Encrypt message data at rest

backend/src/data/encryptedJsonTransformer.ts

@@ -0,0 +1,22 @@
+import { decrypt, encrypt } from "../utils/crypt";
+import { ValueTransformer } from "typeorm";
+
+interface EncryptedJsonTransformer<T> extends ValueTransformer {
+  from(dbValue: any): T;
+  to(entityValue: T): any;
+}
+
+export function createEncryptedJsonTransformer<T>(): EncryptedJsonTransformer<T> {
+  return {
+    // Database -> Entity
+    from(dbValue) {
+      const decrypted = decrypt(dbValue);
+      return JSON.parse(decrypted) as T;
+    },
+
+    // Entity -> Database
+    to(entityValue) {
+      return encrypt(JSON.stringify(entityValue));
+    },
+  };
+}

backend/src/data/entities/SavedMessage.ts

@@ -1,4 +1,5 @@
 import { Column, Entity, PrimaryColumn } from "typeorm";
+import { createEncryptedJsonTransformer } from "../encryptedJsonTransformer";
 
 export interface ISavedMessageData {
   attachments?: object[];
@@ -25,7 +26,11 @@ export class SavedMessage {
 
   @Column() is_bot: boolean;
 
-  @Column("simple-json") data: ISavedMessageData;
+  @Column({
+    type: "mediumtext",
+    transformer: createEncryptedJsonTransformer<ISavedMessageData>(),
+  })
+  data: ISavedMessageData;
 
   @Column() posted_at: string;