Feature/external chat #228
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conflicts: # app/Http/Controllers/AccessTokenController.php # app/Http/Controllers/AuthenticationController.php # app/Http/Controllers/InvitationController.php # app/Http/Controllers/ProfileController.php # app/Http/Controllers/RoomController.php # app/Http/Controllers/SearchController.php # app/Http/Controllers/StreamController.php # app/Models/Invitation.php # app/Models/Message.php # app/Models/Room.php # app/Providers/AppServiceProvider.php # app/Services/AI/AIConnectionService.php # bootstrap/app.php # composer.json # composer.lock # hawki # public/js_v2.0.1_f1/groupchat_functions.js # resources/views/layouts/home.blade.php # routes/web.php
…chat # Conflicts: # app/Http/Controllers/StreamController.php # app/Models/AiModelStatus.php # app/Providers/AppServiceProvider.php # app/Services/AI/Providers/AbstractRequest.php # app/Services/AI/Providers/Google/GoogleRequestConverter.php # app/Services/AI/Providers/Google/Request/GoogleStreamingRequest.php # app/Services/AI/Providers/OpenAi/Request/OpenAiStreamingRequest.php # app/Services/AI/Value/AiModel.php # config/model_providers.php # public/js_v2.0.1_f1/groupchat_functions.js # resources/views/layouts/home.blade.php
# Conflicts: # .env.example # app/Http/Controllers/AuthenticationController.php # app/Http/Controllers/EncryptionController.php # app/Http/Controllers/RoomController.php # app/Http/Controllers/StreamController.php # app/Models/AiModelStatus.php # app/Models/Message.php # app/Models/Room.php # app/Providers/AppServiceProvider.php # app/Services/Auth/LdapService.php # app/Services/Chat/Message/Handlers/GroupMessageHandler.php # app/Services/Chat/Room/Traits/RoomFunctions.php # app/Services/Chat/Room/Traits/RoomMembers.php # app/Services/Chat/Room/Traits/RoomMessages.php # composer.json # composer.lock # public/css_v2.1.0/apps_connect_style.css # public/js_v2.1.0/apps_confirm_functions.js # public/js_v2.1.0/encryption.js # public/js_v2.1.0/groupchat_functions.js # resources/views/layouts/home.blade.php # resources/views/modules/profile.blade.php
# Conflicts: # app/Http/Controllers/AuthenticationController.php # app/Http/Controllers/RoomController.php # app/Models/Message.php # app/Models/Room.php # app/Services/Chat/Message/Handlers/GroupMessageHandler.php # app/Services/Profile/ProfileService.php # composer.lock # public/js_v2.1.0/handshake_functions.js # routes/web.php
Co-authored-by: Neunerlei <[email protected]>
Co-authored-by: Neunerlei <[email protected]>
Co-authored-by: Neunerlei <[email protected]>
…-to-v2 # Conflicts: # package-lock.json # package.json
…-upload-size build: ensure file uploads up to 100MB (from PHP side)
…-cropperjs-to-v2 Migrate cropperjs from v1.6.2 to v2.1.0
…p-add-missing-braces fix(LDAP): add missing braces to closure
(cherry picked from commit e6bd8cf)
(cherry picked from commit 436ebad)
(cherry picked from commit 9a97fdf)
Co-authored-by: Copilot <[email protected]>
…cachebuster' into feat/Martin/implement-automatic-cachebuster
…ious-fixes-2.2.1 Fix/martin/various fixes 2.2.1
…plement-automatic-cachebuster feat: impelement automatic cache buster generation
# Conflicts: # app/Http/Controllers/AuthenticationController.php # app/Http/Controllers/LoginController.php # app/Providers/AppServiceProvider.php # app/Services/Profile/ProfileService.php # bootstrap/providers.php # composer.json # public/css/apps_connect_style.css # public/js/apps_confirm_functions.js # resources/views/layouts/home.blade.php # resources/views/layouts/login.blade.php # routes/web.php
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements external application integration support for the HAWKI platform, enabling third-party apps to connect and access user data through a secure authentication flow. The changes introduce a new keychain management system, sync logging infrastructure, and comprehensive API endpoints for external applications.
