ondra/ironmount
1
1
Fork 0
mirror of https://github.com/nicotsx/ironmount.git synced 2025-12-10 12:10:51 +01:00
Code Issues Packages Projects Releases 1 Wiki Activity

feat: implement encryption for sensitive fields in volume backends

Browse Source
This commit is contained in:
Jakub Trávník
2025-12-04 00:04:26 +01:00
parent 7ff38f0128
commit f6b8e7e5a2
4 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/server/utils/crypto.ts
View File

@@ -5,6 +5,10 @@ const algorithm = "aes-256-gcm" as const;
const keyLength = 32;
const encryptionPrefix = "encv1";
const isEncrypted = (val?: string): boolean => {
return typeof val === "string" && val.startsWith(encryptionPrefix);
};
/**
* Given a string, encrypts it using a randomly generated salt
*/
@@ -13,7 +17,7 @@ const encrypt = async (data: string) => {
return data;
}
if (data.startsWith(encryptionPrefix)) {
if (isEncrypted(data)) {
return data;
}
@@ -34,6 +38,10 @@ const encrypt = async (data: string) => {
* Given an encrypted string, decrypts it using the salt stored in the string
*/
const decrypt = async (encryptedData: string) => {
if (!isEncrypted(encryptedData)) {
return encryptedData;
}
const secret = await Bun.file(RESTIC_PASS_FILE).text();
const parts = encryptedData.split(":").slice(1); // Remove prefix
@@ -58,4 +66,5 @@ const decrypt = async (encryptedData: string) => {
export const cryptoUtils = {
encrypt,
decrypt,
isEncrypted,
};