Remove all database mappers and README file
This commit is contained in:
natreex
@@ -1,21 +1,14 @@
|
||||
import crypto from 'crypto';
|
||||
|
||||
/**
|
||||
* Encryption utilities using AES-256-GCM for local database encryption
|
||||
* Each user has a unique encryption key derived from their userId and a master secret
|
||||
* Encryption utilities using AES-256-CBC for local database encryption
|
||||
* EXACTEMENT comme dans Fastify System.ts
|
||||
*/
|
||||
|
||||
const ALGORITHM = 'aes-256-gcm';
|
||||
const ALGORITHM = 'aes-256-cbc';
|
||||
const KEY_LENGTH = 32; // 256 bits
|
||||
const IV_LENGTH = 16; // 128 bits
|
||||
const SALT_LENGTH = 64;
|
||||
const TAG_LENGTH = 16;
|
||||
|
||||
export interface EncryptedData {
|
||||
encryptedData: string;
|
||||
iv: string;
|
||||
authTag: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a unique encryption key for a user
|
||||
@@ -54,77 +47,34 @@ function extractKeyFromStored(storedKey: string): Buffer {
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt sensitive data using AES-256-GCM
|
||||
* @param data - Plain text data to encrypt
|
||||
* @param userKey - User's encryption key (base64)
|
||||
* @returns Encrypted data with IV and auth tag
|
||||
*/
|
||||
export function encrypt(data: string, userKey: string): EncryptedData {
|
||||
try {
|
||||
const key = extractKeyFromStored(userKey);
|
||||
const iv = crypto.randomBytes(IV_LENGTH);
|
||||
|
||||
const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
|
||||
|
||||
let encrypted = cipher.update(data, 'utf8', 'hex');
|
||||
encrypted += cipher.final('hex');
|
||||
|
||||
const authTag = cipher.getAuthTag();
|
||||
|
||||
return {
|
||||
encryptedData: encrypted,
|
||||
iv: iv.toString('hex'),
|
||||
authTag: authTag.toString('hex')
|
||||
};
|
||||
} catch (error) {
|
||||
throw new Error(`Encryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt data encrypted with AES-256-GCM
|
||||
* @param encryptedData - Encrypted data object
|
||||
* @param userKey - User's encryption key (base64)
|
||||
* @returns Decrypted plain text
|
||||
*/
|
||||
export function decrypt(encryptedData: EncryptedData, userKey: string): string {
|
||||
try {
|
||||
const key = extractKeyFromStored(userKey);
|
||||
const iv = Buffer.from(encryptedData.iv, 'hex');
|
||||
const authTag = Buffer.from(encryptedData.authTag, 'hex');
|
||||
|
||||
const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
|
||||
decipher.setAuthTag(authTag);
|
||||
|
||||
let decrypted = decipher.update(encryptedData.encryptedData, 'hex', 'utf8');
|
||||
decrypted += decipher.final('utf8');
|
||||
|
||||
return decrypted;
|
||||
} catch (error) {
|
||||
throw new Error(`Decryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt an object by converting it to JSON first
|
||||
* @param obj - Object to encrypt
|
||||
* Encrypt data with user key - EXACTEMENT comme Fastify
|
||||
* @param data - Data to encrypt
|
||||
* @param userKey - User's encryption key
|
||||
* @returns Encrypted data
|
||||
* @returns Encrypted string with format "iv:encryptedData"
|
||||
*/
|
||||
export function encryptObject<T>(obj: T, userKey: string): EncryptedData {
|
||||
const jsonString = JSON.stringify(obj);
|
||||
return encrypt(jsonString, userKey);
|
||||
export function encryptDataWithUserKey(data: string, userKey: string): string {
|
||||
const key = extractKeyFromStored(userKey);
|
||||
const iv = crypto.randomBytes(IV_LENGTH);
|
||||
const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
|
||||
let encryptedData = cipher.update(data, 'utf8', 'hex');
|
||||
encryptedData += cipher.final('hex');
|
||||
return iv.toString('hex') + ':' + encryptedData;
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt and parse an encrypted object
|
||||
* @param encryptedData - Encrypted data object
|
||||
* Decrypt data with user key - EXACTEMENT comme Fastify
|
||||
* @param encryptedData - Encrypted string with format "iv:encryptedData"
|
||||
* @param userKey - User's encryption key
|
||||
* @returns Decrypted and parsed object
|
||||
* @returns Decrypted data
|
||||
*/
|
||||
export function decryptObject<T>(encryptedData: EncryptedData, userKey: string): T {
|
||||
const decrypted = decrypt(encryptedData, userKey);
|
||||
return JSON.parse(decrypted) as T;
|
||||
export function decryptDataWithUserKey(encryptedData: string, userKey: string): string {
|
||||
const [ivHex, encryptedHex] = encryptedData.split(':');
|
||||
const iv = Buffer.from(ivHex, 'hex');
|
||||
const key = extractKeyFromStored(userKey);
|
||||
const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
|
||||
let decryptedData = decipher.update(encryptedHex, 'hex', 'utf8');
|
||||
decryptedData += decipher.final('utf8');
|
||||
return decryptedData || '';
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -132,6 +82,18 @@ export function decryptObject<T>(encryptedData: EncryptedData, userKey: string):
|
||||
* @param data - Data to hash
|
||||
* @returns Hex encoded hash
|
||||
*/
|
||||
export function hash(data: string): string {
|
||||
return crypto.createHash('sha256').update(data).digest('hex');
|
||||
export function hashElement(data: string): string {
|
||||
return crypto.createHash('sha256').update(data.toLowerCase().trim()).digest('hex');
|
||||
}
|
||||
|
||||
// Pour compatibilité avec l'ancien code
|
||||
export const encrypt = encryptDataWithUserKey;
|
||||
export const decrypt = decryptDataWithUserKey;
|
||||
export const hash = hashElement;
|
||||
|
||||
// Interface pour compatibilité (pas utilisée avec AES-CBC)
|
||||
export interface EncryptedData {
|
||||
encryptedData: string;
|
||||
iv: string;
|
||||
authTag: string;
|
||||
}
|
||||
Reference in New Issue
Block a user