djoka/bentopdf
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

feat(pdf): implement qpdf-wasm for secure encryption/decryption

Browse Source 
- Replace PDFKit with qpdf-wasm for more robust and secure PDF encryption/decryption
- Add support for owner password and granular permission controls
- Improve UI with better security explanations and options
This commit is contained in:
abdullahalam123
2025-10-24 00:11:18 +05:30
parent be6c15fef2
commit 466646d15b
4 changed files with 294 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
src/js/logic/encrypt.ts
View File

@@ -1,86 +1,140 @@
import { showLoader, hideLoader, showAlert } from '../ui.js';
import { downloadFile, readFileAsArrayBuffer } from '../utils/helpers.js';
import { state } from '../state.js';
import PDFDocument from 'pdfkit/js/pdfkit.standalone';
import blobStream from 'blob-stream';
import * as pdfjsLib from 'pdfjs-dist';
import createModule from '@neslinesli93/qpdf-wasm';
let qpdfInstance: any = null;
async function initializeQpdf() {
if (qpdfInstance) {
return qpdfInstance;
}
showLoader('Initializing encryption engine...');
try {
qpdfInstance = await createModule({
locateFile: () => '/qpdf.wasm',
});
} catch (error) {
console.error('Failed to initialize qpdf-wasm:', error);
showAlert(
'Initialization Error',
'Could not load the encryption engine. Please refresh the page and try again.'
);
throw error;
} finally {
hideLoader();
}
return qpdfInstance;
}
export async function encrypt() {
const file = state.files[0];
const password = (
document.getElementById('password-input') as HTMLInputElement
).value;
if (!password.trim()) {
showAlert('Input Required', 'Please enter a password.');
const userPassword =
(document.getElementById('user-password-input') as HTMLInputElement)
?.value || '';
const ownerPassword =
(document.getElementById('owner-password-input') as HTMLInputElement)
?.value || '';
if (!userPassword) {
showAlert('Input Required', 'Please enter a user password.');
return;
}
const inputPath = '/input.pdf';
const outputPath = '/output.pdf';
let qpdf: any;
try {
showLoader('Preparing to process...');
const pdfData = await readFileAsArrayBuffer(file);
const pdf = await pdfjsLib.getDocument({ data: pdfData as ArrayBuffer })
.promise;
const numPages = pdf.numPages;
const pageImages = [];
showLoader('Initializing encryption...');
qpdf = await initializeQpdf();
for (let i = 1; i <= numPages; i++) {
document.getElementById('loader-text').textContent =
`Processing page ${i} of ${numPages}...`;
const page = await pdf.getPage(i);
const viewport = page.getViewport({ scale: 2.0 });
const canvas = document.createElement('canvas');
const context = canvas.getContext('2d');
canvas.height = viewport.height;
canvas.width = viewport.width;
await page.render({
canvasContext: context,
viewport: viewport,
canvas: canvas,
}).promise;
pageImages.push({
data: canvas.toDataURL('image/jpeg', 0.8),
width: viewport.width,
height: viewport.height,
});
showLoader('Reading PDF...');
const fileBuffer = await readFileAsArrayBuffer(file);
const uint8Array = new Uint8Array(fileBuffer as ArrayBuffer);
qpdf.FS.writeFile(inputPath, uint8Array);
showLoader('Encrypting PDF with 256-bit AES...');
const args = [
inputPath,
'--encrypt',
userPassword,
ownerPassword, // Can be empty
'256',
];
if (ownerPassword) {
args.push(
'--modify=none',
'--extract=n',
'--print=none',
'--accessibility=n',
'--annotate=n',
'--assemble=n',
'--form=n',
'--modify-other=n',
);
}
document.getElementById('loader-text').textContent =
'Encrypting and building PDF...';
const doc = new PDFDocument({
size: [pageImages[0].width, pageImages[0].height],
pdfVersion: '1.7ext3', // Use 256-bit AES encryption
userPassword: password,
ownerPassword: password,
permissions: {
printing: 'highResolution',
modifying: false,
copying: false,
annotating: false,
fillingForms: false,
contentAccessibility: true,
documentAssembly: false,
},
});
const stream = doc.pipe(blobStream());
for (let i = 0; i < pageImages.length; i++) {
if (i > 0)
doc.addPage({ size: [pageImages[i].width, pageImages[i].height] });
doc.image(pageImages[i].data, 0, 0, {
width: pageImages[i].width,
height: pageImages[i].height,
});
if (!ownerPassword) {
args.push('--allow-insecure');
}
doc.end();
stream.on('finish', function () {
const blob = stream.toBlob('application/pdf');
downloadFile(blob, `encrypted-${file.name}`);
hideLoader();
showAlert('Success', 'Encryption complete! Your download has started.');
});
} catch (error) {
args.push('--', outputPath);
try {
qpdf.callMain(args);
} catch (qpdfError: any) {
console.error('qpdf execution error:', qpdfError);
throw new Error(
'Encryption failed: ' + (qpdfError.message || 'Unknown error')
);
}
showLoader('Preparing download...');
const outputFile = qpdf.FS.readFile(outputPath, { encoding: 'binary' });
if (!outputFile || outputFile.length === 0) {
throw new Error('Encryption resulted in an empty file.');
}
const blob = new Blob([outputFile], { type: 'application/pdf' });
downloadFile(blob, `encrypted-${file.name}`);
hideLoader();
let successMessage = 'PDF encrypted successfully with 256-bit AES!';
if (!ownerPassword) {
successMessage +=
' Note: Without an owner password, the PDF has no usage restrictions.';
}
showAlert('Success', successMessage);
} catch (error: any) {
console.error('Error during PDF encryption:', error);
hideLoader();
showAlert('Error', 'An error occurred. The PDF might be corrupted.');
showAlert(
'Encryption Failed',
`An error occurred: ${error.message || 'The PDF might be corrupted.'}`
);
} finally {
try {
if (qpdf?.FS) {
try {
qpdf.FS.unlink(inputPath);
} catch (e) {
console.warn('Failed to unlink input file:', e);
}
try {
qpdf.FS.unlink(outputPath);
} catch (e) {
console.warn('Failed to unlink output file:', e);
}
}
} catch (cleanupError) {
console.warn('Failed to cleanup WASM FS:', cleanupError);
}
}
}