@futdevpro/fsm-dynamo 1.10.30 → 1.10.32

package/src/_modules/crypto/_collections/crypto.util.ts

@@ -0,0 +1,248 @@
+import * as CryptoJS from 'crypto-js';
+
+import { DyFM_Error } from '../../../_models/control-models/error.control-model';
+
+/**
+ * Error codes for crypto operations
+ */
+export enum CryptoErrorCode {
+  INVALID_INPUT = 'DyFM-CRY-EA0',
+  DECRYPTION_FAILED = 'DyFM-CRY-DRY',
+  ENCRYPTION_FAILED = 'DyFM-CRY-ENF',
+  INVALID_KEY = 'DyFM-CRY-IKY',
+  INVALID_DATA = 'DyFM-CRY-IDT'
+}
+
+/**
+ * Configuration options for encryption/decryption
+ */
+export interface CryptoConfig {
+  ivLength?: number;
+  saltLength?: number;
+  keyIterations?: number;
+  keySize?: number;
+}
+
+/**
+ * A utility class for secure encryption and decryption of data
+ * Uses AES-256-CBC with PBKDF2 key derivation
+ */
+export class DyFM_Crypto {
+  private static readonly DEFAULT_CONFIG: Required<CryptoConfig> = {
+    ivLength: 16,
+    saltLength: 16,
+    keyIterations: 10000,
+    keySize: 256 / 32
+  };
+
+  // Tömör: kb. 60–80 karakteres token, nem 200+
+  // Nem szabványos: nehéz visszafejteni
+  // Használható cookie, header, URL-ben
+  
+  /**
+   * Validates the input data and key
+   * @throws {DyFM_Error} if validation fails
+   */
+  private static validateInput<T>(data: T, key: string): void {
+    if (data === undefined || data === null) {
+      throw new DyFM_Error({
+        message: 'Data is required',
+        error: new Error('Data is required'),
+        errorCode: CryptoErrorCode.INVALID_DATA
+      });
+    }
+
+    if (!key || typeof key !== 'string' || key.trim().length === 0) {
+      throw new DyFM_Error({
+        message: 'Valid key is required',
+        error: new Error('Key must be a non-empty string'),
+        errorCode: CryptoErrorCode.INVALID_KEY
+      });
+    }
+  }
+
+  /**
+   * Generates a secure random padding
+   * @param length Length of the padding in bytes
+   */
+  private static generatePadding(length: number): string {
+    return CryptoJS.lib.WordArray.random(length).toString();
+  }
+
+  /**
+   * Derives a key using PBKDF2
+   * @param key The input key
+   * @param salt The salt to use
+   * @param config Configuration options
+   */
+  private static deriveKey(key: string, salt: CryptoJS.lib.WordArray, config: Required<CryptoConfig>): CryptoJS.lib.WordArray {
+    return CryptoJS.PBKDF2(key, salt, {
+      keySize: config.keySize,
+      iterations: config.keyIterations
+    });
+  }
+
+  /**
+   * Safely serializes data to JSON
+   * @param data The data to serialize
+   * @returns Serialized data as string
+   */
+  private static safeSerialize<T>(data: T): string {
+    try {
+      return JSON.stringify(data);
+    } catch (error) {
+      throw new DyFM_Error({
+        message: 'Failed to serialize data',
+        error: error instanceof Error ? error : new Error(String(error)),
+        errorCode: CryptoErrorCode.INVALID_DATA
+      });
+    }
+  }
+
+  /**
+   * Safely deserializes JSON data
+   * @param data The JSON string to deserialize
+   * @returns Deserialized data
+   */
+  private static safeDeserialize<T>(data: string): T {
+    try {
+      return JSON.parse(data);
+    } catch (error) {
+      throw new DyFM_Error({
+        message: 'Failed to deserialize data',
+        error: error instanceof Error ? error : new Error(String(error)),
+        errorCode: CryptoErrorCode.DECRYPTION_FAILED
+      });
+    }
+  }
+
+  /**
+   * Encrypts data using AES-256-CBC
+   * @param data The data to encrypt
+   * @param key The encryption key
+   * @param config Optional configuration
+   * @returns URL-safe encrypted string
+   * @throws {DyFM_Error} if encryption fails
+   */
+  static encrypt<T>(data: T, key: string, config?: CryptoConfig): string {
+    try {
+      this.validateInput(data, key);
+      const finalConfig = { ...this.DEFAULT_CONFIG, ...config };
+
+      // Generate random IV and salt
