We use cookies to ensure you get the best experience on our website
صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
0ct0pu5
/
standardnotes-server
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
شاخه: chore/codeql
شاخه‌ها تگ‌ها
standardnotes-s...
/
packages
/
auth
/
migrations
/
1629217630132-encrypt_encoded_mfa_settings.ts

1629217630132-encrypt_encoded_mfa_settings.ts 2.1 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. import { MigrationInterface, QueryRunner } from 'typeorm'
    2. 

  2. import { CryptoNode } from '@standardnotes/sncrypto-node'
    3. 

  3. 

  4. export class encryptEncodedMfaSettings1629217630132 implements MigrationInterface {
    5. 

  5.   public async up(queryRunner: QueryRunner): Promise<void> {
    6. 

  6.     const encodedMFASettings = await queryRunner.manager.query(
    7. 

  7.       'SELECT s.uuid as uuid, s.value as value, u.encrypted_server_key as encrypted_server_key FROM settings s LEFT JOIN users u ON u.uuid = s.user_uuid WHERE s.name = "MFA_SECRET" AND s.server_encryption_version = 0',
    8. 

  8.     )
    9. 

  9. 

  10.     for (const encodedMFASetting of encodedMFASettings) {
    11. 

  11.       if (!encodedMFASetting['value']) {
    12. 

  12.         continue
    13. 

  13.       }
    14. 

  14. 

  15.       const mfaSecret = this.getDecodedMFASecret(encodedMFASetting['value'])
    16. 

  16. 

  17.       if (!mfaSecret) {
    18. 

  18.         continue
    19. 

  19.       }
    20. 

  20. 

  21.       const encryptedMFASecret = await this.encryptMFASecret(mfaSecret, encodedMFASetting['encrypted_server_key'])
    22. 

  22. 

  23.       await queryRunner.manager.query(
    24. 

  24.         `UPDATE settings s SET s.value = '${encryptedMFASecret}', s.server_encryption_version = 1 WHERE s.uuid="${encodedMFASetting['uuid']}"`,
    25. 

  25.       )
    26. 

  26.     }
    27. 

  27.   }
    28. 

  28. 

  29.   public async down(): Promise<void> {
    30. 

  30.     return
    31. 

  31.   }
    32. 

  32. 

  33.   private async encryptMFASecret(secret: string, userEncryptedServerKey: string): Promise<string> {
    34. 

  34.     const crypto = new CryptoNode()
    35. 

  35. 

  36.     const userServerKey = JSON.parse(userEncryptedServerKey)
    37. 

  37. 

  38.     const decryptedUserServerKey = await crypto.aes256GcmDecrypt(
    39. 

  39.       userServerKey.encrypted,
    40. 

  40.       process.env.ENCRYPTION_SERVER_KEY as string,
    41. 

  41.     )
    42. 

  42. 

  43.     const iv = await crypto.generateRandomKey(128)
    44. 

  44. 

  45.     const encrypted = await crypto.aes256GcmEncrypt({
    46. 

  46.       unencrypted: secret,
    47. 

  47.       iv,
    48. 

  48.       key: decryptedUserServerKey,
    49. 

  49.     })
    50. 

  50. 

  51.     return JSON.stringify({ version: 1, encrypted })
    52. 

  52.   }
    53. 

  53. 

  54.   private getDecodedMFASecret(encodedValue: string): string | undefined {
    55. 

  55.     const valueBuffer = Buffer.from(encodedValue.substring(3), 'base64')
    56. 

  56.     const decodedValue = valueBuffer.toString()
    57. 

  57. 

  58.     const decodedMFASecretObject = JSON.parse(decodedValue)
    59. 

  59. 

  60.     if ('secret' in decodedMFASecretObject && decodedMFASecretObject.secret) {
    61. 

  61.       return decodedMFASecretObject.secret
    62. 

  62.     }
    63. 

  63. 

  64.     return undefined
    65. 

  65.   }
    66. 

  66. }
    67.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5