feat: ✨ Store cryptographically strong random secret for each note

server/prisma/migrations/20221120192437_add_note_secret_token/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "EncryptedNote" ADD COLUMN "secret_token" TEXT;

server/prisma/schema.prisma

@@ -18,6 +18,7 @@ model EncryptedNote {
   hmac           String?
   iv             String?
   crypto_version String   @default("v1")
+  secret_token   String?
 }
 
 model event {

server/src/controllers/note/note.post.controller.ts

@@ -13,6 +13,7 @@ import {
   ValidationError,
   Matches,
 } from "class-validator";
+import { generateToken } from "../../crypto/GenerateToken";
 
 /**
  * Request body for creating a note
@@ -78,12 +79,15 @@ export async function postNoteController(
 
   // Create note object
   const EXPIRE_WINDOW_DAYS = 30;
+  const secret_token = generateToken();
+
   const note = {
     ciphertext: notePostRequest.ciphertext as string,
     hmac: notePostRequest.hmac as string,
     iv: notePostRequest.iv as string,
     expire_time: addDays(new Date(), EXPIRE_WINDOW_DAYS),
     crypto_version: notePostRequest.crypto_version,
+    secret_token: secret_token,
   } as EncryptedNote;
 
   // Store note object
@@ -97,6 +101,7 @@ export async function postNoteController(
       res.json({
         view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`,
         expire_time: savedNote.expire_time,
+        secret_token: savedNote.secret_token,
       });
     })
     .catch(async (err) => {

server/src/crypto/GenerateToken.ts

@@ -0,0 +1,9 @@
+import crypto from "crypto";
+
+/**
+ * Generates a 256 bit token using the nodeJS crypto module.
+ * @returns base 64-encoded token.
+ */
+export function generateToken(): string {
+  return crypto.randomBytes(32).toString("base64");
+}