SYNC: encrypt superadmin password

packages/api/src/controllers/auth.js

@@ -12,6 +12,7 @@ const {
   getAuthProviderById,
 } = require('../auth/authProvider');
 const storage = require('./storage');
+const { decryptPasswordString } = require('../utility/crypting');
 
 const logger = getLogger('auth');
 
@@ -95,7 +96,7 @@ module.exports = {
       let adminPassword = process.env.ADMIN_PASSWORD;
       if (!adminPassword) {
         const adminConfig = await storage.readConfig({ group: 'admin' });
-        adminPassword = adminConfig?.adminPassword;
+        adminPassword = decryptPasswordString(adminConfig?.adminPassword);
       }
       if (adminPassword && adminPassword == password) {
         return {

packages/api/src/utility/crypting.js

@@ -67,6 +67,20 @@ function getEncryptor() {
   return _encryptor;
 }
 
+function encryptPasswordString(password) {
+  if (password && !password.startsWith('crypt:')) {
+    return 'crypt:' + getEncryptor().encrypt(password);
+  }
+  return password;
+}
+
+function decryptPasswordString(password) {
+  if (password && password.startsWith('crypt:')) {
+    return getEncryptor().decrypt(password.substring('crypt:'.length));
+  }
+  return password;
+}
+
 function encryptObjectPasswordField(obj, field) {
   if (obj && obj[field] && !obj[field].startsWith('crypt:')) {
     return {
@@ -153,4 +167,6 @@ module.exports = {
   loadEncryptionKeyFromExternal,
   getEncryptionKey,
   setEncryptionKey,
+  encryptPasswordString,
+  decryptPasswordString,
 };