test-entity-library-asm 3.9.6 → 3.9.8

package/dist/transformers/jsonEncryptionTransformer.js

@@ -4,53 +4,105 @@ exports.JsonEncryptionTransformer = void 0;
 const crypto = require("crypto");
 const ENCRYPTION_KEY = process.env.SECRET_ENCRYPTION_KEY || "clave-32-bytes-segura";
 const ALGORITHM = "aes-256-cbc";
-// Crear KeyObject con exactamente 32 bytes para AES-256
-const keyObject = crypto.createSecretKey(new Uint8Array(crypto.createHash("sha256").update(ENCRYPTION_KEY).digest()));
-function decryptValue(encrypted) {
-    if (!encrypted.includes(":"))
-        return encrypted;
-    const [ivHex, content] = encrypted.split(":");
+// KeyObject de 32 bytes
+const KEY = crypto.createSecretKey(crypto.createHash("sha256").update(String(ENCRYPTION_KEY)).digest());
+function looksLikeCBC(encoded) {
+    // formato: iv:cipherHex
+    return /^[0-9a-fA-F]+:[0-9a-fA-F]+$/.test(encoded);
+}
+function decryptValue(value) {
+    if (typeof value !== "string" || !looksLikeCBC(value))
+        return value;
+    const [ivHex, contentHex] = value.split(":");
     const iv = Buffer.from(ivHex, "hex");
-    // Pasar IV como Uint8Array para que TypeScript no dé error
-    const decipher = crypto.createDecipheriv(ALGORITHM, keyObject, new Uint8Array(iv));
-    let decrypted = decipher.update(content, "hex", "utf8");
-    decrypted += decipher.final("utf8");
-    return decrypted;
+    const decipher = crypto.createDecipheriv(ALGORITHM, KEY, iv);
+    const dec = Buffer.concat([
+        decipher.update(Buffer.from(contentHex, "hex")),
+        decipher.final(),
+    ]);
+    return dec.toString("utf8");
 }
 function encryptValue(plain) {
+    if (plain === null || plain === undefined)
+        return null;
+    const text = String(plain);
     const iv = crypto.randomBytes(16);
-    // Igual aquí: IV como Uint8Array
-    const cipher = crypto.createCipheriv(ALGORITHM, keyObject, new Uint8Array(iv));
-    let encrypted = cipher.update(plain, "utf8", "hex");
-    encrypted += cipher.final("hex");
-    return iv.toString("hex") + ":" + encrypted;
+    const cipher = crypto.createCipheriv(ALGORITHM, KEY, iv);
+    const enc = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
+    return iv.toString("hex") + ":" + enc.toString("hex");
 }
-exports.JsonEncryptionTransformer = {
-    to(value) {
-        if (typeof value !== "object" || value === null)
-            return JSON.stringify({});
-        const encryptedJson = {};
-        for (const key in value) {
-            if (key.startsWith("encrypted_")) {
-                encryptedJson[key] = encryptValue(value[key]);
+/** Recorre profundo y encripta solo claves `encrypted_*` */
+function deepEncrypt(input) {
+    if (input === null || input === undefined)
+        return input;
+    if (Array.isArray(input)) {
+        const arr = [];
+        for (let i = 0; i < input.length; i++) {
+            arr[i] = deepEncrypt(input[i]);
+        }
+        return arr;
+    }
+    if (typeof input === "object") {
+        const out = {};
+        for (const k in input) {
+            const v = input[k];
+            if (k.length >= 10 && k.substr(0, 10) === "encrypted_") {
+                out[k] = encryptValue(v);
             }
             else {
-                encryptedJson[key] = value[key];
+                out[k] = deepEncrypt(v);
             }
         }
-        return JSON.stringify(encryptedJson);
+        return out;
+    }
+    // primitivos
+    return input;
+}
+/** Recorre profundo y desencripta solo claves `encrypted_*` */
+function deepDecrypt(input) {
+    if (input === null || input === undefined)
+        return input;
+    if (Array.isArray(input)) {
+        const arr = [];
+        for (let i = 0; i < input.length; i++) {
+            arr[i] = deepDecrypt(input[i]);
+        }
+        return arr;
+    }
+    if (typeof input === "object") {
+        const out = {};
+        for (const k in input) {
+            const v = input[k];
+            if (k.length >= 10 && k.substr(0, 10) === "encrypted_") {
+                try {
+                    out[k] = decryptValue(v);
+                }
+                catch {
+                    out[k] = v; // si está corrupto, lo dejamos como está
+                }
+            }
+            else {
+                out[k] = deepDecrypt(v);
+            }
+        }
+        return out;
+    }
+    // primitivos
+    return input;
+}
+exports.JsonEncryptionTransformer = {
+    to(value) {
+        if (typeof value !== "object" || value === null)
+            return JSON.stringify({});
+        return JSON.stringify(deepEncrypt(value));
     },
     from(dbValue) {
         try {
             const parsed = JSON.parse(dbValue);
-            for (const key in parsed) {
-                if (key.startsWith("encrypted_")) {
-                    parsed[key] = decryptValue(parsed[key]);
-                }
-            }
-            return parsed;
+            return deepDecrypt(parsed);
         }
         catch {
+            // si no es JSON válido, no tumbar todo
             return {};
         }
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "test-entity-library-asm",
-  "version": "3.9.6",
+  "version": "3.9.8",
   "description": "Entidades de ejemplo para una base de datos",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -20,7 +20,7 @@
   },
   "devDependencies": {
     "@types/express": "^4.17.21",
-    "@types/node": "^20.12.7",
+    "@types/node": "^20.19.10",
     "rimraf": "^6.0.1",
     "typescript": "^5.4.5"
   },

package/src/transformers/jsonEncryptionTransformer.ts

@@ -5,70 +5,111 @@ const ENCRYPTION_KEY =
   process.env.SECRET_ENCRYPTION_KEY || "clave-32-bytes-segura";
 const ALGORITHM = "aes-256-cbc";
 
