Skip to content

Commit 0d20d97

Browse files
cezudascezudas
committed
Merge branch 'mg/encryption' into cezudas/OPS-3021-infrastructure
2 parents e6adf8c + 85d4ead commit 0d20d97

2 files changed

Lines changed: 14 additions & 47 deletions

File tree

packages/server/shared/src/lib/security/encryption-key-initializer.ts

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
1-
import { AppSystemProp, QueueMode, system } from '../system';
21
import { encryptUtils } from './encryption';
32

43
export async function encryptionKeyInitializer(): Promise<void> {
5-
const queueMode = system.getOrThrow<QueueMode>(AppSystemProp.QUEUE_MODE);
6-
const encryptionKey = await encryptUtils.loadEncryptionKey(queueMode);
4+
const encryptionKey = encryptUtils.loadEncryptionKey();
75
const isValidHexKey =
86
encryptionKey && /^[A-Fa-z0-9]{32}$/.test(encryptionKey);
97

packages/server/shared/src/lib/security/encryption.ts

Lines changed: 13 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -1,52 +1,22 @@
1-
import {
2-
assertNotNullOrUndefined,
3-
EncryptedObject,
4-
isNil,
5-
} from '@openops/shared';
1+
import { EncryptedObject, isNil } from '@openops/shared';
62
import * as crypto from 'crypto';
7-
import { randomBytes } from 'node:crypto';
8-
import { promisify } from 'util';
9-
import { logger } from '../logger';
10-
import { AppSystemProp, QueueMode, system } from '../system';
11-
import { localFileStore } from './local-store';
3+
import { AppSystemProp, system } from '../system';
124

13-
let secret: string | null;
5+
let encryptionKey: string | null;
146
const algorithm = 'aes-256-cbc';
157
const ivLength = 16;
168

17-
const loadEncryptionKey = async (
18-
queueMode: QueueMode,
19-
): Promise<string | null> => {
20-
secret = system.get(AppSystemProp.ENCRYPTION_KEY) ?? null;
21-
if (queueMode === QueueMode.MEMORY) {
22-
if (isNil(secret)) {
23-
secret = await localFileStore.load(AppSystemProp.ENCRYPTION_KEY);
24-
}
25-
if (isNil(secret)) {
26-
secret = await generateAndStoreSecret();
27-
}
9+
const loadEncryptionKey = (): string => {
10+
if (isNil(encryptionKey)) {
11+
encryptionKey = system.getOrThrow(AppSystemProp.ENCRYPTION_KEY);
2812
}
2913

30-
if (secret) {
31-
logger.info('Encryption key loaded');
32-
} else {
33-
logger.info('Encryption key not loaded');
34-
}
35-
36-
return secret;
37-
};
38-
39-
const generateAndStoreSecret = async (): Promise<string> => {
40-
const secretLengthInBytes = 16;
41-
const secretBuffer = await promisify(randomBytes)(secretLengthInBytes);
42-
const secret = secretBuffer.toString('hex'); // Convert to hexadecimal
43-
await localFileStore.save(AppSystemProp.ENCRYPTION_KEY, secret);
44-
return secret;
14+
return encryptionKey;
4515
};
4616

4717
function encryptString(inputString: string): EncryptedObject {
18+
const secret = loadEncryptionKey();
4819
const iv = crypto.randomBytes(ivLength); // Generate a random initialization vector
49-
assertNotNullOrUndefined(secret, 'secret');
5020
const key = Buffer.from(secret, 'binary');
5121
const cipher = crypto.createCipheriv(algorithm, key, iv); // Create a cipher with the key and initialization vector
5222
let encrypted = cipher.update(inputString, 'utf8', 'hex');
@@ -63,8 +33,8 @@ function encryptObject(object: unknown): EncryptedObject {
6333
}
6434

6535
function encryptBuffer(inputBuffer: Buffer): EncryptedObject {
36+
const secret = loadEncryptionKey();
6637
const iv = crypto.randomBytes(ivLength);
67-
assertNotNullOrUndefined(secret, 'secret');
6838
const key = Buffer.from(secret, 'binary');
6939
const cipher = crypto.createCipheriv(algorithm, key, iv);
7040
let encrypted = cipher.update(inputBuffer).toString('hex');
@@ -76,8 +46,8 @@ function encryptBuffer(inputBuffer: Buffer): EncryptedObject {
7646
}
7747

7848
function decryptObject<T>(encryptedObject: EncryptedObject): T {
49+
const secret = loadEncryptionKey();
7950
const iv = Buffer.from(encryptedObject.iv, 'hex');
80-
assertNotNullOrUndefined(secret, 'secret');
8151
const key = Buffer.from(secret, 'binary');
8252
const decipher = crypto.createDecipheriv(algorithm, key, iv);
8353
let decrypted = decipher.update(encryptedObject.data, 'hex', 'utf8');
@@ -86,8 +56,8 @@ function decryptObject<T>(encryptedObject: EncryptedObject): T {
8656
}
8757

8858
function decryptBuffer(encryptedObject: EncryptedObject): Buffer {
59+
const secret = loadEncryptionKey();
8960
const iv = Buffer.from(encryptedObject.iv, 'hex');
90-
assertNotNullOrUndefined(secret, 'secret');
9161
const key = Buffer.from(secret, 'binary');
9262
const decipher = crypto.createDecipheriv(algorithm, key, iv);
9363
return Buffer.concat([
@@ -97,8 +67,8 @@ function decryptBuffer(encryptedObject: EncryptedObject): Buffer {
9767
}
9868

9969
function decryptString(encryptedObject: EncryptedObject): string {
70+
const secret = loadEncryptionKey();
10071
const iv = Buffer.from(encryptedObject.iv, 'hex');
101-
assertNotNullOrUndefined(secret, 'secret');
10272
const key = Buffer.from(secret, 'binary');
10373
const decipher = crypto.createDecipheriv(algorithm, key, iv);
10474
let decrypted = decipher.update(encryptedObject.data, 'hex', 'utf8');
@@ -107,8 +77,7 @@ function decryptString(encryptedObject: EncryptedObject): string {
10777
}
10878

10979
function get16ByteKey(): string {
110-
assertNotNullOrUndefined(secret, 'secret is not defined');
111-
return secret;
80+
return loadEncryptionKey();
11281
}
11382

11483
export const encryptUtils = {

0 commit comments

Comments
 (0)