Adding a check to make sure that encryption does not execute upon directories, as well as adding copy to warn that attachments are not encrypted.

2023-12-06 16:38:03 +00:00 · 2023-12-06 16:38:03 +00:00 · 3dcb3062f5
parent a6d59e9ea0
commit 3dcb3062f5
2 changed files with 15 additions and 9 deletions
--- a/packages/backend-core/src/security/encryption.ts
+++ b/packages/backend-core/src/security/encryption.ts
@ -73,6 +73,9 @@ export async function encryptFile(
  const outputFileName = `${filename}.enc`

  const filePath = join(dir, filename)
+  if (fs.lstatSync(filePath).isDirectory()) {
+    throw new Error("Unable to encrypt directory")
+  }
  const inputFile = fs.createReadStream(filePath)
  const outputFile = fs.createWriteStream(join(dir, outputFileName))

@ -110,6 +113,9 @@ export async function decryptFile(
  outputPath: string,
  secret: string
 ) {
+  if (fs.lstatSync(inputPath).isDirectory()) {
+    throw new Error("Unable to encrypt directory")
+  }
  const { salt, iv } = await getSaltAndIV(inputPath)
  const inputFile = fs.createReadStream(inputPath, {
    start: SALT_LENGTH + IV_LENGTH,
--- a/packages/builder/src/components/start/ExportAppModal.svelte
+++ b/packages/builder/src/components/start/ExportAppModal.svelte
@ -13,7 +13,7 @@
  export let app
  export let published
  let includeInternalTablesRows = true
-  let encypt = true
+  let encrypt = true

  let password = null
  const validation = createValidationStore()
@ -27,9 +27,9 @@
  $: stepConfig = {
    [Step.CONFIG]: {
      title: published ? "Export published app" : "Export latest app",
-      confirmText: encypt ? "Continue" : exportButtonText,
+      confirmText: encrypt ? "Continue" : exportButtonText,
      onConfirm: () => {
-        if (!encypt) {
+        if (!encrypt) {
          exportApp()
        } else {
          currentStep = Step.SET_PASSWORD
@ -109,13 +109,13 @@
        text="Export rows from internal tables"
        bind:value={includeInternalTablesRows}
      />
-      <Toggle text="Encrypt my export" bind:value={encypt} />
+      <Toggle text="Encrypt my export" bind:value={encrypt} />
    </Body>
-    {#if !encypt}
-      <InlineAlert
-        header="Do not share your budibase application exports publicly as they may contain sensitive information such as database credentials or secret keys."
-      />
-    {/if}
+    <InlineAlert
+      header={encrypt
+        ? "Please note Budibase does not encrypt the files during the export process to ensure efficient export of large attachments."
+        : "Do not share your Budibase application exports publicly as they may contain sensitive information such as database credentials or secret keys."}
+    />
  {/if}
  {#if currentStep === Step.SET_PASSWORD}
    <Input