vodorod/parcer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #149 from getmaxun/encrypt-key

Browse Source 
feat: generate encryption key if not provided or invalid
This commit is contained in:
Karishma Shukla
2024-11-10 21:58:07 +05:30
committed by GitHub
parent 4a377bbaea e94393ddb1
commit c3e5df9578
1 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
server/src/utils/auth.ts
View File

@@ -6,29 +6,37 @@ export const hashPassword = (password: string): Promise<string> => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
bcrypt.genSalt(12, (err, salt) => { bcrypt.genSalt(12, (err, salt) => {
if (err) { if (err) {
reject(err) reject(err);
} }
bcrypt.hash(password, salt, (err, hash) => { bcrypt.hash(password, salt, (err, hash) => {
if (err) { if (err) {
reject(err) reject(err);
} }
resolve(hash) resolve(hash);
}) });
}) });
}) });
} };
// password from frontend and hash from database // password from frontend and hash from database
export const comparePassword = (password: string, hash: string): Promise<boolean> => { export const comparePassword = (password: string, hash: string): Promise<boolean> => {
return bcrypt.compare(password, hash) return bcrypt.compare(password, hash);
} };
export const encrypt = (text: string): string => { export const encrypt = (text: string): string => {
const ivLength = 16; const ivLength = 16;
const iv = crypto.randomBytes(ivLength); const iv = crypto.randomBytes(ivLength);
const algorithm = 'aes-256-cbc'; const algorithm = 'aes-256-cbc';
const key = Buffer.from(getEnvVariable('ENCRYPTION_KEY'), 'hex');
const cipher = crypto.createCipheriv(algorithm, key, iv); // Retrieve the encryption key or generate a new one if invalid or empty
let key = getEnvVariable('ENCRYPTION_KEY');
if (!key || key.length !== 64) { // aes-256-cbc requires a 256-bit key, which is 64 hex characters
console.warn('Invalid or missing ENCRYPTION_KEY, generating a new one.');
key = crypto.randomBytes(32).toString('hex'); // Generate a new 256-bit (32-byte) key
}
const keyBuffer = Buffer.from(key, 'hex');
const cipher = crypto.createCipheriv(algorithm, keyBuffer, iv);
let encrypted = cipher.update(text, 'utf8', 'hex'); let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex'); encrypted += cipher.final('hex');
return `${iv.toString('hex')}:${encrypted}`; return `${iv.toString('hex')}:${encrypted}`;
@@ -37,8 +45,16 @@ export const encrypt = (text: string): string => {
export const decrypt = (encryptedText: string): string => { export const decrypt = (encryptedText: string): string => {
const [iv, encrypted] = encryptedText.split(':'); const [iv, encrypted] = encryptedText.split(':');
const algorithm = "aes-256-cbc"; const algorithm = "aes-256-cbc";
const key = Buffer.from(getEnvVariable('ENCRYPTION_KEY'), 'hex');
const decipher = crypto.createDecipheriv(algorithm, key, Buffer.from(iv, 'hex')); // Retrieve the encryption key or generate a new one if invalid or empty
let key = getEnvVariable('ENCRYPTION_KEY');
if (!key || key.length !== 64) { // aes-256-cbc requires a 256-bit key, which is 64 hex characters
console.warn('Invalid or missing ENCRYPTION_KEY, generating a new one.');
key = crypto.randomBytes(32).toString('hex'); // Generate a new 256-bit (32-byte) key
}
const keyBuffer = Buffer.from(key, 'hex');
const decipher = crypto.createDecipheriv(algorithm, keyBuffer, Buffer.from(iv, 'hex'));
let decrypted = decipher.update(encrypted, 'hex', 'utf8'); let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8'); decrypted += decipher.final('utf8');
return decrypted; return decrypted;