Implement real PDF password protection in /api/pdf-lock using AES-256#9
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Agent-Logs-Url: https://github.com/aman124598/Toolverse/sessions/40ab5724-b4bb-4100-b006-a5860aa2634b Co-authored-by: aman124598 <84931030+aman124598@users.noreply.github.com>
/api/pdf-lock using AES-256
Agent-Logs-Url: https://github.com/aman124598/Toolverse/sessions/9c3a7118-e459-4942-b971-b5fb8080d019 Co-authored-by: aman124598 <84931030+aman124598@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR switches /api/pdf-lock from producing an unencrypted “locked” copy to applying real AES-256 PDF encryption via cryptpdf, and updates /api/pdf-unlock to attempt cryptpdf decryption first (with a TypeScript-safe byte conversion) before falling back to the prior pdf-lib strategies.
Changes:
- Add
cryptpdfdependency. - Update
/api/pdf-lockto encrypt PDFs usingcryptpdf.encryptPDF(AES-256). - Update
/api/pdf-unlockto attemptcryptpdf.decryptPDFfirst and feed the decrypted bytes intopdf-lib.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/app/api/pdf-unlock/route.ts |
Tries AES-256 decrypt via cryptpdf first; uses Uint8Array for type-safe loading into pdf-lib. |
src/app/api/pdf-lock/route.ts |
Replaces prior “metadata-only” locking behavior with actual AES-256 encryption via cryptpdf. |
package.json |
Adds cryptpdf dependency. |
package-lock.json |
Locks cryptpdf@0.1.1 and its metadata (engines/peer deps). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -88,10 +63,9 @@ export async function POST(request: NextRequest) { | |||
| headers: { | |||
| 'Content-Type': 'application/pdf', | |||
| 'Content-Disposition': `attachment; filename="protected_${file.name}"`, | |||
| 'X-Page-Count': pdfDoc.getPageCount().toString(), | |||
| 'X-Protection-Level': ownerPassword ? 'owner+user' : 'user', | |||
| 'X-Permissions': permissionList.join(',') || 'none', | |||
| 'X-Note': 'PDF encryption requires native libraries. This creates a clean copy with protection metadata. For full encryption, use a desktop PDF tool or server-side qpdf.', | |||
| 'X-Encryption': 'AES-256', | |||
There was a problem hiding this comment.
permissions is parsed and echoed back in X-Permissions, but it is not used to configure encryptPDF(...). This makes the API response misleading (the produced PDF may not actually enforce the requested permission restrictions). Either pass the parsed permission set into the encryption call (if cryptpdf supports it) or stop accepting/returning permissions and update the client accordingly.
pdf-unlockbuild error and current implementationdecryptPDFoutput assignment in/src/app/api/pdf-unlock/route.tsnpm run lint,npm run build) and report remaining unrelated failures