Merge pull request #149 from getmaxun/encrypt-key

feat: generate encryption key if not provided or invalid
2024-11-10 21:58:07 +05:30
parent 4a377bbaea e94393ddb1
commit c3e5df9578
1 changed files with 30 additions and 14 deletions
--- a/server/src/utils/auth.ts
+++ b/server/src/utils/auth.ts
@@ -6,29 +6,37 @@ export const hashPassword = (password: string): Promise<string> => {
    return new Promise((resolve, reject) => {
        bcrypt.genSalt(12, (err, salt) => {
            if (err) {
-                reject(err)
+                reject(err);
            }
            bcrypt.hash(password, salt, (err, hash) => {
                if (err) {
-                    reject(err)
+                    reject(err);
                }
-                resolve(hash)
-            })
-        })
-    })
-}
+                resolve(hash);
+            });
+        });
+    });
+};

 // password from frontend and hash from database
 export const comparePassword = (password: string, hash: string): Promise<boolean> => {
-    return bcrypt.compare(password, hash)
-}
+    return bcrypt.compare(password, hash);
+};

 export const encrypt = (text: string): string => {
    const ivLength = 16;
    const iv = crypto.randomBytes(ivLength);
    const algorithm = 'aes-256-cbc';
-    const key = Buffer.from(getEnvVariable('ENCRYPTION_KEY'), 'hex');
-    const cipher = crypto.createCipheriv(algorithm, key, iv);
+
+    // Retrieve the encryption key or generate a new one if invalid or empty
+    let key = getEnvVariable('ENCRYPTION_KEY');
+    if (!key || key.length !== 64) { // aes-256-cbc requires a 256-bit key, which is 64 hex characters
+        console.warn('Invalid or missing ENCRYPTION_KEY, generating a new one.');
+        key = crypto.randomBytes(32).toString('hex'); // Generate a new 256-bit (32-byte) key
+    }
+    const keyBuffer = Buffer.from(key, 'hex');
+
+    const cipher = crypto.createCipheriv(algorithm, keyBuffer, iv);
    let encrypted = cipher.update(text, 'utf8', 'hex');
    encrypted += cipher.final('hex');
    return `${iv.toString('hex')}:${encrypted}`;
@@ -37,9 +45,17 @@ export const encrypt = (text: string): string => {
 export const decrypt = (encryptedText: string): string => {
    const [iv, encrypted] = encryptedText.split(':');
    const algorithm = "aes-256-cbc";
-    const key = Buffer.from(getEnvVariable('ENCRYPTION_KEY'), 'hex');
-    const decipher = crypto.createDecipheriv(algorithm, key, Buffer.from(iv, 'hex'));
+
+    // Retrieve the encryption key or generate a new one if invalid or empty
+    let key = getEnvVariable('ENCRYPTION_KEY');
+    if (!key || key.length !== 64) { // aes-256-cbc requires a 256-bit key, which is 64 hex characters
+        console.warn('Invalid or missing ENCRYPTION_KEY, generating a new one.');
+        key = crypto.randomBytes(32).toString('hex'); // Generate a new 256-bit (32-byte) key
+    }
+    const keyBuffer = Buffer.from(key, 'hex');
+
+    const decipher = crypto.createDecipheriv(algorithm, keyBuffer, Buffer.from(iv, 'hex'));
    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
    decrypted += decipher.final('utf8');
    return decrypted;
-};
+};