SYNC: Merge pull request #3 from dbgate/feature/zip

2026-04-19 10:46:00 +00:00 · 2025-04-23 13:17:54 +02:00
parent 54c53f0b56
commit 8f4118a6b8
82 changed files with 3981 additions and 2814 deletions
--- a/packages/api/src/utility/crypting.js
+++ b/packages/api/src/utility/crypting.js
@@ -59,7 +59,7 @@ async function loadEncryptionKeyFromExternal(storedValue, setStoredValue) {

 let _encryptor = null;

-function getEncryptor() {
+function getInternalEncryptor() {
  if (_encryptor) {
    return _encryptor;
  }
@@ -69,14 +69,14 @@ function getEncryptor() {

 function encryptPasswordString(password) {
  if (password && !password.startsWith('crypt:')) {
-    return 'crypt:' + getEncryptor().encrypt(password);
+    return 'crypt:' + getInternalEncryptor().encrypt(password);
  }
  return password;
 }

 function decryptPasswordString(password) {
  if (password && password.startsWith('crypt:')) {
-    return getEncryptor().decrypt(password.substring('crypt:'.length));
+    return getInternalEncryptor().decrypt(password.substring('crypt:'.length));
  }
  return password;
 }
@@ -85,7 +85,7 @@ function encryptObjectPasswordField(obj, field) {
  if (obj && obj[field] && !obj[field].startsWith('crypt:')) {
    return {
      ...obj,
-      [field]: 'crypt:' + getEncryptor().encrypt(obj[field]),
+      [field]: 'crypt:' + getInternalEncryptor().encrypt(obj[field]),
    };
  }
  return obj;
@@ -95,7 +95,7 @@ function decryptObjectPasswordField(obj, field) {
  if (obj && obj[field] && obj[field].startsWith('crypt:')) {
    return {
      ...obj,
-      [field]: getEncryptor().decrypt(obj[field].substring('crypt:'.length)),
+      [field]: getInternalEncryptor().decrypt(obj[field].substring('crypt:'.length)),
    };
  }
  return obj;
@@ -156,6 +156,49 @@ function getEncryptionKey() {
  return _encryptionKey;
 }

+function generateTransportEncryptionKey() {
+  const encryptor = simpleEncryptor.createEncryptor(defaultEncryptionKey);
+  const result = {
+    encryptionKey: crypto.randomBytes(32).toString('hex'),
+  };
+  return encryptor.encrypt(result);
+}
+
+function createTransportEncryptor(encryptionData) {
+  const encryptor = simpleEncryptor.createEncryptor(defaultEncryptionKey);
+  const data = encryptor.decrypt(encryptionData);
+  const res = simpleEncryptor.createEncryptor(data['encryptionKey']);
+  return res;
+}
+
+function recryptObjectPasswordField(obj, field, decryptEncryptor, encryptEncryptor) {
+  if (obj && obj[field] && obj[field].startsWith('crypt:')) {
+    return {
+      ...obj,
+      [field]: 'crypt:' + encryptEncryptor.encrypt(decryptEncryptor.decrypt(obj[field].substring('crypt:'.length))),
+    };
+  }
+  return obj;
+}
+
+function recryptObjectPasswordFieldInPlace(obj, field, decryptEncryptor, encryptEncryptor) {
+  if (obj && obj[field] && obj[field].startsWith('crypt:')) {
+    obj[field] = 'crypt:' + encryptEncryptor.encrypt(decryptEncryptor.decrypt(obj[field].substring('crypt:'.length)));
+  }
+}
+
+function recryptConnection(connection, decryptEncryptor, encryptEncryptor) {
+  connection = recryptObjectPasswordField(connection, 'password', decryptEncryptor, encryptEncryptor);
+  connection = recryptObjectPasswordField(connection, 'sshPassword', decryptEncryptor, encryptEncryptor);
+  connection = recryptObjectPasswordField(connection, 'sshKeyfilePassword', decryptEncryptor, encryptEncryptor);
+  return connection;
+}
+
+function recryptUser(user, decryptEncryptor, encryptEncryptor) {
+  user = recryptObjectPasswordField(user, 'password', decryptEncryptor, encryptEncryptor);
+  return user;
+}
+
 module.exports = {
  loadEncryptionKey,
  encryptConnection,
@@ -169,4 +212,12 @@ module.exports = {
  setEncryptionKey,
  encryptPasswordString,
  decryptPasswordString,
+
+  getInternalEncryptor,
+  recryptConnection,
+  recryptUser,
+  generateTransportEncryptionKey,
+  createTransportEncryptor,
+  recryptObjectPasswordField,
+  recryptObjectPasswordFieldInPlace,
 };