Refactor authentication and data handling in API; implement encryption for user and member data storage. Update relevant components to utilize new encryption methods, ensuring secure data management across the application. Enhance error handling and streamline data writing processes for improved reliability.
This commit is contained in:
Torsten Schulz (local)
@@ -2,6 +2,7 @@ import bcrypt from 'bcryptjs'
|
||||
import jwt from 'jsonwebtoken'
|
||||
import { promises as fs } from 'fs'
|
||||
import path from 'path'
|
||||
import { encryptObject, decryptObject } from './encryption.js'
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'harheimertc-secret-key-change-in-production'
|
||||
|
||||
@@ -21,21 +22,75 @@ const getDataPath = (filename) => {
|
||||
const USERS_FILE = getDataPath('users.json')
|
||||
const SESSIONS_FILE = getDataPath('sessions.json')
|
||||
|
||||
// Read users from file
|
||||
// Get encryption key from environment
|
||||
function getEncryptionKey() {
|
||||
return process.env.ENCRYPTION_KEY || 'default-key-change-in-production'
|
||||
}
|
||||
|
||||
// Check if data is encrypted by trying to parse as JSON first
|
||||
function isEncrypted(data) {
|
||||
try {
|
||||
const parsed = JSON.parse(data.trim())
|
||||
if (Array.isArray(parsed)) {
|
||||
return false // Unencrypted array
|
||||
}
|
||||
if (typeof parsed === 'object' && parsed !== null && !parsed.encryptedData) {
|
||||
return false
|
||||
}
|
||||
return false
|
||||
} catch (e) {
|
||||
// JSON parsing failed - likely encrypted base64
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
// Read users from file (with encryption support and migration)
|
||||
export async function readUsers() {
|
||||
try {
|
||||
const data = await fs.readFile(USERS_FILE, 'utf-8')
|
||||
return JSON.parse(data)
|
||||
|
||||
const encrypted = isEncrypted(data)
|
||||
|
||||
if (encrypted) {
|
||||
const encryptionKey = getEncryptionKey()
|
||||
try {
|
||||
return decryptObject(data, encryptionKey)
|
||||
} catch (decryptError) {
|
||||
console.error('Fehler beim Entschlüsseln der Benutzerdaten:', decryptError)
|
||||
try {
|
||||
const plainData = JSON.parse(data)
|
||||
console.warn('Entschlüsselung fehlgeschlagen, versuche als unverschlüsseltes Format zu lesen')
|
||||
return plainData
|
||||
} catch (parseError) {
|
||||
console.error('Konnte Benutzerdaten weder entschlüsseln noch als JSON lesen')
|
||||
return []
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Plain JSON - migrate to encrypted format
|
||||
const users = JSON.parse(data)
|
||||
console.log('Migriere unverschlüsselte Benutzerdaten zu verschlüsselter Speicherung...')
|
||||
|
||||
// Write back encrypted
|
||||
await writeUsers(users)
|
||||
|
||||
return users
|
||||
}
|
||||
} catch (error) {
|
||||
if (error.code === 'ENOENT') {
|
||||
return []
|
||||
}
|
||||
console.error('Fehler beim Lesen der Benutzerdaten:', error)
|
||||
return []
|
||||
}
|
||||
}
|
||||
|
||||
// Write users to file
|
||||
// Write users to file (always encrypted)
|
||||
export async function writeUsers(users) {
|
||||
try {
|
||||
await fs.writeFile(USERS_FILE, JSON.stringify(users, null, 2), 'utf-8')
|
||||
const encryptionKey = getEncryptionKey()
|
||||
const encryptedData = encryptObject(users, encryptionKey)
|
||||
await fs.writeFile(USERS_FILE, encryptedData, 'utf-8')
|
||||
return true
|
||||
} catch (error) {
|
||||
console.error('Fehler beim Schreiben der Benutzerdaten:', error)
|
||||
|
||||
Reference in New Issue
Block a user