Fix:dataEncryption (#40)

package.json

@@ -17,7 +17,7 @@
     "@Test": "./dist/test"
   },
   "scripts": {
-    "build-db": "npx prisma migrate dev",
+    "build-db": "npx prisma migrate dev && node ./dist/common/databases/seeders/seeder.js",
     "build": "tsc",
     "start": "node ./dist/entries/App.js",
     "api:start": "npm run migrate && npm run start",
@@ -48,7 +48,7 @@
     "cors": "^2.8.5",
     "express": "^4.18.2",
     "jsonwebtoken": "^9.0.0",
-    "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.44",
+    "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.47",
     "module-alias": "^2.2.2",
     "multer": "^1.4.5-lts.1",
     "next": "^13.1.5",
@@ -60,7 +60,8 @@
     "tslib": "^2.4.1",
     "typedi": "^0.10.0",
     "typescript": "^4.9.4",
-    "uuid": "^9.0.0"
+    "uuid": "^9.0.0",
+    "uuidv4": "^6.2.13"
   },
   "devDependencies": {
     "@types/cors": "^2.8.13",

src/app/api/super-admin/FilesController.ts

@@ -39,6 +39,26 @@ export default class FilesController extends ApiController {
 		}
 	}
 
+	/**
+	 * @description Get a specific File by uid
+	 */
+	@Get("/api/v1/super-admin/files/upload/:uid")
+	protected async getFileData(req: Request, response: Response) {
+		try {
+			const uid = req.params["uid"];
+			if (!uid) {
+				throw new Error("No uid provided");
+			}
+
+			const file = await this.filesService.updload(uid);
+			
+			this.httpSuccess(response, file);
+		} catch (error) {
+			this.httpBadRequest(response, error);
+			return;
+		}
+	}
+
 	/**
 	 * @description Create a new File
 	 * @returns File created
@@ -135,7 +155,7 @@ export default class FilesController extends ApiController {
 	/**
 	 * @description Get a specific File by uid
 	 */
-	@Get("/api/v1/super-admin/Files/:uid")
+	@Get("/api/v1/super-admin/files/:uid")
 	protected async getOneByUid(req: Request, response: Response) {
 		try {
 			const uid = req.params["uid"];

src/common/databases/migrations/20230510204321_v4/migration.sql

@@ -0,0 +1,9 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `iv` on the `files` table. All the data in the column will be lost.
+
+*/
+-- AlterTable
+ALTER TABLE "files" DROP COLUMN "iv",
+ADD COLUMN     "key" VARCHAR(255);

src/common/databases/migrations/20230511085908_v5/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "files" ADD COLUMN     "archived_at" TIMESTAMP(3);

src/common/databases/schema.prisma

@@ -39,7 +39,7 @@ model Contacts {
   cell_phone_number String     @unique @db.VarChar(50)
   civility          ECivility  @default(MALE)
   address           Addresses? @relation(fields: [address_uid], references: [uid], onDelete: Cascade)
-  address_uid       String?     @unique @db.VarChar(255)
+  address_uid       String?    @unique @db.VarChar(255)
   birthdate         DateTime?
   created_at        DateTime?  @default(now())
   updated_at        DateTime?  @updatedAt
@@ -204,7 +204,8 @@ model Files {
   document_uid String    @db.VarChar(255)
   file_path    String    @unique @db.VarChar(255)
   file_name    String    @db.VarChar(255)
-  iv           String    @db.VarChar(255)
+  archived_at  DateTime?
+  key          String?   @db.VarChar(255)
   created_at   DateTime? @default(now())
   updated_at   DateTime? @updatedAt
 

src/common/databases/seeders/seeder.ts

@@ -25,12 +25,6 @@ import {
 (async () => {
 	const prisma = new PrismaClient();
 
-	const existingData = await prisma.contacts.findFirst({ where: { email: "john.doe@example.com" } });
-	if (existingData) {
-		console.log("Seed data already exists. Skipping seeding process.");
-		return;
-	}
-
 	const randomString = () => {
 		const chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 		let result = "";
@@ -92,6 +86,13 @@ import {
 	const uidDocumentHistory1: string = randomString();
 	const uidDocumentHistory2: string = randomString();
 
