refactor: remove PGP encryption usage for user email and secrets
Eliminated PGP encryption for `email` and `twoFactorSecret` fields in `users` schema to simplify handling of sensitive data. Since abstraction in schemas.
This commit is contained in:
Mathis HERRIOT
@@ -2,7 +2,11 @@ import { Injectable } from "@nestjs/common";
|
||||
import { eq, sql } from "drizzle-orm";
|
||||
import { CryptoService } from "../crypto/crypto.service";
|
||||
import { DatabaseService } from "../database/database.service";
|
||||
import { contents, favorites, users } from "../database/schemas";
|
||||
import {
|
||||
contents,
|
||||
favorites,
|
||||
users,
|
||||
} from "../database/schemas";
|
||||
import { UpdateUserDto } from "./dto/update-user.dto";
|
||||
|
||||
@Injectable()
|
||||
@@ -18,13 +22,11 @@ export class UsersService {
|
||||
passwordHash: string;
|
||||
emailHash: string;
|
||||
}) {
|
||||
const pgpKey = this.cryptoService.getPgpEncryptionKey();
|
||||
|
||||
const [newUser] = await this.databaseService.db
|
||||
.insert(users)
|
||||
.values({
|
||||
username: data.username,
|
||||
email: sql`pgp_sym_encrypt(${data.email}, ${pgpKey})`,
|
||||
email: data.email,
|
||||
emailHash: data.emailHash,
|
||||
passwordHash: data.passwordHash,
|
||||
})
|
||||
@@ -34,13 +36,11 @@ export class UsersService {
|
||||
}
|
||||
|
||||
async findByEmailHash(emailHash: string) {
|
||||
const pgpKey = this.cryptoService.getPgpEncryptionKey();
|
||||
|
||||
const result = await this.databaseService.db
|
||||
.select({
|
||||
uuid: users.uuid,
|
||||
username: users.username,
|
||||
email: sql<string>`pgp_sym_decrypt(${users.email}, ${pgpKey})`,
|
||||
email: users.email,
|
||||
passwordHash: users.passwordHash,
|
||||
status: users.status,
|
||||
isTwoFactorEnabled: users.isTwoFactorEnabled,
|
||||
@@ -53,13 +53,11 @@ export class UsersService {
|
||||
}
|
||||
|
||||
async findOneWithPrivateData(uuid: string) {
|
||||
const pgpKey = this.cryptoService.getPgpEncryptionKey();
|
||||
|
||||
const result = await this.databaseService.db
|
||||
.select({
|
||||
uuid: users.uuid,
|
||||
username: users.username,
|
||||
email: sql<string>`pgp_sym_decrypt(${users.email}, ${pgpKey})`,
|
||||
email: users.email,
|
||||
displayName: users.displayName,
|
||||
status: users.status,
|
||||
isTwoFactorEnabled: users.isTwoFactorEnabled,
|
||||
@@ -146,11 +144,10 @@ export class UsersService {
|
||||
}
|
||||
|
||||
async setTwoFactorSecret(uuid: string, secret: string) {
|
||||
const pgpKey = this.cryptoService.getPgpEncryptionKey();
|
||||
return await this.databaseService.db
|
||||
.update(users)
|
||||
.set({
|
||||
twoFactorSecret: sql`pgp_sym_encrypt(${secret}, ${pgpKey})`,
|
||||
twoFactorSecret: secret,
|
||||
updatedAt: new Date(),
|
||||
})
|
||||
.where(eq(users.uuid, uuid))
|
||||
@@ -169,10 +166,9 @@ export class UsersService {
|
||||
}
|
||||
|
||||
async getTwoFactorSecret(uuid: string): Promise<string | null> {
|
||||
const pgpKey = this.cryptoService.getPgpEncryptionKey();
|
||||
const result = await this.databaseService.db
|
||||
.select({
|
||||
secret: sql<string>`pgp_sym_decrypt(${users.twoFactorSecret}, ${pgpKey})`,
|
||||
secret: users.twoFactorSecret,
|
||||
})
|
||||
.from(users)
|
||||
.where(eq(users.uuid, uuid))
|
||||
|
||||
Reference in New Issue
Block a user