@futdevpro/fsm-dynamo 1.14.20 → 1.14.22

package/src/_modules/crypto/_collections/crypto.util.ts

@@ -4,6 +4,8 @@ import {
   DyFM_Error_Settings 
 } from '../../../_models/control-models/error.control-model';
 import { DyFM_Object } from '../../../_collections/utils/object.util';
+import { DyFM_global_settings } from '../../../_collections/constants/global-settings.const';
+import { DyFM_Log } from '../../../_collections/utils/log.util';
 
 
 /**
@@ -35,14 +37,14 @@ export interface CryptoConfig {
  * systems is more important than cryptographic security.
  */
 export class DyFM_Crypto {
-  private static readonly CRYPTO_VERSION = '1.0';
+  private static readonly CRYPTO_VERSION: string = '1.0';
   private static readonly DEFAULT_CONFIG: Required<CryptoConfig> = {
     ivLength: 16, // 128 bits
     saltLength: 16, // 128 bits
     keyIterations: 1000, // Reduced for better performance and stability
     keySize: 8 // 256 bits (8 * 32)
   };
-  private static readonly defaultErrorUserMsg = 
+  private static readonly defaultErrorUserMsg: string = 
     `We encountered an unhandled Authentication Error, ` +
     `\nplease contact the responsible development team.`;
 
@@ -185,14 +187,14 @@ export class DyFM_Crypto {
    */
   private static generateIV(data: string, key: string, config: Required<CryptoConfig>): CryptoJS.lib.WordArray {
     // Create a deterministic seed from data and key
-    const seed = this.createDeterministicSeed(data, key, 'IV');
+    const seed: string = this.createDeterministicSeed(data, key, 'IV');
     
     // Use SHA-256 for better stability and consistency
-    const hash = CryptoJS.SHA256(seed);
+    const hash: CryptoJS.lib.WordArray = CryptoJS.SHA256(seed);
     
     // Extract exactly 16 bytes (128 bits) for IV
     // Use the first 4 words (4 * 4 = 16 bytes) from the hash
-    const ivWords = hash.words.slice(0, 4);
+    const ivWords: number[] = hash.words.slice(0, 4);
     return CryptoJS.lib.WordArray.create(ivWords);
   }
 
@@ -205,14 +207,14 @@ export class DyFM_Crypto {
    */
   private static generateSalt(data: string, key: string, config: Required<CryptoConfig>): CryptoJS.lib.WordArray {
     // Create a deterministic seed from data and key (different from IV)
-    const seed = this.createDeterministicSeed(data, key, 'SALT');
+    const seed: string = this.createDeterministicSeed(data, key, 'SALT');
     
     // Use SHA-256 for better stability and consistency
-    const hash = CryptoJS.SHA256(seed);
+    const hash: CryptoJS.lib.WordArray = CryptoJS.SHA256(seed);
     
     // Extract exactly 16 bytes (128 bits) for salt
     // Use the first 4 words (4 * 4 = 16 bytes) from the hash
-    const saltWords = hash.words.slice(0, 4);
+    const saltWords: number[] = hash.words.slice(0, 4);
     return CryptoJS.lib.WordArray.create(saltWords);
   }
 
@@ -223,7 +225,7 @@ export class DyFM_Crypto {
   private static createDeterministicSeed(data: string, key: string, purpose: string): string {
     // Create a consistent seed that includes all relevant factors
     // Order matters: data + key + purpose for consistency
-    const seed = `${data}|${key}|${purpose}`;
+    const seed: string = `${data}|${key}|${purpose}`;
     return seed;
   }
 
@@ -274,17 +276,17 @@ export class DyFM_Crypto {
     if (typeof obj === 'object') {
       // For objects, we need to be more careful about key ordering
       // Use a stable sort that preserves original order when possible
-      const keys = Object.keys(obj);
+      const keys: string[] = Object.keys(obj);
       
       // Only sort if there are potential ordering issues
-      const needsSorting = keys.some((key, index) => {
+      const needsSorting: boolean = keys.some((key, index) => {
         if (index === 0) return false;
         return key < keys[index - 1];
       });
       
