fix data encryption

2023-05-10 23:23:20 +02:00 · 2023-05-10 23:23:20 +02:00 · 4f1c064189
commit 4f1c064189
parent 4caa6e70c8
8 changed files with 113 additions and 83 deletions
--- a/package.json
+++ b/package.json
@ -17,7 +17,7 @@
    "@Test": "./dist/test"
  },
  "scripts": {
-    "build-db": "npx prisma migrate dev",
+    "build-db": "npx prisma migrate dev && node ./dist/common/databases/seeders/seeder.js",
    "build": "tsc",
    "start": "node ./dist/entries/App.js",
    "api:start": "npm run migrate && npm run start",
@ -48,7 +48,7 @@
    "cors": "^2.8.5",
    "express": "^4.18.2",
    "jsonwebtoken": "^9.0.0",
-    "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.44",
+    "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.46",
    "module-alias": "^2.2.2",
    "multer": "^1.4.5-lts.1",
    "next": "^13.1.5",
@ -60,7 +60,8 @@
    "tslib": "^2.4.1",
    "typedi": "^0.10.0",
    "typescript": "^4.9.4",
-    "uuid": "^9.0.0"
+    "uuid": "^9.0.0",
+    "uuidv4": "^6.2.13"
  },
  "devDependencies": {
    "@types/cors": "^2.8.13",
--- a/src/app/api/super-admin/FilesController.ts
+++ b/src/app/api/super-admin/FilesController.ts
@ -39,6 +39,26 @@ export default class FilesController extends ApiController {
 		}
 	}

+	/**
+	 * @description Get a specific File by uid
+	 */
+	@Get("/api/v1/super-admin/files/upload/:uid")
+	protected async getFileData(req: Request, response: Response) {
+		try {
+			const uid = req.params["uid"];
+			if (!uid) {
+				throw new Error("No uid provided");
+			}
+
+			const file = await this.filesService.updload(uid);
+			
+			this.httpSuccess(response, file);
+		} catch (error) {
+			this.httpBadRequest(response, error);
+			return;
+		}
+	}
+
 	/**
 	 * @description Create a new File
 	 * @returns File created
@ -135,7 +155,7 @@ export default class FilesController extends ApiController {
 	/**
 	 * @description Get a specific File by uid
 	 */
-	@Get("/api/v1/super-admin/Files/:uid")
+	@Get("/api/v1/super-admin/files/:uid")
 	protected async getOneByUid(req: Request, response: Response) {
 		try {
 			const uid = req.params["uid"];
--- a/src/common/databases/migrations/20230510204321_v4/migration.sql
+++ b/src/common/databases/migrations/20230510204321_v4/migration.sql
@ -0,0 +1,9 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `iv` on the `files` table. All the data in the column will be lost.
+
+*/
+-- AlterTable
+ALTER TABLE "files" DROP COLUMN "iv",
+ADD COLUMN     "key" VARCHAR(255);
--- a/src/common/databases/schema.prisma
+++ b/src/common/databases/schema.prisma
@ -204,7 +204,7 @@ model Files {
  document_uid String    @db.VarChar(255)
  file_path    String    @unique @db.VarChar(255)
  file_name    String    @db.VarChar(255)
-  iv           String    @db.VarChar(255)
+  key          String?   @db.VarChar(255)
  created_at   DateTime? @default(now())
  updated_at   DateTime? @updatedAt

--- a/src/common/databases/seeders/seeder.ts
+++ b/src/common/databases/seeders/seeder.ts
@ -25,12 +25,6 @@ import {
 (async () => {
 	const prisma = new PrismaClient();

-	const existingData = await prisma.contacts.findFirst({ where: { email: "john.doe@example.com" } });
-	if (existingData) {
-		console.log("Seed data already exists. Skipping seeding process.");
-		return;
-	}
-
 	const randomString = () => {
 		const chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 		let result = "";
@ -92,6 +86,13 @@ import {
 	const uidDocumentHistory1: string = randomString();
 	const uidDocumentHistory2: string = randomString();