+	// const existingData = await prisma.contacts.findFirst({ where: { uid: uidContact4 } });
+	// if (existingData) {
+	// 	console.log("Seed data already exists. Skipping seeding process.");
+	// 	return;
+	// }
+
+
 	const customers: Customers[] = [
 		{
 			uid: uidCustomer1,
@@ -427,7 +428,8 @@ import {
 			document_uid: uidDocument1,
 			file_name: "fileName1",
 			file_path: "https://www.google1.com",
-			iv: "randomIv1",
+			key: '',
+			archived_at: null,
 			created_at: new Date(),
 			updated_at: new Date(),
 		},
@@ -436,7 +438,8 @@ import {
 			document_uid: uidDocument1,
 			file_name: "fileName2",
 			file_path: "https://www.google2.com",
-			iv: "randomIv2",
+			key: '',
+			archived_at: null,
 			created_at: new Date(),
 			updated_at: new Date(),
 		},

src/common/repositories/FilesRepository.ts

@@ -27,7 +27,7 @@ export default class FilesRepository extends BaseRepository {
 	/**
 	 * @description : Create a file linked to a document
 	 */
-	public async create(file: File): Promise<Files> {
+	public async create(file: File, key: string): Promise<Files> {
 		return this.model.create({
 			data: {
 				document: {
@@ -37,7 +37,7 @@ export default class FilesRepository extends BaseRepository {
 				},
 				file_name: file.file_name,
 				file_path: file.file_path,
-				iv: file.iv
+				key: key
 			},
 			include: { document: true }
 		});
@@ -61,10 +61,14 @@ export default class FilesRepository extends BaseRepository {
 	 * @description : Delete a file
 	 */
 	public async delete(uid: string): Promise<Files> {
-		return this.model.delete({
+		return this.model.update({
 			where: {
 				uid: uid,
 			},
+			data: {
+				key: null,
+				archived_at: new Date(Date.now())
+			}
 		});
 	}
 

src/services/private-services/CryptoService/CryptoService.ts

@@ -5,62 +5,44 @@ import crypto from "crypto";
 
 @Service()
 export default class CryptoService extends BaseService {
-	private jwkKey: JsonWebKey;
-	private subtle: SubtleCrypto = crypto.webcrypto.subtle
+
+	private static readonly CRYPTO_ALGORITHM = "aes-256-ctr";
+
 	constructor(protected variables: BackendVariables) {
 		super();
-		this.jwkKey = {
-			kty: "oct",
-			k: variables.KEY_DATA,
-			alg: "A256GCM",
-			ext: true,
-		};
 	}
 
-	private async getKey() {
-		return await this.subtle.importKey("jwk", this.jwkKey, {name: "AES-GCM"}, false, ["encrypt", "decrypt"]);
+	private getKey(key: string) {
+		return crypto.createHash('sha256').update(String(key)).digest('base64').slice(0, 32);
 	}
 
 	/**
 	 * @description : encrypt data
 	 * @throws {Error} If data cannot be encrypted
 	 */
-	public async encrypt(data: string) {
-		const encodedData = Buffer.from(data);
-		const iv = crypto.webcrypto.getRandomValues(new Uint8Array(16))
-		const key = await this.getKey();
-		const cipherData = await this.subtle.encrypt(
-			{
-				name: "AES-GCM",
-				iv,
-			},
-			key,
-			encodedData,
-		);
-
-		const cipherText = Buffer.from(cipherData).toString('base64');
-		const ivStringified = Buffer.from(iv).toString('base64');
-
-		return { cipherText, ivStringified };
+	public async encrypt(buffer: Buffer, key: string): Promise<Buffer> {
+		// Create an initialization vector
+		const iv = crypto.randomBytes(16);
+		// Create a new cipher using the algorithm, key, and iv
+		const cipher = crypto.createCipheriv(CryptoService.CRYPTO_ALGORITHM, this.getKey(key), iv);
+		// Create the new (encrypted) buffer
+		const result = Buffer.concat([iv, cipher.update(buffer), cipher.final()]);
+		return result;
 	}
 	
 	/**
 	 * @description : decrypt data with an initialization vector
 	 * @throws {Error} If data cannot be decrypted
 	 */
-	public async decrypt(cipherText: string, ivStringified: string): Promise<string> {
-		const cipherData = Buffer.from(cipherText, 'base64');
-		const iv =  Buffer.from(ivStringified, 'base64');
-		const key = await this.getKey();
-		const decryptedData = await this.subtle.decrypt(
-			{
-				name: "AES-GCM",
-				iv,
-			},
-			key,
-			cipherData,
-		);
-
-		return Buffer.from(decryptedData).toString('utf-8');
+	public async decrypt(encrypted: Buffer, key: string): Promise<Buffer> {
+		// Get the iv: the first 16 bytes
+		const iv = encrypted.subarray(0, 16);
+		// Get the rest
+		encrypted = encrypted.subarray(16);
+		// Create a decipher
+		const decipher = crypto.createDecipheriv(CryptoService.CRYPTO_ALGORITHM, this.getKey(key), iv);
+		// Actually decrypt it
+		const result = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+		return result;
 	}
 }

