From de5395bd23bb59815b26ccdda66c314c3f7b9ce0 Mon Sep 17 00:00:00 2001 From: Maxime Cannoodt Date: Sun, 20 Nov 2022 20:35:59 +0100 Subject: [PATCH] feat: :sparkles: Store cryptographically strong random secret for each note --- .../20221120192437_add_note_secret_token/migration.sql | 2 ++ server/prisma/schema.prisma | 1 + server/src/controllers/note/note.post.controller.ts | 5 +++++ server/src/crypto/GenerateToken.ts | 9 +++++++++ 4 files changed, 17 insertions(+) create mode 100644 server/prisma/migrations/20221120192437_add_note_secret_token/migration.sql create mode 100644 server/src/crypto/GenerateToken.ts diff --git a/server/prisma/migrations/20221120192437_add_note_secret_token/migration.sql b/server/prisma/migrations/20221120192437_add_note_secret_token/migration.sql new file mode 100644 index 0000000..21c1c7a --- /dev/null +++ b/server/prisma/migrations/20221120192437_add_note_secret_token/migration.sql @@ -0,0 +1,2 @@ +-- AlterTable +ALTER TABLE "EncryptedNote" ADD COLUMN "secret_token" TEXT; diff --git a/server/prisma/schema.prisma b/server/prisma/schema.prisma index e638c83..160be70 100644 --- a/server/prisma/schema.prisma +++ b/server/prisma/schema.prisma @@ -18,6 +18,7 @@ model EncryptedNote { hmac String? iv String? crypto_version String @default("v1") + secret_token String? } model event { diff --git a/server/src/controllers/note/note.post.controller.ts b/server/src/controllers/note/note.post.controller.ts index d411222..1ddd413 100644 --- a/server/src/controllers/note/note.post.controller.ts +++ b/server/src/controllers/note/note.post.controller.ts @@ -13,6 +13,7 @@ import { ValidationError, Matches, } from "class-validator"; +import { generateToken } from "../../crypto/GenerateToken"; /** * Request body for creating a note @@ -78,12 +79,15 @@ export async function postNoteController( // Create note object const EXPIRE_WINDOW_DAYS = 30; + const secret_token = generateToken(); + const note = { ciphertext: notePostRequest.ciphertext as string, hmac: notePostRequest.hmac as string, iv: notePostRequest.iv as string, expire_time: addDays(new Date(), EXPIRE_WINDOW_DAYS), crypto_version: notePostRequest.crypto_version, + secret_token: secret_token, } as EncryptedNote; // Store note object @@ -97,6 +101,7 @@ export async function postNoteController( res.json({ view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`, expire_time: savedNote.expire_time, + secret_token: savedNote.secret_token, }); }) .catch(async (err) => { diff --git a/server/src/crypto/GenerateToken.ts b/server/src/crypto/GenerateToken.ts new file mode 100644 index 0000000..26ff658 --- /dev/null +++ b/server/src/crypto/GenerateToken.ts @@ -0,0 +1,9 @@ +import crypto from "crypto"; + +/** + * Generates a 256 bit token using the nodeJS crypto module. + * @returns base 64-encoded token. + */ +export function generateToken(): string { + return crypto.randomBytes(32).toString("base64"); +}