-// Crear KeyObject con exactamente 32 bytes para AES-256
-const keyObject = crypto.createSecretKey(
-  new Uint8Array(crypto.createHash("sha256").update(ENCRYPTION_KEY).digest())
+// KeyObject de 32 bytes
+const KEY = crypto.createSecretKey(
+  crypto.createHash("sha256").update(String(ENCRYPTION_KEY)).digest()
 );
 
-function decryptValue(encrypted: string): string {
-  if (!encrypted.includes(":")) return encrypted;
+function looksLikeCBC(encoded: string) {
+  // formato: iv:cipherHex
+  return /^[0-9a-fA-F]+:[0-9a-fA-F]+$/.test(encoded);
+}
 
-  const [ivHex, content] = encrypted.split(":");
+function decryptValue(value: any): any {
+  if (typeof value !== "string" || !looksLikeCBC(value)) return value;
+  const [ivHex, contentHex] = value.split(":");
   const iv = Buffer.from(ivHex, "hex");
-
-  // Pasar IV como Uint8Array para que TypeScript no dé error
-  const decipher = crypto.createDecipheriv(
-    ALGORITHM,
-    keyObject,
-    new Uint8Array(iv)
-  );
-  let decrypted = decipher.update(content, "hex", "utf8");
-  decrypted += decipher.final("utf8");
-  return decrypted;
+  const decipher = crypto.createDecipheriv(ALGORITHM, KEY, iv);
+  const dec = Buffer.concat([
+    decipher.update(Buffer.from(contentHex, "hex")),
+    decipher.final(),
+  ]);
+  return dec.toString("utf8");
 }
 
-function encryptValue(plain: string): string {
+function encryptValue(plain: any): string | null {
+  if (plain === null || plain === undefined) return null;
+  const text = String(plain);
   const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv(ALGORITHM, KEY, iv);
+  const enc = Buffer.concat([cipher.update(text, "utf8"), cipher.final()]);
+  return iv.toString("hex") + ":" + enc.toString("hex");
+}
 
-  // Igual aquí: IV como Uint8Array
-  const cipher = crypto.createCipheriv(
-    ALGORITHM,
-    keyObject,
-    new Uint8Array(iv)
-  );
-  let encrypted = cipher.update(plain, "utf8", "hex");
-  encrypted += cipher.final("hex");
+/** Recorre profundo y encripta solo claves `encrypted_*` */
+function deepEncrypt(input: any): any {
+  if (input === null || input === undefined) return input;
 
-  return iv.toString("hex") + ":" + encrypted;
+  if (Array.isArray(input)) {
+    const arr: any[] = [];
+    for (let i = 0; i < input.length; i++) {
+      arr[i] = deepEncrypt(input[i]);
+    }
+    return arr;
+  }
+
+  if (typeof input === "object") {
+    const out: { [k: string]: any } = {};
+    for (const k in input) {
+      const v = input[k];
+      if (k.length >= 10 && k.substr(0, 10) === "encrypted_") {
+        out[k] = encryptValue(v);
+      } else {
+        out[k] = deepEncrypt(v);
+      }
+    }
+    return out;
+  }
+
+  // primitivos
+  return input;
 }
 
-export const JsonEncryptionTransformer: ValueTransformer = {
-  to(value: any): string {
-    if (typeof value !== "object" || value === null) return JSON.stringify({});
+/** Recorre profundo y desencripta solo claves `encrypted_*` */
+function deepDecrypt(input: any): any {
+  if (input === null || input === undefined) return input;
 
-    const encryptedJson: Record<string, any> = {};
+  if (Array.isArray(input)) {
+    const arr: any[] = [];
+    for (let i = 0; i < input.length; i++) {
+      arr[i] = deepDecrypt(input[i]);
+    }
+    return arr;
+  }
 
-    for (const key in value) {
-      if (key.startsWith("encrypted_")) {
-        encryptedJson[key] = encryptValue(value[key]);
+  if (typeof input === "object") {
+    const out: { [k: string]: any } = {};
+    for (const k in input) {
+      const v = input[k];
+      if (k.length >= 10 && k.substr(0, 10) === "encrypted_") {
+        try {
+          out[k] = decryptValue(v);
+        } catch {
+          out[k] = v; // si está corrupto, lo dejamos como está
+        }
       } else {
-        encryptedJson[key] = value[key];
+        out[k] = deepDecrypt(v);
       }
     }
+    return out;
+  }
+
+  // primitivos
+  return input;
+}
 
-    return JSON.stringify(encryptedJson);
+export const JsonEncryptionTransformer: ValueTransformer = {
+  to(value: any): string {
+    if (typeof value !== "object" || value === null) return JSON.stringify({});
+    return JSON.stringify(deepEncrypt(value));
   },
 
   from(dbValue: string): any {
     try {
       const parsed = JSON.parse(dbValue);
-      for (const key in parsed) {
-        if (key.startsWith("encrypted_")) {
-          parsed[key] = decryptValue(parsed[key]);
-        }
-      }
-      return parsed;
+      return deepDecrypt(parsed);
     } catch {
+      // si no es JSON válido, no tumbar todo
       return {};
     }
   },