SQLCipher disk encryption for Android + iOS

.gitignore

@@ -19,3 +19,5 @@ coverage/
 # docs/CHANGELOG.md
 # docs/README.md
 docs-build/
+
+test*.db

CHANGELOG-Unreleased.md

@@ -10,6 +10,7 @@
 - [adapters] `onSetUpError: Error => void` option is added to both `SQLiteAdapter` and `LokiJSAdapter`. Supply this option to catch initialization errors and offer the user to reload or log out
 - [LokiJS] new `extraLokiOptions` and `extraIncrementalIDBOptions` options
 - [Android] Autolinking is now supported (v0.20 is insufficient)
+- [adapters] Add optional `password` parameter to `SQLiteAdapter` to support SQLCipher on iOS and Android (must be separately configured in native settings)
 
 ### Performance
 

docs-master/Installation.md

@@ -73,6 +73,12 @@ npm install @nozbe/with-observables
               pod 'React-jsi', :path => '../node_modules/react-native/ReactCommon/jsi', :modular_headers => true
               ```
 
+          3. Finally, add this line:
+
+             ```ruby
+             pod 'FMDB/SQLCipher', :modular_headers => true
+             ```
+
       Note that Xcode 9.4 and a deployment target of at least iOS 9.0 is required (although Xcode 11.5+ and iOS 12.0+ are recommended).
 
 ### Android (React Native)

native/android/build.gradle

@@ -22,6 +22,8 @@ dependencies {
     //noinspection GradleDynamicVersion
     implementation 'com.facebook.react:react-native:+'
     implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
+    implementation "net.zetetic:android-database-sqlcipher:4.4.2"
+    implementation "androidx.sqlite:sqlite:2.0.1"
 }
 repositories {
     mavenCentral()

native/android/src/main/java/com/nozbe/watermelondb/Database.kt

@@ -2,12 +2,17 @@ package com.nozbe.watermelondb
 
 import android.content.Context
 import android.database.Cursor
-import android.database.sqlite.SQLiteDatabase
+import net.sqlcipher.database.SQLiteDatabase
 import java.io.File
 
-class Database(private val name: String, private val context: Context) {
+class Database(private val name: String, private var password: String?, private val context: Context) {
 
     private val db: SQLiteDatabase by lazy {
+        if (password.equals("")) {
+            password = null
+        }
+
+        SQLiteDatabase.loadLibs(context)
         SQLiteDatabase.openOrCreateDatabase(
                 // TODO: This SUCKS. Seems like Android doesn't like sqlite `?mode=memory&cache=shared` mode. To avoid random breakages, save the file to /tmp, but this is slow.
                 // NOTE: This is because Android system SQLite is not compiled with SQLITE_USE_URI=1
@@ -18,6 +23,7 @@ class Database(private val name: String, private val context: Context) {
                 } else
                     // On some systems there is some kind of lock on `/databases` folder ¯\_(ツ)_/¯
                     context.getDatabasePath("$name.db").path.replace("/databases", ""),
+                password,
                 null)
     }
 
@@ -79,12 +85,14 @@ class Database(private val name: String, private val context: Context) {
     private fun getAllTables(): ArrayList<String> {
         val allTables: ArrayList<String> = arrayListOf()
         rawQuery(Queries.select_tables).use {
-            it.moveToFirst()
-            val index = it.getColumnIndex("name")
-            if (index > -1) {
-                do {
-                    allTables.add(it.getString(index))
-                } while (it.moveToNext())
+            if (it.count > 0) {
+                it.moveToFirst()
+                val index = it.getColumnIndex("name")
+                if (index > -1) {
+                    do {
+                        allTables.add(it.getString(index))
+                    } while (it.moveToNext())
+                }
             }
         }
         return allTables

