Adding user encryption key

2019-01-21 11:24:20 +01:00 · 2019-01-21 11:24:20 +01:00 · 0612e25882
commit 0612e25882
parent 26798df304
4 changed files with 58 additions and 2 deletions
--- a/src/api/oauth/refresh.ts
+++ b/src/api/oauth/refresh.ts
@ -1,8 +1,6 @@
 import { Request, Response } from "express";
 import promiseMiddleware from "../../helper/promiseMiddleware";
 import RequestError, { HttpStatusCode } from "../../helper/request_error";
 import User from "../../models/user";
 import Permission from "../../models/permissions";
 import Client from "../../models/client";
 import getOAuthJWT from "../../helper/jwt";
 import Stacker from "../middlewares/stacker";
@ -13,6 +11,7 @@ import { randomBytes } from "crypto";
 import moment = require("moment");
 import { JWTExpDur } from "../../keys";
 import RefreshToken from "../../models/refresh_token";
 import { getEncryptionKey } from "../../helper/user_key";
 const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => {
   let grant_type = req.query.grant_type || req.body.grant_type;
@ -56,6 +55,7 @@ const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), a
            uid: user.uid,
            email: mail ? mail.mail : "",
            name: user.name,
            enc_key: getEncryptionKey(user, client)
         }
      });
   } else if (grant_type === "refresh_token") {
--- a/src/helper/random.ts
+++ b/src/helper/random.ts
@ -0,0 +1,5 @@
 import { randomBytes } from "crypto";
 export function randomString(length: number) {
   return randomBytes(length).toString("base64").slice(0, length);
 } 
--- a/src/helper/user_key.ts
+++ b/src/helper/user_key.ts
@ -0,0 +1,14 @@
 // import * as crypto from "crypto-js"
 import { IUser } from "../models/user";
 import { IClient } from "../models/client";
 import * as crypto from "crypto"
 function sha512(text: string) {
   let hash = crypto.createHash("sha512")
   hash.update(text)
   return hash.digest("base64")
 }
 export function getEncryptionKey(user: IUser, client: IClient) {
   return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id))
 }
--- a/src/models/user.ts
+++ b/src/models/user.ts
@ -2,6 +2,7 @@ import DB from "../database";
 import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
 import { ObjectID } from "mongodb";
 import { v4 } from "uuid";
 import { randomString } from "../helper/random";
 export enum Gender {
   none,
@ -28,6 +29,7 @@ export interface IUser extends ModelDataBase {
   mails: ObjectID[];
   phones: { phone: string, verified: boolean, primary: boolean }[];
   twofactor: { token: string, valid: boolean, type: TokenTypes }[];
   encryption_key: string;
 }
 const User = DB.addModel<IUser>({
@ -63,6 +65,41 @@ const User = DB.addModel<IUser>({
            }
         }
      }
   }, {
      migration: (e: IUser) => { e.encryption_key = randomString(64) },
      schema: {
         uid: { type: String, default: () => v4() },
         username: { type: String },
         name: { type: String },
         birthday: { type: Date, optional: true },
         gender: { type: Number },
         admin: { type: Boolean },
         password: { type: String },
         salt: { type: String },
         mails: { type: Array, default: () => [] },
         phones: {
            array: true,
            model: true,
            type: {
               phone: { type: String },
               verified: { type: Boolean },
               primary: { type: Boolean }
            }
         },
         twofactor: {
            array: true,
            model: true,
            type: {
               token: { type: String },
               valid: { type: Boolean },
               type: { type: Number }
            }
         },
         encryption_key: {
            type: String,
            default: () => randomString(64)
         }
      }
   }]
 })