djoka/bentopdf
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

feat(pdf): implement qpdf-wasm for secure encryption/decryption

Browse Source 
- Replace PDFKit with qpdf-wasm for more robust and secure PDF encryption/decryption
- Add support for owner password and granular permission controls
- Improve UI with better security explanations and options
This commit is contained in:
abdullahalam123
2025-10-24 00:11:18 +05:30
parent be6c15fef2
commit 466646d15b
4 changed files with 294 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "bento-pdf",
"version": "1.1.0",
"version": "1.1.1",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "bento-pdf",
"version": "1.1.0",
"version": "1.1.1",
"license": "Apache-2.0",
"dependencies": {
"@fontsource/cedarville-cursive": "^5.2.7",

159
src/js/logic/decrypt.ts
View File

@@ -1,79 +1,126 @@
import { showLoader, hideLoader, showAlert } from '../ui.js';
import { downloadFile, readFileAsArrayBuffer } from '../utils/helpers.js';
import { state } from '../state.js';
import PDFDocument from 'pdfkit/js/pdfkit.standalone';
import blobStream from 'blob-stream';
import * as pdfjsLib from 'pdfjs-dist';
import createModule from '@neslinesli93/qpdf-wasm';
let qpdfInstance: any = null;
async function initializeQpdf() {
if (qpdfInstance) {
return qpdfInstance;
}
showLoader('Initializing decryption engine...');
try {
qpdfInstance = await createModule({
locateFile: () => '/qpdf.wasm',
});
} catch (error) {
console.error('Failed to initialize qpdf-wasm:', error);
showAlert(
'Initialization Error',
'Could not load the decryption engine. Please refresh the page and try again.'
);
throw error;
} finally {
hideLoader();
}
return qpdfInstance;
}
export async function decrypt() {
const file = state.files[0];
// @ts-expect-error TS(2339) FIXME: Property 'value' does not exist on type 'HTMLEleme... Remove this comment to see the full error message
const password = document.getElementById('password-input').value;
if (!password.trim()) {
const password = (
document.getElementById('password-input') as HTMLInputElement
)?.value;
if (!password?.trim()) {
showAlert('Input Required', 'Please enter the PDF password.');
return;
}
const inputPath = '/input.pdf';
const outputPath = '/output.pdf';
let qpdf: any;
try {
showLoader('Preparing to process...');
const pdfData = (await readFileAsArrayBuffer(file)) as ArrayBuffer;
const pdf = await pdfjsLib.getDocument({
data: pdfData,
password: password,
}).promise;
const numPages = pdf.numPages;
const pageImages = [];
showLoader('Initializing decryption...');
qpdf = await initializeQpdf();
for (let i = 1; i <= numPages; i++) {
document.getElementById('loader-text').textContent =
`Processing page ${i} of ${numPages}...`;
const page = await pdf.getPage(i);
const viewport = page.getViewport({ scale: 2.0 });
const canvas = document.createElement('canvas');
const context = canvas.getContext('2d');
