From e8703a41f8423e24f46155332dc24019ea885416 Mon Sep 17 00:00:00 2001 From: m5r Date: Sun, 22 May 2022 02:00:12 +0200 Subject: [PATCH] forgotten encryption stuff --- .env.example | 3 ++- app/config/config.server.ts | 10 +++++++++- app/utils/encryption.ts | 29 +++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 app/utils/encryption.ts diff --git a/.env.example b/.env.example index ab39bf3..6e7b983 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,6 @@ APP_BASE_URL=http://localhost:3000 - +# crypto.scryptSync("je s'appelle groot", crypto.randomBytes(16), 32).toString("hex"); +MASTER_ENCRYPTION_KEY=97da37a1003158d7da3d8c10186e61423fd7fa56a4565e3ba4f093b8343780a9 INVITATION_TOKEN_SECRET=0ded075524fd19fe467eb00480b8d5d4 SESSION_SECRET=754a554f4cbf9254e50fda87b48ee52b diff --git a/app/config/config.server.ts b/app/config/config.server.ts index 3aa3751..11d1a15 100644 --- a/app/config/config.server.ts +++ b/app/config/config.server.ts @@ -20,13 +20,21 @@ invariant( `Please define the "AWS_SES_FROM_EMAIL" environment variable`, ); invariant(typeof process.env.REDIS_URL === "string", `Please define the "REDIS_URL" environment variable`); -invariant(typeof process.env.TWILIO_AUTH_TOKEN === "string", `Please define the "TWILIO_AUTH_TOKEN" environment variable`); +invariant( + typeof process.env.TWILIO_AUTH_TOKEN === "string", + `Please define the "TWILIO_AUTH_TOKEN" environment variable`, +); +invariant( + typeof process.env.MASTER_ENCRYPTION_KEY === "string", + `Please define the "MASTER_ENCRYPTION_KEY" environment variable`, +); export default { app: { baseUrl: process.env.APP_BASE_URL, invitationTokenSecret: process.env.INVITATION_TOKEN_SECRET, sessionSecret: process.env.SESSION_SECRET, + encryptionKey: process.env.MASTER_ENCRYPTION_KEY, }, awsSes: { awsRegion: process.env.AWS_SES_REGION, diff --git a/app/utils/encryption.ts b/app/utils/encryption.ts new file mode 100644 index 0000000..6852e0d --- /dev/null +++ b/app/utils/encryption.ts @@ -0,0 +1,29 @@ +import crypto from "crypto"; + +import serverConfig from "~/config/config.server"; + +const ivLength = 16; +const algorithm = "aes-256-cbc"; +const encryptionKey = serverConfig.app.encryptionKey; + +export function encrypt(text: string) { + const encryptionKeyAsBuffer = Buffer.isBuffer(encryptionKey) ? encryptionKey : Buffer.from(encryptionKey, "hex"); + const iv = crypto.randomBytes(ivLength); + const cipher = crypto.createCipheriv(algorithm, encryptionKeyAsBuffer, iv); + const encrypted = cipher.update(text); + const encryptedBuffer = Buffer.concat([encrypted, cipher.final()]); + + return `${iv.toString("hex")}:${encryptedBuffer.toString("hex")}`; +} + +export function decrypt(encryptedHexText: string) { + const encryptionKeyAsBuffer = Buffer.isBuffer(encryptionKey) ? encryptionKey : Buffer.from(encryptionKey, "hex"); + const [hexIv, hexText] = encryptedHexText.split(":"); + const iv = Buffer.from(hexIv!, "hex"); + const encryptedText = Buffer.from(hexText!, "hex"); + const decipher = crypto.createDecipheriv(algorithm, encryptionKeyAsBuffer, iv); + const decrypted = decipher.update(encryptedText); + const decryptedBuffer = Buffer.concat([decrypted, decipher.final()]); + + return decryptedBuffer.toString(); +}