Encrypt archives at rest

2025-03-15 22:01:50 +00:00 · 2020-09-16 22:42:25 +03:00 · 2020-09-16 22:42:25 +03:00 · a017aa7bfe
commit a017aa7bfe
parent 7562a886e1
3 changed files with 47 additions and 1 deletions
--- a/backend/src/data/encryptedTextTransformer.ts
+++ b/backend/src/data/encryptedTextTransformer.ts
@ -0,0 +1,21 @@
+import { decrypt, encrypt } from "../utils/crypt";
+import { ValueTransformer } from "typeorm";
+
+interface EncryptedTextTransformer extends ValueTransformer {
+  from(dbValue: any): string;
+  to(entityValue: string): any;
+}
+
+export function createEncryptedTextTransformer(): EncryptedTextTransformer {
+  return {
+    // Database -> Entity
+    from(dbValue) {
+      return decrypt(dbValue);
+    },
+
+    // Entity -> Database
+    to(entityValue) {
+      return encrypt(entityValue);
+    },
+  };
+}
--- a/backend/src/data/entities/ArchiveEntry.ts
+++ b/backend/src/data/entities/ArchiveEntry.ts
@ -1,4 +1,5 @@
 import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+import { createEncryptedTextTransformer } from "../encryptedTextTransformer";

@Entity("archives")
 export class ArchiveEntry {
@ -8,7 +9,11 @@ export class ArchiveEntry {

  @Column() guild_id: string;

-  @Column() body: string;
+  @Column({
+    type: "mediumtext",
+    transformer: createEncryptedTextTransformer(),
+  })
+  body: string;

  @Column() created_at: string;

--- a/backend/src/migrations/1600285077890-EncryptArchives.ts
+++ b/backend/src/migrations/1600285077890-EncryptArchives.ts
@ -0,0 +1,20 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+import { decrypt, encrypt } from "../utils/crypt";
+
+export class EncryptArchives1600285077890 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<any> {
+    const archives = await queryRunner.query("SELECT id, body FROM archives");
+    for (const archive of archives) {
+      const encryptedBody = encrypt(archive.body);
+      await queryRunner.query("UPDATE archives SET body = ? WHERE id = ?", [encryptedBody, archive.id]);
+    }
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<any> {
+    const archives = await queryRunner.query("SELECT id, body FROM archives");
+    for (const archive of archives) {
+      const decryptedBody = decrypt(archive.body);
+      await queryRunner.query("UPDATE archives SET body = ? WHERE id = ?", [decryptedBody, archive.id]);
+    }
+  }
+}