feat: Encrypt data column of connections (#105)

2021-11-28 22:08:35 +01:00
parent 69bea588e4
commit f949eca3c4
6 changed files with 44 additions and 1 deletions
--- a/packages/backend/.env-example
+++ b/packages/backend/.env-example
@@ -9,3 +9,4 @@ POSTGRES_HOST=localhost
 POSTGRES_USERNAME=automatish_development_user
 POSTGRES_PASSWORD=
 POSTGRES_ENABLE_SSL=false
+ENCRYPTION_KEY=sample-encryption-key
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -19,6 +19,7 @@
    "axios": "0.24.0",
    "bcrypt": "^5.0.1",
    "cors": "^2.8.5",
+    "crypto-js": "^4.1.1",
    "debug": "~2.6.9",
    "discord.js": "13.2.0",
    "dotenv": "^10.0.0",
@@ -63,6 +64,7 @@
  "devDependencies": {
    "@types/bcrypt": "^5.0.0",
    "@types/cors": "^2.8.12",
+    "@types/crypto-js": "^4.0.2",
    "@types/express": "^4.17.13",
    "@types/http-errors": "^1.8.1",
    "@types/morgan": "^1.9.3",
--- a/packages/backend/src/config/app.ts
+++ b/packages/backend/src/config/app.ts
@@ -13,7 +13,8 @@ type AppConfig = {
  postgresUsername: string,
  postgresPassword: string,
  postgresEnableSsl: boolean,
-  baseUrl?: string
+  baseUrl?: string,
+  encryptionKey: string
 }

 const appConfig: AppConfig = {
@@ -28,6 +29,7 @@ const appConfig: AppConfig = {
  postgresUsername: process.env.POSTGRES_USERNAME || 'automatish_development_user',
  postgresPassword: process.env.POSTGRES_PASSWORD,
  postgresEnableSsl: process.env.POSTGRES_ENABLE_SSL === 'true' ? true : false,
+  encryptionKey: process.env.ENCRYPTION_KEY
 }

 const baseUrl = `${appConfig.protocol}://${appConfig.host}:${appConfig.port}`;
--- a/packages/backend/src/graphql/queries/test-connection.ts
+++ b/packages/backend/src/graphql/queries/test-connection.ts
@@ -19,6 +19,7 @@ const testConnectionResolver = async (params: Params, req: RequestWithCurrentUse
  const isStillVerified = await appInstance.authenticationClient.isStillVerified();

  connection = await connection.$query().patchAndFetch({
+    data: connection.data,
    verified: isStillVerified
  })

--- a/packages/backend/src/models/connection.ts
+++ b/packages/backend/src/models/connection.ts
@@ -1,5 +1,8 @@
+import { QueryContext, ModelOptions } from 'objection';
+import { AES, enc } from 'crypto-js';
 import Base from './base'
 import User from './user'
+import appConfig from '../config/app';

 class Connection extends Base {
  id!: number
@@ -34,6 +37,30 @@ class Connection extends Base {
      },
    }
  })
+
+  encryptData() {
+    this.data = AES.encrypt(JSON.stringify(this.data), appConfig.encryptionKey).toString();
+  }
+
+  decryptData() {
+    this.data = JSON.parse(AES.decrypt(this.data, appConfig.encryptionKey).toString(enc.Utf8));
+  }
+
+  // TODO: Make another abstraction like beforeSave instead of using
+  // beforeInsert and beforeUpdate separately for the same operation.
+  async $beforeInsert(queryContext: QueryContext) {
+    await super.$beforeInsert(queryContext);
+    this.encryptData();
+  }
+
+  async $beforeUpdate(opt: ModelOptions, queryContext: QueryContext) {
+    await super.$beforeUpdate(opt, queryContext);
+    this.encryptData();
+  }
+
+  async $afterFind(queryContext: QueryContext) {
+    this.decryptData();
+  }
 }

 export default Connection;