-      const sortedKeys = needsSorting ? [...keys].sort() : keys;
-      const pairs = sortedKeys.map(key => {
-        const value = this.deterministicStringify(obj[key]);
+      const sortedKeys: string[] = needsSorting ? [...keys].sort() : keys;
+      const pairs: string[] = sortedKeys.map(key => {
+        const value: string = this.deterministicStringify(obj[key]);
         return JSON.stringify(key) + ':' + value;
       });
       return '{' + pairs.join(',') + '}';
@@ -313,14 +315,14 @@ export class DyFM_Crypto {
       }
 
       //let parsed = JSON.parse(data);
-      let parsed = DyFM_Object.failableSafeParseJSON(data);
+      let parsed: T = DyFM_Object.failableSafeParseJSON(data);
       
       // Handle double-stringified JSON (or more levels of stringification)
-      let maxAttempts = 3; // Prevent infinite loops
+      let maxAttempts: number = 3; // Prevent infinite loops
       while (typeof parsed === 'string' && maxAttempts > 0) {
         try {
           //const nextParsed = JSON.parse(parsed);
-          const nextParsed = DyFM_Object.failableSafeParseJSON(parsed);
+          const nextParsed: T = DyFM_Object.failableSafeParseJSON(parsed);
           // Only continue if parsing actually changed the result
           if (nextParsed !== parsed) {
             parsed = nextParsed;
@@ -376,27 +378,27 @@ export class DyFM_Crypto {
   static encrypt<T>(data: T, key: string, config?: CryptoConfig): string {
     try {
       this.validateInput(data, key, 'encrypt');
-      const finalConfig = { ...this.DEFAULT_CONFIG, ...config };
+      const finalConfig: Required<CryptoConfig> = { ...this.DEFAULT_CONFIG, ...config };
 
       // Convert data to string
-      const dataStr = this.safeSerialize(data);
+      const dataStr: string = this.safeSerialize(data);
 
       // Generate deterministic IV and salt based on data and key
-      const iv = this.generateIV(dataStr, key, finalConfig);
-      const salt = this.generateSalt(dataStr, key, finalConfig);
+      const iv: CryptoJS.lib.WordArray = this.generateIV(dataStr, key, finalConfig);
+      const salt: CryptoJS.lib.WordArray = this.generateSalt(dataStr, key, finalConfig);
 
       // Derive key using PBKDF2
-      const derivedKey = this.deriveKey(key, salt, finalConfig);
+      const derivedKey: CryptoJS.lib.WordArray = this.deriveKey(key, salt, finalConfig);
 
       // Encrypt the data
-      const encrypted = CryptoJS.AES.encrypt(dataStr, derivedKey, {
+      const encrypted: CryptoJS.lib.WordArray = CryptoJS.AES.encrypt(dataStr, derivedKey, {
         iv: iv,
         mode: CryptoJS.mode.CBC,
         padding: CryptoJS.pad.Pkcs7
       });
 
       // Combine IV + Salt + Ciphertext (skip version for backward compatibility)
-      const combined = iv.concat(salt).concat(encrypted.ciphertext);
+      const combined: CryptoJS.lib.WordArray = iv.concat(salt).concat(encrypted.ciphertext);
 
       // Convert to URL-safe base64
       return CryptoJS.enc.Base64.stringify(combined)
@@ -422,43 +424,76 @@ export class DyFM_Crypto {
   static decrypt<T>(encryptedData: string, key: string, config?: CryptoConfig): T {
     try {
       this.validateInput(encryptedData, key, 'decrypt');
-      const finalConfig = { ...this.DEFAULT_CONFIG, ...config };
+      const finalConfig: Required<CryptoConfig> = { ...this.DEFAULT_CONFIG, ...config };
 
       // Convert from URL-safe base64
-      const base64 = encryptedData
+      const base64: string = encryptedData
         .replace(/-/g, '+')
         .replace(/_/g, '/');
 
