From 16e8217dc335a657f10ccdf08d37a436e7e86b13 Mon Sep 17 00:00:00 2001 From: Lucas Charrier Date: Thu, 14 Nov 2024 10:51:32 +0100 Subject: [PATCH] chore: changed decrypt and encrypt function to use AES-256-GCM --- .talismanrc | 98 ++++++++++++++------------ package-lock.json | 120 ++++++++++++++++++++++++++++++++ src/server/controllers/utils.ts | 38 ++++++---- 3 files changed, 195 insertions(+), 61 deletions(-) diff --git a/.talismanrc b/.talismanrc index 8190b394..eada9742 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,50 +1,56 @@ fileignoreconfig: - - filename: package-lock.json - checksum: add9168b63b1a9219558f2be2378591402a00d394be3bd9102715e43f8278e4f - - filename: __tests__/test-worker.ts - checksum: 462f569a2625f2fdb0938f0abc109ed24f0241d9f5592ead16475e2efde0aa47 - - filename: src/app/(private)/(dashboard)/admin/signaux-faibles-beta/AdminProductClientPage.tsx - checksum: 9c740513497d70e871e4abcad3a9e509ef5b1a0da9db2d0d2d336c19854303b4 - - filename: src/app/(private)/(dashboard)/incubators/[id]/info-form/page.tsx - checksum: 1ec9acf039a7d336e710ef7b47c385eb7080293ee2750c2cf99e9056cde7f129 - - filename: src/app/(private)/(dashboard)/services/page.tsx - checksum: d5831365d79840fb38be03632d6c58f37c239bade853577164c2149d5b280cb7 - - filename: src/app/api/services/actions.ts - checksum: 040be9b0d1ae2283fb2c78672b25f1eacc4fc31e72c66d84053b2b3470a62d5b - - filename: src/components/CommunityPage/Community.tsx - checksum: 5ad762848b814381f9473c7d4ede55fce6dc3ee77ed4c7acfb41d2658fcd9bf7 - - filename: src/components/IncubatorForm/IncubatorForm.tsx - checksum: 267f0f0e491b06862cd957ae86d22baf799a705370673cd24e588391a4613a5a - - filename: src/components/MemberPage/EmailUpgrade.tsx - checksum: 183a72c4974a5bd2e7a3da0d60895480dc6843e158933a221329dd18e586e400 - - filename: src/components/MemberPage/MemberMissions.tsx - checksum: b2f5359c37842b49af49164e11479cc6f106f08b177c2e94ebdb4fcd54f6c9a5 - - filename: src/components/MemberPage/MemberPage.tsx - checksum: d7e1d2aa3b94b36055a1cee44c29b8818cd734c7a454c63e11eb0ad6a6877c56 - - filename: src/components/MemberPage/MemberStatus.tsx - checksum: a828241649413cd89b408f2a74b542e4519ab69c490834ebf8f8e8147d3e14bf - - filename: src/components/NewsletterPage/NewsletterPage.tsx - checksum: 6b0b2109d112d5302ef35256a2febf53feadf65f5538acee4dce09f0d2da75eb - - filename: src/components/SEPhaseSelect.tsx - checksum: 0415032e0a9fb86957148673924ac6e16bc1ffb4b1851091377d23a200562e5e - - filename: src/components/SESponsorSelect.tsx - checksum: ae63a1c0173015ad4e9e904e4f025eecb992aca7ca5c1cbf4086baf16470dfcf - - filename: src/components/Service/MatomoServiceForm.tsx - checksum: 69248b6a0e2995cc94ed93515a6c279a9728c77c8ddd606dd84563f290402dab - - filename: src/components/StartupForm/TechnoEditor.tsx - checksum: 1945d388ece9e30e247acfa902436849f78ffcd032047f8c0292173dddc8ea53 - - filename: src/lib/hstore.ts - checksum: a02535588a717719f9e51c324d78779afd8c08fe4904a4aae525b85f8720b0ef - - filename: src/lib/matomo.ts - checksum: cbeb7cde7284119eadd0b64cfd126d76797a31ecd57d4d186e33e5e35689b844 - - filename: src/lib/s3.ts - checksum: a91be258dbac2f22c916598e597bd8cb4ca640e03dd422653486d6288375e849 - - filename: src/lib/sentry.ts - checksum: 035884bbbacf7746760dacc26669a3e4a4558ba2b88c0c7a38ec4327d25d0f3d - - filename: src/models/member.ts - checksum: 4d1a75e62ca805faf5bc5b7c83d03064171d4914e6d405a026c141b2ede9ca2c - - filename: src/utils/routes/list.ts - checksum: ebb1c7a8c5fb51e0e49a23f79d1342f177946b4e783154bb265970b672aa2a2c +- filename: __tests__/test-worker.ts + checksum: 462f569a2625f2fdb0938f0abc109ed24f0241d9f5592ead16475e2efde0aa47 +- filename: package-lock.json + checksum: add9168b63b1a9219558f2be2378591402a00d394be3bd9102715e43f8278e4f +- filename: src/app/(private)/(dashboard)/admin/signaux-faibles-beta/AdminProductClientPage.tsx + checksum: 9c740513497d70e871e4abcad3a9e509ef5b1a0da9db2d0d2d336c19854303b4 +- filename: src/app/(private)/(dashboard)/incubators/[id]/info-form/page.tsx + checksum: 1ec9acf039a7d336e710ef7b47c385eb7080293ee2750c2cf99e9056cde7f129 +- filename: src/app/(private)/(dashboard)/services/page.tsx + checksum: d5831365d79840fb38be03632d6c58f37c239bade853577164c2149d5b280cb7 +- filename: src/app/api/services/actions.ts + checksum: 040be9b0d1ae2283fb2c78672b25f1eacc4fc31e72c66d84053b2b3470a62d5b +- filename: src/components/CommunityPage/Community.tsx + checksum: 5ad762848b814381f9473c7d4ede55fce6dc3ee77ed4c7acfb41d2658fcd9bf7 +- filename: src/components/IncubatorForm/IncubatorForm.tsx + checksum: 267f0f0e491b06862cd957ae86d22baf799a705370673cd24e588391a4613a5a +- filename: src/components/MemberPage/EmailUpgrade.tsx + checksum: 183a72c4974a5bd2e7a3da0d60895480dc6843e158933a221329dd18e586e400 +- filename: src/components/MemberPage/MemberMissions.tsx + checksum: b2f5359c37842b49af49164e11479cc6f106f08b177c2e94ebdb4fcd54f6c9a5 +- filename: src/components/MemberPage/MemberPage.tsx + checksum: d7e1d2aa3b94b36055a1cee44c29b8818cd734c7a454c63e11eb0ad6a6877c56 +- filename: src/components/MemberPage/MemberStatus.tsx + checksum: a828241649413cd89b408f2a74b542e4519ab69c490834ebf8f8e8147d3e14bf +- filename: src/components/NewsletterPage/NewsletterPage.tsx + checksum: 6b0b2109d112d5302ef35256a2febf53feadf65f5538acee4dce09f0d2da75eb +- filename: src/components/SEPhaseSelect.tsx + checksum: 0415032e0a9fb86957148673924ac6e16bc1ffb4b1851091377d23a200562e5e +- filename: src/components/SESponsorSelect.tsx + checksum: ae63a1c0173015ad4e9e904e4f025eecb992aca7ca5c1cbf4086baf16470dfcf +- filename: src/components/Service/MatomoServiceForm.tsx + checksum: 69248b6a0e2995cc94ed93515a6c279a9728c77c8ddd606dd84563f290402dab +- filename: src/components/StartupForm/TechnoEditor.tsx + checksum: 1945d388ece9e30e247acfa902436849f78ffcd032047f8c0292173dddc8ea53 +- filename: src/lib/hstore.ts + checksum: a02535588a717719f9e51c324d78779afd8c08fe4904a4aae525b85f8720b0ef +- filename: src/lib/matomo.ts + checksum: cbeb7cde7284119eadd0b64cfd126d76797a31ecd57d4d186e33e5e35689b844 +- filename: src/lib/s3.ts + checksum: a91be258dbac2f22c916598e597bd8cb4ca640e03dd422653486d6288375e849 +- filename: src/lib/sentry.ts + checksum: 035884bbbacf7746760dacc26669a3e4a4558ba2b88c0c7a38ec4327d25d0f3d +- filename: src/models/member.ts + checksum: 4d1a75e62ca805faf5bc5b7c83d03064171d4914e6d405a026c141b2ede9ca2c +- filename: src/server/controllers/utils.ts + checksum: 32ee939d5df7e4cbe8899a66e5433d9b7b7936a1caf662d9a61b3b28554f9b64 +- filename: src/utils/routes/list.ts + checksum: ebb1c7a8c5fb51e0e49a23f79d1342f177946b4e783154bb265970b672aa2a2c +scopeconfig: +- scope: node +version: "1.0" +54bb265970b672aa2a2c scopeconfig: - scope: node version: "1.0" diff --git a/package-lock.json b/package-lock.json index 79e3c5cc..daeabb2d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3437,6 +3437,21 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/@next/swc-darwin-arm64": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.12.tgz", + "integrity": "sha512-crHJ9UoinXeFbHYNok6VZqjKnd8rTd7K3Z2zpyzF1ch7vVNKmhjv/V7EHxep3ILoN8JB9AdRn/EtVVyG9AkCXw==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, "node_modules/@next/swc-darwin-x64": { "version": "14.2.12", "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.12.tgz", @@ -3452,6 +3467,111 @@ "node": ">= 