feat(keystone): DOMA-10642 custom field for encrypted text #5450
Conversation
YEgorLu
added
✋🙂 Review please
packages/keystone/fields/SymmetricEncryptedText/Implementation.js
Outdated
Show resolved
Hide resolved
packages/keystone/fields/SymmetricEncryptedText/Implementation.js
Outdated
Show resolved
Hide resolved
…ypted by manager; Do not encrypt field before database, if it is encrypted; Enhance script; Rename field;
packages/keystone/fields/SymmetricEncryptedText/utils/decryptInfo.js
Outdated
Show resolved
Hide resolved
packages/keystone/fields/SymmetricEncryptedText/utils/decryptInfo.js
Outdated
Show resolved
Hide resolved
| const errorStart = _getErrorStart(listKey, path) | ||
| const encryptionManager = _getEncryptionManager(errorStart, options) | ||
| set(options, 'encryptionManager', encryptionManager) |
There was a problem hiding this comment.
it's hard to understand whats going on here
There was a problem hiding this comment.
just need to provide EncryptionManager for fieldAdapter. FieldAdapter parses options before we can do something in constructor here, so must update "options" before super()
|
|
|
||
| const compressors = { | ||
| 'noop': noop, | ||
| 'open-condo_brotli': require('./brotli'), |
| /** @type {Record<string, KeyDeriver>} */ | ||
| const keyDerivers = { | ||
| 'noop': noop, | ||
| 'open-condo_pbkdf2-sha512': require('./pbkdf2'), |
| throw new Error(`Algorithm ${algorithm} is not supported right now at ${versionId}.algorithm`) | ||
| } | ||
| if (SUGGESTIONS[cipherInfo.mode]) { | ||
| console.warn(`${SUGGESTIONS[cipherInfo.mode]} at ${versionId}.algorithm`) |
|
|
||
| const keyLength = cipherInfo.keyLength | ||
|
|
||
| if ((typeof secret !== 'string' && !(secret instanceof Buffer)) || isEmpty(secret)) { |
There was a problem hiding this comment.
Could you please also check the length of the secret … And check it by bad password list (same as password).
|
|
||
| const conf = require('@open-condo/config') | ||
|
|
||
| const { compressors } = require('./compressors') |
There was a problem hiding this comment.
It looks like a global const {[name]: function} it’s better to use consts like naming.
There was a problem hiding this comment.
It’s better to use this global cost for EncryptionVersion. I know too many cases and usually I need to write own EncryptionVersion …
|
|
||
| const { compressors } = require('./compressors') | ||
| const { EncryptionVersion } = require('./EncryptionVersion') | ||
| const { keyDerivers } = require('./keyDerivers') |
There was a problem hiding this comment.
Same, looks like global consts mapping (like MESSAGE_META or any other)
Simplify work with encrypted data, remove 'keyField's, support different algorithms and secrets on same table
See README.md