Encryption

Author: penberg

Cargo.toml

@@ -10,7 +10,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-libsql = { version = "0.9.10" }
+libsql = { version = "0.9.10", features = ["encryption"] }
 napi = { version = "2", default-features = false, features = ["napi6", "tokio_rt", "async"] }
 napi-derive = "2"
 once_cell = "1.18.0"

index.d.ts

@@ -9,6 +9,8 @@ export interface Options {
   authToken?: string
   syncUrl?: string
   syncPeriod?: number
+  encryptionCipher?: string
+  encryptionKey?: string
 }
 export declare function databaseSyncSync(db: Database): SyncResult
 export declare function databasePrepareSync(db: Database, sql: string): Statement
@@ -34,11 +36,6 @@ export declare class Database {
   get memory(): boolean
   inTransaction(): boolean
   prepare(sql: string): Promise<Statement>
-  backup(): void
-  serialize(): void
-  function(): void
-  aggregate(): void
-  table(): void
   authorizer(rulesObj: object): void
   loadExtension(path: string, entryPoint?: string | undefined | null): void
   maxWriteReplicationIndex(): number

src/lib.rs

@@ -10,6 +10,7 @@ extern crate napi_derive;
 use napi::bindgen_prelude::{Array, FromNapiValue, ToNapiValue};
 use napi::{Env, JsUnknown, Result, ValueType};
 use once_cell::sync::OnceCell;
+use std::str::FromStr;
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::sync::Arc;
 use std::time::Duration;
@@ -167,6 +168,8 @@ pub struct Options {
     pub authToken: Option<String>,
     pub syncUrl: Option<String>,
     pub syncPeriod: Option<f64>,
+    pub encryptionCipher: Option<String>,
+    pub encryptionKey: Option<String>,
 }
 
 /// Database connection.
@@ -191,23 +194,45 @@ impl Database {
         ensure_logger();
         let rt = runtime()?;
         let remote = is_remote_path(&path);
-
         let db = if remote {
             let auth_token = opts
                 .as_ref()
                 .and_then(|o| o.authToken.as_ref())
                 .cloned()
                 .unwrap_or_default();
-
             let builder = libsql::Builder::new_remote(path.clone(), auth_token);
             rt.block_on(builder.build()).map_err(Error::from)?
         } else if let Some(options) = &opts {
             if let Some(sync_url) = &options.syncUrl {
                 let auth_token = options.authToken.as_ref().cloned().unwrap_or_default();
 
+                let encryption_cipher: String = opts
+                    .as_ref()
+                    .and_then(|o| o.encryptionCipher.as_ref())
+                    .cloned()
+                    .unwrap_or("aes256cbc".to_string());
+                let cipher = libsql::Cipher::from_str(&encryption_cipher).map_err(|_| {
+                    throw_sqlite_error(
+                        "Invalid encryption cipher".to_string(),
+                        "SQLITE_INVALID_ENCRYPTION_CIPHER".to_string(),
+                        0,
+                    )
+                })?;
+                let encryption_key = opts
+                    .as_ref()
+                    .and_then(|o| o.encryptionKey.as_ref())
+                    .cloned()
+                    .unwrap_or("".to_string());
+
                 let mut builder =
                     libsql::Builder::new_remote_replica(path.clone(), sync_url.clone(), auth_token);
 
+                if encryption_key.len() > 0 {
+                    let encryption_config =
+                        libsql::EncryptionConfig::new(cipher, encryption_key.into());
+                    builder = builder.encryption_config(encryption_config);
+                }
+
                 if let Some(period) = options.syncPeriod {
                     if period > 0.0 {
                         builder = builder.sync_interval(std::time::Duration::from_secs_f64(period));
@@ -349,22 +374,23 @@ impl Database {
 
         rt.block_on(async move {
             let conn = conn.lock().await;
-            
+
             // Enable extension loading
             conn.load_extension_enable().map_err(Error::from)?;
-            
+
             // Load the extension
             if let Err(err) = conn.load_extension(&path, entry_point.as_deref()) {
                 // Disable extension loading on error
                 let _ = conn.load_extension_disable();
                 return Err(Error::from(err));
             }
-            
+
             // Disable extension loading after successful load
             conn.load_extension_disable().map_err(Error::from)?;
-            
+
             Ok(())
-        }).map_err(|e| napi::Error::from(e))
+        })
+        .map_err(|e| napi::Error::from(e))
     }
 
     #[napi]