nest-encrypt-cycle 1.1.7 → 2.0.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nest-encrypt-cycle",
-  "version": "1.1.7",
+  "version": "2.0.2",
   "description": "A NestJS interceptor that encrypts/decrypts request and response bodies",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -19,7 +19,6 @@
   },
   "dependencies": {
     "@nestjs/common": "^10.0.0",
-    "crypto-js": "^4.2.0",
     "reflect-metadata": "^0.1.13"
   },
   "peerDependencies": {

package/test-optimized.js

@@ -0,0 +1,119 @@
+/**
+ * 최적화 후 기능 검증 테스트
+ * native crypto로 변경 후 암복호화가 정상 작동하는지 확인
+ */
+const { EncryptService } = require('./dist/src/encrypt.service');
+
+// 테스트 데이터
+const testCases = [
+  { name: 'Small JSON', data: { id: 1, name: 'test' } },
+  { name: 'Medium JSON', data: { id: 1, items: Array(10).fill({ field: 'value' }) } },
+  { name: 'Large JSON', data: { id: 1, items: Array(100).fill({ field: 'value' }) } },
+];
+
+const KEY = '0123456789abcdef0123456789abcdef'; // 32 bytes for AES-256
+
+// EncryptService 인스턴스 생성
+const encryptService = new EncryptService({
+  key: KEY,
+  whiteList: [
+    { method: 'GET', pathname: '/api/skip' },
+  ],
+});
+
+console.log('🧪 Testing Optimized EncryptService\n');
+console.log('='.repeat(80));
+
+// 기본 기능 테스트
+console.log('\n📝 Basic Functionality Tests:\n');
+
+let allPassed = true;
+
+for (const testCase of testCases) {
+  const jsonString = JSON.stringify(testCase.data);
+
+  try {
+    // 암호화
+    const encrypted = encryptService.encrypt(jsonString, '/api/test', 'POST');
+
+    // 복호화
+    const decrypted = encryptService.decrypt(encrypted, '/api/test', 'POST');
+
+    // 검증
+    const decryptedData = JSON.parse(decrypted);
+    const isValid = JSON.stringify(decryptedData) === jsonString;
+
+    if (isValid) {
+      console.log(`✅ ${testCase.name}: PASSED`);
+      console.log(`   Original:  ${jsonString.slice(0, 50)}...`);
+      console.log(`   Encrypted: ${encrypted.slice(0, 50)}...`);
+      console.log(`   Decrypted: ${decrypted.slice(0, 50)}...`);
+    } else {
+      console.log(`❌ ${testCase.name}: FAILED`);
+      console.log(`   Expected: ${jsonString}`);
+      console.log(`   Got:      ${decrypted}`);
+      allPassed = false;
+    }
+  } catch (error) {
+    console.log(`❌ ${testCase.name}: ERROR - ${error.message}`);
+    allPassed = false;
+  }
+
+  console.log();
+}
+
+// Whitelist 테스트
+console.log('='.repeat(80));
+console.log('\n🔓 Whitelist Functionality Test:\n');
+
+try {
+  const testData = 'plain text data';
+  const result = encryptService.encrypt(testData, '/api/skip', 'GET');
+
+  if (result === testData) {
+    console.log('✅ Whitelist: PASSED');
+    console.log('   Data was NOT encrypted (as expected for whitelisted route)');
+  } else {
+    console.log('❌ Whitelist: FAILED');
+    console.log(`   Expected: ${testData}`);
+    console.log(`   Got:      ${result}`);
+    allPassed = false;
+  }
+} catch (error) {
+  console.log(`❌ Whitelist: ERROR - ${error.message}`);
+  allPassed = false;
+}
+
+console.log();
+
+// 성능 간단 테스트
+console.log('='.repeat(80));
+console.log('\n⚡ Quick Performance Check:\n');
+
+const iterations = 1000;
+const testData = JSON.stringify({ id: 1, data: Array(10).fill({ field: 'value' }) });
+
+const start = process.hrtime.bigint();
+for (let i = 0; i < iterations; i++) {
