session-desktop/ts/session/crypto/DecryptedAttachmentsManager.ts

/**
 * This file handles attachments for us.
 * If the attachment filepath is an encrypted one. It will decrypt it, cache it, and return the blob url to it.
 * An interval is run from time to time to cleanup old blobs loaded and not needed anymore (based on last access timestamp).
 *
 *
 */

import toArrayBuffer from 'to-arraybuffer';
import * as fse from 'fs-extra';
import { decryptAttachmentBuffer } from '../../types/Attachment';
import { HOURS } from '../utils/Number';

// FIXME.
// add a way to remove the blob when the attachment file path is removed (message removed?)
// do not hardcode the password
const urlToDecryptedBlobMap = new Map<string, { decrypted: string; lastAccessTimestamp: number }>();

export const cleanUpOldDecryptedMedias = () => {
  const currentTimestamp = Date.now();
  let countCleaned = 0;
  let countKept = 0;
  window.log.info('Starting cleaning of medias blobs...');
  for (const iterator of urlToDecryptedBlobMap) {
    // if the last access is older than one hour, revoke the url and remove it.
    if (iterator[1].lastAccessTimestamp < currentTimestamp - HOURS * 1) {
      URL.revokeObjectURL(iterator[1].decrypted);
      urlToDecryptedBlobMap.delete(iterator[0]);
      countCleaned++;
    } else {
      countKept++;
    }
  }
  window.log.info(`Clean medias blobs: cleaned/kept: ${countCleaned}:${countKept}`);
};

export const getDecryptedMediaUrl = async (url: string, contentType: string): Promise<string> => {
  if (!url) {
    return url;
  }
  if (url.startsWith('blob:')) {
    return url;
  } else if (
    window.Signal.Migrations.attachmentsPath &&
    url.startsWith(window.Signal.Migrations.attachmentsPath)
  ) {
    // this is a file encoded by session on our current attachments path.
    // we consider the file is encrypted.
    // if it's not, the hook caller has to fallback to setting the img src as an url to the file instead and load it
    if (urlToDecryptedBlobMap.has(url)) {
      // refresh the last access timestamp so we keep the one being currently in use
      const existingObjUrl = urlToDecryptedBlobMap.get(url)?.decrypted as string;

      urlToDecryptedBlobMap.set(url, {
        decrypted: existingObjUrl,
        lastAccessTimestamp: Date.now(),
      });
      // typescript does not realize that the has above makes sure the get is not undefined

      return existingObjUrl;
    } else {
      const encryptedFileContent = await fse.readFile(url);
      const decryptedContent = await decryptAttachmentBuffer(toArrayBuffer(encryptedFileContent));
      if (decryptedContent?.length) {
        const arrayBuffer = decryptedContent.buffer;
        const { makeObjectUrl } = window.Signal.Types.VisualAttachment;
        const obj = makeObjectUrl(arrayBuffer, contentType);

        if (!urlToDecryptedBlobMap.has(url)) {
          urlToDecryptedBlobMap.set(url, {
            decrypted: obj,
            lastAccessTimestamp: Date.now(),
          });
        }
        return obj;
      } else {
        // failed to decrypt, fallback to url image loading
        // it might be a media we received before the update encrypting attachments locally.
        return url;
      }
    }
  } else {
    // Not sure what we got here. Just return the file.

    return url;
  }
};