2.2 KiB
| id | title | status | assignee | created_date | updated_date | labels | dependencies | priority | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| task-025 | Google Export: Local-First Data Sovereignty | In Progress | 2025-12-04 20:25 | 2025-12-04 20:43 |
|
medium |
Description
Import Google Workspace data (Gmail, Drive, Photos, Calendar) locally, encrypt with WebCrypto, store in IndexedDB. User controls what gets shared to board or backed up to R2.
Worktree: /home/jeffe/Github/canvas-website-branch-worktrees/google-export Branch: feature/google-export
Architecture docs in: docs/GOOGLE_DATA_SOVEREIGNTY.md
Acceptance Criteria
- #1 OAuth 2.0 with PKCE flow for Google APIs
- #2 IndexedDB schema for encrypted data storage
- #3 WebCrypto key derivation from master key
- #4 Gmail import with pagination and progress
- #5 Drive document import
- #6 Photos thumbnail import
- #7 Calendar event import
- #8 Share to board functionality
- #9 R2 encrypted backup/restore
Implementation Notes
Starting implementation - reviewed architecture doc GOOGLE_DATA_SOVEREIGNTY.md
Implemented core Google Data Sovereignty module:
-
types.ts: Type definitions for all encrypted data structures
-
encryption.ts: WebCrypto AES-256-GCM encryption, HKDF key derivation, PKCE utilities
-
database.ts: IndexedDB schema with stores for gmail, drive, photos, calendar, sync metadata, encryption metadata, tokens
-
oauth.ts: OAuth 2.0 PKCE flow for Google APIs with encrypted token storage
-
importers/gmail.ts: Gmail import with pagination, progress tracking, batch storage
-
importers/drive.ts: Drive import with folder navigation, Google Docs export
-
importers/photos.ts: Photos import with thumbnail caching, album support
-
importers/calendar.ts: Calendar import with date range filtering, recurring events
-
share.ts: Share service for creating tldraw shapes from encrypted data
-
backup.ts: R2 backup service with encrypted manifest, checksum verification
-
index.ts: Main module with GoogleDataService class and singleton pattern