mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-16 09:39:39 +02:00
40b7069eb0
Five storeless modules whose writes happen directly from view files
(no central store yet) get the same encryption treatment by wrapping
each .add/.update call site with encryptRecord and each read site
with decryptRecord(s). Registry entries are also corrected to match
the actual schemas — the previous Phase 1 placeholder names guessed
the wrong field names.
Registry corrections + flips
----------------------------
- meals: was ['description', 'notes', 'aiAnalysis'] → now
['description', 'portionSize'] (LocalMeal has neither notes nor
aiAnalysis on the schema; portionSize is a short user label same
sensitivity as description)
- documents: was ['title', 'content', 'body'] → now
['title', 'content'] (LocalDocument uses content, no body column)
- links: was ['title', 'description', 'targetUrl'] → now
['title', 'description']. originalUrl STAYS PLAINTEXT — the
public redirect handler resolves shortCode → originalUrl on every
click, encrypting it would force the redirect path to do an async
decrypt before issuing the 302
- questions: was ['title', 'body', 'notes'] → now
['title', 'description'] (LocalQuestion uses description)
- answers: was ['body'] → now ['content'] (LocalAnswer uses content)
All five tables flipped to enabled:true.
Write sites wrapped
-------------------
Each call site builds the row/diff as a typed object, runs
encryptRecord on it, then calls table.add / table.update:
- questions/views/DetailView.svelte (saveField)
- questions/[id]/+page.svelte (saveEdit + answer.add)
- questions/new/+page.svelte (initial create)
- uload/+page.svelte (createLink + saveEdit)
- uload/views/DetailView.svelte (saveField)
- context/documents/+page.svelte (handleCreateDocument)
- context/documents/[id]/+page.svelte (handleSave with encrypted diff)
- context/spaces/[id]/+page.svelte (handleCreateDocument)
- nutriphi/add/+page.svelte (handleSubmit)
Pure metadata writes (toggle pinned, toggle isActive, soft-delete via
deletedAt) are intentionally NOT wrapped — they touch zero encrypted
fields so encryptRecord would be a no-op anyway.
Read sites decrypted
--------------------
- questions/queries.ts: useAllQuestions, useAnswersByQuestion
- questions/views/DetailView.svelte (liveQuery clone)
- questions/ListView.svelte (Workbench)
- uload/queries.ts: allLinks$, useAllLinks, useLinkById
- uload/views/DetailView.svelte (liveQuery clone)
- uload/ListView.svelte
- uload/settings/+page.svelte (decrypts before serializing the
JSON export — otherwise the user would download ciphertext)
- context/queries.ts: useAllDocuments, useSpaceDocuments
- context/ListView.svelte
- cross-app-queries.useRecentDocuments (dashboard widget)
- nutriphi/queries.ts: useAllMeals
- nutriphi/ListView.svelte
The cards/dashboard widget for nutrition only reads m.nutrition (the
plaintext numeric breakdown), so it stays untouched. nutriphi/history
benefits transparently because it consumes useAllMeals which now
decrypts.
Why
---
Closes the second-tier plaintext gaps. The five tables flipped here
were on the registry from day one but stuck behind enabled:false
because no central store existed to hook into. Phase 7.2 takes the
pragmatic approach of wrapping at each call site rather than blocking
on a store extraction refactor — same end result for security, much
smaller diff. A future store consolidation pass can collapse the
duplication without changing the encryption surface.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| documents | ||
| spaces | ||
| +page.svelte | ||