Adding basic encrypt/decrypt pathway.
This commit is contained in:
parent
edd4a3233e
commit
df4af0fb9a
|
@ -0,0 +1 @@
|
||||||
|
module.exports = require("./src/security/encryption")
|
|
@ -6,6 +6,7 @@ const { buildMatcherRegex, matches } = require("./matchers")
|
||||||
const env = require("../environment")
|
const env = require("../environment")
|
||||||
const { SEPARATOR, ViewNames, queryGlobalView } = require("../../db")
|
const { SEPARATOR, ViewNames, queryGlobalView } = require("../../db")
|
||||||
const { getGlobalDB } = require("../tenancy")
|
const { getGlobalDB } = require("../tenancy")
|
||||||
|
const { decrypt } = require("../security/encryption")
|
||||||
|
|
||||||
function finalise(
|
function finalise(
|
||||||
ctx,
|
ctx,
|
||||||
|
@ -22,6 +23,7 @@ async function checkApiKey(apiKey, populateUser) {
|
||||||
if (apiKey === env.INTERNAL_API_KEY) {
|
if (apiKey === env.INTERNAL_API_KEY) {
|
||||||
return { valid: true }
|
return { valid: true }
|
||||||
}
|
}
|
||||||
|
apiKey = decrypt(apiKey)
|
||||||
const tenantId = apiKey.split(SEPARATOR)[0]
|
const tenantId = apiKey.split(SEPARATOR)[0]
|
||||||
const db = getGlobalDB(tenantId)
|
const db = getGlobalDB(tenantId)
|
||||||
const userId = await queryGlobalView(
|
const userId = await queryGlobalView(
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
const crypto = require("crypto")
|
||||||
|
const env = require("../environment")
|
||||||
|
|
||||||
|
const ALGO = "aes-256-ctr"
|
||||||
|
const SECRET = env.JWT_SECRET
|
||||||
|
const SEPARATOR = "/"
|
||||||
|
|
||||||
|
exports.encrypt = input => {
|
||||||
|
const random = crypto.randomBytes(16)
|
||||||
|
const cipher = crypto.createCipheriv(ALGO, SECRET, random)
|
||||||
|
const base = cipher.update(input)
|
||||||
|
const final = cipher.final()
|
||||||
|
const encrypted = Buffer.concat([base, final]).toString("hex")
|
||||||
|
return `${random.toString("hex")}${SEPARATOR}${encrypted}`
|
||||||
|
}
|
||||||
|
|
||||||
|
exports.decrypt = input => {
|
||||||
|
const [random, encrypted] = input.split(SEPARATOR)
|
||||||
|
const decipher = crypto.createDecipheriv(
|
||||||
|
ALGO,
|
||||||
|
SECRET,
|
||||||
|
Buffer.from(random, "hex")
|
||||||
|
)
|
||||||
|
const base = decipher.update(Buffer.from(encrypted, "hex"))
|
||||||
|
const final = decipher.final()
|
||||||
|
return Buffer.concat([base, final]).toString()
|
||||||
|
}
|
|
@ -2,11 +2,12 @@ const { getGlobalDB, getTenantId } = require("@budibase/backend-core/tenancy")
|
||||||
const { generateDevInfoID, SEPARATOR } = require("@budibase/backend-core/db")
|
const { generateDevInfoID, SEPARATOR } = require("@budibase/backend-core/db")
|
||||||
const { user: userCache } = require("@budibase/backend-core/cache")
|
const { user: userCache } = require("@budibase/backend-core/cache")
|
||||||
const { hash, platformLogout } = require("@budibase/backend-core/utils")
|
const { hash, platformLogout } = require("@budibase/backend-core/utils")
|
||||||
|
const { encrypt } = require("@budibase/backend-core/encryption")
|
||||||
const { newid } = require("@budibase/backend-core/utils")
|
const { newid } = require("@budibase/backend-core/utils")
|
||||||
const { getUser } = require("../../utilities")
|
const { getUser } = require("../../utilities")
|
||||||
|
|
||||||
function newApiKey() {
|
function newApiKey() {
|
||||||
return hash(`${getTenantId()}${SEPARATOR}${newid()}`)
|
return encrypt(`${getTenantId()}${SEPARATOR}${newid()}`)
|
||||||
}
|
}
|
||||||
|
|
||||||
function cleanupDevInfo(info) {
|
function cleanupDevInfo(info) {
|
||||||
|
@ -25,7 +26,7 @@ exports.generateAPIKey = async ctx => {
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
devInfo = { _id: id, userId: ctx.user._id }
|
devInfo = { _id: id, userId: ctx.user._id }
|
||||||
}
|
}
|
||||||
devInfo.apiKey = newApiKey()
|
devInfo.apiKey = await newApiKey()
|
||||||
await db.put(devInfo)
|
await db.put(devInfo)
|
||||||
ctx.body = cleanupDevInfo(devInfo)
|
ctx.body = cleanupDevInfo(devInfo)
|
||||||
}
|
}
|
||||||
|
@ -40,7 +41,7 @@ exports.fetchAPIKey = async ctx => {
|
||||||
devInfo = {
|
devInfo = {
|
||||||
_id: id,
|
_id: id,
|
||||||
userId: ctx.user._id,
|
userId: ctx.user._id,
|
||||||
apiKey: newApiKey(),
|
apiKey: await newApiKey(),
|
||||||
}
|
}
|
||||||
await db.put(devInfo)
|
await db.put(devInfo)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue