Füge Skript zum Re-Encryptieren von Klartext-Mitgliedsanträgen hinzu; implementiere Backup-Funktion und Fehlerbehandlung

2026-02-14 01:37:42 +01:00
parent 6e297c682c
commit 08b1edc354
2 changed files with 60 additions and 6 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -9581,9 +9581,9 @@
      }
    },
    "node_modules/nanotar": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/nanotar/-/nanotar-0.2.0.tgz",
-      "integrity": "sha512-9ca1h0Xjvo9bEkE4UOxgAzLV0jHKe6LMaxo37ND2DAhhAtd0j8pR1Wxz+/goMrZO8AEZTWCmyaOsFI/W5AdpCQ==",
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/nanotar/-/nanotar-0.2.1.tgz",
+      "integrity": "sha512-MUrzzDUcIOPbv7ubhDV/L4CIfVTATd9XhDE2ixFeCrM5yp9AlzUpn91JrnN0HD6hksdxvz9IW9aKANz0Bta0GA==",
      "license": "MIT"
    },
    "node_modules/natural-compare": {
@@ -11377,9 +11377,9 @@
      }
    },
    "node_modules/qs": {
-      "version": "6.14.1",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
-      "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
      "dev": true,
      "license": "BSD-3-Clause",
      "dependencies": {
--- a/scripts/re-encrypt-membership-applications.js
+++ b/scripts/re-encrypt-membership-applications.js
@@ -0,0 +1,54 @@
+// Re-Encrypt Klartext-Mitgliedsanträge mit aktuellem ENCRYPTION_KEY
+// Backup wird als .bak angelegt
+import fs from 'fs/promises'
+import path from 'path'
+import { encryptObject } from '../server/utils/encryption.js'
+
+const DIR = path.join(process.cwd(), 'server/data/membership-applications')
+const KEY = process.env.ENCRYPTION_KEY
+
+if (!KEY) {
+  console.error('ENCRYPTION_KEY fehlt! Bitte als Environment-Variable setzen.')
+  process.exit(1)
+}
+
+async function reencryptFile(file) {
+  const filePath = path.join(DIR, file)
+  try {
+    const content = await fs.readFile(filePath, 'utf8')
+    // Prüfe, ob bereits verschlüsselt (v2: Prefix)
+    if (content.startsWith('v2:')) {
+      console.log('Überspringe (bereits verschlüsselt):', file)
+      return false
+    }
+    // Prüfe, ob Klartext-JSON
+    if (!content.trim().startsWith('{')) {
+      console.warn('Überspringe (kein Klartext-JSON):', file)
+      return false
+    }
+    // Backup anlegen
+    await fs.copyFile(filePath, filePath + '.bak')
+    // Verschlüsseln
+    const obj = JSON.parse(content)
+    const encrypted = encryptObject(obj, KEY)
+    await fs.writeFile(filePath, encrypted, 'utf8')
+    console.log('Re-Encrypted:', file)
+    return true
+  } catch (e) {
+    console.error('Fehler bei', file, ':', e.message)
+    return false
+  }
+}
+
+async function main() {
+  const files = await fs.readdir(DIR)
+  let changed = 0
+  for (const file of files) {
+    if (!file.endsWith('.json')) continue
+    const ok = await reencryptFile(file)
+    if (ok) changed++
+  }
+  console.log('Fertig. Re-encrypted:', changed, 'Dateien.')
+}
+
+main()