native/android/src/main/java/com/nozbe/watermelondb/DatabaseBridge.kt

@@ -32,6 +32,7 @@ class DatabaseBridge(private val reactContext: ReactApplicationContext) :
     fun initialize(
         tag: ConnectionTag,
         databaseName: String,
+        password: String,
         schemaVersion: Int,
         promise: Promise
     ) {
@@ -43,6 +44,7 @@ class DatabaseBridge(private val reactContext: ReactApplicationContext) :
                     driver = DatabaseDriver(
                             context = reactContext,
                             dbName = databaseName,
+                            password = password,
                             schemaVersion = schemaVersion
                     )
             )
@@ -66,6 +68,7 @@ class DatabaseBridge(private val reactContext: ReactApplicationContext) :
     fun setUpWithSchema(
         tag: ConnectionTag,
         databaseName: String,
+        password: String,
         schema: SQL,
         schemaVersion: SchemaVersion,
         promise: Promise
@@ -74,6 +77,7 @@ class DatabaseBridge(private val reactContext: ReactApplicationContext) :
             driver = DatabaseDriver(
                     context = reactContext,
                     dbName = databaseName,
+                    password = password,
                     schema = Schema(
                             version = schemaVersion,
                             sql = schema
@@ -86,6 +90,7 @@ class DatabaseBridge(private val reactContext: ReactApplicationContext) :
     fun setUpWithMigrations(
         tag: ConnectionTag,
         databaseName: String,
+        password: String,
         migrations: SQL,
         fromVersion: SchemaVersion,
         toVersion: SchemaVersion,
@@ -101,7 +106,8 @@ class DatabaseBridge(private val reactContext: ReactApplicationContext) :
                                     from = fromVersion,
                                     to = toVersion,
                                     sql = migrations
-                            )
+                            ),
+                            password = password
                     ),
                     promise = promise
             )

native/android/src/main/java/com/nozbe/watermelondb/DatabaseDriver.kt

@@ -9,7 +9,7 @@ import com.facebook.react.bridge.WritableArray
 import java.lang.Exception
 import java.util.logging.Logger
 
-class DatabaseDriver(context: Context, dbName: String) {
+class DatabaseDriver(context: Context, dbName: String, password: String) {
     sealed class Operation {
         class Execute(val table: TableName, val query: SQL, val args: QueryArgs) : Operation()
         class Create(val table: TableName, val id: RecordID, val query: SQL, val args: QueryArgs) :
@@ -24,25 +24,25 @@ class DatabaseDriver(context: Context, dbName: String) {
     class SchemaNeededError : Exception()
     data class MigrationNeededError(val databaseVersion: SchemaVersion) : Exception()
 
-    constructor(context: Context, dbName: String, schemaVersion: SchemaVersion) :
-            this(context, dbName) {
+    constructor(context: Context, dbName: String, password: String, schemaVersion: SchemaVersion) :
+            this(context, dbName, password) {
         when (val compatibility = isCompatible(schemaVersion)) {
             is SchemaCompatibility.NeedsSetup -> throw SchemaNeededError()
             is SchemaCompatibility.NeedsMigration ->
                 throw MigrationNeededError(compatibility.fromVersion)
         }
     }
 
-    constructor(context: Context, dbName: String, schema: Schema) : this(context, dbName) {
+    constructor(context: Context, dbName: String, password: String, schema: Schema) : this(context, dbName, password) {
         unsafeResetDatabase(schema)
     }
 
-    constructor(context: Context, dbName: String, migrations: MigrationSet) :
-            this(context, dbName) {
+    constructor(context: Context, dbName: String, password: String, migrations: MigrationSet) :
+            this(context, dbName, password) {
         migrate(migrations)
     }
 
-    private val database: Database = Database(dbName, context)
+    private val database: Database = Database(dbName, password, context)
 
     private val log: Logger? = if (BuildConfig.DEBUG) Logger.getLogger("DB_Driver") else null
 

native/ios/WatermelonDB/Database.swift

@@ -8,9 +8,11 @@ class Database {
 
     private let fmdb: FMDatabase
     private let path: String
+    private let password: String
 
-    init(path: String) {
+    init(path: String, password: String) {
         self.path = path
+        self.password = password
         fmdb = FMDatabase(path: path)
         open()
     }
@@ -32,6 +34,7 @@ class Database {
     }
 
     func inTransaction(_ executeBlock: () throws -> Void) throws {
+        fmdb.setKey(self.password)
         guard fmdb.beginTransaction() else { throw fmdb.lastError() }
 
         do {
@@ -44,17 +47,20 @@ class Database {
     }
 
     func execute(_ query: SQL, _ args: QueryArgs = []) throws {
+        fmdb.setKey(self.password)
         try fmdb.executeUpdate(query, values: args)
     }
 
