SYNC: Merge pull request #2 from dbgate/feature/admin-ui

2026-04-19 02:36:00 +00:00 · 2025-04-08 10:09:30 +02:00
parent ea9a5b0eb0
commit 7d2130b229
10 changed files with 274 additions and 31 deletions
--- a/packages/api/src/utility/crypting.js
+++ b/packages/api/src/utility/crypting.js
@@ -33,6 +33,26 @@ function loadEncryptionKey() {
  return _encryptionKey;
 }

+async function loadEncryptionKeyFromExternal(storedValue, setStoredValue) {
+  const encryptor = simpleEncryptor.createEncryptor(defaultEncryptionKey);
+
+  if (!storedValue) {
+    const generatedKey = crypto.randomBytes(32);
+    const newKey = generatedKey.toString('hex');
+    const result = {
+      encryptionKey: newKey,
+    };
+    await setStoredValue(encryptor.encrypt(result));
+
+    setEncryptionKey(newKey);
+
+    return;
+  }
+
+  const data = encryptor.decrypt(storedValue);
+  setEncryptionKey(data['encryptionKey']);
+}
+
 let _encryptor = null;

 function getEncryptor() {
@@ -43,35 +63,32 @@ function getEncryptor() {
  return _encryptor;
 }

-function encryptPasswordField(connection, field) {
-  if (
-    connection &&
-    connection[field] &&
-    !connection[field].startsWith('crypt:') &&
-    connection.passwordMode != 'saveRaw'
-  ) {
+function encryptObjectPasswordField(obj, field) {
+  if (obj && obj[field] && !obj[field].startsWith('crypt:')) {
    return {
-      ...connection,
-      [field]: 'crypt:' + getEncryptor().encrypt(connection[field]),
+      ...obj,
+      [field]: 'crypt:' + getEncryptor().encrypt(obj[field]),
    };
  }
-  return connection;
+  return obj;
 }

-function decryptPasswordField(connection, field) {
-  if (connection && connection[field] && connection[field].startsWith('crypt:')) {
+function decryptObjectPasswordField(obj, field) {
+  if (obj && obj[field] && obj[field].startsWith('crypt:')) {
    return {
-      ...connection,
-      [field]: getEncryptor().decrypt(connection[field].substring('crypt:'.length)),
+      ...obj,
+      [field]: getEncryptor().decrypt(obj[field].substring('crypt:'.length)),
    };
  }
-  return connection;
+  return obj;
 }

 function encryptConnection(connection) {
-  connection = encryptPasswordField(connection, 'password');
-  connection = encryptPasswordField(connection, 'sshPassword');
-  connection = encryptPasswordField(connection, 'sshKeyfilePassword');
+  if (connection.passwordMode != 'saveRaw') {
+    connection = encryptObjectPasswordField(connection, 'password');
+    connection = encryptObjectPasswordField(connection, 'sshPassword');
+    connection = encryptObjectPasswordField(connection, 'sshKeyfilePassword');
+  }
  return connection;
 }

@@ -81,12 +98,24 @@ function maskConnection(connection) {
 }

 function decryptConnection(connection) {
-  connection = decryptPasswordField(connection, 'password');
-  connection = decryptPasswordField(connection, 'sshPassword');
-  connection = decryptPasswordField(connection, 'sshKeyfilePassword');
+  connection = decryptObjectPasswordField(connection, 'password');
+  connection = decryptObjectPasswordField(connection, 'sshPassword');
+  connection = decryptObjectPasswordField(connection, 'sshKeyfilePassword');
  return connection;
 }

+function encryptUser(user) {
+  if (user.encryptPassword) {
+    user = encryptObjectPasswordField(user, 'password');
+  }
+  return user;
+}
+
+function decryptUser(user) {
+  user = decryptObjectPasswordField(user, 'password');
+  return user;
+}
+
 function pickSafeConnectionInfo(connection) {
  if (process.env.LOG_CONNECTION_SENSITIVE_VALUES) {
    return connection;
@@ -99,10 +128,18 @@ function pickSafeConnectionInfo(connection) {
  });
 }

+function setEncryptionKey(encryptionKey) {
+  _encryptionKey = encryptionKey;
+  _encryptor = null;
+}
+
 module.exports = {
  loadEncryptionKey,
  encryptConnection,
+  encryptUser,
+  decryptUser,
  decryptConnection,
  maskConnection,
  pickSafeConnectionInfo,
+  loadEncryptionKeyFromExternal,
 };