canvas.height = viewport.height;
canvas.width = viewport.width;
await page.render({
canvasContext: context,
viewport: viewport,
canvas: canvas,
}).promise;
pageImages.push({
data: canvas.toDataURL('image/jpeg', 0.8),
width: viewport.width,
height: viewport.height,
});
showLoader('Reading encrypted PDF...');
const fileBuffer = await readFileAsArrayBuffer(file);
const uint8Array = new Uint8Array(fileBuffer as ArrayBuffer);
qpdf.FS.writeFile(inputPath, uint8Array);
showLoader('Decrypting PDF...');
const args = [inputPath, '--password=' + password, '--decrypt', outputPath];
try {
qpdf.callMain(args);
} catch (qpdfError: any) {
console.error('qpdf execution error:', qpdfError);
if (
qpdfError.message?.includes('invalid password') ||
qpdfError.message?.includes('password')
) {
throw new Error('INVALID_PASSWORD');
}
throw qpdfError;
}
document.getElementById('loader-text').textContent =
'Building unlocked PDF...';
const doc = new PDFDocument({
size: [pageImages[0].width, pageImages[0].height],
});
const stream = doc.pipe(blobStream());
for (let i = 0; i < pageImages.length; i++) {
if (i > 0)
doc.addPage({ size: [pageImages[i].width, pageImages[i].height] });
doc.image(pageImages[i].data, 0, 0, {
width: pageImages[i].width,
height: pageImages[i].height,
});
}
doc.end();
showLoader('Preparing download...');
const outputFile = qpdf.FS.readFile(outputPath, { encoding: 'binary' });
stream.on('finish', function () {
const blob = stream.toBlob('application/pdf');
if (!outputFile || outputFile.length === 0) {
throw new Error('Decryption resulted in an empty file.');
}
const blob = new Blob([outputFile], { type: 'application/pdf' });
downloadFile(blob, `unlocked-${file.name}`);
hideLoader();
showAlert('Success', 'Decryption complete! Your download has started.');
});
} catch (error) {
showAlert(
'Success',
'PDF decrypted successfully! Your download has started.'
);
} catch (error: any) {
console.error('Error during PDF decryption:', error);
hideLoader();
if (error.name === 'PasswordException') {
showAlert('Incorrect Password', 'The password you entered is incorrect.');
if (error.message === 'INVALID_PASSWORD') {
showAlert(
'Incorrect Password',
'The password you entered is incorrect. Please try again.'
);
} else if (error.message?.includes('password')) {
showAlert(
'Password Error',
'Unable to decrypt the PDF with the provided password.'
);
} else {
showAlert('Error', 'An error occurred. The PDF might be corrupted.');
showAlert(
'Decryption Failed',
`An error occurred: ${error.message || 'The password you entered is wrong or the file is corrupted.'}`
);
}
} finally {
try {
if (qpdf?.FS) {
try {
qpdf.FS.unlink(inputPath);
} catch (e) {
console.warn('Failed to unlink input file:', e);
}
try {
qpdf.FS.unlink(outputPath);
} catch (e) {
console.warn('Failed to unlink output file:', e);
}
}
} catch (cleanupError) {
console.warn('Failed to cleanup WASM FS:', cleanupError);
}
}
}

