From f949eca3c4737734ada2858dd2dab81dee973d55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20Faruk=20Ayd=C4=B1n?= Date: Sun, 28 Nov 2021 22:08:35 +0100 Subject: [PATCH] feat: Encrypt data column of connections (#105) --- packages/backend/.env-example | 1 + packages/backend/package.json | 2 ++ packages/backend/src/config/app.ts | 4 ++- .../src/graphql/queries/test-connection.ts | 1 + packages/backend/src/models/connection.ts | 27 +++++++++++++++++++ yarn.lock | 10 +++++++ 6 files changed, 44 insertions(+), 1 deletion(-) diff --git a/packages/backend/.env-example b/packages/backend/.env-example index ea045629..b85563c0 100644 --- a/packages/backend/.env-example +++ b/packages/backend/.env-example @@ -9,3 +9,4 @@ POSTGRES_HOST=localhost POSTGRES_USERNAME=automatish_development_user POSTGRES_PASSWORD= POSTGRES_ENABLE_SSL=false +ENCRYPTION_KEY=sample-encryption-key diff --git a/packages/backend/package.json b/packages/backend/package.json index 000d8318..6f130fe1 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -19,6 +19,7 @@ "axios": "0.24.0", "bcrypt": "^5.0.1", "cors": "^2.8.5", + "crypto-js": "^4.1.1", "debug": "~2.6.9", "discord.js": "13.2.0", "dotenv": "^10.0.0", @@ -63,6 +64,7 @@ "devDependencies": { "@types/bcrypt": "^5.0.0", "@types/cors": "^2.8.12", + "@types/crypto-js": "^4.0.2", "@types/express": "^4.17.13", "@types/http-errors": "^1.8.1", "@types/morgan": "^1.9.3", diff --git a/packages/backend/src/config/app.ts b/packages/backend/src/config/app.ts index a2f50da1..33bbe6f0 100644 --- a/packages/backend/src/config/app.ts +++ b/packages/backend/src/config/app.ts @@ -13,7 +13,8 @@ type AppConfig = { postgresUsername: string, postgresPassword: string, postgresEnableSsl: boolean, - baseUrl?: string + baseUrl?: string, + encryptionKey: string } const appConfig: AppConfig = { @@ -28,6 +29,7 @@ const appConfig: AppConfig = { postgresUsername: process.env.POSTGRES_USERNAME || 'automatish_development_user', postgresPassword: process.env.POSTGRES_PASSWORD, postgresEnableSsl: process.env.POSTGRES_ENABLE_SSL === 'true' ? true : false, + encryptionKey: process.env.ENCRYPTION_KEY } const baseUrl = `${appConfig.protocol}://${appConfig.host}:${appConfig.port}`; diff --git a/packages/backend/src/graphql/queries/test-connection.ts b/packages/backend/src/graphql/queries/test-connection.ts index b2cac07c..93befc5b 100644 --- a/packages/backend/src/graphql/queries/test-connection.ts +++ b/packages/backend/src/graphql/queries/test-connection.ts @@ -19,6 +19,7 @@ const testConnectionResolver = async (params: Params, req: RequestWithCurrentUse const isStillVerified = await appInstance.authenticationClient.isStillVerified(); connection = await connection.$query().patchAndFetch({ + data: connection.data, verified: isStillVerified }) diff --git a/packages/backend/src/models/connection.ts b/packages/backend/src/models/connection.ts index 635498cc..f4a0f5a2 100644 --- a/packages/backend/src/models/connection.ts +++ b/packages/backend/src/models/connection.ts @@ -1,5 +1,8 @@ +import { QueryContext, ModelOptions } from 'objection'; +import { AES, enc } from 'crypto-js'; import Base from './base' import User from './user' +import appConfig from '../config/app'; class Connection extends Base { id!: number @@ -34,6 +37,30 @@ class Connection extends Base { }, } }) + + encryptData() { + this.data = AES.encrypt(JSON.stringify(this.data), appConfig.encryptionKey).toString(); + } + + decryptData() { + this.data = JSON.parse(AES.decrypt(this.data, appConfig.encryptionKey).toString(enc.Utf8)); + } + + // TODO: Make another abstraction like beforeSave instead of using + // beforeInsert and beforeUpdate separately for the same operation. + async $beforeInsert(queryContext: QueryContext) { + await super.$beforeInsert(queryContext); + this.encryptData(); + } + + async $beforeUpdate(opt: ModelOptions, queryContext: QueryContext) { + await super.$beforeUpdate(opt, queryContext); + this.encryptData(); + } + + async $afterFind(queryContext: QueryContext) { + this.decryptData(); + } } export default Connection; diff --git a/yarn.lock b/yarn.lock index 64c93443..f62ea42c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3067,6 +3067,11 @@ resolved "https://registry.yarnpkg.com/@types/cors/-/cors-2.8.12.tgz#6b2c510a7ad7039e98e7b8d3d6598f4359e5c080" integrity sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw== +"@types/crypto-js@^4.0.2": + version "4.0.2" + resolved "https://registry.yarnpkg.com/@types/crypto-js/-/crypto-js-4.0.2.tgz#4524325a175bf819fec6e42560c389ce1fb92c97" + integrity sha512-sCVniU+h3GcGqxOmng11BRvf9TfN9yIs8KKjB8C8d75W69cpTfZG80gau9yTx5SxF3gvHGbJhdESzzvnjtf3Og== + "@types/eslint@^7.2.6": version "7.28.1" resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-7.28.1.tgz#50b07747f1f84c2ba8cd394cf0fe0ba07afce320" @@ -5884,6 +5889,11 @@ crypto-browserify@^3.11.0: randombytes "^2.0.0" randomfill "^1.0.3" +crypto-js@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.1.1.tgz#9e485bcf03521041bd85844786b83fb7619736cf" + integrity sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw== + crypto-random-string@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"