feat: Encrypt data column of connections (#105)

2021-11-28 22:08:35 +01:00
parent 69bea588e4
commit f949eca3c4
6 changed files with 44 additions and 1 deletions
--- a/packages/backend/.env-example
+++ b/packages/backend/.env-example
@@ -9,3 +9,4 @@ POSTGRES_HOST=localhost
 POSTGRES_USERNAME=automatish_development_user
 POSTGRES_PASSWORD=
 POSTGRES_ENABLE_SSL=false
+ENCRYPTION_KEY=sample-encryption-key
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -19,6 +19,7 @@
    "axios": "0.24.0",
    "bcrypt": "^5.0.1",
    "cors": "^2.8.5",
+    "crypto-js": "^4.1.1",
    "debug": "~2.6.9",
    "discord.js": "13.2.0",
    "dotenv": "^10.0.0",
@@ -63,6 +64,7 @@
  "devDependencies": {
    "@types/bcrypt": "^5.0.0",
    "@types/cors": "^2.8.12",
+    "@types/crypto-js": "^4.0.2",
    "@types/express": "^4.17.13",
    "@types/http-errors": "^1.8.1",
    "@types/morgan": "^1.9.3",
--- a/packages/backend/src/config/app.ts
+++ b/packages/backend/src/config/app.ts
@@ -13,7 +13,8 @@ type AppConfig = {
  postgresUsername: string,
  postgresPassword: string,
  postgresEnableSsl: boolean,
-  baseUrl?: string
+  baseUrl?: string,
+  encryptionKey: string
 }

 const appConfig: AppConfig = {
@@ -28,6 +29,7 @@ const appConfig: AppConfig = {
  postgresUsername: process.env.POSTGRES_USERNAME || 'automatish_development_user',
  postgresPassword: process.env.POSTGRES_PASSWORD,
  postgresEnableSsl: process.env.POSTGRES_ENABLE_SSL === 'true' ? true : false,
+  encryptionKey: process.env.ENCRYPTION_KEY
 }

 const baseUrl = `${appConfig.protocol}://${appConfig.host}:${appConfig.port}`;
--- a/packages/backend/src/graphql/queries/test-connection.ts
+++ b/packages/backend/src/graphql/queries/test-connection.ts
@@ -19,6 +19,7 @@ const testConnectionResolver = async (params: Params, req: RequestWithCurrentUse
  const isStillVerified = await appInstance.authenticationClient.isStillVerified();

  connection = await connection.$query().patchAndFetch({
+    data: connection.data,
    verified: isStillVerified
  })

--- a/packages/backend/src/models/connection.ts
+++ b/packages/backend/src/models/connection.ts
@@ -1,5 +1,8 @@
+import { QueryContext, ModelOptions } from 'objection';
+import { AES, enc } from 'crypto-js';
 import Base from './base'
 import User from './user'
+import appConfig from '../config/app';

 class Connection extends Base {
  id!: number
@@ -34,6 +37,30 @@ class Connection extends Base {
      },
    }
  })
+
+  encryptData() {
+    this.data = AES.encrypt(JSON.stringify(this.data), appConfig.encryptionKey).toString();
+  }
+
+  decryptData() {
+    this.data = JSON.parse(AES.decrypt(this.data, appConfig.encryptionKey).toString(enc.Utf8));
+  }
+
+  // TODO: Make another abstraction like beforeSave instead of using
+  // beforeInsert and beforeUpdate separately for the same operation.
+  async $beforeInsert(queryContext: QueryContext) {
+    await super.$beforeInsert(queryContext);
+    this.encryptData();
+  }
+
+  async $beforeUpdate(opt: ModelOptions, queryContext: QueryContext) {
+    await super.$beforeUpdate(opt, queryContext);
+    this.encryptData();
+  }
+
+  async $afterFind(queryContext: QueryContext) {
+    this.decryptData();
+  }
 }

 export default Connection;
--- a/yarn.lock
+++ b/yarn.lock
@@ -3067,6 +3067,11 @@
  resolved "https://registry.yarnpkg.com/@types/cors/-/cors-2.8.12.tgz#6b2c510a7ad7039e98e7b8d3d6598f4359e5c080"
  integrity sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==

+"@types/crypto-js@^4.0.2":
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/@types/crypto-js/-/crypto-js-4.0.2.tgz#4524325a175bf819fec6e42560c389ce1fb92c97"
+  integrity sha512-sCVniU+h3GcGqxOmng11BRvf9TfN9yIs8KKjB8C8d75W69cpTfZG80gau9yTx5SxF3gvHGbJhdESzzvnjtf3Og==
+
 "@types/eslint@^7.2.6":
  version "7.28.1"
  resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-7.28.1.tgz#50b07747f1f84c2ba8cd394cf0fe0ba07afce320"
@@ -5884,6 +5889,11 @@ crypto-browserify@^3.11.0:
    randombytes "^2.0.0"
    randomfill "^1.0.3"

+crypto-js@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.1.1.tgz#9e485bcf03521041bd85844786b83fb7619736cf"
+  integrity sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==
+
 crypto-random-string@^1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"