+	// const existingData = await prisma.contacts.findFirst({ where: { uid: uidContact4 } });
+	// if (existingData) {
+	// 	console.log("Seed data already exists. Skipping seeding process.");
+	// 	return;
+	// }
+
+
 	const customers: Customers[] = [
 		{
 			uid: uidCustomer1,
@ -427,7 +428,7 @@ import {
 			document_uid: uidDocument1,
 			file_name: "fileName1",
 			file_path: "https://www.google1.com",
-			iv: "randomIv1",
+			key: '',
 			created_at: new Date(),
 			updated_at: new Date(),
 		},
@ -436,7 +437,7 @@ import {
 			document_uid: uidDocument1,
 			file_name: "fileName2",
 			file_path: "https://www.google2.com",
-			iv: "randomIv2",
+			key: '',
 			created_at: new Date(),
 			updated_at: new Date(),
 		},
--- a/src/common/repositories/FilesRepository.ts
+++ b/src/common/repositories/FilesRepository.ts
@ -27,7 +27,7 @@ export default class FilesRepository extends BaseRepository {
 	/**
 	 * @description : Create a file linked to a document
 	 */
-	public async create(file: File): Promise<Files> {
+	public async create(file: File, key: string): Promise<Files> {
 		return this.model.create({
 			data: {
 				document: {
@ -37,7 +37,7 @@ export default class FilesRepository extends BaseRepository {
 				},
 				file_name: file.file_name,
 				file_path: file.file_path,
-				iv: file.iv
+				key: key
 			},
 			include: { document: true }
 		});
@ -61,10 +61,13 @@ export default class FilesRepository extends BaseRepository {
 	 * @description : Delete a file
 	 */
 	public async delete(uid: string): Promise<Files> {
-		return this.model.delete({
+		return this.model.update({
 			where: {
 				uid: uid,
 			},
+			data: {
+				key: null
+			}
 		});
 	}

--- a/src/services/private-services/CryptoService/CryptoService.ts
+++ b/src/services/private-services/CryptoService/CryptoService.ts
@ -5,62 +5,44 @@ import crypto from "crypto";

@Service()
 export default class CryptoService extends BaseService {
-	private jwkKey: JsonWebKey;
-	private subtle: SubtleCrypto = crypto.webcrypto.subtle
+
+	private static readonly CRYPTO_ALGORITHM = "aes-256-ctr";
+
 	constructor(protected variables: BackendVariables) {
 		super();
-		this.jwkKey = {
-			kty: "oct",
-			k: variables.KEY_DATA,
-			alg: "A256GCM",
-			ext: true,
-		};
 	}

-	private async getKey() {
-		return await this.subtle.importKey("jwk", this.jwkKey, {name: "AES-GCM"}, false, ["encrypt", "decrypt"]);
+	private getKey(key: string) {
+		return crypto.createHash('sha256').update(String(key)).digest('base64').slice(0, 32);
 	}

 	/**
 	 * @description : encrypt data
 	 * @throws {Error} If data cannot be encrypted
 	 */
-	public async encrypt(data: string) {
-		const encodedData = Buffer.from(data);
-		const iv = crypto.webcrypto.getRandomValues(new Uint8Array(16))
-		const key = await this.getKey();
-		const cipherData = await this.subtle.encrypt(
-			{
-				name: "AES-GCM",
-				iv,
-			},
-			key,
-			encodedData,
-		);
-
-		const cipherText = Buffer.from(cipherData).toString('base64');
-		const ivStringified = Buffer.from(iv).toString('base64');
-
-		return { cipherText, ivStringified };
+	public async encrypt(buffer: Buffer, key: string): Promise<Buffer> {
+		// Create an initialization vector
+		const iv = crypto.randomBytes(16);
+		// Create a new cipher using the algorithm, key, and iv
+		const cipher = crypto.createCipheriv(CryptoService.CRYPTO_ALGORITHM, this.getKey(key), iv);
+		// Create the new (encrypted) buffer
+		const result = Buffer.concat([iv, cipher.update(buffer), cipher.final()]);
+		return result;
 	}
-
+	
 	/**
 	 * @description : decrypt data with an initialization vector
 	 * @throws {Error} If data cannot be decrypted
 	 */
-	public async decrypt(cipherText: string, ivStringified: string): Promise<string> {
-		const cipherData = Buffer.from(cipherText, 'base64');
-		const iv =  Buffer.from(ivStringified, 'base64');
-		const key = await this.getKey();
-		const decryptedData = await this.subtle.decrypt(
-			{
-				name: "AES-GCM",
-				iv,
-			},
-			key,
-			cipherData,
-		);
-
-		return Buffer.from(decryptedData).toString('utf-8');
+	public async decrypt(encrypted: Buffer, key: string): Promise<Buffer> {
+		// Get the iv: the first 16 bytes
+		const iv = encrypted.subarray(0, 16);
+		// Get the rest
+		encrypted = encrypted.subarray(16);
+		// Create a decipher
+		const decipher = crypto.createDecipheriv(CryptoService.CRYPTO_ALGORITHM, this.getKey(key), iv);
+		// Actually decrypt it
+		const result = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+		return result;
 	}
 }
--- a/src/services/private-services/FilesService/FilesService.ts
+++ b/src/services/private-services/FilesService/FilesService.ts
@ -1,16 +1,21 @@
 import FilesRepository from "@Repositories/FilesRepository";
 import BaseService from "@Services/BaseService";
 import { Service } from "typedi";
-import { File } from "le-coffre-resources/dist/SuperAdmin"
+import { File } from "le-coffre-resources/dist/SuperAdmin";
 import CryptoService from "../CryptoService/CryptoService";
 import IpfsService from "../IpfsService/IpfsService";
-//import fs from "fs";
 import { BackendVariables } from "@Common/config/variables/Variables";
 import { Readable } from "stream";
+import { uuid } from "uuidv4";

