Adding user encryption key

This commit is contained in:
Fabian Stamm 2019-01-21 11:24:20 +01:00
parent 26798df304
commit 0612e25882
4 changed files with 58 additions and 2 deletions

View File

@ -1,8 +1,6 @@
import { Request, Response } from "express"; import { Request, Response } from "express";
import promiseMiddleware from "../../helper/promiseMiddleware";
import RequestError, { HttpStatusCode } from "../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../helper/request_error";
import User from "../../models/user"; import User from "../../models/user";
import Permission from "../../models/permissions";
import Client from "../../models/client"; import Client from "../../models/client";
import getOAuthJWT from "../../helper/jwt"; import getOAuthJWT from "../../helper/jwt";
import Stacker from "../middlewares/stacker"; import Stacker from "../middlewares/stacker";
@ -13,6 +11,7 @@ import { randomBytes } from "crypto";
import moment = require("moment"); import moment = require("moment");
import { JWTExpDur } from "../../keys"; import { JWTExpDur } from "../../keys";
import RefreshToken from "../../models/refresh_token"; import RefreshToken from "../../models/refresh_token";
import { getEncryptionKey } from "../../helper/user_key";
const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => { const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => {
let grant_type = req.query.grant_type || req.body.grant_type; let grant_type = req.query.grant_type || req.body.grant_type;
@ -56,6 +55,7 @@ const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), a
uid: user.uid, uid: user.uid,
email: mail ? mail.mail : "", email: mail ? mail.mail : "",
name: user.name, name: user.name,
enc_key: getEncryptionKey(user, client)
} }
}); });
} else if (grant_type === "refresh_token") { } else if (grant_type === "refresh_token") {

5
src/helper/random.ts Normal file
View File

@ -0,0 +1,5 @@
import { randomBytes } from "crypto";
export function randomString(length: number) {
return randomBytes(length).toString("base64").slice(0, length);
}

14
src/helper/user_key.ts Normal file
View File

@ -0,0 +1,14 @@
// import * as crypto from "crypto-js"
import { IUser } from "../models/user";
import { IClient } from "../models/client";
import * as crypto from "crypto"
function sha512(text: string) {
let hash = crypto.createHash("sha512")
hash.update(text)
return hash.digest("base64")
}
export function getEncryptionKey(user: IUser, client: IClient) {
return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id))
}

View File

@ -2,6 +2,7 @@ import DB from "../database";
import { ModelDataBase } from "@hibas123/safe_mongo/lib/model"; import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
import { ObjectID } from "mongodb"; import { ObjectID } from "mongodb";
import { v4 } from "uuid"; import { v4 } from "uuid";
import { randomString } from "../helper/random";
export enum Gender { export enum Gender {
none, none,
@ -28,6 +29,7 @@ export interface IUser extends ModelDataBase {
mails: ObjectID[]; mails: ObjectID[];
phones: { phone: string, verified: boolean, primary: boolean }[]; phones: { phone: string, verified: boolean, primary: boolean }[];
twofactor: { token: string, valid: boolean, type: TokenTypes }[]; twofactor: { token: string, valid: boolean, type: TokenTypes }[];
encryption_key: string;
} }
const User = DB.addModel<IUser>({ const User = DB.addModel<IUser>({
@ -63,6 +65,41 @@ const User = DB.addModel<IUser>({
} }
} }
} }
}, {
migration: (e: IUser) => { e.encryption_key = randomString(64) },
schema: {
uid: { type: String, default: () => v4() },
username: { type: String },
name: { type: String },
birthday: { type: Date, optional: true },
gender: { type: Number },
admin: { type: Boolean },
password: { type: String },
salt: { type: String },
mails: { type: Array, default: () => [] },
phones: {
array: true,
model: true,
type: {
phone: { type: String },
verified: { type: Boolean },
primary: { type: Boolean }
}
},
twofactor: {
array: true,
model: true,
type: {
token: { type: String },
valid: { type: Boolean },
type: { type: Number }
}
},
encryption_key: {
type: String,
default: () => randomString(64)
}
}
}] }]
}) })