Decrypt file

This commit is contained in:
Adria Navarro 2023-06-12 16:27:19 +01:00
parent 1f4cdf348f
commit 551ca404b4
3 changed files with 79 additions and 10 deletions

View File

@ -7,9 +7,11 @@ import { join } from "path"
const ALGO = "aes-256-ctr"
const SEPARATOR = "-"
const ITERATIONS = 10000
const RANDOM_BYTES = 16
const STRETCH_LENGTH = 32
const SALT_LENGTH = 16
const IV_LENGTH = 16
export enum SecretOption {
API = "api",
ENCRYPTION = "encryption",
@ -42,7 +44,7 @@ export function encrypt(
input: string,
secretOption: SecretOption = SecretOption.API
) {
const salt = crypto.randomBytes(RANDOM_BYTES)
const salt = crypto.randomBytes(SALT_LENGTH)
const stretched = stretchString(getSecret(secretOption), salt)
const cipher = crypto.createCipheriv(ALGO, stretched, salt)
const base = cipher.update(input)
@ -74,13 +76,15 @@ export async function encryptFile(
const inputFile = fs.createReadStream(filePath)
const outputFile = fs.createWriteStream(join(dir, outputFileName))
const salt = crypto.randomBytes(RANDOM_BYTES)
const salt = crypto.randomBytes(SALT_LENGTH)
const iv = crypto.randomBytes(IV_LENGTH)
const stretched = stretchString(secret, salt)
const cipher = crypto.createCipheriv(ALGO, stretched, salt)
const cipher = crypto.createCipheriv(ALGO, stretched, iv)
const encrypted = inputFile.pipe(cipher).pipe(zlib.createGzip())
outputFile.write(salt)
outputFile.write(iv)
encrypted.pipe(outputFile)
inputFile.pipe(cipher).pipe(outputFile)
return new Promise<{ filename: string; dir: string }>(r => {
outputFile.on("finish", () => {
@ -91,3 +95,54 @@ export async function encryptFile(
})
})
}
export async function decryptFile(
inputPath: string,
outputPath: string,
secret: string
) {
const inputFile = fs.createReadStream(inputPath)
const outputFile = fs.createWriteStream(outputPath)
const salt = await readBytes(inputFile, SALT_LENGTH)
const iv = await readBytes(inputFile, IV_LENGTH)
const stretched = stretchString(secret, salt)
const decipher = crypto.createDecipheriv(ALGO, stretched, iv)
fs.createReadStream(inputPath, { start: SALT_LENGTH + IV_LENGTH })
.pipe(decipher)
.pipe(outputFile)
return new Promise<void>(r => {
outputFile.on("finish", () => {
r()
})
})
}
function readBytes(stream: fs.ReadStream, length: number) {
return new Promise<Buffer>((resolve, reject) => {
let bytesRead = 0
const data: Buffer[] = []
stream.on("readable", () => {
let chunk
while ((chunk = stream.read(length - bytesRead)) !== null) {
data.push(chunk)
bytesRead += chunk.length
}
resolve(Buffer.concat(data))
})
stream.on("end", () => {
reject(new Error("Insufficient data in the stream."))
})
stream.on("error", (error: any) => {
reject(error)
})
})
}

View File

@ -4,13 +4,14 @@ import { DocumentType } from "../../db/utils"
import { isQsTrue } from "../../utilities"
export async function exportAppDump(ctx: any) {
let { appId, excludeRows = false, encryptPassword } = ctx.query
let { appId, excludeRows = false, encryptPassword = "password" } = ctx.query
// remove the 120 second limit for the request
ctx.req.setTimeout(0)
const appName = decodeURI(ctx.query.appname)
excludeRows = isQsTrue(excludeRows)
const extension = encryptPassword ? "enc.tar.gz" : "tar.gz"
const backupIdentifier = `${appName}-export-${new Date().getTime()}.${extension}`
const backupIdentifier = `${appName}-export-${new Date().getTime()}${
encryptPassword ? "-enc" : ""
}.tar.gz`
ctx.attachment(backupIdentifier)
ctx.body = await sdk.backups.streamExportApp({
appId,

View File

@ -1,4 +1,4 @@
import { db as dbCore, objectStore } from "@budibase/backend-core"
import { db as dbCore, encryption, objectStore } from "@budibase/backend-core"
import { Database, Row } from "@budibase/types"
import { getAutomationParams, TABLE_ROW_PREFIX } from "../../../db/utils"
import { budibaseTempDir } from "../../../utilities/budibaseDir"
@ -20,6 +20,7 @@ type TemplateType = {
file?: {
type: string
path: string
password?: string
}
key?: string
}
@ -123,6 +124,15 @@ export function untarFile(file: { path: string }) {
return tmpPath
}
async function decryptFiles(path: string) {
for (let file of fs.readdirSync(path)) {
const inputPath = join(path, file)
const outputPath = inputPath.replace(/\.enc$/, "")
await encryption.decryptFile(inputPath, outputPath, "password")
fs.rmSync(inputPath)
}
}
export function getGlobalDBFile(tmpPath: string) {
return fs.readFileSync(join(tmpPath, GLOBAL_DB_EXPORT_FILE), "utf8")
}
@ -143,6 +153,9 @@ export async function importApp(
template.file && fs.lstatSync(template.file.path).isDirectory()
if (template.file && (isTar || isDirectory)) {
const tmpPath = isTar ? untarFile(template.file) : template.file.path
if (isTar && template.file.password) {
await decryptFiles(tmpPath)
}
const contents = fs.readdirSync(tmpPath)
// have to handle object import
if (contents.length) {