@Service()
 export default class FilesService extends BaseService {
-	constructor(private filesRepository: FilesRepository, private ipfsService: IpfsService, private variables: BackendVariables, private cryptoService: CryptoService) {
+	constructor(
+		private filesRepository: FilesRepository,
+		private ipfsService: IpfsService,
+		private variables: BackendVariables,
+		private cryptoService: CryptoService,
+	) {
 		super();
 	}

@ -22,17 +27,39 @@ export default class FilesService extends BaseService {
 		return this.filesRepository.findMany(query);
 	}

+	/**
+	 * @description : Get a file by uid
+	 * @throws {Error} If project cannot be created
+	 */
+	public async getByUid(uid: string) {
+		return this.filesRepository.findOneByUid(uid);
+	}
+
+	/**
+	 * @description : view a file
+	 * @throws {Error} If file cannot be deleted
+	 */
+	public async updload(uid: string) {
+		const file = await this.filesRepository.findOneByUid(uid);
+		if (!file.key) throw new Error("file deleted");
+		const fileResult = await fetch(file.file_path);
+		const fileContent = await fileResult.arrayBuffer();
+		return await this.cryptoService.decrypt(Buffer.from(fileContent), file.key);
+	}
+
 	/**
 	 * @description : Create a new file
 	 * @throws {Error} If file cannot be created
 	 */
 	public async create(file: File, fileData: Express.Multer.File) {
-		const upload = await this.ipfsService.pinFile(Readable.from(fileData.buffer), fileData.originalname);
-		const encryptedPath = await this.cryptoService.encrypt(this.variables.PINATA_GATEWAY.concat(upload.IpfsHash));
-		file.file_name = fileData.originalname; 
-		file.file_path = encryptedPath.cipherText;
-		file.iv = encryptedPath.ivStringified;
-		return this.filesRepository.create(file);
+		const key = uuid(); //crypto.getRandomValues(new Uint8Array(16));
+		const encryptedFile = await this.cryptoService.encrypt(fileData.buffer, key);
+		//const encryptedFileName = await this.cryptoService.encrypt(Buffer.from(fileData.originalname, 'utf-8'), key);
+		const upload = await this.ipfsService.pinFile(Readable.from(encryptedFile), fileData.originalname);
+		file.file_name = fileData.originalname; //encryptedFileName.toString('utf-8')
+		file.file_path = this.variables.PINATA_GATEWAY.concat(upload.IpfsHash);
+
+		return this.filesRepository.create(file, key);
 	}

 	/**
@ -48,23 +75,10 @@ export default class FilesService extends BaseService {
 	 * @throws {Error} If file cannot be deleted
 	 */
 	public async delete(uid: string) {
-		try {
-			const fileToUnpin = await this.filesRepository.findOneByUid(uid);
-			const decryptedFilePath = await this.cryptoService.decrypt(fileToUnpin.file_path, fileToUnpin.iv);
-			const fileHash= decryptedFilePath.substring(this.variables.PINATA_GATEWAY.length);
-			await this.ipfsService.unpinFile(fileHash)
-		} catch (error) {
-			console.log(error);
-		}
+		const fileToUnpin = await this.filesRepository.findOneByUid(uid);
+		const fileHash = fileToUnpin.file_path.substring(this.variables.PINATA_GATEWAY.length);
+		await this.ipfsService.unpinFile(fileHash);
 		
 		return this.filesRepository.delete(uid);
 	}
-
-	/**
-	 * @description : Get a file by uid
-	 * @throws {Error} If project cannot be created
-	 */
-	public async getByUid(uid: string) {
-		return this.filesRepository.findOneByUid(uid);
-	}
 }