feat: Store cryptographically strong random secret for each note

This commit is contained in:
Maxime Cannoodt 2022-11-20 20:35:59 +01:00
parent 836d491ff9
commit de5395bd23
4 changed files with 17 additions and 0 deletions

View File

@ -0,0 +1,2 @@
-- AlterTable
ALTER TABLE "EncryptedNote" ADD COLUMN "secret_token" TEXT;

View File

@ -18,6 +18,7 @@ model EncryptedNote {
hmac String? hmac String?
iv String? iv String?
crypto_version String @default("v1") crypto_version String @default("v1")
secret_token String?
} }
model event { model event {

View File

@ -13,6 +13,7 @@ import {
ValidationError, ValidationError,
Matches, Matches,
} from "class-validator"; } from "class-validator";
import { generateToken } from "../../crypto/GenerateToken";
/** /**
* Request body for creating a note * Request body for creating a note
@ -78,12 +79,15 @@ export async function postNoteController(
// Create note object // Create note object
const EXPIRE_WINDOW_DAYS = 30; const EXPIRE_WINDOW_DAYS = 30;
const secret_token = generateToken();
const note = { const note = {
ciphertext: notePostRequest.ciphertext as string, ciphertext: notePostRequest.ciphertext as string,
hmac: notePostRequest.hmac as string, hmac: notePostRequest.hmac as string,
iv: notePostRequest.iv as string, iv: notePostRequest.iv as string,
expire_time: addDays(new Date(), EXPIRE_WINDOW_DAYS), expire_time: addDays(new Date(), EXPIRE_WINDOW_DAYS),
crypto_version: notePostRequest.crypto_version, crypto_version: notePostRequest.crypto_version,
secret_token: secret_token,
} as EncryptedNote; } as EncryptedNote;
// Store note object // Store note object
@ -97,6 +101,7 @@ export async function postNoteController(
res.json({ res.json({
view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`, view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`,
expire_time: savedNote.expire_time, expire_time: savedNote.expire_time,
secret_token: savedNote.secret_token,
}); });
}) })
.catch(async (err) => { .catch(async (err) => {

View File

@ -0,0 +1,9 @@
import crypto from "crypto";
/**
* Generates a 256 bit token using the nodeJS crypto module.
* @returns base 64-encoded token.
*/
export function generateToken(): string {
return crypto.randomBytes(32).toString("base64");
}