Add support for cloud encryption (#335)

This patch adds support for cloud encryption for remote and sync
operations.

depends on libsql/hrana-client-ts#25

Author: avinassh

examples/cloud-encryption/.gitignore

@@ -0,0 +1 @@
+local.db

examples/cloud-encryption/README.md

@@ -0,0 +1,25 @@
+# Cloud Encryption
+
+These examples demonstrates how to use Turso Cloud encryption.
+
+Visit the documentation here - [Cloud Encryption](https://docs.turso.tech/cloud/encryption)
+
+## Install Dependencies
+
+```bash
+npm i
+```
+
+## Running
+
+Execute the example which operates over remotely encrypted database:
+
+```bash
+node remote.mjs
+```
+
+Cloud encryption also supports sync:
+
+```bash
+node sync.mjs
+```

examples/cloud-encryption/package.json

@@ -0,0 +1,10 @@
+{
+    "name": "batch",
+    "version": "1.0.0",
+    "main": "remote.mjs",
+    "author": "Turso Authors",
+    "license": "MIT",
+    "dependencies": {
+        "@libsql/client": "^0.16.0"
+    }
+}

examples/cloud-encryption/remote.mjs

@@ -0,0 +1,21 @@
+import { createClient } from "@libsql/client";
+
+const client = createClient({
+    url: process.env.TURSO_DATABASE_URL,
+    authToken: process.env.TURSO_AUTH_TOKEN,
+    remoteEncryptionKey: process.env.TURSO_REMOTE_ENCRYPTION_KEY,
+});
+
+await client.batch(
+    [
+        "CREATE TABLE IF NOT EXISTS users (email TEXT)",
+        "INSERT INTO users VALUES ('first@example.com')",
+        "INSERT INTO users VALUES ('second@example.com')",
+        "INSERT INTO users VALUES ('third@example.com')",
+    ],
+    "write",
+);
+
+const result = await client.execute("SELECT * FROM users");
+
+console.log("Users:", result.rows);

examples/cloud-encryption/sync.mjs

@@ -0,0 +1,22 @@
+import { createClient } from "@libsql/client";
+
+const client = createClient({
+    url: "file:local.db",
+    syncUrl: process.env.TURSO_DATABASE_URL,
+    authToken: process.env.TURSO_AUTH_TOKEN,
+    remoteEncryptionKey: process.env.TURSO_REMOTE_ENCRYPTION_KEY,
+});
+
+await client.batch(
+    [
+        "CREATE TABLE IF NOT EXISTS users (email TEXT)",
+        "INSERT INTO users VALUES ('first@example.com')",
+        "INSERT INTO users VALUES ('second@example.com')",
+        "INSERT INTO users VALUES ('third@example.com')",
+    ],
+    "write",
+);
+
+const result = await client.execute("SELECT * FROM users");
+
+console.log("Users:", result.rows);

package-lock.json

@@ -104,7 +104,7 @@
     },
     "dependencies": {
         "@libsql/core": "^0.16.0",
-        "@libsql/hrana-client": "^0.7.0",
+        "@libsql/hrana-client": "^0.9.0",
         "js-base64": "^3.7.5",
         "libsql": "^0.5.22",
         "promise-limit": "^2.7.0"

packages/libsql-client/package.json

@@ -66,6 +66,7 @@ export function _createClient(config: ExpandedConfig): Client {
         config.intMode,
         config.fetch,
         config.concurrency,
+        config.remoteEncryptionKey,
     );
 }
 
@@ -79,6 +80,7 @@ export class HttpClient implements Client {
     #customFetch: Function | undefined;
     #concurrency: number;
     #authToken: string | undefined;
+    #remoteEncryptionKey: string | undefined;
     #promiseLimitFunction: ReturnType<typeof promiseLimit<any>>;
 
     /** @private */
@@ -88,17 +90,20 @@ export class HttpClient implements Client {
         intMode: IntMode,
         customFetch: Function | undefined,
         concurrency: number,
+        remoteEncryptionKey: string | undefined,
     ) {
         this.#url = url;
         this.#authToken = authToken;
         this.#intMode = intMode;
         this.#customFetch = customFetch;
         this.#concurrency = concurrency;
+        this.#remoteEncryptionKey = remoteEncryptionKey;
 
         this.#client = hrana.openHttp(
             this.#url,
             this.#authToken,
             this.#customFetch,
+            remoteEncryptionKey,
         );
         this.#client.intMode = this.#intMode;
         this.protocol = "http";
@@ -292,6 +297,7 @@ export class HttpClient implements Client {
                 this.#url,
                 this.#authToken,
                 this.#customFetch,
+                this.#remoteEncryptionKey,
             );
             this.#client.intMode = this.#intMode;
         }

packages/libsql-client/src/http.ts

@@ -81,6 +81,7 @@ export function _createClient(config: ExpandedConfig): Client {
     const options = {
         authToken: config.authToken,
         encryptionKey: config.encryptionKey,
+        remoteEncryptionKey: config.remoteEncryptionKey,
         syncUrl: config.syncUrl,
         syncPeriod: config.syncInterval,
         readYourWrites: config.readYourWrites,

packages/libsql-client/src/sqlite3.ts

@@ -15,6 +15,9 @@ export interface Config {
     /** Encryption key for the database. */
     encryptionKey?: string;
 
+    /** Encryption key for encryption in Turso Cloud. */
+    remoteEncryptionKey?: string;
+
     /** URL of a remote server to synchronize database with. */
     syncUrl?: string;