Add encryption support and access privileges #2696
Conversation
馃 Changeset detectedLatest commit: 0f4f988 The changes in this PR will be included in the next version bump. This PR includes changesets to release 7 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
klimeryk
force-pushed
the
add/password-security
branch
from
494459f
to
5d9a8e9
Compare
|
|
||
| return Buffer.from(byteArray); | ||
| }; | ||
| import CryptoJS from 'crypto-js'; |
There was a problem hiding this comment.
I wonder how this change affects bundle size and what was the original reason for selective import done like that.
There was a problem hiding this comment.
Yeah, I tried digging in revision history, but it was introduced with the selective import in #1894. Upstream never used the selective import and imported the whole library from the beginning: foliojs/pdfkit#820. I'm guessing it's because the full/upstream security.js file uses extensively this library - CryptoJS.MD5, CryptoJS.RC4, CryptoJS.lib.WordArray, CryptoJS.SHA256, CryptoJS.AES. Whereas the simplified version (not supporting password protection) indeed just used CryptoJS.MD5, so the selective import might have made sense for that use case.
For completeness sake (so that the implications of this PR on the bundle size are known):
Current master
646,480 pdfkit.browser.cjs
644,160 pdfkit.browser.js
326,577 pdfkit.browser.min.cjs
325,782 pdfkit.browser.min.js
407,839 pdfkit.cjs
405,488 pdfkit.js
232,858 pdfkit.min.cjs
231,996 pdfkit.min.js
This branch/PR
683,846 pdfkit.browser.cjs
680,853 pdfkit.browser.js
343,476 pdfkit.browser.min.cjs
342,353 pdfkit.browser.min.js
445,176 pdfkit.cjs
442,171 pdfkit.js
249,962 pdfkit.min.cjs
248,604 pdfkit.min.js
So, 9% increase for pdfkit.js and 7.2% for pdfkit.min.js.
Based on foliojs/pdfkit#820 upstream Fixes diegomura#672
Syncs up with the upstream version at: https://github.com/foliojs/pdfkit/blob/5635f8a02135acae1a6c1b904af55afe05d0ab7e/lib/security.js
klimeryk
force-pushed
the
add/password-security
branch
from
5d9a8e9
to
cb2d168
Compare
|
Thanks for looking at the PR, @wojtekmaj! Sorry for the late follow-up - private life got in the way, but now I'm back and determined to see this PR through. I've addressed your comments and generated the changeset 馃檱 To be extra clear - I don't think this PR is ready to merge as-is. At the very least there's an issue with the fonts. There's links to generated PDF files in the description and my attempt at best describing the possible issue, but it might be best shown on screenshots: Production file, correct fonts
PR file, missing fonts
And there are indeed warnings from the Firefox internal PDF previewer: My guess is that these attachments/resources are not correctly encoded or decoded with the passwords/security logic introduced in this PR. I've double-checked the differences between the |
Hi, @diegomura! Love your library - I've been using it extensively at https://github.com/klimeryk/recalendar.js/ (https://recalendar.me/). I stumbled upon #672 and figured it was a great chance to contribute back :)
I've tried my best to bring over the changes from the upstream pdfkit version. Encryption was originally added in foliojs/pdfkit#820 there. It was mostly a straightforward update... except changes in
reference.js. Looks like that class has been fundamentally changed - upstream it uses internallyBuffer, while in react-pdf, the class extendsWriteableinstead.I've tried first keeping the changes to
reference.jsminimal (see 4376bcb). Most of the changes were easy to port - basically copy and paste. The only part I did not know was the changes infinalizeinreference.jshere. As a result, this was a partial success - non-encrypted PDFs look as before (good), you can generate a PDF that requires a password, the password is properly validated... but then the opened PDF is missing content. See this file: recalendar-password.pdf (password:secret)I've then tried just switching to upstream's
reference.js, especially seeing your intention of doing that from #2613. See 5d9a8e9. That looks more promising - the decrypted PDF has the text and almost looks perfect... except, for some reason, the font seems to be missing, so it looks off. See this file: recalendar-password2.pdf (password:secret)And this applies to both encrypted and non-encrypted generated PDFs. So I'm guessing there's some modification/customization, maybe in some other file that I missed that was done in this version of pdfkit that is not compatible with the upstream version of
reference.js? Unfortunately, I could not find it. I've tried also going back in history ofreference.js, but unfortunately these changes seems to be from before it was moved to monorepo and I cannot find the previous repository 馃槥I figured I'd create this PR for you to have a look, maybe something will spark a quick solution or hint from you. If not, I can continue digging 馃檱
Testing
I'm guessing you have your preferred ways of testing different use cases :) Enabling password protection simply boils down to passing
userPasswordwhen creating a new instance ofPDFDocumentlike so:To be on the safe side, I've also tried enabling all optional permissions, but that did not make a difference: