From 83646103acc3c503b8c9675e10c9f5f17fe117bc Mon Sep 17 00:00:00 2001 From: Bellabuks Date: Fri, 26 Jun 2026 20:15:58 +0100 Subject: [PATCH 1/4] Add notification composite index and PBKDF2 provider token encryption --- .../AddNotificationCompositeIndex.ts | 16 +++++++++ .../provider-token-encryption.service.ts | 33 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 src/notifications/migrations/AddNotificationCompositeIndex.ts create mode 100644 src/security/encryption/provider-token-encryption.service.ts diff --git a/src/notifications/migrations/AddNotificationCompositeIndex.ts b/src/notifications/migrations/AddNotificationCompositeIndex.ts new file mode 100644 index 00000000..22ee8c43 --- /dev/null +++ b/src/notifications/migrations/AddNotificationCompositeIndex.ts @@ -0,0 +1,16 @@ +import { MigrationInterface, QueryRunner, TableIndex } from 'typeorm'; + +export class AddNotificationCompositeIndex1700000000000 implements MigrationInterface { + name = 'AddNotificationCompositeIndex1700000000000'; + + async up(queryRunner: QueryRunner): Promise { + await queryRunner.createIndex('notifications', new TableIndex({ + name: 'IDX_notifications_user_type_status_created', + columnNames: ['userId', 'type', 'status', 'createdAt'], + })); + } + + async down(queryRunner: QueryRunner): Promise { + await queryRunner.dropIndex('notifications', 'IDX_notifications_user_type_status_created'); + } +} \ No newline at end of file diff --git a/src/security/encryption/provider-token-encryption.service.ts b/src/security/encryption/provider-token-encryption.service.ts new file mode 100644 index 00000000..519d9cbc --- /dev/null +++ b/src/security/encryption/provider-token-encryption.service.ts @@ -0,0 +1,33 @@ +import { Injectable } from '@nestjs/common'; +import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from 'crypto'; + +@Injectable() +export class ProviderTokenEncryptionService { + private readonly algorithm = 'aes-256-gcm'; + private readonly key: Buffer; + private readonly salt: string; + + constructor() { + this.salt = process.env.PROVIDER_TOKEN_ENCRYPTION_SALT || 'default-salt'; + const masterSecret = process.env.TOKEN_ENCRYPTION_SECRET || 'fallback-secret'; + this.key = pbkdf2Sync(masterSecret, this.salt, 600000, 32, 'sha256'); + } + + encrypt(plaintext: string): string { + const iv = randomBytes(16); + const cipher = createCipheriv(this.algorithm, this.key, iv); + let encrypted = cipher.update(plaintext, 'utf8', 'hex'); + encrypted += cipher.final('hex'); + const authTag = cipher.getAuthTag().toString('hex'); + return ${iv.toString('hex')}::; + } + + decrypt(ciphertext: string): string { + const [ivHex, authTagHex, encrypted] = ciphertext.split(':'); + const decipher = createDecipheriv(this.algorithm, this.key, Buffer.from(ivHex, 'hex')); + decipher.setAuthTag(Buffer.from(authTagHex, 'hex')); + let decrypted = decipher.update(encrypted, 'hex', 'utf8'); + decrypted += decipher.final('utf8'); + return decrypted; + } +} \ No newline at end of file From d4c014e973b62231814c561d12999ad59f79268f Mon Sep 17 00:00:00 2001 From: Bellabuks Date: Fri, 26 Jun 2026 21:51:31 +0100 Subject: [PATCH 2/4] fix: ci formatting --- src/notifications/migrations/AddNotificationCompositeIndex.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/notifications/migrations/AddNotificationCompositeIndex.ts b/src/notifications/migrations/AddNotificationCompositeIndex.ts index 22ee8c43..9c285629 100644 --- a/src/notifications/migrations/AddNotificationCompositeIndex.ts +++ b/src/notifications/migrations/AddNotificationCompositeIndex.ts @@ -13,4 +13,4 @@ export class AddNotificationCompositeIndex1700000000000 implements MigrationInte async down(queryRunner: QueryRunner): Promise { await queryRunner.dropIndex('notifications', 'IDX_notifications_user_type_status_created'); } -} \ No newline at end of file +} From 837fad3e9369caa9a7e41bd80f187a9fb900ed95 Mon Sep 17 00:00:00 2001 From: Bellabuks Date: Sat, 27 Jun 2026 04:01:36 +0100 Subject: [PATCH 3/4] fix: prettier formatting --- .../migrations/AddNotificationCompositeIndex.ts | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/notifications/migrations/AddNotificationCompositeIndex.ts b/src/notifications/migrations/AddNotificationCompositeIndex.ts index 9c285629..c3469cbe 100644 --- a/src/notifications/migrations/AddNotificationCompositeIndex.ts +++ b/src/notifications/migrations/AddNotificationCompositeIndex.ts @@ -4,10 +4,13 @@ export class AddNotificationCompositeIndex1700000000000 implements MigrationInte name = 'AddNotificationCompositeIndex1700000000000'; async up(queryRunner: QueryRunner): Promise { - await queryRunner.createIndex('notifications', new TableIndex({ - name: 'IDX_notifications_user_type_status_created', - columnNames: ['userId', 'type', 'status', 'createdAt'], - })); + await queryRunner.createIndex( + 'notifications', + new TableIndex({ + name: 'IDX_notifications_user_type_status_created', + columnNames: ['userId', 'type', 'status', 'createdAt'], + }), + ); } async down(queryRunner: QueryRunner): Promise { From 9688675664cdf6e6fb6cc701cc2ed569819f3920 Mon Sep 17 00:00:00 2001 From: Bellabuks Date: Sat, 27 Jun 2026 04:10:44 +0100 Subject: [PATCH 4/4] fix: prettier formatting