Mathis/memegoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Activity

refactor: remove PGP encryption usage for user email and secrets

Browse Source 
Eliminated PGP encryption for `email` and `twoFactorSecret` fields in `users` schema to simplify handling of sensitive data.
Since abstraction in schemas.
This commit is contained in:
Mathis HERRIOT
2026-01-08 17:15:14 +01:00
parent 702868dec2
commit 64adc80062
2 changed files with 10 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/src/media/media.service.ts
View File

@@ -36,7 +36,6 @@ export class MediaService {
private async initClamScan() {
try {
// @ts-expect-error
const scanner = await new NodeClam().init({
clamdscan: {
host: this.configService.get<string>("CLAMAV_HOST", "localhost"),

24
backend/src/users/users.service.ts
View File

@@ -2,7 +2,11 @@ import { Injectable } from "@nestjs/common";
import { eq, sql } from "drizzle-orm";
import { CryptoService } from "../crypto/crypto.service";
import { DatabaseService } from "../database/database.service";
import { contents, favorites, users } from "../database/schemas";
import {
contents,
favorites,
users,
} from "../database/schemas";
import { UpdateUserDto } from "./dto/update-user.dto";
@Injectable()
@@ -18,13 +22,11 @@ export class UsersService {
passwordHash: string;
emailHash: string;
}) {
const pgpKey = this.cryptoService.getPgpEncryptionKey();
const [newUser] = await this.databaseService.db
.insert(users)
.values({
username: data.username,
email: sql`pgp_sym_encrypt(${data.email}, ${pgpKey})`,
email: data.email,
emailHash: data.emailHash,
passwordHash: data.passwordHash,
})
@@ -34,13 +36,11 @@ export class UsersService {
}
async findByEmailHash(emailHash: string) {
const pgpKey = this.cryptoService.getPgpEncryptionKey();
const result = await this.databaseService.db
.select({
uuid: users.uuid,
username: users.username,
email: sql<string>`pgp_sym_decrypt(${users.email}, ${pgpKey})`,
email: users.email,
passwordHash: users.passwordHash,
status: users.status,
isTwoFactorEnabled: users.isTwoFactorEnabled,
@@ -53,13 +53,11 @@ export class UsersService {
}
async findOneWithPrivateData(uuid: string) {
const pgpKey = this.cryptoService.getPgpEncryptionKey();
const result = await this.databaseService.db
.select({
uuid: users.uuid,
username: users.username,
email: sql<string>`pgp_sym_decrypt(${users.email}, ${pgpKey})`,
email: users.email,
displayName: users.displayName,
status: users.status,
isTwoFactorEnabled: users.isTwoFactorEnabled,
@@ -146,11 +144,10 @@ export class UsersService {
}
async setTwoFactorSecret(uuid: string, secret: string) {
const pgpKey = this.cryptoService.getPgpEncryptionKey();
return await this.databaseService.db
.update(users)
.set({
twoFactorSecret: sql`pgp_sym_encrypt(${secret}, ${pgpKey})`,
twoFactorSecret: secret,
updatedAt: new Date(),
})
.where(eq(users.uuid, uuid))
@@ -169,10 +166,9 @@ export class UsersService {
}
async getTwoFactorSecret(uuid: string): Promise<string | null> {
const pgpKey = this.cryptoService.getPgpEncryptionKey();
const result = await this.databaseService.db
.select({
secret: sql<string>`pgp_sym_decrypt(${users.twoFactorSecret}, ${pgpKey})`,
secret: users.twoFactorSecret,
})
.from(users)
.where(eq(users.uuid, uuid))