feat(cloud): Use Signed Userdata To Protect Paywall Features On Vanilla Installations #8973
Conversation
|
Hello, first of all, thank you for your help, but we decided not to use digital certificate signature after consideration. The main reason is that it can be easily bypassed through the source code, so in order not to add extra complexity, we gave up this part. Can the two issues of the log be submitted separately? Thanks. |
|
Thank you #8977 |
|
Hi D, I can understand your decision to reduce complexity as Siyuan frontend and kernel keeps growing and becoming more difficult to handle over time so this is no problem for me as it was fun to work with JWS. With the digital signature my main idea was to prevent forging a vanilla installation of SiYuan, i.e. someone installs it using the official installers, replaces the (unsigned) userdata with a forged one enabling paywall features. Using a digital signature this wouldn't be possible anymore. But you are right that this doesn't prevent patching the sources to bypass any paywall checks and it would also be possible to remove digital signature at all from the sources. Alas this comes with the penalty of cloning the source code, patching the source code and recompiling it to have a binary that must be replaced on your client(s). If you want to keep track with the frequent updates this soon could become annoying. My second though, more on a LEGAL thinking, was to seal the contract between your customers and the subscription type they bought. The signed userdata could be seen as a signed contract for the activated paywall features that had been approved by you through the signature. The user gets the signed "contract" in return for paying for the additional features. But in the end there is no secure solution for this problem if you plan to stay open source (which I really appreciate). Other projects and commercial services put things behind a cloud-based paywall for dedicated proprietary services that run inside the cloud. However this would break the promise of a local PKM, privacy and being fully open source. |
TL;DR
The current implementation for handling user data fetched from LiYuan cloud service allows forging of sensible paywall features that otherwise would need patching, recompilation and replacing the kernel service.
I also fixed two logging issues where not all function parameters would be rendered.
Context
User data is currently not protected by some digital signature allowing everyone to create a custom JSON data structure for enabling future paywall features.
This change adds required modifications to kernel service to
To make this change work the LiYuan backend service must return an additional result["datasigned"] value containing the JWS token when the user data is fetched. This is needed to allow backward compatibility to older SiYuan installations that rely on the return of plain userdata JSON string located at result["data"] (see
siyuan/kernel/model/cloud_service.go
Line 516 in da41c6a
Nonetheless this change wouldn't prevent patching and recompilation of kernel service to circumvent any paywalls, but