+      // Add padding if needed (base64 must be multiple of 4 characters)
+      // This ensures CryptoJS.parse works correctly even when padding was stripped during URL transmission
+      const paddingNeeded: number = (4 - (base64.length % 4)) % 4;
+      const paddedBase64: string = base64 + '='.repeat(paddingNeeded);
+
+      // Validate base64 format before parsing
+      // Check if the string length makes sense for expected minimum byte count
+      // Minimum expected: 48 bytes = ~64 base64 characters (48 * 4/3 = 64)
+      const minExpectedBase64Length: number = Math.ceil((finalConfig.ivLength + finalConfig.saltLength + 16) * 4 / 3);
+      if (paddedBase64.length < minExpectedBase64Length) {
+        if (DyFM_global_settings.log_settings.server_debug) {
+          DyFM_Log.log(
+            `Encrypted data is too short. Expected at least ${minExpectedBase64Length} base64 characters ` +
+            `(for ${(finalConfig.ivLength + finalConfig.saltLength + 16)} bytes), ` +
+            `but received ${paddedBase64.length} characters (${encryptedData.length} original). ` +
+            `This may indicate the data was truncated during transmission or storage.` +
+            '\n\nEncrypted data: ' + encryptedData
+          );
+        }
+
+        throw new DyFM_Error({
+          ...this.getDefaultErrorSettings('decrypt'),
+          errorCode: 'DyFM-CRY-DATA-CORRUPTED',
+          message: `Encrypted data is too short. Expected at least ${minExpectedBase64Length} base64 characters ` +
+                   `(for ${(finalConfig.ivLength + finalConfig.saltLength + 16)} bytes), ` +
+                   `but received ${paddedBase64.length} characters (${encryptedData.length} original). ` +
+                   `This may indicate the data was truncated during transmission or storage.`
+        });
+      }
+
       // Parse the combined data
-      const combined = CryptoJS.enc.Base64.parse(base64);
+      const combined: CryptoJS.lib.WordArray = CryptoJS.enc.Base64.parse(paddedBase64);
 
       // For now, skip version checking to maintain backward compatibility
       // TODO: Implement proper version checking in future versions
       
       // Validate minimum length (IV + Salt + minimum ciphertext)
-      const minLength = (finalConfig.ivLength + finalConfig.saltLength + 16) / 4; // 16 bytes minimum for ciphertext
+      const minLength: number = (finalConfig.ivLength + finalConfig.saltLength + 16) / 4; // 16 bytes minimum for ciphertext
       if (combined.words.length < minLength) {
         throw new DyFM_Error({
           ...this.getDefaultErrorSettings('decrypt'),
           errorCode: 'DyFM-CRY-DATA-CORRUPTED',
-          message: `Encrypted data is corrupted or incomplete. Expected at least ${minLength * 4} bytes, but received ${combined.sigBytes} bytes.`
+          message: `Encrypted data is corrupted or incomplete. Expected at least ${minLength * 4} bytes, but received ${combined.sigBytes} bytes. ` +
+                   `Original string length: ${encryptedData.length} characters. ` +
+                   `Base64 length: ${base64.length} characters (${paddedBase64.length} with padding). ` +
+                   `This may indicate the data was truncated during transmission or storage.`
         });
       }
 
       // Extract IV, salt, and ciphertext (skip version for now)
-      const ivStart = 0;
-      const saltStart = ivStart + finalConfig.ivLength / 4;
-      const cipherStart = saltStart + finalConfig.saltLength / 4;
+      const ivStart: number = 0;
+      const saltStart: number = ivStart + finalConfig.ivLength / 4;
+      const cipherStart: number = saltStart + finalConfig.saltLength / 4;
       
-      const iv = CryptoJS.lib.WordArray.create(combined.words.slice(ivStart, saltStart));
-      const salt = CryptoJS.lib.WordArray.create(combined.words.slice(saltStart, cipherStart));
-      const ciphertext = CryptoJS.lib.WordArray.create(combined.words.slice(cipherStart));
+      const iv: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.create(combined.words.slice(ivStart, saltStart));
+      const salt: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.create(combined.words.slice(saltStart, cipherStart));
+      const ciphertext: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.create(combined.words.slice(cipherStart));
 
       // Derive key using PBKDF2
-      const derivedKey = this.deriveKey(key, salt, finalConfig);
+      const derivedKey: CryptoJS.lib.WordArray = this.deriveKey(key, salt, finalConfig);
 
