@dynamatix/gb-schemas 0.16.2 → 0.16.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +3 -1
- package/package.json +1 -1
- package/utils/encryption.js +60 -0
package/index.js
CHANGED
|
@@ -3,4 +3,6 @@ export * from './shared/index.js';
|
|
|
3
3
|
export * from './properties/index.js';
|
|
4
4
|
export * from './applicants/index.js';
|
|
5
5
|
export * from './users/index.js';
|
|
6
|
-
export * from './product-catalogues/index.js';
|
|
6
|
+
export * from './product-catalogues/index.js';
|
|
7
|
+
|
|
8
|
+
export * from './utils/encryption.js';
|
package/package.json
CHANGED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
2
|
+
import dotenv from 'dotenv';
|
|
3
|
+
|
|
4
|
+
dotenv.config();
|
|
5
|
+
|
|
6
|
+
const SECRET_KEY = Buffer.from(process.env.ENCRYPTION_KEY, 'hex'); // 32 bytes for AES-256
|
|
7
|
+
const IV_LENGTH = 16; // AES-GCM IV length
|
|
8
|
+
|
|
9
|
+
// Encrypt an object (ignores _id)
|
|
10
|
+
export const encryptObject = (obj) => {
|
|
11
|
+
if (!obj || typeof obj !== "object") return obj;
|
|
12
|
+
let encryptedObj = {};
|
|
13
|
+
|
|
14
|
+
for (const key in obj) {
|
|
15
|
+
if (key === "_id") {
|
|
16
|
+
encryptedObj[key] = obj[key]; // Don't encrypt _id
|
|
17
|
+
} else {
|
|
18
|
+
const iv = crypto.randomBytes(IV_LENGTH); // Generate IV
|
|
19
|
+
const cipher = crypto.createCipheriv("aes-256-gcm", SECRET_KEY, iv);
|
|
20
|
+
|
|
21
|
+
let encrypted = cipher.update(JSON.stringify(obj[key]), 'utf8', 'hex');
|
|
22
|
+
encrypted += cipher.final('hex');
|
|
23
|
+
|
|
24
|
+
const authTag = cipher.getAuthTag().toString('hex'); // Get auth tag for integrity check
|
|
25
|
+
|
|
26
|
+
encryptedObj[key] = `${iv.toString('hex')}:${authTag}:${encrypted}`;
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
return encryptedObj;
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
// Decrypt an object (ignores _id)
|
|
33
|
+
export const decryptObject = (obj) => {
|
|
34
|
+
if (!obj || typeof obj !== "object") return obj;
|
|
35
|
+
let decryptedObj = {};
|
|
36
|
+
|
|
37
|
+
for (const key in obj) {
|
|
38
|
+
if (key === "_id") {
|
|
39
|
+
decryptedObj[key] = obj[key]; // Don't decrypt _id
|
|
40
|
+
} else {
|
|
41
|
+
try {
|
|
42
|
+
const [ivHex, authTagHex, encryptedData] = obj[key].split(':');
|
|
43
|
+
const iv = Buffer.from(ivHex, 'hex');
|
|
44
|
+
const authTag = Buffer.from(authTagHex, 'hex');
|
|
45
|
+
|
|
46
|
+
const decipher = crypto.createDecipheriv("aes-256-gcm", SECRET_KEY, iv);
|
|
47
|
+
decipher.setAuthTag(authTag);
|
|
48
|
+
|
|
49
|
+
let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
|
|
50
|
+
decrypted += decipher.final('utf8');
|
|
51
|
+
|
|
52
|
+
decryptedObj[key] = JSON.parse(decrypted);
|
|
53
|
+
} catch (error) {
|
|
54
|
+
decryptedObj[key] = obj[key]; // Return original if decryption fails
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
return decryptedObj;
|
|
60
|
+
};
|