Leveraged built-in encryption filter
This commit is contained in:
Eldad Fux
parent
55a8cf5657
commit
eb5a51a35c
|
|
@ -656,6 +656,7 @@ $collections = [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'array' => false,
|
||||
'filter' => ['encrypt'],
|
||||
],
|
||||
],
|
||||
],
|
||||
|
|
@ -826,6 +827,7 @@ $collections = [
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'array' => false,
|
||||
'filter' => ['encrypt'],
|
||||
],
|
||||
[
|
||||
'$collection' => Database::SYSTEM_COLLECTION_RULES,
|
||||
|
|
@ -1468,6 +1470,7 @@ foreach ($providers as $index => $provider) {
|
|||
'default' => '',
|
||||
'required' => false,
|
||||
'array' => false,
|
||||
'filter' => ['encrypt'],
|
||||
];
|
||||
|
||||
$collections[Database::SYSTEM_COLLECTION_USERS]['rules'][] = [
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ use Appwrite\Task\Validator\Cron;
|
|||
use Appwrite\Database\Database;
|
||||
use Appwrite\Database\Document;
|
||||
use Appwrite\Database\Validator\UID;
|
||||
use Appwrite\OpenSSL\OpenSSL;
|
||||
use Appwrite\Network\Validator\CNAME;
|
||||
use Appwrite\Network\Validator\Domain as DomainValidator;
|
||||
use Cron\CronExpression;
|
||||
|
|
@ -111,16 +110,6 @@ App::get('/v1/projects')
|
|||
'$collection='.Database::SYSTEM_COLLECTION_PROJECTS,
|
||||
],
|
||||
]);
|
||||
foreach ($results as $project) {
|
||||
foreach (Config::getParam('providers') as $provider => $node) {
|
||||
$secret = \json_decode($project->getAttribute('usersOauth2'.\ucfirst($provider).'Secret', '{}'), true);
|
||||
|
||||
if (!empty($secret) && isset($secret['version'])) {
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$secret['version']);
|
||||
$project->setAttribute('usersOauth2'.\ucfirst($provider).'Secret', OpenSSL::decrypt($secret['data'], $secret['method'], $key, 0, \hex2bin($secret['iv']), \hex2bin($secret['tag'])));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$response->json(['sum' => $consoleDB->getSum(), 'projects' => $results]);
|
||||
}, ['response', 'consoleDB']);
|
||||
|
|
@ -142,15 +131,6 @@ App::get('/v1/projects/:projectId')
|
|||
throw new Exception('Project not found', 404);
|
||||
}
|
||||
|
||||
foreach (Config::getParam('providers') as $provider => $node) {
|
||||
$secret = \json_decode($project->getAttribute('usersOauth2'.\ucfirst($provider).'Secret', '{}'), true);
|
||||
|
||||
if (!empty($secret) && isset($secret['version'])) {
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$secret['version']);
|
||||
$project->setAttribute('usersOauth2'.\ucfirst($provider).'Secret', OpenSSL::decrypt($secret['data'], $secret['method'], $key, 0, \hex2bin($secret['iv']), \hex2bin($secret['tag'])));
|
||||
}
|
||||
}
|
||||
|
||||
$response->json($project->getArrayCopy());
|
||||
}, ['response', 'consoleDB']);
|
||||
|
||||
|
|
@ -395,17 +375,6 @@ App::patch('/v1/projects/:projectId/oauth2')
|
|||
throw new Exception('Project not found', 404);
|
||||
}
|
||||
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
||||
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
||||
$tag = null;
|
||||
$secret = \json_encode([
|
||||
'data' => OpenSSL::encrypt($secret, OpenSSL::CIPHER_AES_128_GCM, $key, 0, $iv, $tag),
|
||||
'method' => OpenSSL::CIPHER_AES_128_GCM,
|
||||
'iv' => \bin2hex($iv),
|
||||
'tag' => \bin2hex($tag),
|
||||
'version' => '1',
|
||||
]);
|
||||
|
||||
$project = $consoleDB->updateDocument(\array_merge($project->getArrayCopy(), [
|
||||
'usersOauth2'.\ucfirst($provider).'Appid' => $appId,
|
||||
'usersOauth2'.\ucfirst($provider).'Secret' => $secret,
|
||||
|
|
@ -491,16 +460,6 @@ App::post('/v1/projects/:projectId/webhooks')
|
|||
}
|
||||
|
||||
$security = ($security === '1' || $security === 'true' || $security === 1 || $security === true);
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
||||
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
||||
$tag = null;
|
||||
$httpPass = \json_encode([
|
||||
'data' => OpenSSL::encrypt($httpPass, OpenSSL::CIPHER_AES_128_GCM, $key, 0, $iv, $tag),
|
||||
'method' => OpenSSL::CIPHER_AES_128_GCM,
|
||||
'iv' => \bin2hex($iv),
|
||||
'tag' => \bin2hex($tag),
|
||||
'version' => '1',
|
||||
]);
|
||||
|
||||
$webhook = $consoleDB->createDocument([
|
||||
'$collection' => Database::SYSTEM_COLLECTION_WEBHOOKS,
|
||||
|
|
@ -553,18 +512,6 @@ App::get('/v1/projects/:projectId/webhooks')
|
|||
|
||||
$webhooks = $project->getAttribute('webhooks', []);
|
||||
|
||||
foreach ($webhooks as $webhook) { /* @var $webhook Document */
|
||||
$httpPass = \json_decode($webhook->getAttribute('httpPass', '{}'), true);
|
||||
|
||||