       // Decrypt the data
-      const decrypted = CryptoJS.AES.decrypt(
+      const decrypted: CryptoJS.lib.WordArray = CryptoJS.AES.decrypt(
         { ciphertext: ciphertext },
         derivedKey,
         {
@@ -469,7 +504,7 @@ export class DyFM_Crypto {
       );
 
       // Parse JSON
-      const decryptedStr = decrypted.toString(CryptoJS.enc.Utf8);
+      const decryptedStr: string = decrypted.toString(CryptoJS.enc.Utf8);
       
       // Check if decryption produced empty result
       if (!decryptedStr || decryptedStr.trim().length === 0) {
@@ -522,15 +557,15 @@ export class DyFM_Crypto {
    */
   static generateKey(length: number = 32, customChars?: string): string {
     // Use custom character set if provided, otherwise use simple safe characters
-    const chars = customChars || 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-    let complexKey = '';
+    const chars: string = customChars || 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let complexKey: string = '';
     
     // Generate random characters directly for the desired length
     for (let i = 0; i < length; i++) {
       // Generate random bytes for each character
-      const randomBytes = CryptoJS.lib.WordArray.random(1);
-      const randomValue = randomBytes.words[0];
-      const charIndex = Math.abs(randomValue) % chars.length;
+      const randomBytes: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.random(1);
+      const randomValue: number = randomBytes.words[0];
+      const charIndex: number = Math.abs(randomValue) % chars.length;
       complexKey += chars[charIndex];
     }
     
@@ -572,15 +607,15 @@ export class DyFM_Crypto {
       }
 
       // Convert from URL-safe base64
-      const base64 = encryptedData
+      const base64: string = encryptedData
         .replace(/-/g, '+')
         .replace(/_/g, '/');
 
       // Parse the combined data
-      const combined = CryptoJS.enc.Base64.parse(base64);
+      const combined: CryptoJS.lib.WordArray = CryptoJS.enc.Base64.parse(base64);
       
       // For now, just check if the data has minimum required length
-      const minLength = (16 + 16 + 16) / 4; // IV + Salt + minimum ciphertext
+      const minLength: number = (16 + 16 + 16) / 4; // IV + Salt + minimum ciphertext
       
       if (combined.words.length < minLength) {
         return {
@@ -612,7 +647,7 @@ export class DyFM_Crypto {
    * Gets default error settings with enhanced debugging information
    */
   private static getDefaultErrorSettings(operation: string, error?: any): DyFM_Error_Settings {
-    const baseSettings = {
+    const baseSettings: DyFM_Error_Settings = {
       status: (error as DyFM_Error)?.___status ?? (error as any)?.status ?? 401,
       message: `Crypto operation "${operation}" failed.`,
       error: error,
@@ -625,7 +660,17 @@ export class DyFM_Crypto {
                               '\n  1) Wrong encryption key, ' +
                               '\n  2) Corrupted encrypted data, ' +
                               '\n  3) Version incompatibility, ' +
-                              '\n  4) Data was encrypted with different parameters.';
+                              '\n  4) Data was encrypted with different parameters, ' +
+                              '\n  5) Data truncation during transmission (check HTTP header size limits, URL length limits), ' +
+                              '\n  6) Missing base64 padding (should be automatically handled, but may indicate transmission issues).';
+      
+      // Add specific guidance for truncation issues (like the "18 bytes" error)
+      baseSettings.message += '\n\nFor truncation issues (e.g., "received 18 bytes"): ' +
+                              '\n  - Check if data is being truncated in HTTP headers (Nginx default: 4-8KB, configurable), ' +
+                              '\n  - Verify URL parameter length limits if passed via query string, ' +
+                              '\n  - Check database field size limits if stored, ' +
+                              '\n  - Ensure proxy/load balancer header size limits are sufficient, ' +
+                              '\n  - Verify the encrypted data string length matches expected size before decryption.';
     } else if (operation === 'encrypt') {
       baseSettings.message += '\nThis usually indicates: ' +
                               '\n  1) Invalid input data, ' +

package/build/_modules/crypto/_collections/crypto.util.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=crypto.util.spec.d.ts.map

package/build/_modules/crypto/_collections/crypto.util.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"crypto.util.spec.d.ts","sourceRoot":"","sources":["../../../../src/_modules/crypto/_collections/crypto.util.spec.ts"],"names":[],"mappings":""}