style: run prettier on entire codebase
This commit is contained in:
@@ -1,45 +1,48 @@
|
||||
import crypto from 'crypto';
|
||||
import { config } from '../config/env';
|
||||
import crypto from "crypto";
|
||||
import { config } from "../config/env";
|
||||
|
||||
const ALGORITHM = 'aes-256-gcm';
|
||||
const ALGORITHM = "aes-256-gcm";
|
||||
const IV_LENGTH = 12;
|
||||
const TAG_LENGTH = 16;
|
||||
|
||||
export function encrypt(plaintext: string): string {
|
||||
const key = Buffer.from(config.totp.encryptionKey, 'hex');
|
||||
const key = Buffer.from(config.totp.encryptionKey, "hex");
|
||||
const iv = crypto.randomBytes(IV_LENGTH);
|
||||
const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
|
||||
|
||||
const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
|
||||
const encrypted = Buffer.concat([
|
||||
cipher.update(plaintext, "utf8"),
|
||||
cipher.final(),
|
||||
]);
|
||||
const tag = cipher.getAuthTag();
|
||||
|
||||
// Use PHP-compatible format: base64(nonce + ciphertext + tag)
|
||||
return Buffer.concat([iv, encrypted, tag]).toString('base64');
|
||||
return Buffer.concat([iv, encrypted, tag]).toString("base64");
|
||||
}
|
||||
|
||||
export function decrypt(ciphertext: string): string {
|
||||
const key = Buffer.from(config.totp.encryptionKey, 'hex');
|
||||
const key = Buffer.from(config.totp.encryptionKey, "hex");
|
||||
|
||||
// Detect format: PHP uses base64(nonce+ciphertext+tag), TS uses hex:hex:hex
|
||||
const parts = ciphertext.split(':');
|
||||
const parts = ciphertext.split(":");
|
||||
if (parts.length === 3) {
|
||||
// TS format: iv:encrypted:tag (hex)
|
||||
const iv = Buffer.from(parts[0], 'hex');
|
||||
const iv = Buffer.from(parts[0], "hex");
|
||||
const encrypted = parts[1];
|
||||
const tag = Buffer.from(parts[2], 'hex');
|
||||
const tag = Buffer.from(parts[2], "hex");
|
||||
|
||||
const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
|
||||
decipher.setAuthTag(tag);
|
||||
|
||||
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
|
||||
decrypted += decipher.final('utf8');
|
||||
let decrypted = decipher.update(encrypted, "hex", "utf8");
|
||||
decrypted += decipher.final("utf8");
|
||||
return decrypted;
|
||||
}
|
||||
|
||||
// PHP format: base64(nonce + ciphertext + tag)
|
||||
const raw = Buffer.from(ciphertext, 'base64');
|
||||
const raw = Buffer.from(ciphertext, "base64");
|
||||
if (raw.length < IV_LENGTH + TAG_LENGTH + 1) {
|
||||
throw new Error('Invalid ciphertext format');
|
||||
throw new Error("Invalid ciphertext format");
|
||||
}
|
||||
|
||||
const iv = raw.subarray(0, IV_LENGTH);
|
||||
@@ -51,5 +54,5 @@ export function decrypt(ciphertext: string): string {
|
||||
|
||||
let decrypted = decipher.update(encrypted);
|
||||
const final = decipher.final();
|
||||
return Buffer.concat([decrypted, final]).toString('utf8');
|
||||
return Buffer.concat([decrypted, final]).toString("utf8");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user