mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-23 02:55:13 -04:00
91 lines
3.1 KiB
CoffeeScript
91 lines
3.1 KiB
CoffeeScript
crypto = require('crypto')
|
|
|
|
ALGORITHM = 'aes-256-ctr'
|
|
|
|
keyFn = (password, salt, callback)->
|
|
return crypto.pbkdf2(password, salt, 10000, 64, 'sha1', callback)
|
|
|
|
keyFn32 = (password, salt, keyLength, callback)->
|
|
return crypto.pbkdf2(password, salt, 10000, 32, 'sha1', callback)
|
|
|
|
class AccessTokenEncryptor
|
|
|
|
constructor: (settings) ->
|
|
|
|
@settings = settings
|
|
@cipherLabel = @settings.cipherLabel
|
|
throw Error("cipherLabel must not contain a colon (:)") if @cipherLabel?.match(/:/)
|
|
|
|
@cipherPassword = @settings.cipherPasswords[@cipherLabel]
|
|
throw Error("cipherPassword not set") if not @cipherPassword?
|
|
throw Error("cipherPassword too short") if @cipherPassword.length < 16
|
|
|
|
encryptJson: (json, callback) ->
|
|
unless ["2015.1", "2016.1"].includes(@cipherLabel)
|
|
return @encryptJsonV2(json, callback)
|
|
|
|
string = JSON.stringify(json)
|
|
salt = crypto.randomBytes(16)
|
|
keyFn @cipherPassword, salt, (err, key) =>
|
|
if err?
|
|
logger.err err:err, "error getting Fn key"
|
|
return callback(err)
|
|
cipher = crypto.createCipher(ALGORITHM, key)
|
|
crypted = cipher.update(string, 'utf8', 'base64') + cipher.final('base64')
|
|
callback(null, @cipherLabel + ":" + salt.toString('hex') + ":" + crypted)
|
|
|
|
encryptJsonV2: (json, callback) ->
|
|
string = JSON.stringify(json)
|
|
crypto.randomBytes 32, (err, bytes) =>
|
|
return callback(err) if err
|
|
salt = bytes.slice(0, 16)
|
|
iv = bytes.slice(16, 32)
|
|
|
|
keyFn32 @cipherPassword, salt, 32, (err, key) =>
|
|
if err?
|
|
logger.err err:err, "error getting Fn key"
|
|
return callback(err)
|
|
|
|
cipher = crypto.createCipheriv(ALGORITHM, key, iv)
|
|
crypted = cipher.update(string, 'utf8', 'base64') + cipher.final('base64')
|
|
|
|
callback(null, "#{@cipherLabel}:#{salt.toString('hex')}:#{crypted}:#{iv.toString('hex')}")
|
|
|
|
decryptToJson: (encryptedJson, callback) ->
|
|
[label, salt, cipherText, iv] = encryptedJson.split(':', 4)
|
|
if iv and iv.length > 0
|
|
return @decryptToJsonV2(encryptedJson, callback)
|
|
|
|
password = @settings.cipherPasswords[label]
|
|
return callback(new Error("invalid password")) if not password? or password.length < 16
|
|
keyFn password, Buffer.from(salt, 'hex'), (err, key) =>
|
|
if err?
|
|
logger.err err:err, "error getting Fn key"
|
|
return callback(err)
|
|
decipher = crypto.createDecipher(ALGORITHM, key)
|
|
dec = decipher.update(cipherText, 'base64', 'utf8') + decipher.final('utf8')
|
|
try
|
|
json = JSON.parse(dec)
|
|
catch e
|
|
return callback(new Error("error decrypting token"))
|
|
callback(null, json)
|
|
|
|
decryptToJsonV2: (encryptedJson, callback) ->
|
|
[label, salt, cipherText, iv] = encryptedJson.split(':', 4)
|
|
password = @settings.cipherPasswords[label]
|
|
return callback(new Error("invalid password")) if not password? or password.length < 16
|
|
|
|
keyFn32 password, Buffer.from(salt, 'hex'), 32, (err, key) =>
|
|
if err?
|
|
logger.err err:err, "error getting Fn key"
|
|
return callback(err)
|
|
|
|
decipher = crypto.createDecipheriv(ALGORITHM, key, Buffer.from(iv, 'hex'))
|
|
dec = decipher.update(cipherText, 'base64', 'utf8') + decipher.final('utf8')
|
|
try
|
|
json = JSON.parse(dec)
|
|
catch e
|
|
return callback(new Error("error decrypting token"))
|
|
callback(null, json)
|
|
|
|
module.exports = AccessTokenEncryptor
|