From e94393ddb17f99a63dd8110efb61b3850c3dda09 Mon Sep 17 00:00:00 2001
From: amhsirak <karishmashuklaa@gmail.com>
Date: Thu, 7 Nov 2024 01:28:58 +0530
Subject: [PATCH] feat: generate encryption key if invalid or not provided

---
 server/src/utils/auth.ts | 44 +++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 14 deletions(-)

diff --git a/server/src/utils/auth.ts b/server/src/utils/auth.ts
index f8313df7..ddab4bd4 100644
--- a/server/src/utils/auth.ts
+++ b/server/src/utils/auth.ts
@@ -6,29 +6,37 @@ export const hashPassword = (password: string): Promise<string> => {
     return new Promise((resolve, reject) => {
         bcrypt.genSalt(12, (err, salt) => {
             if (err) {
-                reject(err)
+                reject(err);
             }
             bcrypt.hash(password, salt, (err, hash) => {
                 if (err) {
-                    reject(err)
+                    reject(err);
                 }
-                resolve(hash)
-            })
-        })
-    })
-}
+                resolve(hash);
+            });
+        });
+    });
+};
 
 // password from frontend and hash from database
 export const comparePassword = (password: string, hash: string): Promise<boolean> => {
-    return bcrypt.compare(password, hash)
-}
+    return bcrypt.compare(password, hash);
+};
 
 export const encrypt = (text: string): string => {
     const ivLength = 16;
     const iv = crypto.randomBytes(ivLength);
     const algorithm = 'aes-256-cbc';
-    const key = Buffer.from(getEnvVariable('ENCRYPTION_KEY'), 'hex');
-    const cipher = crypto.createCipheriv(algorithm, key, iv);
+
+    // Retrieve the encryption key or generate a new one if invalid or empty
+    let key = getEnvVariable('ENCRYPTION_KEY');
+    if (!key || key.length !== 64) { // aes-256-cbc requires a 256-bit key, which is 64 hex characters
+        console.warn('Invalid or missing ENCRYPTION_KEY, generating a new one.');
+        key = crypto.randomBytes(32).toString('hex'); // Generate a new 256-bit (32-byte) key
+    }
+    const keyBuffer = Buffer.from(key, 'hex');
+
+    const cipher = crypto.createCipheriv(algorithm, keyBuffer, iv);
     let encrypted = cipher.update(text, 'utf8', 'hex');
     encrypted += cipher.final('hex');
     return `${iv.toString('hex')}:${encrypted}`;
@@ -37,9 +45,17 @@ export const encrypt = (text: string): string => {
 export const decrypt = (encryptedText: string): string => {
     const [iv, encrypted] = encryptedText.split(':');
     const algorithm = "aes-256-cbc";
-    const key = Buffer.from(getEnvVariable('ENCRYPTION_KEY'), 'hex');
-    const decipher = crypto.createDecipheriv(algorithm, key, Buffer.from(iv, 'hex'));
+
+    // Retrieve the encryption key or generate a new one if invalid or empty
+    let key = getEnvVariable('ENCRYPTION_KEY');
+    if (!key || key.length !== 64) { // aes-256-cbc requires a 256-bit key, which is 64 hex characters
+        console.warn('Invalid or missing ENCRYPTION_KEY, generating a new one.');
+        key = crypto.randomBytes(32).toString('hex'); // Generate a new 256-bit (32-byte) key
+    }
+    const keyBuffer = Buffer.from(key, 'hex');
+
+    const decipher = crypto.createDecipheriv(algorithm, keyBuffer, Buffer.from(iv, 'hex'));
     let decrypted = decipher.update(encrypted, 'hex', 'utf8');
     decrypted += decipher.final('utf8');
     return decrypted;
-};
\ No newline at end of file
+};