elpatron/internxt-webdav
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Translate all user-facing output to English

Browse Source 
- Scripts: start-webdav.cmd, stop-webdav.cmd (echo messages, REM comments)
- Server: server.js (console.log, HTTP error messages)
- Token tools: token-test.js, token-refresh.js
- Other: auth-poc.js, debug-name-decrypt.js, internxt-client.js, upload.js
- Docs: README, .env.example, docs/*.md

Made-with: Cursor
This commit is contained in:
elpatron
2026-02-28 16:37:28 +01:00
parent 19dd30e0fb
commit 262cffe4a6
16 changed files with 339 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
docs/auth-analysis.md
View File

@@ -1,17 +1,17 @@
# Internxt Auth-Analyse: Web vs CLI vs Rclone
# Internxt Auth Analysis: Web vs CLI vs Rclone
## Kernbefund: Client-Identifikation bestimmt Zugang
## Core Finding: Client Identification Determines Access
Der Backend-Server blockiert bestimmte Account-Tiers basierend auf der **Client-Identifikation**:
The backend server blocks certain account tiers based on **client identification**:
| Client | clientName | Login-Methode | Endpoint | Status für eingeschränkte Tiers |
|--------|-----------|---------------|----------|--------------------------------|
| **drive-web** | `drive-web` | `login()` | `/auth/login` | ✅ Erlaubt |
| **drive-desktop** | `drive-desktop` | `login()` | `/auth/login` | ✅ Erlaubt |
| **internxt-cli** | `internxt-cli` | `loginAccess()` | `/auth/login/access` | ❌ Blockiert |
| **rclone** | (rclone-adapter) | loginAccess-ähnlich | `/auth/login/access` | ❌ Blockiert |
| Client | clientName | Login Method | Endpoint | Status for restricted tiers |
|--------|------------|--------------|----------|-----------------------------|
| **drive-web** | `drive-web` | `login()` | `/auth/login` | ✅ Allowed |
| **drive-desktop** | `drive-desktop` | `login()` | `/auth/login` | ✅ Allowed |
| **internxt-cli** | `internxt-cli` | `loginAccess()` | `/auth/login/access` | ❌ Blocked |
| **rclone** | (rclone-adapter) | loginAccess-like | `/auth/login/access` | ❌ Blocked |
## Quellen
## Sources
### drive-web ([auth.service.ts](drive-web/src/services/auth.service.ts))
@@ -24,13 +24,13 @@ const getAuthClient = (authType: 'web' | 'desktop') => {
return AUTH_CLIENT[authType];
};
// Login mit authClient.login() - NICHT loginAccess()
// Login with authClient.login() - NOT loginAccess()
return authClient.login(loginDetails, cryptoProvider)
```
- **createAuthClient()**: `clientName: packageJson.name` = `"drive-web"`
- **createDesktopAuthClient()**: `clientName: "drive-desktop"`
- **Methode**: `login()` (nicht `loginAccess`)
- **Method**: `login()` (not `loginAccess`)
### CLI ([auth.service.ts](https://github.com/internxt/cli/blob/main/src/services/auth.service.ts))
@@ -39,8 +39,8 @@ const authClient = SdkManager.instance.getAuth();
const data = await authClient.loginAccess(loginDetails, CryptoService.cryptoProvider);
```
- **getAppDetails()**: `clientName: packageJson.clientName` = `"internxt-cli"` (aus [package.json](https://github.com/internxt/cli/blob/main/package.json))
- **Methode**: `loginAccess()` (nicht `login`)
- **getAppDetails()**: `clientName: packageJson.clientName` = `"internxt-cli"` (from [package.json](https://github.com/internxt/cli/blob/main/package.json))
- **Method**: `loginAccess()` (not `login`)
