joplock

vrr/joplock

Fork 0

mirror of https://github.com/abort-retry-ignore/joplock.git synced 2026-05-23 04:28:34 +00:00

Commit graph

Author	SHA1	Message	Date
igor	512824693c	enforce vault note encryption at Joplin Server proxy layer Some checks failed Build and push Joplock image / build-and-push (push) Has been cancelled Details - add app/proxy/vaultProxyGuard.js: inspects proxied note writes and deletes before forwarding to upstream Joplin Server - covers single PUT /api/items/root:/<id>.md:/content, batch PUT /api/batch_items, single DELETE, and batch DELETE - rejects with 403 when a vault note body lacks the encrypted marker, or when a vault note is deleted via the sync proxy - bodies over 10 MB stream through without inspection (resource blobs) - unauthenticated requests stream through (upstream handles 401) - wire guard into createServer.js proxy entry point; replay buffered body via Readable.from() on allow - 34 new unit tests, all 394 tests passing	2026-05-21 16:09:09 +12:00

Author

SHA1

Message

Date

igor

512824693c

enforce vault note encryption at Joplin Server proxy layer

Build and push Joplock image / build-and-push (push) Has been cancelled

Details

- add app/proxy/vaultProxyGuard.js: inspects proxied note writes and
  deletes before forwarding to upstream Joplin Server
- covers single PUT /api/items/root:/<id>.md:/content, batch PUT
  /api/batch_items, single DELETE, and batch DELETE
- rejects with 403 when a vault note body lacks the encrypted marker,
  or when a vault note is deleted via the sync proxy
- bodies over 10 MB stream through without inspection (resource blobs)
- unauthenticated requests stream through (upstream handles 401)
- wire guard into createServer.js proxy entry point; replay buffered
  body via Readable.from() on allow
- 34 new unit tests, all 394 tests passing

2026-05-21 16:09:09 +12:00

1 commit