184
src/js/logic/encrypt.ts
View File

@@ -1,86 +1,140 @@
import { showLoader, hideLoader, showAlert } from '../ui.js';
import { downloadFile, readFileAsArrayBuffer } from '../utils/helpers.js';
import { state } from '../state.js';
import PDFDocument from 'pdfkit/js/pdfkit.standalone';
import blobStream from 'blob-stream';
import * as pdfjsLib from 'pdfjs-dist';
import createModule from '@neslinesli93/qpdf-wasm';
let qpdfInstance: any = null;
async function initializeQpdf() {
if (qpdfInstance) {
return qpdfInstance;
}
showLoader('Initializing encryption engine...');
try {
qpdfInstance = await createModule({
locateFile: () => '/qpdf.wasm',
});
} catch (error) {
console.error('Failed to initialize qpdf-wasm:', error);
showAlert(
'Initialization Error',
'Could not load the encryption engine. Please refresh the page and try again.'
);
throw error;
} finally {
hideLoader();
}
return qpdfInstance;
}
export async function encrypt() {
const file = state.files[0];
const password = (
document.getElementById('password-input') as HTMLInputElement
).value;
if (!password.trim()) {
showAlert('Input Required', 'Please enter a password.');
const userPassword =
(document.getElementById('user-password-input') as HTMLInputElement)
?.value || '';
const ownerPassword =
(document.getElementById('owner-password-input') as HTMLInputElement)
?.value || '';
if (!userPassword) {
showAlert('Input Required', 'Please enter a user password.');
return;
}
const inputPath = '/input.pdf';
const outputPath = '/output.pdf';
let qpdf: any;
try {
showLoader('Preparing to process...');
const pdfData = await readFileAsArrayBuffer(file);
const pdf = await pdfjsLib.getDocument({ data: pdfData as ArrayBuffer })
.promise;
const numPages = pdf.numPages;
const pageImages = [];
showLoader('Initializing encryption...');
qpdf = await initializeQpdf();
for (let i = 1; i <= numPages; i++) {
document.getElementById('loader-text').textContent =
`Processing page ${i} of ${numPages}...`;
const page = await pdf.getPage(i);
const viewport = page.getViewport({ scale: 2.0 });
const canvas = document.createElement('canvas');
const context = canvas.getContext('2d');
canvas.height = viewport.height;
canvas.width = viewport.width;
await page.render({
canvasContext: context,
viewport: viewport,
canvas: canvas,
}).promise;
pageImages.push({
data: canvas.toDataURL('image/jpeg', 0.8),
width: viewport.width,
height: viewport.height,
});
showLoader('Reading PDF...');
const fileBuffer = await readFileAsArrayBuffer(file);
const uint8Array = new Uint8Array(fileBuffer as ArrayBuffer);
qpdf.FS.writeFile(inputPath, uint8Array);
showLoader('Encrypting PDF with 256-bit AES...');
const args = [
inputPath,
'--encrypt',
userPassword,
ownerPassword, // Can be empty
'256',
];
if (ownerPassword) {
args.push(
'--modify=none',
'--extract=n',
'--print=none',
'--accessibility=n',
'--annotate=n',
'--assemble=n',
'--form=n',
'--modify-other=n',
);
}
document.getElementById('loader-text').textContent =
'Encrypting and building PDF...';
const doc = new PDFDocument({
size: [pageImages[0].width, pageImages[0].height],
pdfVersion: '1.7ext3', // Use 256-bit AES encryption
userPassword: password,
ownerPassword: password,
permissions: {
printing: 'highResolution',
modifying: false,
copying: false,
annotating: false,
fillingForms: false,
contentAccessibility: true,
documentAssembly: false,
},
});
const stream = doc.pipe(blobStream());
for (let i = 0; i < pageImages.length; i++) {
if (i > 0)
doc.addPage({ size: [pageImages[i].width, pageImages[i].height] });
doc.image(pageImages[i].data, 0, 0, {
width: pageImages[i].width,
height: pageImages[i].height,
});
if (!ownerPassword) {
args.push('--allow-insecure');
}
doc.end();
stream.on('finish', function () {
const blob = stream.toBlob('application/pdf');
args.push('--', outputPath);
try {
qpdf.callMain(args);
} catch (qpdfError: any) {
console.error('qpdf execution error:', qpdfError);
throw new Error(
'Encryption failed: ' + (qpdfError.message || 'Unknown error')
);
}
showLoader('Preparing download...');
const outputFile = qpdf.FS.readFile(outputPath, { encoding: 'binary' });
if (!outputFile || outputFile.length === 0) {
throw new Error('Encryption resulted in an empty file.');
}
const blob = new Blob([outputFile], { type: 'application/pdf' });
downloadFile(blob, `encrypted-${file.name}`);
hideLoader();
showAlert('Success', 'Encryption complete! Your download has started.');
});
} catch (error) {
let successMessage = 'PDF encrypted successfully with 256-bit AES!';
if (!ownerPassword) {
successMessage +=
' Note: Without an owner password, the PDF has no usage restrictions.';
}
showAlert('Success', successMessage);
} catch (error: any) {
console.error('Error during PDF encryption:', error);
hideLoader();
showAlert('Error', 'An error occurred. The PDF might be corrupted.');
showAlert(
'Encryption Failed',
`An error occurred: ${error.message || 'The PDF might be corrupted.'}`
);
} finally {
try {
if (qpdf?.FS) {
try {
qpdf.FS.unlink(inputPath);
} catch (e) {
console.warn('Failed to unlink input file:', e);
}
try {
qpdf.FS.unlink(outputPath);
} catch (e) {
console.warn('Failed to unlink output file:', e);
}
}
} catch (cleanupError) {
console.warn('Failed to cleanup WASM FS:', cleanupError);
}
}
}