if (empty($httpPass) || !isset($httpPass['version'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$httpPass['version']);
|
||||
|
||||
$webhook->setAttribute('httpPass', OpenSSL::decrypt($httpPass['data'], $httpPass['method'], $key, 0, \hex2bin($httpPass['iv']), \hex2bin($httpPass['tag'])));
|
||||
}
|
||||
|
||||
$response->json($webhooks);
|
||||
}, ['response', 'consoleDB']);
|
||||
|
||||
|
|
@ -592,13 +539,6 @@ App::get('/v1/projects/:projectId/webhooks/:webhookId')
|
|||
throw new Exception('Webhook not found', 404);
|
||||
}
|
||||
|
||||
$httpPass = \json_decode($webhook->getAttribute('httpPass', '{}'), true);
|
||||
|
||||
if (!empty($httpPass) && isset($httpPass['version'])) {
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$httpPass['version']);
|
||||
$webhook->setAttribute('httpPass', OpenSSL::decrypt($httpPass['data'], $httpPass['method'], $key, 0, \hex2bin($httpPass['iv']), \hex2bin($httpPass['tag'])));
|
||||
}
|
||||
|
||||
$response->json($webhook->getArrayCopy());
|
||||
}, ['response', 'consoleDB']);
|
||||
|
||||
|
|
@ -627,16 +567,6 @@ App::put('/v1/projects/:projectId/webhooks/:webhookId')
|
|||
}
|
||||
|
||||
$security = ($security === '1' || $security === 'true' || $security === 1 || $security === true);
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
||||
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
||||
$tag = null;
|
||||
$httpPass = \json_encode([
|
||||
'data' => OpenSSL::encrypt($httpPass, OpenSSL::CIPHER_AES_128_GCM, $key, 0, $iv, $tag),
|
||||
'method' => OpenSSL::CIPHER_AES_128_GCM,
|
||||
'iv' => \bin2hex($iv),
|
||||
'tag' => \bin2hex($tag),
|
||||
'version' => '1',
|
||||
]);
|
||||
|
||||
$webhook = $project->search('$id', $webhookId, $project->getAttribute('webhooks', []));
|
||||
|
||||
|
|
@ -886,16 +816,6 @@ App::post('/v1/projects/:projectId/tasks')
|
|||
$next = ($status == 'play') ? $cron->getNextRunDate()->format('U') : null;
|
||||
|
||||
$security = ($security === '1' || $security === 'true' || $security === 1 || $security === true);
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
||||
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
||||
$tag = null;
|
||||
$httpPass = \json_encode([
|
||||
'data' => OpenSSL::encrypt($httpPass, OpenSSL::CIPHER_AES_128_GCM, $key, 0, $iv, $tag),
|
||||
'method' => OpenSSL::CIPHER_AES_128_GCM,
|
||||
'iv' => \bin2hex($iv),
|
||||
'tag' => \bin2hex($tag),
|
||||
'version' => '1',
|
||||
]);
|
||||
|
||||
$task = $consoleDB->createDocument([
|
||||
'$collection' => Database::SYSTEM_COLLECTION_TASKS,
|
||||
|
|
@ -960,18 +880,6 @@ App::get('/v1/projects/:projectId/tasks')
|
|||
|
||||
$tasks = $project->getAttribute('tasks', []);
|
||||
|
||||
foreach ($tasks as $task) { /* @var $task Document */
|
||||
$httpPass = \json_decode($task->getAttribute('httpPass', '{}'), true);
|
||||
|
||||
if (empty($httpPass) || !isset($httpPass['version'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$httpPass['version']);
|
||||
|
||||
$task->setAttribute('httpPass', OpenSSL::decrypt($httpPass['data'], $httpPass['method'], $key, 0, \hex2bin($httpPass['iv']), \hex2bin($httpPass['tag'])));
|
||||
}
|
||||
|
||||
$response->json($tasks);
|
||||
}, ['response', 'consoleDB']);
|
||||
|
||||
|
|
@ -999,13 +907,6 @@ App::get('/v1/projects/:projectId/tasks/:taskId')
|
|||
throw new Exception('Task not found', 404);
|
||||
}
|
||||
|
||||
$httpPass = \json_decode($task->getAttribute('httpPass', '{}'), true);
|
||||
|
||||
if (!empty($httpPass) && isset($httpPass['version'])) {
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V'.$httpPass['version']);
|
||||
$task->setAttribute('httpPass', OpenSSL::decrypt($httpPass['data'], $httpPass['method'], $key, 0, \hex2bin($httpPass['iv']), \hex2bin($httpPass['tag'])));
|
||||
}
|
||||
|
||||
$response->json($task->getArrayCopy());
|
||||
}, ['response', 'consoleDB']);
|
||||
|
||||
|
|
@ -1046,16 +947,6 @@ App::put('/v1/projects/:projectId/tasks/:taskId')
|
|||
$next = ($status == 'play') ? $cron->getNextRunDate()->format('U') : null;
|
||||
|
||||
$security = ($security === '1' || $security === 'true' || $security === 1 || $security === true);
|
||||
$key = App::getEnv('_APP_OPENSSL_KEY_V1');
|
||||
$iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
|
||||
$tag = null;
|
||||
$httpPass = \json_encode([
|
||||
'data' => OpenSSL::encrypt($httpPass, OpenSSL::CIPHER_AES_128_GCM, $key, 0, $iv, $tag),
|
||||
'method' => OpenSSL::CIPHER_AES_128_GCM,
|
||||
'iv' => \bin2hex($iv),
|
||||
'tag' => \bin2hex($tag),
|
||||
'version' => '1',
|
||||
]);
|
||||
|
||||
$task
|
||||
->setAttribute('name', $name)
|
||||
|
|
|
|||
Loading…
Reference in a new issue