@dynamatix/gb-schemas 0.16.2 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +3 -1
- package/package.json +1 -1
- package/utils/encryption.js +72 -0
package/index.js
CHANGED
|
@@ -3,4 +3,6 @@ export * from './shared/index.js';
|
|
|
3
3
|
export * from './properties/index.js';
|
|
4
4
|
export * from './applicants/index.js';
|
|
5
5
|
export * from './users/index.js';
|
|
6
|
-
export * from './product-catalogues/index.js';
|
|
6
|
+
export * from './product-catalogues/index.js';
|
|
7
|
+
|
|
8
|
+
export * from './utils/encryption.js';
|
package/package.json
CHANGED
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
2
|
+
import dotenv from 'dotenv';
|
|
3
|
+
|
|
4
|
+
dotenv.config();
|
|
5
|
+
|
|
6
|
+
const SECRET_KEY = Buffer.from(process.env.ENCRYPTION_KEY, 'hex'); // 32 bytes for AES-256
|
|
7
|
+
const IV_LENGTH = 16; // AES-GCM IV length
|
|
8
|
+
const EXCLUDED_COLLECTIONS = process.env.EXCLUDED_COLLECTIONS?.split(",") || []; // Excluded collections from encryption
|
|
9
|
+
|
|
10
|
+
// Encrypt an object (ignores _id and fields from excluded collections)
|
|
11
|
+
export const encryptObject = (obj, collectionName) => {
|
|
12
|
+
// Skip encryption if the collection is excluded
|
|
13
|
+
if (EXCLUDED_COLLECTIONS.includes(collectionName)) {
|
|
14
|
+
return obj;
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
if (!obj || typeof obj !== "object") return obj;
|
|
18
|
+
let encryptedObj = {};
|
|
19
|
+
|
|
20
|
+
for (const key in obj) {
|
|
21
|
+
if (key === "_id") {
|
|
22
|
+
encryptedObj[key] = obj[key]; // Don't encrypt _id
|
|
23
|
+
} else {
|
|
24
|
+
const iv = crypto.randomBytes(IV_LENGTH); // Generate IV
|
|
25
|
+
const cipher = crypto.createCipheriv("aes-256-gcm", SECRET_KEY, iv);
|
|
26
|
+
|
|
27
|
+
let encrypted = cipher.update(JSON.stringify(obj[key]), 'utf8', 'hex');
|
|
28
|
+
encrypted += cipher.final('hex');
|
|
29
|
+
|
|
30
|
+
const authTag = cipher.getAuthTag().toString('hex'); // Get auth tag for integrity check
|
|
31
|
+
|
|
32
|
+
encryptedObj[key] = `${iv.toString('hex')}:${authTag}:${encrypted}`;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
return encryptedObj;
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
// Decrypt an object (ignores _id and fields from excluded collections)
|
|
40
|
+
export const decryptObject = (obj, collectionName) => {
|
|
41
|
+
// Skip decryption if the collection is excluded
|
|
42
|
+
if (EXCLUDED_COLLECTIONS.includes(collectionName)) {
|
|
43
|
+
return obj;
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
if (!obj || typeof obj !== "object") return obj;
|
|
47
|
+
let decryptedObj = {};
|
|
48
|
+
|
|
49
|
+
for (const key in obj) {
|
|
50
|
+
if (key === "_id") {
|
|
51
|
+
decryptedObj[key] = obj[key]; // Don't decrypt _id
|
|
52
|
+
} else {
|
|
53
|
+
try {
|
|
54
|
+
const [ivHex, authTagHex, encryptedData] = obj[key].split(':');
|
|
55
|
+
const iv = Buffer.from(ivHex, 'hex');
|
|
56
|
+
const authTag = Buffer.from(authTagHex, 'hex');
|
|
57
|
+
|
|
58
|
+
const decipher = crypto.createDecipheriv("aes-256-gcm", SECRET_KEY, iv);
|
|
59
|
+
decipher.setAuthTag(authTag);
|
|
60
|
+
|
|
61
|
+
let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
|
|
62
|
+
decrypted += decipher.final('utf8');
|
|
63
|
+
|
|
64
|
+
decryptedObj[key] = JSON.parse(decrypted);
|
|
65
|
+
} catch (error) {
|
|
66
|
+
decryptedObj[key] = obj[key]; // Return original if decryption fails
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
return decryptedObj;
|
|
72
|
+
};
|