feat: update encryption logic for SMTP password

This commit refactors the code to update the encryption logic for the SMTP password in the `User` model. The `encrypt` function from the newly added `crypt.ts` file is now used to encrypt the password before storing it.
getcronit · Jun 6, 2024 · fc9a6fa · fc9a6fa
1 parent ea9feb3
commit fc9a6fa
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 8 deletions.
diff --git a/src/config.ts b/src/config.ts
@@ -1,10 +1,5 @@
-import { generateKeySync } from "crypto";
+import { randomBytes } from "crypto";
 
 export const PYLON_URL = process.env.PYLON_URL || "http://localhost:3000";
 export const PYLON_SECRET =
-  process.env.PYLON_SECRET ||
-  generateKeySync("hmac", {
-    length: 32,
-  })
-    .export()
-    .toString("base64");
+  process.env.PYLON_SECRET || randomBytes(32).toString("hex"); // 32 bytes for AES-256
diff --git a/src/repository/models/User.ts b/src/repository/models/User.ts
@@ -5,6 +5,7 @@ import { client } from "../client";
 import { UserRepository } from "../.generated";
 import service from "../../index";
 import { Email } from "./Email";
+import { encrypt } from "../../services/crypt";
 
 export class User extends UserRepository {
   static objects = new ObjectManager<"User", typeof User>(client.user, User);
@@ -30,6 +31,10 @@ export class User extends UserRepository {
   ) {
     const ctx = await service.getContext();
 
+    if (smtpConfig?.password) {
+      smtpConfig.password = encrypt(smtpConfig.password);
+    }
+
     return await Email.objects.upsert(
       {
         email: email,

diff --git a/src/services/crypt.ts b/src/services/crypt.ts
@@ -0,0 +1,33 @@
+import * as crypto from "crypto";
+
+import { PYLON_SECRET } from "../config";
+
+// Encrypt function
+export function encrypt(text: string): string {
+  const iv = crypto.randomBytes(16); // Generate a random IV
+
+  console.log(iv.length, PYLON_SECRET.length);
+
+  const cipher = crypto.createCipheriv(
+    "aes-256-cbc",
+    Buffer.from(PYLON_SECRET, "hex"),
+    iv
+  );
+
+  let encrypted = cipher.update(text, "utf8", "hex");
+  encrypted += cipher.final("hex");
+  return iv.toString("hex") + encrypted; // Prepend IV to the ciphertext
+}
+
+// Decrypt function
+export function decrypt(encryptedText: string): string {
+  const iv = Buffer.from(encryptedText.slice(0, 32), "hex"); // Extract IV from ciphertext
+  const decipher = crypto.createDecipheriv(
+    "aes-256-cbc",
+    Buffer.from(PYLON_SECRET, "hex"),
+    iv
+  );
+  let decrypted = decipher.update(encryptedText.slice(32), "hex", "utf8"); // Remove IV from ciphertext
+  decrypted += decipher.final("utf8");
+  return decrypted;
+}
diff --git a/src/services/mail-factory.ts b/src/services/mail-factory.ts
@@ -14,6 +14,7 @@ import { sendMail as sendMailAzure } from "../services/mailer/azure";
 import { sendMail as sendMailGoogle } from "../services/mailer/google";
 import { sendMail as sendMailSMTP } from "../services/mailer/smtp";
 import { executeInSandbox } from "../services/transformer-sandbox";
+import { decrypt } from "./crypt";
 
 export class MailFactory {
   private static async send(
@@ -49,7 +50,7 @@ export class MailFactory {
             port: smtpConfig.port,
             secure: smtpConfig.secure,
             user: smtpConfig.username,
-            password: smtpConfig.password,
+            password: decrypt(smtpConfig.password),
           }
         );