feat: implement encryption for sensitive fields in volume backends

2025-12-10 12:10:51 +01:00 · 2025-12-04 00:04:26 +01:00
parent 7ff38f0128
commit f6b8e7e5a2
4 changed files with 40 additions and 5 deletions
--- a/app/server/modules/backends/smb/smb-backend.ts
+++ b/app/server/modules/backends/smb/smb-backend.ts
@@ -1,6 +1,7 @@
 import * as fs from "node:fs/promises";
 import * as os from "node:os";
 import { OPERATION_TIMEOUT } from "../../../core/constants";
+import { cryptoUtils } from "../../../utils/crypto";
 import { toMessage } from "../../../utils/errors";
 import { logger } from "../../../utils/logger";
 import { getMountForPath } from "../../../utils/mountinfo";
@@ -33,10 +34,12 @@ const mount = async (config: BackendConfig, path: string) => {
 	const run = async () => {
 		await fs.mkdir(path, { recursive: true });

+		const password = await cryptoUtils.decrypt(config.password);
+
 		const source = `//${config.server}/${config.share}`;
 		const options = [
 			`user=${config.username}`,
-			`pass=${config.password}`,
+			`pass=${password}`,
 			`vers=${config.vers}`,
 			`port=${config.port}`,
 			"uid=1000",