From fc9a6fa4079dbd1212386d17e30cad38f8dfe9b8 Mon Sep 17 00:00:00 2001 From: Nico Schett Date: Thu, 6 Jun 2024 11:46:04 +0200 Subject: [PATCH] feat: update encryption logic for SMTP password This commit refactors the code to update the encryption logic for the SMTP password in the `User` model. The `encrypt` function from the newly added `crypt.ts` file is now used to encrypt the password before storing it. --- src/config.ts | 9 ++------- src/repository/models/User.ts | 5 +++++ src/services/crypt.ts | 33 +++++++++++++++++++++++++++++++++ src/services/mail-factory.ts | 3 ++- 4 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 src/services/crypt.ts diff --git a/src/config.ts b/src/config.ts index 28cedbb..b5a1eba 100644 --- a/src/config.ts +++ b/src/config.ts @@ -1,10 +1,5 @@ -import { generateKeySync } from "crypto"; +import { randomBytes } from "crypto"; export const PYLON_URL = process.env.PYLON_URL || "http://localhost:3000"; export const PYLON_SECRET = - process.env.PYLON_SECRET || - generateKeySync("hmac", { - length: 32, - }) - .export() - .toString("base64"); + process.env.PYLON_SECRET || randomBytes(32).toString("hex"); // 32 bytes for AES-256 diff --git a/src/repository/models/User.ts b/src/repository/models/User.ts index 0e8a621..e30f244 100644 --- a/src/repository/models/User.ts +++ b/src/repository/models/User.ts @@ -5,6 +5,7 @@ import { client } from "../client"; import { UserRepository } from "../.generated"; import service from "../../index"; import { Email } from "./Email"; +import { encrypt } from "../../services/crypt"; export class User extends UserRepository { static objects = new ObjectManager<"User", typeof User>(client.user, User); @@ -30,6 +31,10 @@ export class User extends UserRepository { ) { const ctx = await service.getContext(); + if (smtpConfig?.password) { + smtpConfig.password = encrypt(smtpConfig.password); + } + return await Email.objects.upsert( { email: email, diff --git a/src/services/crypt.ts b/src/services/crypt.ts new file mode 100644 index 0000000..b9ad47b --- /dev/null +++ b/src/services/crypt.ts @@ -0,0 +1,33 @@ +import * as crypto from "crypto"; + +import { PYLON_SECRET } from "../config"; + +// Encrypt function +export function encrypt(text: string): string { + const iv = crypto.randomBytes(16); // Generate a random IV + + console.log(iv.length, PYLON_SECRET.length); + + const cipher = crypto.createCipheriv( + "aes-256-cbc", + Buffer.from(PYLON_SECRET, "hex"), + iv + ); + + let encrypted = cipher.update(text, "utf8", "hex"); + encrypted += cipher.final("hex"); + return iv.toString("hex") + encrypted; // Prepend IV to the ciphertext +} + +// Decrypt function +export function decrypt(encryptedText: string): string { + const iv = Buffer.from(encryptedText.slice(0, 32), "hex"); // Extract IV from ciphertext + const decipher = crypto.createDecipheriv( + "aes-256-cbc", + Buffer.from(PYLON_SECRET, "hex"), + iv + ); + let decrypted = decipher.update(encryptedText.slice(32), "hex", "utf8"); // Remove IV from ciphertext + decrypted += decipher.final("utf8"); + return decrypted; +} diff --git a/src/services/mail-factory.ts b/src/services/mail-factory.ts index 4b08d93..1674688 100644 --- a/src/services/mail-factory.ts +++ b/src/services/mail-factory.ts @@ -14,6 +14,7 @@ import { sendMail as sendMailAzure } from "../services/mailer/azure"; import { sendMail as sendMailGoogle } from "../services/mailer/google"; import { sendMail as sendMailSMTP } from "../services/mailer/smtp"; import { executeInSandbox } from "../services/transformer-sandbox"; +import { decrypt } from "./crypt"; export class MailFactory { private static async send( @@ -49,7 +50,7 @@ export class MailFactory { port: smtpConfig.port, secure: smtpConfig.secure, user: smtpConfig.username, - password: smtpConfig.password, + password: decrypt(smtpConfig.password), } );