From 702868dec260e8b0e1bb13bd2ff9370299f4e069 Mon Sep 17 00:00:00 2001
From: Mathis HERRIOT <197931332+0x485254@users.noreply.github.com>
Date: Thu, 8 Jan 2026 17:13:43 +0100
Subject: [PATCH] feat: add PGP encryption utilities and apply automatic
 decryption to user schema

Introduced centralized PGP encryption utilities and updated the `users` schema to enable automatic decryption for sensitive fields like `email` and `twoFactorSecret`.
---
 backend/src/database/schemas/index.ts |  1 +
 backend/src/database/schemas/users.ts | 14 ++++++--------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/backend/src/database/schemas/index.ts b/backend/src/database/schemas/index.ts
index 4858b3d..e54a30a 100644
--- a/backend/src/database/schemas/index.ts
+++ b/backend/src/database/schemas/index.ts
@@ -8,3 +8,4 @@ export * from "./reports";
 export * from "./sessions";
 export * from "./tags";
 export * from "./users";
+export * from "./pgp";
diff --git a/backend/src/database/schemas/users.ts b/backend/src/database/schemas/users.ts
index 0254a8e..9190acd 100644
--- a/backend/src/database/schemas/users.ts
+++ b/backend/src/database/schemas/users.ts
@@ -1,6 +1,6 @@
+import { SQL, sql } from "drizzle-orm";
 import {
 	boolean,
-	customType,
 	index,
 	pgEnum,
 	pgTable,
@@ -8,13 +8,7 @@ import {
 	uuid,
 	varchar,
 } from "drizzle-orm/pg-core";
-
-// Type personnalisé pour les données chiffrées PGP (stockées en bytea dans Postgres)
-const pgpEncrypted = customType<{ data: string; driverData: string }>({
-	dataType() {
-		return "bytea";
-	},
-});
+import { pgpEncrypted, withAutomaticPgpDecrypt } from "./pgp";
 
 export const userStatus = pgEnum("user_status", [
 	"active",
@@ -65,5 +59,9 @@ export const users = pgTable(
 	}),
 );
 
+// Application du déchiffrement automatique pour les colonnes PGP
+withAutomaticPgpDecrypt(users.email);
+withAutomaticPgpDecrypt(users.twoFactorSecret);
+
 export type UserInDb = typeof users.$inferSelect;
 export type NewUserInDb = typeof users.$inferInsert;