npm - @tatil/crypto - Versions diffs - 0.0.1 → 0.0.2 - Mend

@tatil/crypto 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,37 +1,163 @@
 # @tatil/crypto
-Tatilsepeti crypto utilities for encryption and decryption operations.
+Tatilsepeti projeleri için şifreleme ve deşifreme işlemlerini içeren paket.
-## Installation
+## Özellikler
+### API-Based Encryption/Decryption (Client-Side)
+- Reservation ID şifreleme/deşifreleme
+- API endpoint üzerinden işlem yapar
+- Client-side kullanım için uygun
+### Local AES-256 Encryption (Server-Side)
+- AES-256-CBC algoritması
+- Gzip compression ile veri sıkıştırma
+- URL-safe base64 encoding
+- Server-side sadece (Node.js crypto module)
+## Kurulum
 ```bash
 yarn add @tatil/crypto
 ```
-## Usage
+## Kullanım
+### API-Based Encryption (Client-Side)
 ```javascript
 import { encryption, decryption } from '@tatil/crypto';
-// Encrypt a reservation sales ID
+// Reservation ID şifreleme
 const encryptedId = await encryption(12345);
-// Decrypt a reservation sales ID
-const decryptedId = await decryption('encrypted_value');
+// Reservation ID deşifreleme
+const decryptedId = await decryption('encrypted_string_here');
+```
+### Local AES-256 Encryption (Server-Side)
+```javascript
+import { encrypt, decrypt } from '@tatil/crypto';
+// Veri şifreleme
+const data = { userId: 123, email: 'user@example.com' };
+const encrypted = await encrypt(data);
+// Sonuç: "base64_encoded_string"
+// Veri deşifreleme
+const decrypted = await decrypt(encrypted);
+// Sonuç: { userId: 123, email: 'user@example.com' }
+```
+## Environment Variables
+```env
+CRYPTO_SECRET_KEY=your_32_byte_secret_key_here
 ```
-## API
+**Önemli:** `encrypt` ve `decrypt` fonksiyonları için `CRYPTO_SECRET_KEY` environment variable'si gereklidir.
+## API Reference
+### encryption(value)
+Reservation ID'yi şifreler (API tabanlı)
+- **Parametreler:** `value` (string|number) - Şifrelenecek değer
+- **Dönüş:** Promise<string> - Şifrelenmiş değer
+- **Kullanım:** Client-side
+### decryption(value)
+Şifrelenmiş Reservation ID'yi çözer (API tabanlı)
+- **Parametreler:** `value` (string|number) - Çözülecek şifreli değer
+- **Dönüş:** Promise<number> - Çözülmüş sayısal değer
+- **Kullanım:** Client-side
+### encrypt(data, secretKey?)
+Veriyi AES-256-CBC ile şifreler (Yerel)
+- **Parametreler:**
+  - `data` (Object|string) - Şifrelenecek veri
+  - `secretKey` (string, optional) - Gizli anahtar (default: process.env.CRYPTO_SECRET_KEY)
+- **Dönüş:** Promise<string> - Base64 encoded şifreli veri
+- **Kullanım:** Server-side only
+### decrypt(encryptedData, secretKey?)
+Şifrelenmiş veriyi çözer (Yerel)
+- **Parametreler:**
+  - `encryptedData` (string) - Şifreli veri (base64)
+  - `secretKey` (string, optional) - Gizli anahtar (default: process.env.CRYPTO_SECRET_KEY)
+- **Dönüş:** Promise<Object|string> - Çözülmüş veri
+- **Kullanım:** Server-side only
-### `encryption(value)`
+## Bağımlılıklar
-Encrypts a value using the reservation encryption endpoint.
+- `@tatil/client-api`: API-based işlemler için
+- `crypto` (Node.js built-in): AES-256 şifreleme için
+- `zlib` (Node.js built-in): Gzip compression için
+## Örnek Kullanım Senaryoları
+### 1. Reservation ID Şifreleme (URL'de güvenli taşıma)
+```javascript
+// Client-side
+import { encryption } from '@tatil/crypto';
+const reservationId = 12345;
+const encryptedId = await encryption(reservationId);
+// URL oluşturma
+const url = `/reservation/${encodeURIComponent(encryptedId)}`;
+```
+### 2. Server-Side Veri Şifreleme
+```javascript
+// Server component veya API route
+import { encrypt, decrypt } from '@tatil/crypto';
+// Hassas veriyi şifreleme
+const userData = {
+  id: 123,
+  email: 'user@example.com',
+  phone: '+905551234567'
+};
+const encrypted = await encrypt(userData);
+// Veriyi geri çözme
+const decrypted = await decrypt(encrypted);
+```
+### 3. Next.js API Route
+```javascript
+// app/api/v5/crypto/route.js
+import { encrypt, decrypt } from '@tatil/crypto';
+import { createResponse, createErrorResponse } from '@tatil/server-api';
+export const POST = async (request) => {
+  const { action, data } = await request.json();
+  if (action === 'encrypt') {
+    const encrypted = await encrypt(data);
+    return createResponse('success', encrypted);
+  }
+  if (action === 'decrypt') {
+    const decrypted = await decrypt(data);
+    return createResponse('success', decrypted);
+  }
+};
+```
-- **Parameters:** `value` (string | number) - The value to encrypt
-- **Returns:** Promise<string> - The encrypted value
+## Lisans
-### `decryption(value)`
+MIT
-Decrypts a value using the reservation decryption endpoint.
+## İletişim
-- **Parameters:** `value` (string | number) - The value to decrypt
-- **Returns:** Promise<number> - The decrypted number value
+Sorularınız için: Yaşar İçli <yasar.icli@tatilsepeti.com>

