mirror of
https://github.com/Unleash/unleash.git
synced 2025-02-04 00:18:01 +01:00
1724219487
## About the changes This allows us to encrypt emails at signup for demo users to further secure our demo instance. Currently, emails are anonymized before displaying events performed by demo users. But this means that emails are stored at rest in our DB. By encrypting the emails at login, we're adding another layer of protection. This can be enabled with a flag and requires the encryption key and the initialization vector (IV for short) to be present as environment variables.
54 lines
1.5 KiB
TypeScript
54 lines
1.5 KiB
TypeScript
import { createCipheriv, createHash } from 'crypto';
|
|
|
|
export function encrypt(s?: string): string {
|
|
const key = process.env.UNLEASH_ENCRYPTION_KEY;
|
|
const iv = process.env.UNLEASH_ENCRYPTION_IV;
|
|
if (!s || !key || !iv) {
|
|
return s ?? '';
|
|
}
|
|
|
|
const algorithm = 'aes-256-cbc';
|
|
|
|
const cipher = createCipheriv(
|
|
algorithm,
|
|
Buffer.from(key, 'hex'),
|
|
Buffer.from(iv, 'hex'),
|
|
);
|
|
const encrypted = cipher.update(s, 'utf8', 'hex') + cipher.final('hex');
|
|
return `${encrypted}@unleash.run`;
|
|
}
|
|
|
|
export function anonymise(s?: string): string {
|
|
if (!s) {
|
|
return '';
|
|
}
|
|
const hash = createHash('sha256')
|
|
.update(s, 'utf-8')
|
|
.digest('hex')
|
|
.slice(0, 9);
|
|
return `${hash}@unleash.run`;
|
|
}
|
|
|
|
export function anonymiseKeys<T>(object: T, keys: string[]): T {
|
|
if (typeof object !== 'object' || object === null) {
|
|
return object;
|
|
}
|
|
|
|
if (Array.isArray(object)) {
|
|
return object.map((item) => anonymiseKeys(item, keys)) as T;
|
|
} else {
|
|
return Object.keys(object).reduce((result, key) => {
|
|
if (
|
|
keys.includes(key) &&
|
|
result[key] !== undefined &&
|
|
result[key] !== null
|
|
) {
|
|
result[key] = anonymise(result[key]);
|
|
} else if (typeof result[key] === 'object') {
|
|
result[key] = anonymiseKeys(result[key], keys);
|
|
}
|
|
return result;
|
|
}, object);
|
|
}
|
|
}
|