2017-11-15 10:54:12 +08:00
|
|
|
"use strict";
|
|
|
|
|
|
2017-11-10 12:25:23 +08:00
|
|
|
const utils = require('./utils');
|
2018-01-25 11:13:41 +08:00
|
|
|
const data_encryption = require('./data_encryption');
|
2017-11-30 12:30:35 +08:00
|
|
|
const session = {};
|
2017-11-10 12:25:23 +08:00
|
|
|
|
|
|
|
|
function setDataKey(req, decryptedDataKey) {
|
2017-11-30 12:30:35 +08:00
|
|
|
session.decryptedDataKey = Array.from(decryptedDataKey); // can't store buffer in session
|
|
|
|
|
session.protectedSessionId = utils.randomSecureToken(32);
|
2017-11-10 12:25:23 +08:00
|
|
|
|
2017-11-30 12:30:35 +08:00
|
|
|
return session.protectedSessionId;
|
2017-11-10 12:25:23 +08:00
|
|
|
}
|
|
|
|
|
|
2017-11-15 10:54:12 +08:00
|
|
|
function getProtectedSessionId(req) {
|
2017-12-17 09:48:34 +08:00
|
|
|
return req.headers.protected_session_id;
|
2017-11-15 10:54:12 +08:00
|
|
|
}
|
|
|
|
|
|
2018-01-25 11:13:41 +08:00
|
|
|
/**
|
|
|
|
|
* @param obj - can be either array, in that case it's considered to be already dataKey and we just return it
|
|
|
|
|
* if it's not a array, we consider it a request object and try to pull dataKey based on the session id header
|
|
|
|
|
*/
|
|
|
|
|
function getDataKey(obj) {
|
|
|
|
|
if (!obj || obj.constructor.name === 'Array') {
|
|
|
|
|
return obj;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const protectedSessionId = getProtectedSessionId(obj);
|
2017-11-11 11:55:19 +08:00
|
|
|
|
2018-02-24 11:58:24 +08:00
|
|
|
return getDataKeyForProtectedSessionId(protectedSessionId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function getDataKeyForProtectedSessionId(protectedSessionId) {
|
2017-11-30 12:30:35 +08:00
|
|
|
if (protectedSessionId && session.protectedSessionId === protectedSessionId) {
|
|
|
|
|
return session.decryptedDataKey;
|
2017-11-10 12:25:23 +08:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-15 10:54:12 +08:00
|
|
|
function isProtectedSessionAvailable(req) {
|
|
|
|
|
const protectedSessionId = getProtectedSessionId(req);
|
|
|
|
|
|
2017-11-30 12:30:35 +08:00
|
|
|
return protectedSessionId && session.protectedSessionId === protectedSessionId;
|
2017-11-15 10:54:12 +08:00
|
|
|
}
|
|
|
|
|
|
2018-01-25 11:13:41 +08:00
|
|
|
function decryptNote(dataKey, note) {
|
|
|
|
|
dataKey = getDataKey(dataKey);
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
if (!note.isProtected) {
|
2018-01-25 11:13:41 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
if (note.title) {
|
|
|
|
|
note.title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.noteId), note.title);
|
2018-01-25 11:13:41 +08:00
|
|
|
}
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
if (note.content) {
|
2018-02-24 11:58:24 +08:00
|
|
|
const contentIv = data_encryption.noteContentIv(note.noteId);
|
|
|
|
|
|
|
|
|
|
if (note.type === 'file') {
|
|
|
|
|
note.content = data_encryption.decrypt(dataKey, contentIv, note.content);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
note.content = data_encryption.decryptString(dataKey, contentIv, note.content);
|
|
|
|
|
}
|
2018-01-25 11:13:41 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function decryptNotes(dataKey, notes) {
|
|
|
|
|
dataKey = getDataKey(dataKey);
|
|
|
|
|
|
|
|
|
|
for (const note of notes) {
|
|
|
|
|
decryptNote(dataKey, note);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function decryptNoteHistoryRow(dataKey, hist) {
|
|
|
|
|
dataKey = getDataKey(dataKey);
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
if (!hist.isProtected) {
|
2018-01-25 11:13:41 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
if (hist.title) {
|
2018-01-29 08:38:05 +08:00
|
|
|
hist.title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(hist.noteRevisionId), hist.title);
|
2018-01-25 11:13:41 +08:00
|
|
|
}
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
if (hist.content) {
|
2018-02-24 11:58:24 +08:00
|
|
|
hist.content = data_encryption.decryptString(dataKey, data_encryption.noteContentIv(hist.noteRevisionId), hist.content);
|
2018-01-25 11:13:41 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function decryptNoteHistoryRows(dataKey, historyRows) {
|
|
|
|
|
dataKey = getDataKey(dataKey);
|
|
|
|
|
|
|
|
|
|
for (const hist of historyRows) {
|
|
|
|
|
decryptNoteHistoryRow(dataKey, hist);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function encryptNote(dataKey, note) {
|
|
|
|
|
dataKey = getDataKey(dataKey);
|
|
|
|
|
|
2018-01-29 08:30:14 +08:00
|
|
|
note.title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(note.noteId), note.title);
|
2018-02-24 11:58:24 +08:00
|
|
|
note.content = data_encryption.encrypt(dataKey, data_encryption.noteContentIv(note.noteId), note.content);
|
2018-01-25 11:13:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function encryptNoteHistoryRow(dataKey, history) {
|
|
|
|
|
dataKey = getDataKey(dataKey);
|
|
|
|
|
|
2018-01-29 08:38:05 +08:00
|
|
|
history.title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(history.noteRevisionId), history.title);
|
2018-02-24 11:58:24 +08:00
|
|
|
history.content = data_encryption.encrypt(dataKey, data_encryption.noteContentIv(history.noteRevisionId), history.content);
|
2018-01-25 11:13:41 +08:00
|
|
|
}
|
|
|
|
|
|
2017-11-10 12:25:23 +08:00
|
|
|
module.exports = {
|
|
|
|
|
setDataKey,
|
2017-11-15 10:54:12 +08:00
|
|
|
getDataKey,
|
2018-02-24 11:58:24 +08:00
|
|
|
getDataKeyForProtectedSessionId,
|
2018-01-25 11:13:41 +08:00
|
|
|
isProtectedSessionAvailable,
|
|
|
|
|
decryptNote,
|
|
|
|
|
decryptNotes,
|
|
|
|
|
decryptNoteHistoryRow,
|
|
|
|
|
decryptNoteHistoryRows,
|
|
|
|
|
encryptNote,
|
|
|
|
|
encryptNoteHistoryRow
|
2017-11-10 12:25:23 +08:00
|
|
|
};
|