package/index.js CHANGED Viewed

@@ -1,5 +1,19 @@
+import crypto from 'crypto';
+import zlib from 'zlib';
+import { promisify } from 'util';
 import ClientApi from '@tatil/client-api';
+// Variables
+const ALGORITHM = 'aes-256-cbc';
+const gzip = promisify(zlib.gzip);
+const gunzip = promisify(zlib.gunzip);
+const { CRYPTO_SECRET_KEY } = process.env;
+// ============================================================
+// API-BASED ENCRYPTION/DECRYPTION (Reservation IDs)
+// ============================================================
 /**
  * Encrypts a value using the reservation encryption endpoint
  * @param {string|number} value - The value to encrypt
@@ -36,7 +50,107 @@ export const decryption = async (value) => {
   }
 };
+// ============================================================
+// LOCAL AES-256 ENCRYPTION/DECRYPTION (Server-side only)
+// ============================================================
+/**
+ * Compress data using gzip
+ * @param {string} jsonString - JSON string to compress
+ * @returns {Buffer} - Compressed data
+ */
+const compress = async (jsonString) => {
+  return await gzip(jsonString, { level: 9 });
+};
+/**
+ * Decompress data using gzip
+ * @param {Buffer} compressedData - Compressed data
+ * @returns {string} - Decompressed string
+ */
+const decompress = async (compressedData) => {
+  return await gunzip(compressedData);
+};
+/**
+ * Encrypt data using AES-256-CBC with compression
+ * @param {Object|string} data - Data to encrypt
+ * @param {string} secretKey - Secret key (default: process.env.CRYPTO_SECRET_KEY)
+ * @returns {string} - Encrypted data (IV + encrypted content, base64 encoded)
+ * @throws {Error} - If CRYPTO_SECRET_KEY is not set
+ */
+export const encrypt = async (data, secretKey) => {
+  const key = secretKey || CRYPTO_SECRET_KEY;
+  if (!key) {
+    throw new Error('CRYPTO_SECRET_KEY environment variable is not set');
+  }
+  const jsonString = typeof data === 'string' ? data : JSON.stringify(data);
+  // Compress the data first
+  const compressed = await compress(jsonString);
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  let encrypted = cipher.update(compressed);
+  encrypted = Buffer.concat([encrypted, cipher.final()]);
+  // Combine IV and encrypted data
+  const combined = Buffer.concat([iv, encrypted]);
+  // Convert to base64 for URL safety
+  return combined.toString('base64');
+};
+/**
+ * Decrypt data using AES-256-CBC with decompression
+ * @param {string} encryptedData - Encrypted data (base64 encoded)
+ * @param {string} secretKey - Secret key (default: process.env.CRYPTO_SECRET_KEY)
+ * @returns {Object|string} - Decrypted data
+ * @throws {Error} - If CRYPTO_SECRET_KEY is not set
+ */
+export const decrypt = async (encryptedData, secretKey) => {
+  const key = secretKey || CRYPTO_SECRET_KEY;
+  if (!key) {
+    throw new Error('CRYPTO_SECRET_KEY environment variable is not set');
+  }
+  // Decode from base64
+  const combined = Buffer.from(encryptedData, 'base64');
+  // Extract IV (first 16 bytes) and encrypted data
+  const iv = combined.subarray(0, 16);
+  const encrypted = combined.subarray(16);
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  let decrypted = decipher.update(encrypted);
+  decrypted = Buffer.concat([decrypted, decipher.final()]);
+  // Decompress the data
+  const decompressed = await decompress(decrypted);
+  const decompressedString = decompressed.toString('utf8');
+  // Try to parse as JSON, return as string if fails
+  const parseJson = (text) => {
+    try {
+      return JSON.parse(text);
+    } catch {
+      return text;
+    }
+  };
+  return parseJson(decompressedString);
+};
 export default {
+  // API-based
   encryption,
   decryption,
+  // Local AES-256
+  encrypt,
+  decrypt,
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tatil/crypto",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "Tatilsepeti Crypto utilities for encryption and decryption",
   "main": "index.js",
   "publishConfig": {