@dynamatix/gb-schemas 0.21.15 → 0.21.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/utils/encryption.js +29 -15
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dynamatix/gb-schemas",
3
- "version": "0.21.15",
3
+ "version": "0.21.16",
4
4
  "description": "All the schemas for gatehouse bank back-end.",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/utils/encryption.js CHANGED
@@ -26,7 +26,26 @@ const isObjectIdOrArray = (value) => {
26
26
  return mongoose.isValidObjectId(value);
27
27
  };
28
28
 
29
- // Encrypt an object (excluding _id and ObjectId references)
29
+ // **Deterministic IV Generation (for consistent encryption)**
30
+ const deriveIV = (value) => {
31
+ const hash = crypto.createHash('sha256').update(value.toString()).digest();
32
+ return hash.slice(0, IV_LENGTH); // First 16 bytes as IV
33
+ };
34
+
35
+ // **Encrypt a Single Value Deterministically**
36
+ const encryptValue = (value) => {
37
+ const iv = deriveIV(value); // Same IV for same value (allows searching)
38
+ const cipher = crypto.createCipheriv('aes-256-gcm', SECRET_KEY, iv);
39
+
40
+ let encrypted = cipher.update(JSON.stringify(value), 'utf8', 'hex');
41
+ encrypted += cipher.final('hex');
42
+
43
+ const authTag = cipher.getAuthTag().toString('hex'); // Authentication tag
44
+
45
+ return `${iv.toString('hex')}:${authTag}:${encrypted}`;
46
+ };
47
+
48
+ // **Encrypt an Object (excluding ObjectId references & _id)**
30
49
  export const encryptObject = (obj, collectionName) => {
31
50
  if (EXCLUDED_COLLECTIONS.includes(collectionName) || !obj || typeof obj !== 'object') {
32
51
  return obj;
@@ -35,18 +54,13 @@ export const encryptObject = (obj, collectionName) => {
35
54
  let encryptedObj = {};
36
55
  for (const key in obj) {
37
56
  if (key === '_id' || isObjectIdOrArray(obj[key])) {
38
- encryptedObj[key] = obj[key]; // Skip _id and ObjectIds
57
+ encryptedObj[key] = obj[key]; // Keep _id and ObjectId references unchanged
39
58
  } else {
40
59
  try {
41
- const iv = crypto.randomBytes(IV_LENGTH);
42
- const cipher = crypto.createCipheriv('aes-256-gcm', SECRET_KEY, iv);
43
- let encrypted = cipher.update(JSON.stringify(obj[key]), 'utf8', 'hex');
44
- encrypted += cipher.final('hex');
45
- const authTag = cipher.getAuthTag().toString('hex');
46
- encryptedObj[key] = `${iv.toString('hex')}:${authTag}:${encrypted}`;
60
+ encryptedObj[key] = encryptValue(obj[key]);
47
61
  } catch (error) {
48
- console.error(`Encryption error for key ${key}:`, error);
49
- encryptedObj[key] = obj[key]; // Store original value if encryption fails
62
+ console.error(`Encryption error for key "${key}":`, error);
63
+ encryptedObj[key] = obj[key]; // Fallback to original value
50
64
  }
51
65
  }
52
66
  }
@@ -54,7 +68,7 @@ export const encryptObject = (obj, collectionName) => {
54
68
  return encryptedObj;
55
69
  };
56
70
 
57
- // Decrypt an object (excluding _id and ObjectId references)
71
+ // **Decrypt an Object (excluding ObjectId references & _id)**
58
72
  export const decryptObject = (obj, collectionName) => {
59
73
  if (EXCLUDED_COLLECTIONS.includes(collectionName) || !obj || typeof obj !== 'object') {
60
74
  return obj;
@@ -63,7 +77,7 @@ export const decryptObject = (obj, collectionName) => {
63
77
  let decryptedObj = {};
64
78
  for (const key in obj) {
65
79
  if (key === '_id' || isObjectIdOrArray(obj[key])) {
66
- decryptedObj[key] = obj[key]; // Skip _id and ObjectIds
80
+ decryptedObj[key] = obj[key]; // Keep _id and ObjectId references unchanged
67
81
  } else {
68
82
  try {
69
83
  const [ivHex, authTagHex, encryptedData] = obj[key].split(':');
@@ -75,11 +89,11 @@ export const decryptObject = (obj, collectionName) => {
75
89
  decrypted += decipher.final('utf8');
76
90
  decryptedObj[key] = JSON.parse(decrypted);
77
91
  } catch (error) {
78
- console.error(`Decryption error for key ${key}:`, error);
79
- decryptedObj[key] = obj[key]; // Store original value if decryption fails
92
+ console.error(`Decryption error for key "${key}":`, error);
93
+ decryptedObj[key] = obj[key]; // Fallback to original value
80
94
  }
81
95
  }
82
96
  }
83
97
 
84
98
  return decryptedObj;
85
- };
99
+ };