10" } }, + "node_modules/@next/swc-linux-arm64-gnu": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.12.tgz", + "integrity": "sha512-qBy7OiXOqZrdp88QEl2H4fWalMGnSCrr1agT/AVDndlyw2YJQA89f3ttR/AkEIP9EkBXXeGl6cC72/EZT5r6rw==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-arm64-musl": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.12.tgz", + "integrity": "sha512-EfD9L7o9biaQxjwP1uWXnk3vYZi64NVcKUN83hpVkKocB7ogJfyH2r7o1pPnMtir6gHZiGCeHKagJ0yrNSLNHw==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-x64-gnu": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.12.tgz", + "integrity": "sha512-iQ+n2pxklJew9IpE47hE/VgjmljlHqtcD5UhZVeHICTPbLyrgPehaKf2wLRNjYH75udroBNCgrSSVSVpAbNoYw==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-x64-musl": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.12.tgz", + "integrity": "sha512-rFkUkNwcQ0ODn7cxvcVdpHlcOpYxMeyMfkJuzaT74xjAa5v4fxP4xDk5OoYmPi8QNLDs3UgZPMSBmpBuv9zKWA==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-arm64-msvc": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.12.tgz", + "integrity": "sha512-PQFYUvwtHs/u0K85SG4sAdDXYIPXpETf9mcEjWc0R4JmjgMKSDwIU/qfZdavtP6MPNiMjuKGXHCtyhR/M5zo8g==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-ia32-msvc": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.12.tgz", + "integrity": "sha512-FAj2hMlcbeCV546eU2tEv41dcJb4NeqFlSXU/xL/0ehXywHnNpaYajOUvn3P8wru5WyQe6cTZ8fvckj/2XN4Vw==", + "cpu": [ + "ia32" + ], + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-x64-msvc": { + "version": "14.2.12", + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.12.tgz", + "integrity": "sha512-yu8QvV53sBzoIVRHsxCHqeuS8jYq6Lrmdh0briivuh+Brsp6xjg80MAozUsBTAV9KNmY08KlX0KYTWz1lbPzEg==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", diff --git a/src/server/controllers/utils.ts b/src/server/controllers/utils.ts index df344f8d..4844a510 100644 --- a/src/server/controllers/utils.ts +++ b/src/server/controllers/utils.ts @@ -1,5 +1,6 @@ import axios from "axios"; import crypto, { createCipheriv, createDecipheriv, randomBytes } from "crypto"; +import crypto from "crypto"; import { compareAsc, startOfDay } from "date-fns"; import _ from "lodash"; import nodemailer from "nodemailer"; @@ -22,30 +23,37 @@ export const computeHash = function (username) { return hash.update(username).digest("hex"); }; -export function encryptPassword(password) { - const iv = randomBytes(16); // Generate a secure, random IV +const { randomBytes, createCipheriv, createDecipheriv } = crypto; - const cipher = createCipheriv( - "AES-256-GCM", - new Uint8Array(Buffer.from(config.PASSWORD_ENCRYPT_KEY!, "hex")), - new Uint8Array(iv) - ); +// Encrypt function +export function encryptPassword(password) { + const iv = randomBytes(12); // Generate a secure, random IV + const key = Buffer.from(config.PASSWORD_ENCRYPT_KEY!, "hex"); + // @ts-ignore + const cipher = createCipheriv("AES-256-GCM", key, iv); let encrypted = cipher.update(password, "utf8", "hex"); encrypted += cipher.final("hex"); - return `${iv.toString("hex")}:${encrypted}`; // Combine iv and encrypted content + + // Get the authentication tag and include it in the result + const authTag = cipher.getAuthTag().toString("hex"); + + // Combine IV, encrypted content, and auth tag for decryption + return `${iv.toString("hex")}:${encrypted}:${authTag}`; } -// Function to decrypt the password +// Decrypt function export function decryptPassword(encryptedPassword) { const key = Buffer.from(config.PASSWORD_ENCRYPT_KEY!, "hex"); - const [ivHex, encrypted] = encryptedPassword.split(":"); + + // Split the stored data into IV, encrypted content, and auth tag + const [ivHex, encrypted, authTagHex] = encryptedPassword.split(":"); const iv = Buffer.from(ivHex, "hex"); + const authTag = Buffer.from(authTagHex, "hex"); + // @ts-ignore + const decipher = createDecipheriv("AES-256-GCM", key, iv); + // @ts-ignore + decipher.setAuthTag(authTag); // Set the authentication tag for AES-GCM - const decipher = createDecipheriv( - "AES-256-GCM", - new Uint8Array(key), - new Uint8Array(iv) - ); let decrypted = decipher.update(encrypted, "hex", "utf8"); decrypted += decipher.final("utf8"); return decrypted;