src/services/private-services/FilesService/FilesService.ts

@@ -1,16 +1,21 @@
 import FilesRepository from "@Repositories/FilesRepository";
 import BaseService from "@Services/BaseService";
 import { Service } from "typedi";
-import { File } from "le-coffre-resources/dist/SuperAdmin"
+import { File } from "le-coffre-resources/dist/SuperAdmin";
 import CryptoService from "../CryptoService/CryptoService";
 import IpfsService from "../IpfsService/IpfsService";
-//import fs from "fs";
 import { BackendVariables } from "@Common/config/variables/Variables";
 import { Readable } from "stream";
+import { v4 } from "uuid";
 
 @Service()
 export default class FilesService extends BaseService {
-	constructor(private filesRepository: FilesRepository, private ipfsService: IpfsService, private variables: BackendVariables, private cryptoService: CryptoService) {
+	constructor(
+		private filesRepository: FilesRepository,
+		private ipfsService: IpfsService,
+		private variables: BackendVariables,
+		private cryptoService: CryptoService,
+	) {
 		super();
 	}
 
@@ -22,17 +27,39 @@ export default class FilesService extends BaseService {
 		return this.filesRepository.findMany(query);
 	}
 
+	/**
+	 * @description : Get a file by uid
+	 * @throws {Error} If project cannot be created
+	 */
+	public async getByUid(uid: string) {
+		return this.filesRepository.findOneByUid(uid);
+	}
+
+	/**
+	 * @description : view a file
+	 * @throws {Error} If file cannot be deleted
+	 */
+	public async updload(uid: string) {
+		const file = await this.filesRepository.findOneByUid(uid);
+		if (!file.key) throw new Error("file deleted");
+		const fileResult = await fetch(file.file_path);
+		const fileContent = await fileResult.arrayBuffer();
+		return await this.cryptoService.decrypt(Buffer.from(fileContent), file.key);
+	}
+
 	/**
 	 * @description : Create a new file
 	 * @throws {Error} If file cannot be created
 	 */
 	public async create(file: File, fileData: Express.Multer.File) {
-		const upload = await this.ipfsService.pinFile(Readable.from(fileData.buffer), fileData.originalname);
-		const encryptedPath = await this.cryptoService.encrypt(this.variables.PINATA_GATEWAY.concat(upload.IpfsHash));
-		file.file_name = fileData.originalname; 
-		file.file_path = encryptedPath.cipherText;
-		file.iv = encryptedPath.ivStringified;
-		return this.filesRepository.create(file);
+		const key = v4();
+		const encryptedFile = await this.cryptoService.encrypt(fileData.buffer, key);
+		//const encryptedFileName = await this.cryptoService.encrypt(Buffer.from(fileData.originalname, 'utf-8'), key);
+		const upload = await this.ipfsService.pinFile(Readable.from(encryptedFile), fileData.originalname);
+		file.file_name = fileData.originalname; //encryptedFileName.toString('utf-8')
+		file.file_path = this.variables.PINATA_GATEWAY.concat(upload.IpfsHash);
+
+		return this.filesRepository.create(file, key);
 	}
 
 	/**
@@ -50,21 +77,12 @@ export default class FilesService extends BaseService {
 	public async delete(uid: string) {
 		try {
 			const fileToUnpin = await this.filesRepository.findOneByUid(uid);
-			const decryptedFilePath = await this.cryptoService.decrypt(fileToUnpin.file_path, fileToUnpin.iv);
-			const fileHash= decryptedFilePath.substring(this.variables.PINATA_GATEWAY.length);
-			await this.ipfsService.unpinFile(fileHash)
-		} catch (error) {
-			console.log(error);
+		const fileHash = fileToUnpin.file_path.substring(this.variables.PINATA_GATEWAY.length);
+		await this.ipfsService.unpinFile(fileHash);
+		} catch(error) {
+			console.error(error);
 		}
 		
 		return this.filesRepository.delete(uid);
 	}
-
-	/**
-	 * @description : Get a file by uid
-	 * @throws {Error} If project cannot be created
-	 */
-	public async getByUid(uid: string) {
-		return this.filesRepository.findOneByUid(uid);
-	}
 }