feat: encrypt the privacy data when it is persisted

[mynetfan]

• 对私密数据持久化时执行加密
• 将锁屏密码合并到accessStore中进行加密，稍微强化一下锁屏功能。在此之前，直接删除localStorage中的lockStore的持久化数据后刷新页面即可解除锁屏。

Summary by CodeRabbit

• New Features

  • Introduced encrypted and compressed storage for persisted app data outside of development environments, enhancing data security.
  • Added new environment variable for configuring the encryption key used to secure stored data.

• Refactor

  • Unified lock screen state management by consolidating related functionality into a single store, replacing previous implementations.

• Chores

  • Updated dependencies to include support for encrypted storage.
  • Cleaned up obsolete files and references related to the previous lock screen implementation.

[changeset-bot]

⚠️ No Changeset found

Latest commit: a885a88

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This update introduces a secure storage mechanism for persisting application state by integrating the SecureLS library. Environment variable VITE_APP_STORE_SECURE_KEY is added across multiple .env files to configure encryption keys for store data. The lock screen state management is refactored: its logic is moved from a dedicated lock module to the access module, consolidating related state and actions. The SecureLS dependency is added to the workspace and relevant package files. The persistence logic in the store setup is modified to use encrypted and compressed storage outside development environments. Associated test and module files for the old lock screen implementation are removed.

Changes

File(s)	Change Summary
apps/web-antd/.env, apps/web-ele/.env, apps/web-naive/.env, playground/.env	Added VITE_APP_STORE_SECURE_KEY environment variable for encrypted store data persistence.
packages/stores/package.json, pnpm-workspace.yaml	Added secure-ls dependency to package and workspace configuration.
packages/stores/src/modules/access.ts	Extended AccessState with lock screen properties and actions; updated persistence config.
packages/effects/layouts/src/widgets/lock-screen/lock-screen.vue	Changed store usage from useLockStore to useAccessStore; updated variable and method references accordingly.
packages/effects/layouts/src/basic/layout.vue, packages/effects/layouts/src/widgets/user-dropdown/user-dropdown.vue	Replaced useLockStore with useAccessStore and updated related variable names and method calls.
packages/stores/src/modules/index.ts	Removed export for the lock module.
packages/stores/src/modules/lock.ts, packages/stores/src/modules/lock.test.ts	Deleted the lock screen store module and its unit tests.
packages/stores/src/setup.ts	Integrated SecureLS for encrypted/compressed persisted state in non-development environments.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant LockScreenComponent
    participant AccessStore
    participant SecureLS

    User->>LockScreenComponent: Submit password to lock
    LockScreenComponent->>AccessStore: lockScreen(password)
    AccessStore->>SecureLS: Persist isLockScreen, lockScreenPassword (encrypted)
    User->>LockScreenComponent: Submit to unlock
    LockScreenComponent->>AccessStore: unlockScreen()
    AccessStore->>SecureLS: Update persisted state (clear lock info)

Loading

Poem

In the warren, secrets keep,
Now our stores are locked so deep.
With SecureLS, encryption’s here—
Our data safe, we hop and cheer!
The lock now lives in access land,
While keys are set by bunny hand.
🐇🔒✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between db78ad2 and a885a88.

📒 Files selected for processing (2)

• packages/effects/layouts/src/basic/layout.vue (3 hunks)
• packages/effects/layouts/src/widgets/user-dropdown/user-dropdown.vue (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: CodeQL
• GitHub Check: Check (ubuntu-latest)
• GitHub Check: Check (windows-latest)
• GitHub Check: Lint (windows-latest)
• GitHub Check: Test (windows-latest)
• GitHub Check: Lint (ubuntu-latest)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: post-update (ubuntu-latest)
• GitHub Check: post-update (windows-latest)

🔇 Additional comments (6)

packages/effects/layouts/src/widgets/user-dropdown/user-dropdown.vue (3)

12-12: Store migration implemented correctly

The import has been correctly updated from useLockStore to useAccessStore as part of the lock screen functionality migration to the access store.

---

85-85: Variable updated consistently with import change

The variable has been properly renamed from lockStore to accessStore to reflect the import change.

