From 64adc800625cb4bc06d14b1cef6e2c1e8fc936d3 Mon Sep 17 00:00:00 2001 From: Mathis HERRIOT <197931332+0x485254@users.noreply.github.com> Date: Thu, 8 Jan 2026 17:15:14 +0100 Subject: [PATCH] refactor: remove PGP encryption usage for user email and secrets Eliminated PGP encryption for `email` and `twoFactorSecret` fields in `users` schema to simplify handling of sensitive data. Since abstraction in schemas. --- backend/src/media/media.service.ts | 1 - backend/src/users/users.service.ts | 24 ++++++++++-------------- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/backend/src/media/media.service.ts b/backend/src/media/media.service.ts index a444ab5..d739493 100644 --- a/backend/src/media/media.service.ts +++ b/backend/src/media/media.service.ts @@ -36,7 +36,6 @@ export class MediaService { private async initClamScan() { try { - // @ts-expect-error const scanner = await new NodeClam().init({ clamdscan: { host: this.configService.get("CLAMAV_HOST", "localhost"), diff --git a/backend/src/users/users.service.ts b/backend/src/users/users.service.ts index bfc7e7f..5701d0c 100644 --- a/backend/src/users/users.service.ts +++ b/backend/src/users/users.service.ts @@ -2,7 +2,11 @@ import { Injectable } from "@nestjs/common"; import { eq, sql } from "drizzle-orm"; import { CryptoService } from "../crypto/crypto.service"; import { DatabaseService } from "../database/database.service"; -import { contents, favorites, users } from "../database/schemas"; +import { + contents, + favorites, + users, +} from "../database/schemas"; import { UpdateUserDto } from "./dto/update-user.dto"; @Injectable() @@ -18,13 +22,11 @@ export class UsersService { passwordHash: string; emailHash: string; }) { - const pgpKey = this.cryptoService.getPgpEncryptionKey(); - const [newUser] = await this.databaseService.db .insert(users) .values({ username: data.username, - email: sql`pgp_sym_encrypt(${data.email}, ${pgpKey})`, + email: data.email, emailHash: data.emailHash, passwordHash: data.passwordHash, }) @@ -34,13 +36,11 @@ export class UsersService { } async findByEmailHash(emailHash: string) { - const pgpKey = this.cryptoService.getPgpEncryptionKey(); - const result = await this.databaseService.db .select({ uuid: users.uuid, username: users.username, - email: sql`pgp_sym_decrypt(${users.email}, ${pgpKey})`, + email: users.email, passwordHash: users.passwordHash, status: users.status, isTwoFactorEnabled: users.isTwoFactorEnabled, @@ -53,13 +53,11 @@ export class UsersService { } async findOneWithPrivateData(uuid: string) { - const pgpKey = this.cryptoService.getPgpEncryptionKey(); - const result = await this.databaseService.db .select({ uuid: users.uuid, username: users.username, - email: sql`pgp_sym_decrypt(${users.email}, ${pgpKey})`, + email: users.email, displayName: users.displayName, status: users.status, isTwoFactorEnabled: users.isTwoFactorEnabled, @@ -146,11 +144,10 @@ export class UsersService { } async setTwoFactorSecret(uuid: string, secret: string) { - const pgpKey = this.cryptoService.getPgpEncryptionKey(); return await this.databaseService.db .update(users) .set({ - twoFactorSecret: sql`pgp_sym_encrypt(${secret}, ${pgpKey})`, + twoFactorSecret: secret, updatedAt: new Date(), }) .where(eq(users.uuid, uuid)) @@ -169,10 +166,9 @@ export class UsersService { } async getTwoFactorSecret(uuid: string): Promise { - const pgpKey = this.cryptoService.getPgpEncryptionKey(); const result = await this.databaseService.db .select({ - secret: sql`pgp_sym_decrypt(${users.twoFactorSecret}, ${pgpKey})`, + secret: users.twoFactorSecret, }) .from(users) .where(eq(users.uuid, uuid))