+  const enc = encryptService.encrypt(testData, '/api/test', 'POST');
+  encryptService.decrypt(enc, '/api/test', 'POST');
+}
+const end = process.hrtime.bigint();
+
+const duration = Number(end - start) / 1000000; // ms
+const opsPerSec = (iterations / duration) * 1000;
+
+console.log(`${iterations} iterations completed in ${duration.toFixed(2)}ms`);
+console.log(`Performance: ${opsPerSec.toFixed(2)} ops/sec`);
+console.log(`Average: ${(duration / iterations).toFixed(4)}ms per operation`);
+
+console.log();
+console.log('='.repeat(80));
+console.log();
+
+if (allPassed) {
+  console.log('✅ All tests PASSED! Native crypto optimization is working correctly.');
+} else {
+  console.log('❌ Some tests FAILED. Please review the errors above.');
+  process.exit(1);
+}

package/test-query-params.js

@@ -0,0 +1,99 @@
+/**
+ * Query Parameter 처리 테스트
+ * Whitelist에 /api/test가 있으면 /api/test?id=1도 매칭되어야 함
+ */
+const { EncryptService } = require('./dist/src/encrypt.service');
+
+const KEY = '0123456789abcdef0123456789abcdef';
+
+// Whitelist에 /api/users 추가
+const encryptService = new EncryptService({
+  key: KEY,
+  whiteList: [
+    { method: 'GET', pathname: '/api/users' },
+    { method: 'POST', pathname: '/api/data' },
+  ],
+});
+
+console.log('🧪 Query Parameter Whitelist Test\n');
+console.log('='.repeat(80));
+
+const testCases = [
+  {
+    name: 'Whitelisted path without query params',
+    pathname: '/api/users',
+    method: 'GET',
+    data: 'test data',
+    shouldEncrypt: false,
+  },
+  {
+    name: 'Whitelisted path WITH query params (should still be whitelisted)',
+    pathname: '/api/users?id=123',
+    method: 'GET',
+    data: 'test data',
+    shouldEncrypt: false,
+    note: '❌ This will FAIL with old code, ✅ PASS with new code',
+  },
+  {
+    name: 'Whitelisted path with multiple query params',
+    pathname: '/api/users?id=123&page=2&limit=10',
+    method: 'GET',
+    data: 'test data',
+    shouldEncrypt: false,
+    note: '❌ This will FAIL with old code, ✅ PASS with new code',
+  },
+  {
+    name: 'Non-whitelisted path',
+    pathname: '/api/secret',
+    method: 'GET',
+    data: 'test data',
+    shouldEncrypt: true,
+  },
+  {
+    name: 'Non-whitelisted path with query params',
+    pathname: '/api/secret?id=1',
+    method: 'GET',
+    data: 'test data',
+    shouldEncrypt: true,
+  },
+];
+
+let allPassed = true;
+
+for (const testCase of testCases) {
+  console.log(`\n📋 ${testCase.name}`);
+  if (testCase.note) {
+    console.log(`   ${testCase.note}`);
+  }
+  console.log(`   Path: ${testCase.pathname}`);
+  console.log(`   Method: ${testCase.method}`);
+
+  // Note: interceptor에서 pathname을 split('?')[0]으로 처리하므로
+  // 여기서도 동일하게 처리
+  const cleanPathname = testCase.pathname.split('?')[0];
+  const result = encryptService.encrypt(testCase.data, cleanPathname, testCase.method);
+
+  const wasEncrypted = result !== testCase.data;
+  const expectedBehavior = testCase.shouldEncrypt;
+
+  if (wasEncrypted === expectedBehavior) {
+    console.log(`   ✅ PASSED: Data was ${wasEncrypted ? 'encrypted' : 'NOT encrypted'} (as expected)`);
+  } else {
+    console.log(`   ❌ FAILED: Data was ${wasEncrypted ? 'encrypted' : 'NOT encrypted'} (expected ${expectedBehavior ? 'encrypted' : 'NOT encrypted'})`);
+    allPassed = false;
+  }
+}
+
+console.log('\n' + '='.repeat(80));
+console.log();
+
+if (allPassed) {