66
src/js/ui.ts
View File

@@ -380,22 +380,72 @@ export const toolTemplates = {
`,
encrypt: () => `
<h2 class="text-2xl font-bold text-white mb-4">Encrypt PDF</h2>
<p class="mb-6 text-gray-400">Upload a PDF to create a new, password-protected version.</p>
<p class="mb-6 text-gray-400">Add 256-bit AES password protection to your PDF.</p>
${createFileInputHTML()}
<div id="file-display-area" class="mt-4 space-y-2"></div>
<div id="encrypt-options" class="hidden space-y-4 mt-6">
<div>
<label for="password-input" class="block mb-2 text-sm font-medium text-gray-300">Set Encryption Password</label>
<input type="password" id="password-input" class="w-full bg-gray-700 border border-gray-600 text-white rounded-lg p-2.5" placeholder="Enter a strong password">
<label for="user-password-input" class="block mb-2 text-sm font-medium text-gray-300">User Password</label>
<input required type="password" id="user-password-input" class="w-full bg-gray-700 border border-gray-600 text-white rounded-lg p-2.5" placeholder="Password to open the PDF">
<p class="text-xs text-gray-500 mt-1">Required to open and view the PDF</p>
</div>
<div class="p-4 bg-gray-900 border border-yellow-500/30 text-yellow-200 rounded-lg">
<h3 class="font-semibold text-base mb-2">Important Note</h3>
<p class="text-sm text-gray-400">To create the secure file, each page is converted into an image. This means you won't be able to select text or click links in the final encrypted PDF.</p>
<div>
<label for="owner-password-input" class="block mb-2 text-sm font-medium text-gray-300">Owner Password (Optional)</label>
<input type="password" id="owner-password-input" class="w-full bg-gray-700 border border-gray-600 text-white rounded-lg p-2.5" placeholder="Password for full permissions (recommended)">
<p class="text-xs text-gray-500 mt-1">Allows changing permissions and removing encryption</p>
</div>
<!-- Restriction checkboxes (shown when owner password is entered) -->
<div id="restriction-options" class="hidden p-4 bg-gray-800 border border-gray-700 rounded-lg">
<h3 class="font-semibold text-base mb-2 text-white">🔒 Restrict PDF Permissions</h3>
<p class="text-sm text-gray-400 mb-3">Select which actions to disable:</p>
<div class="space-y-2">
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-modify" checked>
<span>Disable all modifications (--modify=none)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-extract" checked>
<span>Disable text and image extraction (--extract=n)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-print" checked>
<span>Disable all printing (--print=none)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-accessibility">
<span>Disable accessibility text copying (--accessibility=n)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-annotate">
<span>Disable annotations (--annotate=n)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-assemble">
<span>Disable page assembly (--assemble=n)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-form">
<span>Disable form filling (--form=n)</span>
</label>
<label class="flex items-center space-x-2">
<input type="checkbox" id="restrict-modify-other">
<span>Disable other modifications (--modify-other=n)</span>
</label>
</div>
</div>
<div class="p-4 bg-yellow-900/20 border border-yellow-500/30 text-yellow-200 rounded-lg">
<h3 class="font-semibold text-base mb-2">⚠️ Security Recommendation</h3>
<p class="text-sm text-gray-300">For strong security, set both passwords. Without an owner password, the security restrictions (printing, copying, etc.) can be easily bypassed.</p>
</div>
<div class="p-4 bg-green-900/20 border border-green-500/30 text-green-200 rounded-lg">
<h3 class="font-semibold text-base mb-2">✓ High-Quality Encryption</h3>
<p class="text-sm text-gray-300">256-bit AES encryption without quality loss. Text remains selectable and searchable.</p>
</div>
<button id="process-btn" class="btn-gradient w-full mt-6">Encrypt & Download</button>
</div>
<canvas id="pdf-canvas" class="hidden"></canvas>
`,
`,
decrypt: () => `
<h2 class="text-2xl font-bold text-white mb-4">Decrypt PDF</h2>
<p class="mb-6 text-gray-400">Upload an encrypted PDF and provide its password to create an unlocked version.</p>