jeffemmett
/
canvas-website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
canvas-website/backlog/tasks/task-025 - Google-Export-Lo...

3.3 KiB
Raw Blame History

id title status assignee created_date updated_date labels dependencies priority
task-025 Google Export: Local-First Data Sovereignty Done
2025-12-04 20:25 2025-12-05 01:53
feature
google
encryption
privacy
medium

Description

Import Google Workspace data (Gmail, Drive, Photos, Calendar) locally, encrypt with WebCrypto, store in IndexedDB. User controls what gets shared to board or backed up to R2.

Worktree: /home/jeffe/Github/canvas-website-branch-worktrees/google-export Branch: feature/google-export

Architecture docs in: docs/GOOGLE_DATA_SOVEREIGNTY.md

Acceptance Criteria

  • #1 OAuth 2.0 with PKCE flow for Google APIs
  • #2 IndexedDB schema for encrypted data storage
  • #3 WebCrypto key derivation from master key
  • #4 Gmail import with pagination and progress
  • #5 Drive document import
  • #6 Photos thumbnail import
  • #7 Calendar event import
  • #8 Share to board functionality
  • #9 R2 encrypted backup/restore

Implementation Notes

Starting implementation - reviewed architecture doc GOOGLE_DATA_SOVEREIGNTY.md

Implemented core Google Data Sovereignty module:

  • types.ts: Type definitions for all encrypted data structures

  • encryption.ts: WebCrypto AES-256-GCM encryption, HKDF key derivation, PKCE utilities

  • database.ts: IndexedDB schema with stores for gmail, drive, photos, calendar, sync metadata, encryption metadata, tokens

  • oauth.ts: OAuth 2.0 PKCE flow for Google APIs with encrypted token storage

  • importers/gmail.ts: Gmail import with pagination, progress tracking, batch storage

  • importers/drive.ts: Drive import with folder navigation, Google Docs export

  • importers/photos.ts: Photos import with thumbnail caching, album support

  • importers/calendar.ts: Calendar import with date range filtering, recurring events

  • share.ts: Share service for creating tldraw shapes from encrypted data

  • backup.ts: R2 backup service with encrypted manifest, checksum verification

  • index.ts: Main module with GoogleDataService class and singleton pattern

TypeScript compilation passes - all core modules implemented

Committed and pushed to feature/google-export branch (e69ed0e)

All core modules implemented and working: OAuth, encryption, database, share, backup

Gmail, Drive, and Calendar importers working correctly

Photos importer has 403 error on some thumbnail URLs - needs investigation:

  • May require proper OAuth consent screen verification

  • baseUrl might need different approach for non-public photos

  • Consider using Photos API mediaItems.get for base URLs instead of direct thumbnail access

Phase 2 complete: Renamed GoogleDataBrowser to GoogleExportBrowser (commit 33f5dc7)

Pushed to feature/google-export branch

Phase 3 complete: Added Private Workspace zone (commit 052c984)

  • PrivateWorkspaceShapeUtil: Frosted glass container with pin/collapse/close

  • usePrivateWorkspace hook for event handling

  • PrivateWorkspaceManager component integrated into Board.tsx

Phase 4 complete: Added GoogleItemShape with privacy badges (commit 84c6bf8)

  • GoogleItemShapeUtil: Visual distinction for local vs shared items

  • Privacy badge with 🔒/🌐 icons

  • Updated ShareableItem type with service and thumbnailUrl