49 lines
1.8 KiB
JavaScript
49 lines
1.8 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.encrypt = encrypt;
|
|
exports.decrypt = decrypt;
|
|
const crypto_1 = __importDefault(require("crypto"));
|
|
const ALGORITHM = 'aes-256-gcm';
|
|
const IV_LENGTH = 16;
|
|
const TAG_LENGTH = 16;
|
|
function getEncryptionKey() {
|
|
const key = process.env.ENCRYPTION_KEY;
|
|
if (!key) {
|
|
throw new Error('ENCRYPTION_KEY environment variable is not set');
|
|
}
|
|
// Convert hex string to buffer or hash if not correct length
|
|
if (key.length === 64) {
|
|
return Buffer.from(key, 'hex');
|
|
}
|
|
// Hash the key to get 32 bytes
|
|
return crypto_1.default.createHash('sha256').update(key).digest();
|
|
}
|
|
function encrypt(text) {
|
|
const key = getEncryptionKey();
|
|
const iv = crypto_1.default.randomBytes(IV_LENGTH);
|
|
const cipher = crypto_1.default.createCipheriv(ALGORITHM, key, iv);
|
|
let encrypted = cipher.update(text, 'utf8', 'hex');
|
|
encrypted += cipher.final('hex');
|
|
const authTag = cipher.getAuthTag();
|
|
// Format: iv:authTag:encryptedData (all in hex)
|
|
return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
|
|
}
|
|
function decrypt(encryptedText) {
|
|
const key = getEncryptionKey();
|
|
const parts = encryptedText.split(':');
|
|
if (parts.length !== 3) {
|
|
throw new Error('Invalid encrypted text format');
|
|
}
|
|
const iv = Buffer.from(parts[0], 'hex');
|
|
const authTag = Buffer.from(parts[1], 'hex');
|
|
const encrypted = parts[2];
|
|
const decipher = crypto_1.default.createDecipheriv(ALGORITHM, key, iv);
|
|
decipher.setAuthTag(authTag);
|
|
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
|
|
decrypted += decipher.final('utf8');
|
|
return decrypted;
|
|
}
|
|
//# sourceMappingURL=encryption.js.map
|