Encryption (#26)

* feat: note encryption

* fix: enc

* doc: update changelog
This commit is contained in:
Artemy Egorov 2023-05-24 17:28:00 +03:00 committed by GitHub
parent 0c4a9928fa
commit 31e2b7346f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 2 deletions

View file

@ -1,3 +1,4 @@
PORT=80 # port to listen on
MONGO_URI="your mongo uri" # "mongodb+srv://xxxx:yyyy@domain/zzzz?retryWrites=true&w=majority"
MONGO_DB="anopaper" # database name
ENC_KEY="test" # encryption key

View file

@ -28,7 +28,7 @@
- [x] Migration notes storage to mongodb (#3)
- [ ] Settings for publish notes, such as: delete after reading, number of reads before deleting, adding your own data (name, picture, status in the settings) to the note.
- [x] Maintaining statistics on sent notes, the number of notes received, number of deleted notes (#8)
- [ ] Encrypting notes in the database
- [x] Encrypting notes in the database (#26)
- [x] Local notes ids is ~~incremental~~ `Date.now()` instead of uuidv4 (238af9ad6957f72439a1a39f32662145dd2bdce8)
# AnoPaper v1.0.0

20
core.js
View file

@ -15,6 +15,8 @@
const mongoClient = require("mongodb").MongoClient;
const sha3 = require("js-sha3").sha3_512;
const AES = require("crypto-js/aes");
const cryptojs = require("crypto-js");
class NotesCore {
constructor() {}
@ -33,6 +35,7 @@ class NotesCore {
try {
let note = await this.notes.findOne({ _id });
if (note !== null) await this.incStats("receivedNotes");
note = await this.decryptNote(note);
return note;
} catch {
return null;
@ -61,6 +64,7 @@ class NotesCore {
note._id = sha3(JSON.stringify(note));
note.time = Date.now();
note.pub = true;
note = await this.encryptNote(note);
await this.notes.updateOne(
{ _id: note._id },
{ $set: note },
@ -73,6 +77,22 @@ class NotesCore {
}
}
async encryptNote(note) {
note.name = AES.encrypt(note.name, process.env.ENC_KEY).toString();
note.text = AES.encrypt(note.text, process.env.ENC_KEY).toString();
return note;
}
async decryptNote(note) {
note.name = AES.decrypt(note.name, process.env.ENC_KEY).toString(
cryptojs.enc.Utf8
);
note.text = AES.decrypt(note.text, process.env.ENC_KEY).toString(
cryptojs.enc.Utf8
);
return note;
}
async incStats(_id) {
await this.stats.updateOne(
{ _id },