Key Changes
- Implements external app connection flow with user consent mechanisms
- Migrates from IndexedDB-based keychain to server-side storage with individual encrypted values
- Adds sync log system for incremental and full synchronization of data to clients
- Introduces storage proxy service for secure file access across internal and external contexts
Reviewed Changes
Copilot reviewed 292 out of 293 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| routes/web.php | Adds routes for external app authentication, storage proxy, sync endpoints, and keychain management |
| routes/api.php | Defines API endpoints for external apps with proper middleware protection |
| routes/channels.php | Adds broadcast channels for user-specific and all-users notifications |
| public/js/encryption.js | Refactors keychain from IndexedDB to server-synced encrypted values with hybrid encryption support |
| public/js/handshake_functions.js | Updates registration flow to use new server-side keychain initialization |
| app/Services/User/Keychain/* | Implements server-side keychain storage with encrypted value management |
| app/Services/SyncLog/* | Adds comprehensive sync log system for tracking data changes |
| app/Services/Storage/* | Refactors storage service with file info abstraction and proxy support |
| config/external_access.php | New configuration for external app access controls |
| database/migrations/* | Adds tables for app users, requests, keychain values, and sync logs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "confirm": { | ||
| "title": "Connect :appName to HAWKI", | ||
| "headline": "Allow connection to application \":appName\"?", | ||
| "description": "Hey :name! You was send to this page, because the application \":appName\" wants to connect to your HAWKI profile (:username). This will allow the application to access your messages and chats. Please only grant access to applications you trust.", |
There was a problem hiding this comment.
Corrected grammar: 'You was send' should be 'You were sent'.
| "confirm": { | ||
| "title": ":appName mit HAWKI verbinden", | ||
| "headline": "Verbindung zu Anwendung \":appName\" zulassen?", | ||
| "description": "Hey :name! Du bist auf dieser Seite gelandet, weil die Anwendung \":appName\" sich mit deinem HAWKI Profil (:username) verbinden möchte. Damit erlaubst du der Anwendung Zugriff auf deine Nachrichten und Chats. Bitte gib nur Anwendungen Zugriff denen du vertraust.", |
There was a problem hiding this comment.
Missing comma: 'Anwendungen Zugriff denen' should be 'Anwendungen Zugriff, denen' (comma before relative clause).
| PersonalAccessTokenRemovedEvent::dispatch($user, $token); | ||
| $token->delete(); | ||
| }); | ||
| $token->delete(); |
There was a problem hiding this comment.
Duplicate token deletion: The token is deleted both inside the each callback (line 45) and again on line 47, which will cause an error on the second deletion attempt since the tokens are already deleted.
| const roomKey = await keychainGet(slug); | ||
| const aiCryptoSalt = await fetchServerSalt('AI_CRYPTO_SALT'); | ||
| const aiKey = await deriveKey(roomKey, slug, aiCryptoSalt); | ||
| const legacyAiKey = await deriveKey('[object CryptoKey]', slug, aiCryptoSalt); |
There was a problem hiding this comment.
Hardcoded string '[object CryptoKey]' is used as a passkey for legacy key derivation. This appears to be a debugging artifact or incorrect implementation. The legacy AI key derivation should use an actual key value, not the string representation of an object.
| if ($name === 'mimeType') { | ||
| // @todo once PHP 8.4 is the baseline we can use the property hooks instead of the magic method | ||
| $extension = pathinfo($this->basename, PATHINFO_EXTENSION); | ||
| return [...($extension ? (new MimeTypes())->getMimeTypes($extension) : 'application/octet-stream')][0]; |
There was a problem hiding this comment.
Incorrect array spread syntax: When extension is empty/false, the spread operator tries to spread a string 'application/octet-stream', which will result in an array of individual characters. Should be: return $extension ? ((new MimeTypes())->getMimeTypes($extension)[0] ?? 'application/octet-stream') : 'application/octet-stream';
| * @param {string} privateKey | ||
| * @return {Promise<string>} The decrypted data | ||
| */ | ||
| async function decryptWithHybrid(ciphertext, privateKey) { |
There was a problem hiding this comment.
Unused function decryptWithHybrid.
|
|
||
| //#region Keychain Access | ||
|
|
||
| async function keychainSet(key, value, type = 'room_key') { |
There was a problem hiding this comment.
Unused function keychainSet.
|
|
||
| // Set the keychain value in IndexedDB | ||
| async function keychainSet(key, value, formatToJWK, backup = true) { | ||
| async function keychainGet(key, keyType = 'room_key') { |
There was a problem hiding this comment.
Unused function keychainGet.
|
|
||
| async function setPassKey(enteredKey){ | ||
| if(enteredKey === ''){ | ||
| async function setPassKey(enteredKey) { |
There was a problem hiding this comment.
Unused function setPassKey.
| throw new Error('Invalid hybrid ciphertext format'); | ||
| } | ||
|
|
||
| const passphrase = await decryptWithPrivateKey(ciphertext.passphrase, privateKey, true); |
There was a problem hiding this comment.
Superfluous argument passed to function decryptWithPrivateKey.
Neunerlei
force-pushed
the
development
branch
from
4fa4b89 to
3b6f16f
Compare
# Conflicts: # .env.example # _documentation/5-Deployment/5-Authentication.md # app/Services/Auth/ChainedAuthService.php # app/Utils/DecoratorTrait.php # config/hawki_version.json # public/js/encryption.js # resources/views/layouts/home.blade.php
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.