diff --git a/src/api/oauth/refresh.ts b/src/api/oauth/refresh.ts index c0cf38b..ccea5ce 100644 --- a/src/api/oauth/refresh.ts +++ b/src/api/oauth/refresh.ts @@ -1,8 +1,6 @@ import { Request, Response } from "express"; -import promiseMiddleware from "../../helper/promiseMiddleware"; import RequestError, { HttpStatusCode } from "../../helper/request_error"; import User from "../../models/user"; -import Permission from "../../models/permissions"; import Client from "../../models/client"; import getOAuthJWT from "../../helper/jwt"; import Stacker from "../middlewares/stacker"; @@ -13,6 +11,7 @@ import { randomBytes } from "crypto"; import moment = require("moment"); import { JWTExpDur } from "../../keys"; import RefreshToken from "../../models/refresh_token"; +import { getEncryptionKey } from "../../helper/user_key"; const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => { let grant_type = req.query.grant_type || req.body.grant_type; @@ -56,6 +55,7 @@ const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), a uid: user.uid, email: mail ? mail.mail : "", name: user.name, + enc_key: getEncryptionKey(user, client) } }); } else if (grant_type === "refresh_token") { diff --git a/src/helper/random.ts b/src/helper/random.ts new file mode 100644 index 0000000..9100803 --- /dev/null +++ b/src/helper/random.ts @@ -0,0 +1,5 @@ +import { randomBytes } from "crypto"; + +export function randomString(length: number) { + return randomBytes(length).toString("base64").slice(0, length); +} \ No newline at end of file diff --git a/src/helper/user_key.ts b/src/helper/user_key.ts new file mode 100644 index 0000000..864dd4b --- /dev/null +++ b/src/helper/user_key.ts @@ -0,0 +1,14 @@ +// import * as crypto from "crypto-js" +import { IUser } from "../models/user"; +import { IClient } from "../models/client"; +import * as crypto from "crypto" + +function sha512(text: string) { + let hash = crypto.createHash("sha512") + hash.update(text) + return hash.digest("base64") +} + +export function getEncryptionKey(user: IUser, client: IClient) { + return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id)) +} \ No newline at end of file diff --git a/src/models/user.ts b/src/models/user.ts index 4b16798..ba295a6 100644 --- a/src/models/user.ts +++ b/src/models/user.ts @@ -2,6 +2,7 @@ import DB from "../database"; import { ModelDataBase } from "@hibas123/safe_mongo/lib/model"; import { ObjectID } from "mongodb"; import { v4 } from "uuid"; +import { randomString } from "../helper/random"; export enum Gender { none, @@ -28,6 +29,7 @@ export interface IUser extends ModelDataBase { mails: ObjectID[]; phones: { phone: string, verified: boolean, primary: boolean }[]; twofactor: { token: string, valid: boolean, type: TokenTypes }[]; + encryption_key: string; } const User = DB.addModel({ @@ -63,6 +65,41 @@ const User = DB.addModel({ } } } + }, { + migration: (e: IUser) => { e.encryption_key = randomString(64) }, + schema: { + uid: { type: String, default: () => v4() }, + username: { type: String }, + name: { type: String }, + birthday: { type: Date, optional: true }, + gender: { type: Number }, + admin: { type: Boolean }, + password: { type: String }, + salt: { type: String }, + mails: { type: Array, default: () => [] }, + phones: { + array: true, + model: true, + type: { + phone: { type: String }, + verified: { type: Boolean }, + primary: { type: Boolean } + } + }, + twofactor: { + array: true, + model: true, + type: { + token: { type: String }, + valid: { type: Boolean }, + type: { type: Number } + } + }, + encryption_key: { + type: String, + default: () => randomString(64) + } + } }] })