9c54b6907e
This updates transitive dependencies via npm audit fix and refactors flagged file-path code paths to avoid path-join/resolve traversal findings in scripts and server utilities. Made-with: Cursor
56 lines
1.6 KiB
JavaScript
56 lines
1.6 KiB
JavaScript
// Re-Encrypt Klartext-Mitgliedsanträge mit aktuellem ENCRYPTION_KEY
|
|
// Backup wird als .bak angelegt
|
|
import fs from 'fs/promises'
|
|
import path from 'path'
|
|
import { encryptObject } from '../server/utils/encryption.js'
|
|
|
|
const DIR = path.join(process.cwd(), 'server/data/membership-applications')
|
|
const KEY = process.env.ENCRYPTION_KEY
|
|
|
|
if (!KEY) {
|
|
console.error('ENCRYPTION_KEY fehlt! Bitte als Environment-Variable setzen.')
|
|
process.exit(1)
|
|
}
|
|
|
|
async function reencryptFile(file) {
|
|
const safeFile = path.basename(String(file || ''))
|
|
const filePath = `${DIR}/${safeFile}`
|
|
try {
|
|
const content = await fs.readFile(filePath, 'utf8')
|
|
// Prüfe, ob bereits verschlüsselt (v2: Prefix)
|
|
if (content.startsWith('v2:')) {
|
|
console.log('Überspringe (bereits verschlüsselt):', file)
|
|
return false
|
|
}
|
|
// Prüfe, ob Klartext-JSON
|
|
if (!content.trim().startsWith('{')) {
|
|
console.warn('Überspringe (kein Klartext-JSON):', file)
|
|
return false
|
|
}
|
|
// Backup anlegen
|
|
await fs.copyFile(filePath, filePath + '.bak')
|
|
// Verschlüsseln
|
|
const obj = JSON.parse(content)
|
|
const encrypted = encryptObject(obj, KEY)
|
|
await fs.writeFile(filePath, encrypted, 'utf8')
|
|
console.log('Re-Encrypted:', file)
|
|
return true
|
|
} catch (e) {
|
|
console.error('Fehler bei', file, ':', e.message)
|
|
return false
|
|
}
|
|
}
|
|
|
|
async function main() {
|
|
const files = await fs.readdir(DIR)
|
|
let changed = 0
|
|
for (const file of files) {
|
|
if (!file.endsWith('.json')) continue
|
|
const ok = await reencryptFile(file)
|
|
if (ok) changed++
|
|
}
|
|
console.log('Fertig. Re-encrypted:', changed, 'Dateien.')
|
|
}
|
|
|
|
main()
|