals which now decrypts. Why --- Closes the second-tier plaintext gaps. The five tables flipped here were on the registry from day one but stuck behind enabled:false because no central store existed to hook into. Phase 7.2 takes the pragmatic approach of wrapping at each call site rather than blocking on a store extraction refactor — same end result for security, much smaller diff. A future store consolidation pass can collapse the duplication without changing the encryption surface. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-22 14:46:41 +02:00 · 2026-04-07 21:29:32 +02:00 · 2026-04-07 21:29:32 +02:00 · 40b7069eb0
commit 40b7069eb0
parent c875b4e966
20 changed files with 152 additions and 73 deletions
--- a/apps/mana/apps/web/src/lib/modules/context/ListView.svelte
+++ b/apps/mana/apps/web/src/lib/modules/context/ListView.svelte
@ -5,6 +5,7 @@
 <script lang="ts">
 	import { liveQuery } from 'dexie';
 	import { db } from '$lib/data/database';
+	import { decryptRecords } from '$lib/data/crypto';
 	import type { LocalContextSpace, LocalDocument } from './types';

 	let spaces = $state<LocalContextSpace[]>([]);
@ -24,10 +25,9 @@

 	$effect(() => {
 		const sub = liveQuery(async () => {
-			return db
-				.table<LocalDocument>('documents')
-				.toArray()
-				.then((all) => all.filter((d) => !d.deletedAt));
+			const all = await db.table<LocalDocument>('documents').toArray();
+			const visible = all.filter((d) => !d.deletedAt);
+			return decryptRecords('documents', visible);
 		}).subscribe((val) => {
 			documents = val ?? [];
 		});
--- a/apps/mana/apps/web/src/lib/modules/context/queries.ts
+++ b/apps/mana/apps/web/src/lib/modules/context/queries.ts
@ -8,6 +8,7 @@

 import { useLiveQueryWithDefault } from '@mana/local-store/svelte';
 import { db } from '$lib/data/database';
+import { decryptRecords } from '$lib/data/crypto';
 import type { LocalContextSpace, LocalDocument, Space, Document, DocumentType } from './types';

 // ─── Type Converters ──────────────────────────────────────
@ -60,8 +61,9 @@ export function useAllSpaces() {
 export function useAllDocuments() {
 	return useLiveQueryWithDefault(async () => {
 		const locals = await db.table<LocalDocument>('documents').toArray();
-		return locals
-			.filter((d) => !d.deletedAt)
+		const visible = locals.filter((d) => !d.deletedAt);
+		const decrypted = await decryptRecords('documents', visible);
+		return decrypted
 			.map(toDocument)
 			.sort((a, b) => new Date(b.updated_at).getTime() - new Date(a.updated_at).getTime());
 	}, [] as Document[]);
@ -75,8 +77,9 @@ export function useSpaceDocuments(spaceId: string) {
 			.where('spaceId')
 			.equals(spaceId)
 			.toArray();
-		return locals
-			.filter((d) => !d.deletedAt)
+		const visible = locals.filter((d) => !d.deletedAt);
+		const decrypted = await decryptRecords('documents', visible);
+		return decrypted
 			.map(toDocument)
 			.sort((a, b) => new Date(b.updated_at).getTime() - new Date(a.updated_at).getTime());
 	}, [] as Document[]);