Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-10 20:42:34 +10:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b6d6fb1b9f39c645f75b98373c938ea57652a62
documenso/packages/lib/server-only/crypto/decrypt.ts
David Nguyen d766b58f42 feat: add server crypto (#863) 
## Description

Currently we are required to ensure PII data is not passed around in
search parameters and in the open for GDPR reasons.

Allowing us to encrypt and decrypt values with expiry dates will allow
us to ensure this doesn't happen.

## Changes Made

- Added TPRC router for encryption method

## Testing Performed

- Tested encrypting and decrypting data with and without `expiredAt`
- Tested via directly accessing API and also via trpc in react
components
- Tested parsing en email search param in a page and decrypting it
successfully

## Checklist

- [X] I have tested these changes locally and they work as expected.
- [X] I have followed the project's coding style guidelines.
2024-01-25 16:07:57 +11:00

34 lines
1.1 KiB
TypeScript
Raw Blame History

import { DOCUMENSO_ENCRYPTION_SECONDARY_KEY } from '@documenso/lib/constants/crypto';
import { ZEncryptedDataSchema } from '@documenso/lib/server-only/crypto/encrypt';
import { symmetricDecrypt } from '@documenso/lib/universal/crypto';
/**
* Decrypt the passed in data. This uses the secondary encrypt key for miscellaneous data.
*
* @param encryptedData The data encrypted with the `encryptSecondaryData` function.
* @returns The decrypted value, or `null` if the data is invalid or expired.
*/
export const decryptSecondaryData = (encryptedData: string): string | null => {
if (!DOCUMENSO_ENCRYPTION_SECONDARY_KEY) {
throw new Error('Missing encryption key');
}
const decryptedBufferValue = symmetricDecrypt({
key: DOCUMENSO_ENCRYPTION_SECONDARY_KEY,
data: encryptedData,
});
const decryptedValue = Buffer.from(decryptedBufferValue).toString('utf-8');
const result = ZEncryptedDataSchema.safeParse(JSON.parse(decryptedValue));
if (!result.success) {
return null;
}
if (result.data.expiresAt !== undefined && result.data.expiresAt < Date.now()) {
return null;
}
return result.data.data;
};
Reference in New Issue View Git Blame Copy Permalink