     /// Executes multiple queries separated by `;`
     func executeStatements(_ queries: SQL) throws {
+        fmdb.setKey(self.password)
         guard fmdb.executeStatements(queries) else {
             throw fmdb.lastError()
         }
     }
 
     func queryRaw(_ query: SQL, _ args: QueryArgs = []) throws -> AnyIterator<FMResultSet> {
+        fmdb.setKey(self.password)
         let resultSet = try fmdb.executeQuery(query, values: args)
 
         return AnyIterator {
@@ -69,6 +75,7 @@ class Database {
 
     /// Use `select count(*) as count`
     func count(_ query: SQL, _ args: QueryArgs = []) throws -> Int {
+        fmdb.setKey(self.password)
         let result = try fmdb.executeQuery(query, values: args)
         defer { result.close() }
 
@@ -86,18 +93,21 @@ class Database {
     var userVersion: Int {
         get {
             // swiftlint:disable:next force_try
+            fmdb.setKey(self.password)
             let result = try! fmdb.executeQuery("pragma user_version", values: [])
             result.next()
             defer { result.close() }
             return result.long(forColumnIndex: 0)
         }
         set {
+            fmdb.setKey(self.password)
             // swiftlint:disable:next force_try
             try! execute("pragma user_version = \(newValue)")
         }
     }
 
     func unsafeDestroyEverything() throws {
+        fmdb.setKey(self.password)
         // NOTE: Deleting files by default because it seems simpler, more reliable
         // But sadly this won't work for in-memory (shared) databases
         if isInMemoryDatabase {

native/ios/WatermelonDB/DatabaseBridge.m

@@ -15,17 +15,20 @@ @interface RCT_EXTERN_REMAP_MODULE(DatabaseBridge, DatabaseBridge, NSObject)
 
 WMELON_BRIDGE_METHOD(initialize,
   databaseName:(nonnull NSString *)name
+  password:(nonnull NSString *)password
   schemaVersion:(nonnull NSNumber *)version
 )
 
 WMELON_BRIDGE_METHOD(setUpWithSchema,
   databaseName:(nonnull NSString *)name
+  password:(nonnull NSString *)password
   schema:(nonnull NSString *)schema
   schemaVersion:(nonnull NSNumber *)version
 )
 
 WMELON_BRIDGE_METHOD(setUpWithMigrations,
   databaseName:(nonnull NSString *)name
+  password:(nonnull NSString *)password
   migrations:(nonnull NSString *)migrationSQL
   fromVersion:(nonnull NSNumber *)version
   toVersion:(nonnull NSNumber *)version

native/ios/WatermelonDB/DatabaseBridge.swift

@@ -25,15 +25,16 @@ final public class DatabaseBridge: NSObject {
 // MARK: - Asynchronous connections
 
 extension DatabaseBridge {
-    @objc(initialize:databaseName:schemaVersion:resolve:reject:)
+    @objc(initialize:databaseName:password:schemaVersion:resolve:reject:)
     func initialize(tag: ConnectionTag,
                     databaseName: String,
+                    password: String,
                     schemaVersion: NSNumber,
                     resolve: RCTPromiseResolveBlock,
                     reject: RCTPromiseRejectBlock) {
         do {
             try assertNoConnection(tag)
-            let driver = try DatabaseDriver(dbName: databaseName, schemaVersion: schemaVersion.intValue)
+            let driver = try DatabaseDriver(dbName: databaseName, password: password, schemaVersion: schemaVersion.intValue)
             connections[tag.intValue] = .connected(driver: driver, synchronous: false)
             resolve(["code": "ok"])
         } catch _ as DatabaseDriver.SchemaNeededError {
@@ -48,22 +49,24 @@ extension DatabaseBridge {
         }
     }
 
