A new "Eksporter" section on the Profile page generates a markdown
file containing all activities visible to the caller — including
their own private ones — and triggers a download.
Why pure client-side:
- Private rows are E2E-encrypted; the server doesn't have the
cleartext. Decryption MUST happen in the browser.
- Avoiding a server endpoint also means there's no "give me my
plaintext" target for anyone who steals a session cookie.
Mechanics (frontend/src/lib/export.ts):
- Fetch /api/activities (same as the dashboard does)
- For each row, normalise: decrypt private payload via session.dek,
pass semi/public through as-is
- Build a markdown doc with sections "Private (N)" and
"Offentlige og anonyme (N)" plus per-row title/description/tags/
location/scheduled blocks
- Wrap in a Blob, create a temporary <a download>, click it, revoke
the object URL
The Profile section reports the resulting size as a quick confirmation
and surfaces errors inline. No server changes required.
Bundle: 32.7 KB → 34.2 KB gzipped (mostly the export helper itself,
which is plain string concatenation — no new deps).
Ole-Morten Duesund
12d16c0835