ondra/ironmount
1
1
Fork 0
mirror of https://github.com/nicotsx/ironmount.git synced 2025-12-10 12:10:51 +01:00
Code Issues Packages Projects Releases 1 Wiki Activity

feat: implement encryption for sensitive fields in volume backends

Browse Source
This commit is contained in:
Jakub Trávník
2025-12-04 00:04:26 +01:00
parent 7ff38f0128
commit f6b8e7e5a2
4 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/server/modules/backends/smb/smb-backend.ts
View File

@@ -1,6 +1,7 @@
import * as fs from "node:fs/promises";
import * as os from "node:os";
import { OPERATION_TIMEOUT } from "../../../core/constants";
import { cryptoUtils } from "../../../utils/crypto";
import { toMessage } from "../../../utils/errors";
import { logger } from "../../../utils/logger";
import { getMountForPath } from "../../../utils/mountinfo";
@@ -33,10 +34,12 @@ const mount = async (config: BackendConfig, path: string) => {
const run = async () => {
await fs.mkdir(path, { recursive: true });
const password = await cryptoUtils.decrypt(config.password);
const source = `//${config.server}/${config.share}`;
const options = [
`user=${config.username}`,
`pass=${config.password}`,
`pass=${password}`,
`vers=${config.vers}`,
`port=${config.port}`,
"uid=1000",

4
app/server/modules/backends/webdav/webdav-backend.ts
View File

@@ -3,6 +3,7 @@ import * as fs from "node:fs/promises";
import * as os from "node:os";
import { promisify } from "node:util";
import { OPERATION_TIMEOUT } from "../../../core/constants";
import { cryptoUtils } from "../../../utils/crypto";
import { toMessage } from "../../../utils/errors";
import { logger } from "../../../utils/logger";
import { getMountForPath } from "../../../utils/mountinfo";
@@ -49,8 +50,9 @@ const mount = async (config: BackendConfig, path: string) => {
: ["uid=1000", "gid=1000", "file_mode=0664", "dir_mode=0775"];
if (config.username && config.password) {
const password = await cryptoUtils.decrypt(config.password);
const secretsFile = "/etc/davfs2/secrets";
const secretsContent = `${source} ${config.username} ${config.password}\n`;
const secretsContent = `${source} ${config.username} ${password}\n`;
await fs.appendFile(secretsFile, secretsContent, { mode: 0o600 });
}