diff --git a/CHANGES b/CHANGES index f5d66a411..3e6607ed7 100644 --- a/CHANGES +++ b/CHANGES @@ -2508,3 +2508,7 @@ * Fix issue where only 25 group members were returned * Fix eventlog display +[7.3.0] +* Proxied apps +* backups: optional encryption of backup file names + diff --git a/migrations/20220626163116-backupConfig-default-encryptFilenames.js b/migrations/20220626163116-backupConfig-default-encryptFilenames.js new file mode 100644 index 000000000..1d388b728 --- /dev/null +++ b/migrations/20220626163116-backupConfig-default-encryptFilenames.js @@ -0,0 +1,13 @@ +'use strict'; + +exports.up = async function(db) { + const backupConfigJson = await db.runSql('SELECT * FROM settings WHERE name=?', [ 'backup_config' ]); + const backupConfig = JSON.parse(backupConfigJson); + + if (backupConfig.encryption) backupConfig.encryptFilenames = true; + + await db.runSql('UPDATE settings SET value=? WHERE name=?', [ JSON.stringify(backupConfig), 'backup_config', ]); +}; + +exports.down = async function(/* db */) { +}; diff --git a/src/backupformat/rsync.js b/src/backupformat/rsync.js index 298412ebd..b40664c3f 100644 --- a/src/backupformat/rsync.js +++ b/src/backupformat/rsync.js @@ -46,7 +46,7 @@ function sync(backupConfig, remotePath, dataLayout, progressCallback, callback) syncer.sync(dataLayout, function processTask(task, iteratorCallback) { debug('sync: processing task: %j', task); // the empty task.path is special to signify the directory - const destPath = task.path && backupConfig.encryption ? hush.encryptFilePath(task.path, backupConfig.encryption) : task.path; + const destPath = task.path && backupConfig.encryptFilenames ? hush.encryptFilePath(task.path, backupConfig.encryption) : task.path; const backupFilePath = path.join(getBackupFilePath(backupConfig, remotePath), destPath); if (task.operation === 'removedir') { @@ -164,7 +164,7 @@ function downloadDir(backupConfig, backupFilePath, dataLayout, progressCallback, function downloadFile(entry, done) { let relativePath = path.relative(backupFilePath, entry.fullPath); - if (backupConfig.encryption) { + if (backupConfig.encryptFilenames) { const { error, result } = hush.decryptFilePath(relativePath, backupConfig.encryption); if (error) return done(new BoxError(BoxError.CRYPTO_ERROR, 'Unable to decrypt file')); relativePath = result; diff --git a/src/routes/settings.js b/src/routes/settings.js index d4857f286..c5e26cc27 100644 --- a/src/routes/settings.js +++ b/src/routes/settings.js @@ -73,7 +73,11 @@ async function setBackupConfig(req, res, next) { if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider is required')); if (typeof req.body.schedulePattern !== 'string') return next(new HttpError(400, 'schedulePattern is required')); - if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string')); + if ('password' in req.body) { + if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string')); + if (typeof req.body.encryptFilenames !== 'boolean') return next(new HttpError(400, 'encryptFilenames must be a boolean')); + } + if ('syncConcurrency' in req.body) { if (typeof req.body.syncConcurrency !== 'number') return next(new HttpError(400, 'syncConcurrency must be a positive integer')); if (req.body.syncConcurrency < 1) return next(new HttpError(400, 'syncConcurrency must be a positive integer')); diff --git a/src/settings.js b/src/settings.js index 31058e8de..0ae4a193a 100644 --- a/src/settings.js +++ b/src/settings.js @@ -455,7 +455,7 @@ async function setBackupConfig(backupConfig) { } // if any of these changes, we have to clear the cache - if ([ 'format', 'provider', 'prefix', 'bucket', 'region', 'endpoint', 'backupFolder', 'mountPoint', 'encryption' ].some(p => backupConfig[p] !== oldConfig[p])) { + if ([ 'format', 'provider', 'prefix', 'bucket', 'region', 'endpoint', 'backupFolder', 'mountPoint', 'encryption', 'encryptFilenames' ].some(p => backupConfig[p] !== oldConfig[p])) { debug('setBackupConfig: clearing backup cache'); backups.cleanupCacheFilesSync(); }