core-mb 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +3 -0
- package/dist/security.helper.js +3 -4
- package/package.json +6 -2
- package/src/security.helper.ts +3 -5
package/LICENSE
ADDED
package/dist/security.helper.js
CHANGED
|
@@ -39,13 +39,12 @@ exports.phoneDecrypt = phoneDecrypt;
|
|
|
39
39
|
const crypto = __importStar(require("crypto"));
|
|
40
40
|
const config_1 = require("./config");
|
|
41
41
|
const phone_number_helper_1 = require("./phone.number.helper");
|
|
42
|
-
const config = config_1.CoreMBConfig.getInstance();
|
|
43
42
|
/** Create an HMAC index for lookups without revealing the number.
|
|
44
43
|
* Store this alongside the encrypted data and index it in the DB.
|
|
45
44
|
*/
|
|
46
45
|
function hmacIndex(phoneRaw) {
|
|
47
46
|
const normalized = (0, phone_number_helper_1.normalize)(phoneRaw);
|
|
48
|
-
const h = crypto.createHmac("sha256",
|
|
47
|
+
const h = crypto.createHmac("sha256", config_1.CoreMBConfig.getInstance().hmacKey);
|
|
49
48
|
h.update(normalized, "utf8");
|
|
50
49
|
return h.digest("base64");
|
|
51
50
|
}
|
|
@@ -56,7 +55,7 @@ function phoneEncrypt(phoneRaw) {
|
|
|
56
55
|
const normalized = (0, phone_number_helper_1.normalize)(phoneRaw);
|
|
57
56
|
// 12-byte IV is recommended for GCM
|
|
58
57
|
const iv = crypto.randomBytes(12);
|
|
59
|
-
const cipher = crypto.createCipheriv("aes-256-gcm",
|
|
58
|
+
const cipher = crypto.createCipheriv("aes-256-gcm", config_1.CoreMBConfig.getInstance().aesKey, iv);
|
|
60
59
|
// Optional: bind additional data (AAD), e.g., tenant ID to prevent cross-tenant swaps
|
|
61
60
|
// cipher.setAAD(Buffer.from(tenantId, 'utf8'));
|
|
62
61
|
const ciphertextBuf = Buffer.concat([
|
|
@@ -78,7 +77,7 @@ function phoneDecrypt(record) {
|
|
|
78
77
|
const iv = Buffer.from(record.iv, "base64");
|
|
79
78
|
const authTag = Buffer.from(record.authTag, "base64");
|
|
80
79
|
const ciphertext = Buffer.from(record.ciphertext, "base64");
|
|
81
|
-
const decipher = crypto.createDecipheriv("aes-256-gcm",
|
|
80
|
+
const decipher = crypto.createDecipheriv("aes-256-gcm", config_1.CoreMBConfig.getInstance().aesKey, iv);
|
|
82
81
|
// If you used setAAD on encrypt, you MUST set the same AAD here
|
|
83
82
|
// decipher.setAAD(Buffer.from(tenantId, 'utf8'));
|
|
84
83
|
decipher.setAuthTag(authTag);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "core-mb",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.5",
|
|
4
4
|
"description": "Core utility functions for the MB ecosystem in TypeScript",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -19,7 +19,11 @@
|
|
|
19
19
|
"typescript"
|
|
20
20
|
],
|
|
21
21
|
"author": "Marco Bytes",
|
|
22
|
-
"license": "
|
|
22
|
+
"license": "SEE LICENSE IN LICENSE",
|
|
23
|
+
"repository": {
|
|
24
|
+
"type": "git",
|
|
25
|
+
"url": "git+https://github.com/marcojourney/core-mb.git"
|
|
26
|
+
},
|
|
23
27
|
"devDependencies": {
|
|
24
28
|
"@types/jest": "^30.0.0",
|
|
25
29
|
"@types/node": "^20.19.11",
|
package/src/security.helper.ts
CHANGED
|
@@ -2,8 +2,6 @@ import * as crypto from "crypto";
|
|
|
2
2
|
import { CoreMBConfig } from "./config";
|
|
3
3
|
import { normalize } from "./phone.number.helper";
|
|
4
4
|
|
|
5
|
-
const config = CoreMBConfig.getInstance();
|
|
6
|
-
|
|
7
5
|
export type PhoneCipherRecord = {
|
|
8
6
|
// Base64 strings suitable for storage in text columns
|
|
9
7
|
ciphertext: string; // Encrypted phone number
|
|
@@ -17,7 +15,7 @@ export type PhoneCipherRecord = {
|
|
|
17
15
|
*/
|
|
18
16
|
export function hmacIndex(phoneRaw: string): string {
|
|
19
17
|
const normalized = normalize(phoneRaw);
|
|
20
|
-
const h = crypto.createHmac("sha256",
|
|
18
|
+
const h = crypto.createHmac("sha256", CoreMBConfig.getInstance().hmacKey);
|
|
21
19
|
h.update(normalized, "utf8");
|
|
22
20
|
return h.digest("base64");
|
|
23
21
|
}
|
|
@@ -33,7 +31,7 @@ export function phoneEncrypt(
|
|
|
33
31
|
// 12-byte IV is recommended for GCM
|
|
34
32
|
const iv = crypto.randomBytes(12);
|
|
35
33
|
|
|
36
|
-
const cipher = crypto.createCipheriv("aes-256-gcm",
|
|
34
|
+
const cipher = crypto.createCipheriv("aes-256-gcm", CoreMBConfig.getInstance().aesKey, iv);
|
|
37
35
|
|
|
38
36
|
// Optional: bind additional data (AAD), e.g., tenant ID to prevent cross-tenant swaps
|
|
39
37
|
// cipher.setAAD(Buffer.from(tenantId, 'utf8'));
|
|
@@ -63,7 +61,7 @@ export function phoneDecrypt(
|
|
|
63
61
|
const authTag = Buffer.from(record.authTag, "base64");
|
|
64
62
|
const ciphertext = Buffer.from(record.ciphertext, "base64");
|
|
65
63
|
|
|
66
|
-
const decipher = crypto.createDecipheriv("aes-256-gcm",
|
|
64
|
+
const decipher = crypto.createDecipheriv("aes-256-gcm", CoreMBConfig.getInstance().aesKey, iv);
|
|
67
65
|
|
|
68
66
|
// If you used setAAD on encrypt, you MUST set the same AAD here
|
|
69
67
|
// decipher.setAAD(Buffer.from(tenantId, 'utf8'));
|