+  console.log('✅ All query parameter tests PASSED!');
+  console.log('\nNow whitelist works correctly with query parameters:');
+  console.log('  - /api/users         → whitelisted');
+  console.log('  - /api/users?id=1    → whitelisted (query params ignored)');
+  console.log('  - /api/users?page=2  → whitelisted (query params ignored)');
+} else {
+  console.log('❌ Some tests FAILED.');
+  process.exit(1);
+}

package/test-wildcard.js

@@ -0,0 +1,154 @@
+/**
+ * Wildcard Pattern Matching Test
+ * Test various wildcard patterns in whitelist
+ */
+const { EncryptService } = require('./dist/src/encrypt.service');
+
+const KEY = '0123456789abcdef0123456789abcdef';
+
+console.log('🧪 Wildcard Pattern Matching Test\n');
+console.log('='.repeat(80));
+
+// Test Case 1: Simple wildcard at the end
+console.log('\n📋 Test 1: /api/users/* pattern');
+console.log('-'.repeat(80));
+
+const service1 = new EncryptService({
+  key: KEY,
+  whiteList: [
+    { method: 'GET', pathname: '/api/users/*' },
+  ],
+});
+
+const testCases1 = [
+  { pathname: '/api/users/123', expected: false, desc: 'Match: /api/users/123' },
+  { pathname: '/api/users/abc', expected: false, desc: 'Match: /api/users/abc' },
+  { pathname: '/api/users/uuid-1234', expected: false, desc: 'Match: /api/users/uuid-1234' },
+  { pathname: '/api/users', expected: true, desc: 'No match: /api/users (no trailing segment)' },
+  { pathname: '/api/users/123/profile', expected: true, desc: 'No match: /api/users/123/profile (too deep)' },
+  { pathname: '/api/posts/1', expected: true, desc: 'No match: /api/posts/1 (different path)' },
+];
+
+let allPassed = true;
+
+for (const test of testCases1) {
+  const result = service1.encrypt('test data', test.pathname, 'GET');
+  const wasEncrypted = result !== 'test data';
+  const passed = wasEncrypted === test.expected;
+
+  console.log(`${passed ? '✅' : '❌'} ${test.desc}`);
+  if (!passed) {
+    console.log(`   Expected: ${test.expected ? 'encrypted' : 'NOT encrypted'}, Got: ${wasEncrypted ? 'encrypted' : 'NOT encrypted'}`);
+    allPassed = false;
+  }
+}
+
+// Test Case 2: Wildcard in the middle
+console.log('\n📋 Test 2: /api/*/profile pattern');
+console.log('-'.repeat(80));
+
+const service2 = new EncryptService({
+  key: KEY,
+  whiteList: [
+    { method: 'GET', pathname: '/api/*/profile' },
+  ],
+});
+
+const testCases2 = [
+  { pathname: '/api/users/profile', expected: false, desc: 'Match: /api/users/profile' },
+  { pathname: '/api/123/profile', expected: false, desc: 'Match: /api/123/profile' },
+  { pathname: '/api/admin/profile', expected: false, desc: 'Match: /api/admin/profile' },
+  { pathname: '/api/profile', expected: true, desc: 'No match: /api/profile (missing middle segment)' },
+  { pathname: '/api/users/123/profile', expected: true, desc: 'No match: /api/users/123/profile (too many segments)' },
+  { pathname: '/api/users/settings', expected: true, desc: 'No match: /api/users/settings (wrong ending)' },
+];
+
+for (const test of testCases2) {
+  const result = service2.encrypt('test data', test.pathname, 'GET');
+  const wasEncrypted = result !== 'test data';
+  const passed = wasEncrypted === test.expected;
+
+  console.log(`${passed ? '✅' : '❌'} ${test.desc}`);
+  if (!passed) {
+    console.log(`   Expected: ${test.expected ? 'encrypted' : 'NOT encrypted'}, Got: ${wasEncrypted ? 'encrypted' : 'NOT encrypted'}`);