### SDK Factory ([drive-web](drive-web/src/app/core/factory/sdk/index.ts))
@@ -61,38 +61,38 @@ private static getDesktopAppDetails(): AppDetails {
}
```
## Lösung für WebDAV-Wrapper
## Solution for WebDAV Wrapper
**Strategie:** Den Auth-Client so konfigurieren, dass er sich als `drive-web` ausgibt und `login()` statt `loginAccess()` verwendet.
**Strategy:** Configure the auth client to identify as `drive-web` and use `login()` instead of `loginAccess()`.
1. **@internxt/sdk** mit `Auth.client(apiUrl, appDetails, apiSecurity)` verwenden
2. **appDetails** setzen: `{ clientName: "drive-web", clientVersion: "1.0" }`
3. **login()** aufrufen (nicht `loginAccess()`)
4. CryptoProvider wie in drive-web implementieren (passToHash, decryptText, getKeys, parseAndDecryptUserKeys)
1. Use **@internxt/sdk** with `Auth.client(apiUrl, appDetails, apiSecurity)`
2. Set **appDetails**: `{ clientName: "drive-web", clientVersion: "1.0" }`
3. Call **login()** (not `loginAccess()`)
4. Implement CryptoProvider like in drive-web (passToHash, decryptText, getKeys, parseAndDecryptUserKeys)
## Abhängigkeiten für WebDAV-Wrapper
## Dependencies for WebDAV Wrapper
- `@internxt/sdk` (Version 1.13.x oder kompatibel drive-web nutzt 1.13.2)
- `@internxt/lib` (für aes, Crypto)
- Crypto-Logik aus drive-web: `app/crypto/services/keys.service`, `app/crypto/services/utils`
- Keys-Format: ECC + Kyber (post-quantum)
- `@internxt/sdk` (version 1.13.x or compatible drive-web uses 1.13.2)
- `@internxt/lib` (for aes, Crypto)
- Crypto logic from drive-web: `app/crypto/services/keys.service`, `app/crypto/services/utils`
- Keys format: ECC + Kyber (post-quantum)
## Aktueller Status (Stand: Analyse)
## Current Status (as of analysis)
- **CRYPTO_SECRET**: Korrekt (Salt-Decryption OK mit `6KYQBP847D4ATSFA`)
- **loginWithoutKeys**: Liefert weiterhin "Wrong login credentials" möglicherweise lehnt das Backend diesen Flow für bestimmte Account-Typen (z.B. mailbox.org-Partner) ab
- **login() mit Keys**: Kyber-WASM schlägt unter Windows fehl (`@dashlane/pqc-kem-kyber512-node`)
- **CRYPTO_SECRET**: Correct (salt decryption OK with `6KYQBP847D4ATSFA`)
- **loginWithoutKeys**: Still returns "Wrong login credentials" backend may reject this flow for certain account types (e.g. mailbox.org partner)
- **login() with keys**: Kyber-WASM fails under Windows (`@dashlane/pqc-kem-kyber512-node`)
## Nächste Schritte
## Next Steps
1. **Ansatz B testen**: Browser-basierter Token-Extrakt im Web einloggen, Session-Token aus localStorage/DevTools lesen, im Wrapper verwenden
2. **login() unter Linux**: Kyber-Paket könnte unter Linux funktionieren
3. **Internxt-Support**: Nachfragen, ob Partner-Accounts (mailbox.org) andere Auth-Flows nutzen
1. **Test approach B**: Browser-based token extraction log in via web, read session token from localStorage/DevTools, use in wrapper
2. **login() under Linux**: Kyber package may work under Linux
3. **Internxt support**: Ask whether partner accounts (mailbox.org) use different auth flows
## CRYPTO_SECRET und API-URL
## CRYPTO_SECRET and API URL
Aus [internxt/cli .env.template](https://github.com/internxt/cli/blob/main/.env.template):
From [internxt/cli .env.template](https://github.com/internxt/cli/blob/main/.env.template):
- **DRIVE_API_URL**: `https://gateway.internxt.com/drive`
- **APP_CRYPTO_SECRET**: `6KYQBP847D4ATSFA`
Der PoC nutzt diese Werte als Fallback.
The PoC uses these values as fallback.