From 40bfb612ae31e1f16ae48e308e26292ef9b78823 Mon Sep 17 00:00:00 2001
From: Nevo David <me@nevos.io>
Date: Fri, 17 Oct 2025 01:07:31 +0700
Subject: [PATCH] feat: fix iv

---
 .../src/api/routes/integrations.controller.ts |  2 +-
 libraries/helpers/src/auth/auth.service.ts    | 50 +++++++++++--------
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/apps/backend/src/api/routes/integrations.controller.ts b/apps/backend/src/api/routes/integrations.controller.ts
index b2aaf372..c4b1ff50 100644
--- a/apps/backend/src/api/routes/integrations.controller.ts
+++ b/apps/backend/src/api/routes/integrations.controller.ts
@@ -48,7 +48,7 @@ export class IntegrationsController {
     private _postService: PostsService
   ) {}
   @Get('/')
-  getIntegrations() {
+  getIntegration() {
     return this._integrationManager.getAllIntegrations();
   }
 
diff --git a/libraries/helpers/src/auth/auth.service.ts b/libraries/helpers/src/auth/auth.service.ts
index c0b8b4f8..2db11f64 100644
--- a/libraries/helpers/src/auth/auth.service.ts
+++ b/libraries/helpers/src/auth/auth.service.ts
@@ -2,33 +2,39 @@ import { sign, verify } from 'jsonwebtoken';
 import { hashSync, compareSync } from 'bcrypt';
 import crypto from 'crypto';
 import EVP_BytesToKey from 'evp_bytestokey';
-const KEY_SIZE = 24;
 const algorithm = 'aes-256-cbc';
+const { keyLength, ivLength } = crypto.getCipherInfo(algorithm);
 
-function decrypt_legacy_using_IV(text) {
-  const result = EVP_BytesToKey(
-    process.env.JWT_SECRET,
-    null,
-    KEY_SIZE * 8, // byte to bit size
-    16
-  );
-
-  const decipher = crypto.createDecipheriv(algorithm, result.key, result.iv);
-  const decrypted = decipher.update(text, 'hex', 'utf8') + decipher.final('utf8');
-  return decrypted.toString();
+function deriveLegacyKeyIv(secret) {
+  const pass = Buffer.isBuffer(secret)
+    ? secret
+    : Buffer.from(secret ?? '', 'utf8');
+  // EVP_BytesToKey(password, salt, keyLen, ivLen) — lengths are BYTES
+  const { key, iv } = EVP_BytesToKey(pass, null, keyLength, ivLength); // MD5, 1 iter, no salt (legacy)
+  if (key.length !== keyLength || iv.length !== ivLength) {
+    throw new Error(`Derived wrong sizes (key=${key.length}, iv=${iv.length})`);
+  }
+  return { key, iv };
 }
 
-function encrypt_legacy_using_IV(text) {
-  const result = EVP_BytesToKey(
-    process.env.JWT_SECRET,
-    null,
-    KEY_SIZE * 8, // byte to bit size
-    16
-  );
+export function decrypt_legacy_using_IV(hexCiphertext) {
+  const { key, iv } = deriveLegacyKeyIv(process.env.JWT_SECRET);
+  const decipher = crypto.createDecipheriv(algorithm, key, iv);
+  const out = Buffer.concat([
+    decipher.update(hexCiphertext, 'hex'),
+    decipher.final(),
+  ]);
+  return out.toString('utf8');
+}
 
-  const cipher = crypto.createCipheriv(algorithm, result.key, result.iv);
-  const encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
-  return encrypted.toString();
+export function encrypt_legacy_using_IV(utf8Plaintext) {
+  const { key, iv } = deriveLegacyKeyIv(process.env.JWT_SECRET);
+  const cipher = crypto.createCipheriv(algorithm, key, iv);
+  const out = Buffer.concat([
+    cipher.update(utf8Plaintext, 'utf8'),
+    cipher.final(),
+  ]);
+  return out.toString('hex');
 }
 
 export class AuthService {