-    @objc(setUpWithSchema:databaseName:schema:schemaVersion:resolve:reject:)
+    @objc(setUpWithSchema:databaseName:password:schema:schemaVersion:resolve:reject:)
     func setUpWithSchema(tag: ConnectionTag,
                          databaseName: String,
+                         password: String,
                          schema: Database.SQL,
                          schemaVersion: NSNumber,
                          resolve: RCTPromiseResolveBlock,
                          reject: RCTPromiseRejectBlock) {
-        let driver = DatabaseDriver(dbName: databaseName,
+        let driver = DatabaseDriver(dbName: databaseName, password: password,
                                     setUpWithSchema: (version: schemaVersion.intValue, sql: schema))
         connectDriverAsync(connectionTag: tag, driver: driver)
         resolve(true)
     }
 
-    @objc(setUpWithMigrations:databaseName:migrations:fromVersion:toVersion:resolve:reject:)
+    @objc(setUpWithMigrations:databaseName:password:migrations:fromVersion:toVersion:resolve:reject:)
     func setUpWithMigrations(tag: ConnectionTag, // swiftlint:disable:this function_parameter_count
                              databaseName: String,
+                             password: String,
                              migrations: Database.SQL,
                              fromVersion: NSNumber,
                              toVersion: NSNumber,
@@ -72,6 +75,7 @@ extension DatabaseBridge {
         do {
             let driver = try DatabaseDriver(
                 dbName: databaseName,
+                password: password,
                 setUpWithMigrations: (from: fromVersion.intValue, to: toVersion.intValue, sql: migrations)
             )
             connectDriverAsync(connectionTag: tag, driver: driver)
@@ -94,14 +98,15 @@ extension DatabaseBridge {
         }
     }
 
-    @objc(initializeSynchronous:databaseName:schemaVersion:)
+    @objc(initializeSynchronous:databaseName:password:schemaVersion:)
     func initializeSynchronous(tag: ConnectionTag,
                                databaseName: String,
+                               password: String,
                                schemaVersion: NSNumber) -> NSDictionary {
         return synchronously {
             do {
                 try assertNoConnection(tag)
-                let driver = try DatabaseDriver(dbName: databaseName, schemaVersion: schemaVersion.intValue)
+                let driver = try DatabaseDriver(dbName: databaseName, password: password, schemaVersion: schemaVersion.intValue)
                 connections[tag.intValue] = .connected(driver: driver, synchronous: true)
                 return ["code": "ok"]
             } catch _ as DatabaseDriver.SchemaNeededError {
@@ -115,30 +120,34 @@ extension DatabaseBridge {
         }
     }
 
-    @objc(setUpWithSchemaSynchronous:databaseName:schema:schemaVersion:)
+    @objc(setUpWithSchemaSynchronous:databaseName:password:schema:schemaVersion:)
     func setUpWithSchemaSynchronous(tag: ConnectionTag,
                                     databaseName: String,
+                                    password: String,
                                     schema: Database.SQL,
                                     schemaVersion: NSNumber) -> NSDictionary {
         return synchronously {
             try assertNoConnection(tag)
             let driver = DatabaseDriver(dbName: databaseName,
+                                        password: password,
                                         setUpWithSchema: (version: schemaVersion.intValue, sql: schema))
             connections[tag.intValue] = .connected(driver: driver, synchronous: true)
             return true
         }
     }
 
-    @objc(setUpWithMigrationsSynchronous:databaseName:migrations:fromVersion:toVersion:)
+    @objc(setUpWithMigrationsSynchronous:databaseName:password:migrations:fromVersion:toVersion:)
     func setUpWithMigrationsSynchronous(tag: ConnectionTag,
                                         databaseName: String,
+                                        password: String,
                                         migrations: Database.SQL,
                                         fromVersion: NSNumber,
                                         toVersion: NSNumber) -> NSDictionary {
         return synchronously {
             try assertNoConnection(tag)
             let driver = try DatabaseDriver(
                 dbName: databaseName,
+                password: password,
                 setUpWithMigrations: (from: fromVersion.intValue, to: toVersion.intValue, sql: migrations)
             )
             connections[tag.intValue] = .connected(driver: driver, synchronous: true)