+    allPassed = false;
+  }
+}
+
+// Test Case 3: Multiple wildcards
+console.log('\n📋 Test 3: /api/*/posts/* pattern');
+console.log('-'.repeat(80));
+
+const service3 = new EncryptService({
+  key: KEY,
+  whiteList: [
+    { method: 'POST', pathname: '/api/*/posts/*' },
+  ],
+});
+
+const testCases3 = [
+  { pathname: '/api/users/posts/123', method: 'POST', expected: false, desc: 'Match: /api/users/posts/123' },
+  { pathname: '/api/admin/posts/456', method: 'POST', expected: false, desc: 'Match: /api/admin/posts/456' },
+  { pathname: '/api/users/posts', method: 'POST', expected: true, desc: 'No match: /api/users/posts (missing last segment)' },
+  { pathname: '/api/users/posts/123', method: 'GET', expected: true, desc: 'No match: wrong method (GET instead of POST)' },
+];
+
+for (const test of testCases3) {
+  const result = service3.encrypt('test data', test.pathname, test.method);
+  const wasEncrypted = result !== 'test data';
+  const passed = wasEncrypted === test.expected;
+
+  console.log(`${passed ? '✅' : '❌'} ${test.desc}`);
+  if (!passed) {
+    console.log(`   Expected: ${test.expected ? 'encrypted' : 'NOT encrypted'}, Got: ${wasEncrypted ? 'encrypted' : 'NOT encrypted'}`);
+    allPassed = false;
+  }
+}
+
+// Test Case 4: Mix of exact and wildcard patterns
+console.log('\n📋 Test 4: Mixed exact and wildcard patterns');
+console.log('-'.repeat(80));
+
+const service4 = new EncryptService({
+  key: KEY,
+  whiteList: [
+    { method: 'GET', pathname: '/api/health' },          // Exact
+    { method: 'GET', pathname: '/api/users/*' },         // Wildcard
+    { method: 'POST', pathname: '/api/*/create' },       // Wildcard
+  ],
+});
+
+const testCases4 = [
+  { pathname: '/api/health', method: 'GET', expected: false, desc: 'Match (exact): /api/health' },
+  { pathname: '/api/users/123', method: 'GET', expected: false, desc: 'Match (wildcard): /api/users/123' },
+  { pathname: '/api/posts/create', method: 'POST', expected: false, desc: 'Match (wildcard): /api/posts/create' },
+  { pathname: '/api/users/create', method: 'POST', expected: false, desc: 'Match (wildcard): /api/users/create' },
+  { pathname: '/api/unknown', method: 'GET', expected: true, desc: 'No match: /api/unknown' },
+];
+
+for (const test of testCases4) {
+  const result = service4.encrypt('test data', test.pathname, test.method);
+  const wasEncrypted = result !== 'test data';
+  const passed = wasEncrypted === test.expected;
+
+  console.log(`${passed ? '✅' : '❌'} ${test.desc}`);
+  if (!passed) {
+    console.log(`   Expected: ${test.expected ? 'encrypted' : 'NOT encrypted'}, Got: ${wasEncrypted ? 'encrypted' : 'NOT encrypted'}`);
+    allPassed = false;
+  }
+}
+
+console.log('\n' + '='.repeat(80));
+console.log();
+
+if (allPassed) {
+  console.log('✅ All wildcard pattern tests PASSED!\n');
+  console.log('Wildcard patterns now supported:');
+  console.log('  - /api/users/*           → matches /api/users/123, /api/users/abc');
+  console.log('  - /api/*/profile         → matches /api/users/profile, /api/admin/profile');
+  console.log('  - /api/*/posts/*         → matches /api/users/posts/1, /api/admin/posts/2');
+  console.log('  - Can mix exact + wildcard patterns in same whitelist');
+} else {
+  console.log('❌ Some tests FAILED.');
+  process.exit(1);
+}