feat: started with proper E2EE ;)

2026-01-22 18:26:12 +01:00 · 2025-02-15 21:26:40 +01:00 · 2025-02-15 21:26:40 +01:00 · 18d019d8b3
commit 18d019d8b3
parent e3b5c59949
13 changed files with 380 additions and 1 deletions
--- a/api/models/schema/messageSchema.js
+++ b/api/models/schema/messageSchema.js
@ -54,6 +54,11 @@ const messageSchema = mongoose.Schema(
      type: String,
      meiliIndex: true,
    },
+    // If the message is encrypted (and stored in 'text'),
+    // then this field should hold the IV used during encryption.
+    messageEncryptionIV: {
+      type: String,
+    },
    summary: {
      type: String,
    },
--- a/api/models/schema/shareSchema.js
+++ b/api/models/schema/shareSchema.js
@ -23,6 +23,13 @@ const shareSchema = mongoose.Schema(
      type: Boolean,
      default: true,
    },
+    // --- Field for re-encrypting the conversation key for the forked user ---
+    encryptionKeys: [
+      {
+        user: { type: String, index: true },
+        encryptedKey: { type: String },
+      },
+    ],
  },
  { timestamps: true },
 );
--- a/api/models/schema/userSchema.js
+++ b/api/models/schema/userSchema.js
@ -27,6 +27,10 @@ const { SystemRoles } = require('librechat-data-provider');
 * @property {Array} [plugins=[]] - List of plugins used by the user
 * @property {Array.<MongoSession>} [refreshToken] - List of sessions with refresh tokens
 * @property {Date} [expiresAt] - Optional expiration date of the file
+ * @property {string} [encryptionPublicKey] - The user's public key for E2EE (client-generated)
+ * @property {string} [encryptedPrivateKey] - The user's private key encrypted with a user-defined passphrase
+ * @property {string} [encryptionSalt] - The salt used for PBKDF2 during encryption
+ * @property {string} [encryptionIV] - The initialization vector used for encryption (AES-GCM)
 * @property {Date} [createdAt] - Date when the user was created (added by timestamps)
 * @property {Date} [updatedAt] - Date when the user was last updated (added by timestamps)
 */
@ -132,6 +136,27 @@ const userSchema = mongoose.Schema(
      type: Boolean,
      default: false,
    },
+    // --- New Fields for E2EE ---
+    encryptionPublicKey: {
+      type: String,
+      required: false,
+      // Provided by the client after key generation.
+    },
+    encryptedPrivateKey: {
+      type: String,
+      required: false,
+      // The private key encrypted on the client with the user’s encryption passphrase.
+    },
+    encryptionSalt: {
+      type: String,
+      required: false,
+      // Salt used for PBKDF2 when encrypting the private key.
+    },
+    encryptionIV: {
+      type: String,
+      required: false,
+      // IV used for AES-GCM encryption of the private key.
+    },
  },

  { timestamps: true },