Adding user encryption key
This commit is contained in:
parent
26798df304
commit
0612e25882
@ -1,8 +1,6 @@
|
|||||||
import { Request, Response } from "express";
|
import { Request, Response } from "express";
|
||||||
import promiseMiddleware from "../../helper/promiseMiddleware";
|
|
||||||
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
import RequestError, { HttpStatusCode } from "../../helper/request_error";
|
||||||
import User from "../../models/user";
|
import User from "../../models/user";
|
||||||
import Permission from "../../models/permissions";
|
|
||||||
import Client from "../../models/client";
|
import Client from "../../models/client";
|
||||||
import getOAuthJWT from "../../helper/jwt";
|
import getOAuthJWT from "../../helper/jwt";
|
||||||
import Stacker from "../middlewares/stacker";
|
import Stacker from "../middlewares/stacker";
|
||||||
@ -13,6 +11,7 @@ import { randomBytes } from "crypto";
|
|||||||
import moment = require("moment");
|
import moment = require("moment");
|
||||||
import { JWTExpDur } from "../../keys";
|
import { JWTExpDur } from "../../keys";
|
||||||
import RefreshToken from "../../models/refresh_token";
|
import RefreshToken from "../../models/refresh_token";
|
||||||
|
import { getEncryptionKey } from "../../helper/user_key";
|
||||||
|
|
||||||
const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => {
|
const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => {
|
||||||
let grant_type = req.query.grant_type || req.body.grant_type;
|
let grant_type = req.query.grant_type || req.body.grant_type;
|
||||||
@ -56,6 +55,7 @@ const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), a
|
|||||||
uid: user.uid,
|
uid: user.uid,
|
||||||
email: mail ? mail.mail : "",
|
email: mail ? mail.mail : "",
|
||||||
name: user.name,
|
name: user.name,
|
||||||
|
enc_key: getEncryptionKey(user, client)
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
} else if (grant_type === "refresh_token") {
|
} else if (grant_type === "refresh_token") {
|
||||||
|
5
src/helper/random.ts
Normal file
5
src/helper/random.ts
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
import { randomBytes } from "crypto";
|
||||||
|
|
||||||
|
export function randomString(length: number) {
|
||||||
|
return randomBytes(length).toString("base64").slice(0, length);
|
||||||
|
}
|
14
src/helper/user_key.ts
Normal file
14
src/helper/user_key.ts
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
// import * as crypto from "crypto-js"
|
||||||
|
import { IUser } from "../models/user";
|
||||||
|
import { IClient } from "../models/client";
|
||||||
|
import * as crypto from "crypto"
|
||||||
|
|
||||||
|
function sha512(text: string) {
|
||||||
|
let hash = crypto.createHash("sha512")
|
||||||
|
hash.update(text)
|
||||||
|
return hash.digest("base64")
|
||||||
|
}
|
||||||
|
|
||||||
|
export function getEncryptionKey(user: IUser, client: IClient) {
|
||||||
|
return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id))
|
||||||
|
}
|
@ -2,6 +2,7 @@ import DB from "../database";
|
|||||||
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
|
||||||
import { ObjectID } from "mongodb";
|
import { ObjectID } from "mongodb";
|
||||||
import { v4 } from "uuid";
|
import { v4 } from "uuid";
|
||||||
|
import { randomString } from "../helper/random";
|
||||||
|
|
||||||
export enum Gender {
|
export enum Gender {
|
||||||
none,
|
none,
|
||||||
@ -28,6 +29,7 @@ export interface IUser extends ModelDataBase {
|
|||||||
mails: ObjectID[];
|
mails: ObjectID[];
|
||||||
phones: { phone: string, verified: boolean, primary: boolean }[];
|
phones: { phone: string, verified: boolean, primary: boolean }[];
|
||||||
twofactor: { token: string, valid: boolean, type: TokenTypes }[];
|
twofactor: { token: string, valid: boolean, type: TokenTypes }[];
|
||||||
|
encryption_key: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
const User = DB.addModel<IUser>({
|
const User = DB.addModel<IUser>({
|
||||||
@ -63,6 +65,41 @@ const User = DB.addModel<IUser>({
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}, {
|
||||||
|
migration: (e: IUser) => { e.encryption_key = randomString(64) },
|
||||||
|
schema: {
|
||||||
|
uid: { type: String, default: () => v4() },
|
||||||
|
username: { type: String },
|
||||||
|
name: { type: String },
|
||||||
|
birthday: { type: Date, optional: true },
|
||||||
|
gender: { type: Number },
|
||||||
|
admin: { type: Boolean },
|
||||||
|
password: { type: String },
|
||||||
|
salt: { type: String },
|
||||||
|
mails: { type: Array, default: () => [] },
|
||||||
|
phones: {
|
||||||
|
array: true,
|
||||||
|
model: true,
|
||||||
|
type: {
|
||||||
|
phone: { type: String },
|
||||||
|
verified: { type: Boolean },
|
||||||
|
primary: { type: Boolean }
|
||||||
|
}
|
||||||
|
},
|
||||||
|
twofactor: {
|
||||||
|
array: true,
|
||||||
|
model: true,
|
||||||
|
type: {
|
||||||
|
token: { type: String },
|
||||||
|
valid: { type: Boolean },
|
||||||
|
type: { type: Number }
|
||||||
|
}
|
||||||
|
},
|
||||||
|
encryption_key: {
|
||||||
|
type: String,
|
||||||
|
default: () => randomString(64)
|
||||||
|
}
|
||||||
|
}
|
||||||
}]
|
}]
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user