---

136-136: Function call updated appropriately

The lock screen function call has been correctly updated to use the new store. This change helps implement the PR objective of encrypting the lock screen password with other private data, preventing the previous vulnerability where the lock screen could be bypassed by deleting localStorage data.

packages/effects/layouts/src/basic/layout.vue (3)

15-15: Store migration implemented correctly

The import has been correctly updated from useLockStore to useAccessStore as part of consolidating lock screen functionality into the access store.

---

52-52: Variable updated consistently with import change

The variable has been properly renamed from lockStore to accessStore to reflect the store migration.

---

359-359: Property reference updated appropriately

The property reference has been correctly updated to use accessStore.isLockScreen. This change completes the migration of lock screen state management to the access store, enhancing security by encrypting the lock screen state with other private data.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (2)

playground/.env (1)

6-8: (same as apps/web-antd/.env: ensure the placeholder key is replaced with a secure value and document its usage in .env.example and the README)

apps/web-naive/.env (1)

6-8: (same as apps/web-antd/.env: ensure the placeholder key is replaced with a secure value and document its usage in .env.example and the README)

🧹 Nitpick comments (2)

apps/web-antd/.env (1)

7-8: Enforce secure key replacement and documentation.
The placeholder VITE_APP_STORE_SECURE_KEY=please-replace-me-with-your-own-key must be replaced with a strong, unique key in each environment. Consider adding a .env.example (without real secrets) and updating the README to explain how to set and rotate this key.

packages/stores/src/modules/access.ts (1)

72-75: Add password validation to lockScreen action

The lockScreen action accepts any string as a password without validation.

Consider adding basic password validation to ensure security:

 lockScreen(password: string) {
+  if (!password || password.trim().length < 6) {
+    throw new Error('Lock screen password must be at least 6 characters');
+  }
   this.isLockScreen = true;
   this.lockScreenPassword = password;
 },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0cc1cb5 and db78ad2.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (12)

• apps/web-antd/.env (1 hunks)
• apps/web-ele/.env (1 hunks)
• apps/web-naive/.env (1 hunks)
• packages/effects/layouts/src/widgets/lock-screen/lock-screen.vue (4 hunks)
• packages/stores/package.json (1 hunks)
• packages/stores/src/modules/access.ts (3 hunks)
• packages/stores/src/modules/index.ts (0 hunks)
• packages/stores/src/modules/lock.test.ts (0 hunks)
• packages/stores/src/modules/lock.ts (0 hunks)
• packages/stores/src/setup.ts (2 hunks)
• playground/.env (1 hunks)
• pnpm-workspace.yaml (1 hunks)

💤 Files with no reviewable changes (3)

• packages/stores/src/modules/index.ts
• packages/stores/src/modules/lock.test.ts
• packages/stores/src/modules/lock.ts

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Lint (windows-latest)
• GitHub Check: Test (windows-latest)

🔇 Additional comments (6)

pnpm-workspace.yaml (1)

150-150:

✅ Verification successful

Verify the secure-ls version availability.
Ensure that the added secure-ls@^2.0.0 entry exists in the registry and is compatible with your workspace.

---

🏁 Script executed:

#!/bin/bash
# Verify the published versions of secure-ls
npm view secure-ls@^2.0.0 version

Length of output: 43

---

secure-ls@^2.0.0 is available

• pnpm-workspace.yaml (line 150): secure-ls@^2.0.0 resolves to version 2.0.0 in the npm registry.

No further action needed.

packages/stores/package.json (1)

28-28: Confirm the workspace version specifier for secure-ls.
The "catalog:" placeholder must resolve to the ^2.0.0 version defined in your pnpm-workspace.yaml. Verify that installs will pull in the intended version.

packages/effects/layouts/src/widgets/lock-screen/lock-screen.vue (1)

6-6: Store migration implemented correctly

The lock screen component has been properly updated to use accessStore instead of the removed lockStore, maintaining the same functionality while consolidating related state management.

Also applies to: 29-29, 38-38, 69-69

packages/stores/src/modules/access.ts (3)

30-37: Lock screen interface additions look good

The AccessState interface has been properly extended with the lock screen properties.

---

97-100: Lock screen unlock action is correct

The unlockScreen action properly resets both the lock state and clears the password.

---

104-110: Properly configured persistence for lock screen state

The persistence configuration correctly includes the lock screen properties, and the state initialization provides appropriate default values.

Since you're storing sensitive information (password), it's good that you've implemented encryption for the persisted store data through SecureLS as seen in the setup.ts file.

Also applies to: 118-119