forgotten encryption stuff

This commit is contained in:
m5r 2022-05-22 02:00:12 +02:00
parent a05d8cc413
commit e8703a41f8
3 changed files with 40 additions and 2 deletions

View File

@ -1,5 +1,6 @@
APP_BASE_URL=http://localhost:3000 APP_BASE_URL=http://localhost:3000
# crypto.scryptSync("je s'appelle groot", crypto.randomBytes(16), 32).toString("hex");
MASTER_ENCRYPTION_KEY=97da37a1003158d7da3d8c10186e61423fd7fa56a4565e3ba4f093b8343780a9
INVITATION_TOKEN_SECRET=0ded075524fd19fe467eb00480b8d5d4 INVITATION_TOKEN_SECRET=0ded075524fd19fe467eb00480b8d5d4
SESSION_SECRET=754a554f4cbf9254e50fda87b48ee52b SESSION_SECRET=754a554f4cbf9254e50fda87b48ee52b

View File

@ -20,13 +20,21 @@ invariant(
`Please define the "AWS_SES_FROM_EMAIL" environment variable`, `Please define the "AWS_SES_FROM_EMAIL" environment variable`,
); );
invariant(typeof process.env.REDIS_URL === "string", `Please define the "REDIS_URL" environment variable`); invariant(typeof process.env.REDIS_URL === "string", `Please define the "REDIS_URL" environment variable`);
invariant(typeof process.env.TWILIO_AUTH_TOKEN === "string", `Please define the "TWILIO_AUTH_TOKEN" environment variable`); invariant(
typeof process.env.TWILIO_AUTH_TOKEN === "string",
`Please define the "TWILIO_AUTH_TOKEN" environment variable`,
);
invariant(
typeof process.env.MASTER_ENCRYPTION_KEY === "string",
`Please define the "MASTER_ENCRYPTION_KEY" environment variable`,
);
export default { export default {
app: { app: {
baseUrl: process.env.APP_BASE_URL, baseUrl: process.env.APP_BASE_URL,
invitationTokenSecret: process.env.INVITATION_TOKEN_SECRET, invitationTokenSecret: process.env.INVITATION_TOKEN_SECRET,
sessionSecret: process.env.SESSION_SECRET, sessionSecret: process.env.SESSION_SECRET,
encryptionKey: process.env.MASTER_ENCRYPTION_KEY,
}, },
awsSes: { awsSes: {
awsRegion: process.env.AWS_SES_REGION, awsRegion: process.env.AWS_SES_REGION,

29
app/utils/encryption.ts Normal file
View File

@ -0,0 +1,29 @@
import crypto from "crypto";
import serverConfig from "~/config/config.server";
const ivLength = 16;
const algorithm = "aes-256-cbc";
const encryptionKey = serverConfig.app.encryptionKey;
export function encrypt(text: string) {
const encryptionKeyAsBuffer = Buffer.isBuffer(encryptionKey) ? encryptionKey : Buffer.from(encryptionKey, "hex");
const iv = crypto.randomBytes(ivLength);
const cipher = crypto.createCipheriv(algorithm, encryptionKeyAsBuffer, iv);
const encrypted = cipher.update(text);
const encryptedBuffer = Buffer.concat([encrypted, cipher.final()]);
return `${iv.toString("hex")}:${encryptedBuffer.toString("hex")}`;
}
export function decrypt(encryptedHexText: string) {
const encryptionKeyAsBuffer = Buffer.isBuffer(encryptionKey) ? encryptionKey : Buffer.from(encryptionKey, "hex");
const [hexIv, hexText] = encryptedHexText.split(":");
const iv = Buffer.from(hexIv!, "hex");
const encryptedText = Buffer.from(hexText!, "hex");
const decipher = crypto.createDecipheriv(algorithm, encryptionKeyAsBuffer, iv);
const decrypted = decipher.update(encryptedText);
const decryptedBuffer = Buffer.concat([decrypted, decipher.final()]);
return decryptedBuffer.toString();
}