Adding user encryption key

2019-01-21 11:24:20 +01:00 · 2019-01-21 11:24:20 +01:00 · 0612e25882
commit 0612e25882
parent 26798df304
4 changed files with 58 additions and 2 deletions
--- a/src/api/oauth/refresh.ts
+++ b/src/api/oauth/refresh.ts
@ -1,8 +1,6 @@
 import { Request, Response } from "express";
-import promiseMiddleware from "../../helper/promiseMiddleware";
 import RequestError, { HttpStatusCode } from "../../helper/request_error";
 import User from "../../models/user";
-import Permission from "../../models/permissions";
 import Client from "../../models/client";
 import getOAuthJWT from "../../helper/jwt";
 import Stacker from "../middlewares/stacker";
@ -13,6 +11,7 @@ import { randomBytes } from "crypto";
 import moment = require("moment");
 import { JWTExpDur } from "../../keys";
 import RefreshToken from "../../models/refresh_token";
+import { getEncryptionKey } from "../../helper/user_key";

 const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => {
   let grant_type = req.query.grant_type || req.body.grant_type;
@ -56,6 +55,7 @@ const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), a
            uid: user.uid,
            email: mail ? mail.mail : "",
            name: user.name,
+            enc_key: getEncryptionKey(user, client)
         }
      });
   } else if (grant_type === "refresh_token") {
--- a/src/helper/random.ts
+++ b/src/helper/random.ts
@ -0,0 +1,5 @@
+import { randomBytes } from "crypto";
+
+export function randomString(length: number) {
+   return randomBytes(length).toString("base64").slice(0, length);
+} 
--- a/src/helper/user_key.ts
+++ b/src/helper/user_key.ts
@ -0,0 +1,14 @@
+// import * as crypto from "crypto-js"
+import { IUser } from "../models/user";
+import { IClient } from "../models/client";
+import * as crypto from "crypto"
+
+function sha512(text: string) {
+   let hash = crypto.createHash("sha512")
+   hash.update(text)
+   return hash.digest("base64")
+}
+
+export function getEncryptionKey(user: IUser, client: IClient) {
+   return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id))
+}
--- a/src/models/user.ts
+++ b/src/models/user.ts
@ -2,6 +2,7 @@ import DB from "../database";
 import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
 import { ObjectID } from "mongodb";
 import { v4 } from "uuid";
+import { randomString } from "../helper/random";

 export enum Gender {
   none,
@ -28,6 +29,7 @@ export interface IUser extends ModelDataBase {
   mails: ObjectID[];
   phones: { phone: string, verified: boolean, primary: boolean }[];
   twofactor: { token: string, valid: boolean, type: TokenTypes }[];
+   encryption_key: string;
 }

 const User = DB.addModel<IUser>({
@ -63,6 +65,41 @@ const User = DB.addModel<IUser>({
            }
         }
      }
+   }, {
+      migration: (e: IUser) => { e.encryption_key = randomString(64) },
+      schema: {
+         uid: { type: String, default: () => v4() },
+         username: { type: String },
+         name: { type: String },
+         birthday: { type: Date, optional: true },
+         gender: { type: Number },
+         admin: { type: Boolean },
+         password: { type: String },
+         salt: { type: String },
+         mails: { type: Array, default: () => [] },
+         phones: {
+            array: true,
+            model: true,
+            type: {
+               phone: { type: String },
+               verified: { type: Boolean },
+               primary: { type: Boolean }
+            }
+         },
+         twofactor: {
+            array: true,
+            model: true,
+            type: {
+               token: { type: String },
+               valid: { type: Boolean },
+               type: { type: Number }
+            }
+         },
+         encryption_key: {
+            type: String,
+            default: () => randomString(64)
+         }
+      }
   }]
 })