+      const iv = CryptoJS.lib.WordArray.random(finalConfig.ivLength);
+      const salt = CryptoJS.lib.WordArray.random(finalConfig.saltLength);
+
+      // Derive key using PBKDF2
+      const derivedKey = this.deriveKey(key, salt, finalConfig);
+
+      // Convert data to string and add random padding
+      const dataStr = this.safeSerialize(data);
+      const padding = this.generatePadding(16);
+      const paddedData = padding + dataStr;
+
+      // Encrypt the data
+      const encrypted = CryptoJS.AES.encrypt(paddedData, derivedKey, {
+        iv: iv,
+        mode: CryptoJS.mode.CBC,
+        padding: CryptoJS.pad.Pkcs7
+      });
+
+      // Combine IV + Salt + Ciphertext
+      const combined = iv.concat(salt).concat(encrypted.ciphertext);
+
+      // Convert to URL-safe base64
+      return CryptoJS.enc.Base64.stringify(combined)
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=+$/, '');
+    } catch (error) {
+      throw new DyFM_Error({
+        message: 'Error encrypting data',
+        error: error instanceof Error ? error : new Error(String(error)),
+        errorCode: CryptoErrorCode.ENCRYPTION_FAILED
+      });
+    }
+  }
+
+  /**
+   * Decrypts data that was encrypted using encrypt()
+   * @param encryptedData The encrypted data
+   * @param key The decryption key
+   * @param config Optional configuration
+   * @returns The decrypted data
+   * @throws {DyFM_Error} if decryption fails
+   */
+  static decrypt<T>(encryptedData: string, key: string, config?: CryptoConfig): T {
+    try {
+      this.validateInput(encryptedData, key);
+      const finalConfig = { ...this.DEFAULT_CONFIG, ...config };
+
+      // Convert from URL-safe base64
+      const base64 = encryptedData
+        .replace(/-/g, '+')
+        .replace(/_/g, '/');
+
+      // Parse the combined data
+      const combined = CryptoJS.enc.Base64.parse(base64);
+
+      // Extract IV, salt, and ciphertext
+      const iv = CryptoJS.lib.WordArray.create(combined.words.slice(0, finalConfig.ivLength / 4));
+      const salt = CryptoJS.lib.WordArray.create(
+        combined.words.slice(
+          finalConfig.ivLength / 4,
+          (finalConfig.ivLength + finalConfig.saltLength) / 4
+        )
+      );
+      const ciphertext = CryptoJS.lib.WordArray.create(
+        combined.words.slice((finalConfig.ivLength + finalConfig.saltLength) / 4)
+      );
+
+      // Derive key using PBKDF2
+      const derivedKey = this.deriveKey(key, salt, finalConfig);
+
+      // Decrypt the data
+      const decrypted = CryptoJS.AES.decrypt(
+        { ciphertext: ciphertext },
+        derivedKey,
+        {
+          iv: iv,
+          mode: CryptoJS.mode.CBC,
+          padding: CryptoJS.pad.Pkcs7
+        }
+      );
+
+      // Remove padding and parse JSON
+      const decryptedStr = decrypted.toString(CryptoJS.enc.Utf8);
+      const jsonStr = decryptedStr.slice(32); // Remove 16-byte padding
+      return this.safeDeserialize<T>(jsonStr);
+    } catch (error) {
+      throw new DyFM_Error({
+        message: 'Error decrypting data',
+        error: error instanceof Error ? error : new Error(String(error)),
+        errorCode: CryptoErrorCode.DECRYPTION_FAILED
+      });
+    }
+  }
+
+  /**
+   * Generates a secure random key
+   * @param length Length of the key in bytes (default: 32)
+   * @returns A secure random key
+   */
+  static generateKey(length: number = 32): string {
+    return CryptoJS.lib.WordArray.random(length).toString();
+  }
+
+  /**
+   * Validates if a string is a valid encrypted data
+   * @param encryptedData The data to validate
+   * @returns true if the data appears to be valid encrypted data
+   */
+  static isValidEncryptedData(encryptedData: string): boolean {
+    if (!encryptedData || typeof encryptedData !== 'string') {
+      return false;
+    }
+    return /^[A-Za-z0-9\-_]+$/.test(encryptedData);
+  }
+}

package/src/_modules/crypto/index.ts

@@ -0,0 +1,3 @@
+
+
+export * from './_collections/crypto.util';