first commit

backend/dist/utils/encryption.js

@@ -0,0 +1,49 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+const crypto_1 = __importDefault(require("crypto"));
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 16;
+const TAG_LENGTH = 16;
+function getEncryptionKey() {
+    const key = process.env.ENCRYPTION_KEY;
+    if (!key) {
+        throw new Error('ENCRYPTION_KEY environment variable is not set');
+    }
+    // Convert hex string to buffer or hash if not correct length
+    if (key.length === 64) {
+        return Buffer.from(key, 'hex');
+    }
+    // Hash the key to get 32 bytes
+    return crypto_1.default.createHash('sha256').update(key).digest();
+}
+function encrypt(text) {
+    const key = getEncryptionKey();
+    const iv = crypto_1.default.randomBytes(IV_LENGTH);
+    const cipher = crypto_1.default.createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag();
+    // Format: iv:authTag:encryptedData (all in hex)
+    return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+}
+function decrypt(encryptedText) {
+    const key = getEncryptionKey();
+    const parts = encryptedText.split(':');
+    if (parts.length !== 3) {
+        throw new Error('Invalid encrypted text format');
+    }
+    const iv = Buffer.from(parts[0], 'hex');
+    const authTag = Buffer.from(parts[1], 'hex');
+    const encrypted = parts[2];
+    const decipher = crypto_1.default.createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
+//# sourceMappingURL=encryption.js.map