Skip to content

Commit af5b8f6

Browse files
RomainLanzRomainLanz
committed
refactor: update legacy driver
1 parent ea00998 commit af5b8f6

1 file changed

Lines changed: 20 additions & 28 deletions

File tree

src/drivers/legacy.ts

Lines changed: 20 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -5,23 +5,18 @@
55
* @copyright Boring Node
66
*/
77

8-
import { createCipheriv, createDecipheriv } from 'node:crypto'
9-
import string from '@poppinss/utils/string'
10-
import { base64, MessageBuilder } from '@poppinss/utils'
8+
import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto'
9+
import { MessageBuilder } from '@poppinss/utils'
1110
import { BaseDriver } from './base_driver.ts'
1211
import { Hmac } from '../hmac.ts'
1312
import type { EncryptionDriverContract, LegacyConfig } from '../types/main.ts'
13+
import { base64UrlDecode, base64UrlEncode } from '../base64.js'
1414

1515
/**
1616
* This driver was mainly created to maintain compatibility
1717
* with the existing encryption module of AdonisJS.
1818
*/
1919
export class Legacy extends BaseDriver implements EncryptionDriverContract {
20-
/**
21-
* Reference to base64 object for base64 encoding/decoding values
22-
*/
23-
base64: typeof base64 = base64
24-
2520
constructor(config: LegacyConfig) {
2621
super(config)
2722
}
@@ -44,7 +39,7 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
4439
/**
4540
* Using a random string as the iv for generating unpredictable values
4641
*/
47-
const iv = string.random(16)
42+
const iv = randomBytes(16)
4843

4944
/**
5045
* Creating chiper
@@ -54,27 +49,25 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
5449
/**
5550
* Encoding value to a string so that we can set it on the cipher
5651
*/
57-
const encodedValue = new MessageBuilder().build(payload, expiresIn, purpose)
52+
const plainText = new MessageBuilder().build(payload, expiresIn, purpose)
5853

5954
/**
6055
* Set final to the cipher instance and encrypt it
6156
*/
62-
const encrypted = Buffer.concat([cipher.update(encodedValue, 'utf-8'), cipher.final()])
57+
const cipherText = Buffer.concat([cipher.update(plainText), cipher.final()])
6358

6459
/**
6560
* Concatenate `encrypted value` and `iv` by urlEncoding them. The concatenation is required
6661
* to generate the HMAC, so that HMAC checks for integrity of both the `encrypted value`
6762
* and the `iv`.
6863
*/
69-
const result = `${this.base64.urlEncode(encrypted)}${this.separator}${this.base64.urlEncode(
70-
iv
71-
)}`
64+
const macPayload = `${base64UrlEncode(cipherText)}${this.separator}${base64UrlEncode(iv)}`
7265

7366
/**
7467
* Returns the result + hmac
7568
*/
76-
const hmac = new Hmac(this.getFirstKey().key).generate(result)
77-
return this.computeReturns([result, hmac])
69+
const hmac = new Hmac(this.getFirstKey().key).generate(macPayload)
70+
return this.computeReturns([macPayload, hmac])
7871
}
7972

8073
/**
@@ -86,26 +79,26 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
8679
}
8780

8881
/**
89-
* Make sure the encrypted value is in correct format. ie
90-
* [encrypted value].[iv].[hash]
82+
* Make sure the encrypted value is in the correct format.
83+
* i.e.: [encrypted value].[iv].[mac]
9184
*/
92-
const [encryptedEncoded, ivEncoded, hash] = value.split(this.separator)
93-
if (!encryptedEncoded || !ivEncoded || !hash) {
85+
const [cipherEncoded, ivEncoded, macEncoded] = value.split(this.separator)
86+
if (!cipherEncoded || !ivEncoded || !macEncoded) {
9487
return null
9588
}
9689

9790
/**
9891
* Make sure we are able to urlDecode the encrypted value
9992
*/
100-
const encrypted = this.base64.urlDecode(encryptedEncoded, 'base64')
101-
if (!encrypted) {
93+
const cipherText = base64UrlDecode(cipherEncoded)
94+
if (!cipherText) {
10295
return null
10396
}
10497

10598
/**
10699
* Make sure we are able to urlDecode the iv
107100
*/
108-
const iv = this.base64.urlDecode(ivEncoded)
101+
const iv = base64UrlDecode(ivEncoded)
109102
if (!iv) {
110103
return null
111104
}
@@ -116,8 +109,8 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
116109
*/
117110
for (const { key } of this.cryptoKeys) {
118111
const isValidHmac = new Hmac(key).compare(
119-
`${encryptedEncoded}${this.separator}${ivEncoded}`,
120-
hash
112+
`${cipherEncoded}${this.separator}${ivEncoded}`,
113+
macEncoded
121114
)
122115

123116
if (!isValidHmac) {
@@ -130,9 +123,8 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
130123
*/
131124
try {
132125
const decipher = createDecipheriv('aes-256-cbc', key, iv)
133-
const decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8')
134-
135-
return new MessageBuilder().verify(decrypted, purpose)
126+
const plainTextBuffer = Buffer.concat([decipher.update(cipherText), decipher.final()])
127+
return new MessageBuilder().verify(plainTextBuffer, purpose)
136128
} catch {}
137129
}
138130

0 commit comments

Comments
 (0)