Merge branch 'feature/budibase-api' of github.com:Budibase/budibase into feature/budibase-api
This commit is contained in:
commit
bc5092c37b
|
@ -23,9 +23,10 @@ async function checkApiKey(apiKey, populateUser) {
|
||||||
if (apiKey === env.INTERNAL_API_KEY) {
|
if (apiKey === env.INTERNAL_API_KEY) {
|
||||||
return { valid: true }
|
return { valid: true }
|
||||||
}
|
}
|
||||||
apiKey = decrypt(apiKey)
|
const decrypted = decrypt(apiKey)
|
||||||
const tenantId = apiKey.split(SEPARATOR)[0]
|
const tenantId = decrypted.split(SEPARATOR)[0]
|
||||||
const db = getGlobalDB(tenantId)
|
const db = getGlobalDB(tenantId)
|
||||||
|
// api key is encrypted in the database
|
||||||
const userId = await queryGlobalView(
|
const userId = await queryGlobalView(
|
||||||
ViewNames.BY_API_KEY,
|
ViewNames.BY_API_KEY,
|
||||||
{
|
{
|
||||||
|
|
|
@ -3,24 +3,30 @@ const env = require("../environment")
|
||||||
|
|
||||||
const ALGO = "aes-256-ctr"
|
const ALGO = "aes-256-ctr"
|
||||||
const SECRET = env.JWT_SECRET
|
const SECRET = env.JWT_SECRET
|
||||||
const SEPARATOR = "/"
|
const SEPARATOR = "-"
|
||||||
|
const ITERATIONS = 10000
|
||||||
|
const RANDOM_BYTES = 16
|
||||||
|
const STRETCH_LENGTH = 32
|
||||||
|
|
||||||
|
function stretchString(string, salt) {
|
||||||
|
return crypto.pbkdf2Sync(string, salt, ITERATIONS, STRETCH_LENGTH, "sha512")
|
||||||
|
}
|
||||||
|
|
||||||
exports.encrypt = input => {
|
exports.encrypt = input => {
|
||||||
const random = crypto.randomBytes(16)
|
const salt = crypto.randomBytes(RANDOM_BYTES)
|
||||||
const cipher = crypto.createCipheriv(ALGO, SECRET, random)
|
const stretched = stretchString(SECRET, salt)
|
||||||
|
const cipher = crypto.createCipheriv(ALGO, stretched, salt)
|
||||||
const base = cipher.update(input)
|
const base = cipher.update(input)
|
||||||
const final = cipher.final()
|
const final = cipher.final()
|
||||||
const encrypted = Buffer.concat([base, final]).toString("hex")
|
const encrypted = Buffer.concat([base, final]).toString("hex")
|
||||||
return `${random.toString("hex")}${SEPARATOR}${encrypted}`
|
return `${salt.toString("hex")}${SEPARATOR}${encrypted}`
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.decrypt = input => {
|
exports.decrypt = input => {
|
||||||
const [random, encrypted] = input.split(SEPARATOR)
|
const [salt, encrypted] = input.split(SEPARATOR)
|
||||||
const decipher = crypto.createDecipheriv(
|
const saltBuffer = Buffer.from(salt, "hex")
|
||||||
ALGO,
|
const stretched = stretchString(SECRET, saltBuffer)
|
||||||
SECRET,
|
const decipher = crypto.createDecipheriv(ALGO, stretched, saltBuffer)
|
||||||
Buffer.from(random, "hex")
|
|
||||||
)
|
|
||||||
const base = decipher.update(Buffer.from(encrypted, "hex"))
|
const base = decipher.update(Buffer.from(encrypted, "hex"))
|
||||||
const final = decipher.final()
|
const final = decipher.final()
|
||||||
return Buffer.concat([base, final]).toString()
|
return Buffer.concat([base, final]).toString()
|
||||||
|
|
Loading…
Reference in New Issue