feat: replace cipher

2025-10-17 00:59:26 +07:00 · 2025-10-17 00:59:26 +07:00 · c1bab07fb5
parent 22f983dde1
commit c1bab07fb5
3 changed files with 46 additions and 31 deletions
--- a/libraries/helpers/src/auth/auth.service.ts
+++ b/libraries/helpers/src/auth/auth.service.ts
@ -1,7 +1,35 @@
 import { sign, verify } from 'jsonwebtoken';
 import { hashSync, compareSync } from 'bcrypt';
-import bcrypt from 'bcrypt';
 import crypto from 'crypto';
+import EVP_BytesToKey from 'evp_bytestokey';
+const KEY_SIZE = 24;
+const algorithm = 'aes-256-cbc';
+
+function decrypt_legacy_using_IV(text) {
+  const result = EVP_BytesToKey(
+    process.env.JWT_SECRET,
+    null,
+    KEY_SIZE * 8, // byte to bit size
+    16
+  );
+
+  const decipher = crypto.createDecipheriv(algorithm, result.key, result.iv);
+  const decrypted = decipher.update(text, 'hex', 'utf8') + decipher.final('utf8');
+  return decrypted.toString();
+}
+
+function encrypt_legacy_using_IV(text) {
+  const result = EVP_BytesToKey(
+    process.env.JWT_SECRET,
+    null,
+    KEY_SIZE * 8, // byte to bit size
+    16
+  );
+
+  const cipher = crypto.createCipheriv(algorithm, result.key, result.iv);
+  const encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
+  return encrypted.toString();
+}

 export class AuthService {
  static hashPassword(password: string) {
@ -18,27 +46,10 @@ export class AuthService {
  }

  static fixedEncryption(value: string) {
-    // encryption algorithm
-    const algorithm = 'aes-256-cbc';
-
-    // create a cipher object
-    const cipher = crypto.createCipher(algorithm, process.env.JWT_SECRET);
-
-    // encrypt the plain text
-    let encrypted = cipher.update(value, 'utf8', 'hex');
-    encrypted += cipher.final('hex');
-
-    return encrypted;
+    return encrypt_legacy_using_IV(value);
  }

  static fixedDecryption(hash: string) {
-    const algorithm = 'aes-256-cbc';
-    const decipher = crypto.createDecipher(algorithm, process.env.JWT_SECRET);
-
-    // decrypt the encrypted text
-    let decrypted = decipher.update(hash, 'hex', 'utf8');
-    decrypted += decipher.final('utf8');
-
-    return decrypted;
+    return decrypt_legacy_using_IV(hash);
  }
 }
--- a/package.json
+++ b/package.json
@ -152,6 +152,7 @@
    "dotenv": "^16.5.0",
    "dotenv-cli": "^8.0.0",
    "emoji-picker-react": "^4.12.0",
+    "evp_bytestokey": "^1.0.3",
    "facebook-nodejs-business-sdk": "^21.0.5",
    "fast-xml-parser": "^4.5.1",
    "google-auth-library": "^9.11.0",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -11,7 +11,7 @@ importers:
    dependencies:
      '@ag-ui/mastra':
        specifier: 0.2.0
-        version: 0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@copilotkit/runtime@1.10.6(35415372e5e36eaf8297399bb868a9dd))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)
+        version: 0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@copilotkit/runtime@1.10.6(d13074c5646666f7f1336979aaba8e8f))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)
      '@ai-sdk/openai':
        specifier: ^2.0.52
        version: 2.0.52(zod@3.25.76)
@ -38,7 +38,7 @@ importers:
        version: 1.10.6(@types/react@18.3.1)(graphql@16.11.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
      '@copilotkit/runtime':
        specifier: 1.10.6
-        version: 1.10.6(35415372e5e36eaf8297399bb868a9dd)
+        version: 1.10.6(d13074c5646666f7f1336979aaba8e8f)
      '@hookform/resolvers':
        specifier: ^3.3.4
        version: 3.10.0(react-hook-form@7.65.0(react@18.3.1))
@ -336,6 +336,9 @@ importers:
      emoji-picker-react:
        specifier: ^4.12.0
        version: 4.14.1(react@18.3.1)
+      evp_bytestokey:
+        specifier: ^1.0.3
+        version: 1.0.3
      facebook-nodejs-business-sdk:
        specifier: ^21.0.5
        version: 21.0.5
@ -16736,10 +16739,10 @@ snapshots:
      '@ag-ui/core': 0.0.39
      '@ag-ui/proto': 0.0.39

-  '@ag-ui/langgraph@0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
+  '@ag-ui/langgraph@0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
    dependencies:
      '@ag-ui/client': 0.0.40
-      '@ag-ui/core': 0.0.37
+      '@ag-ui/core': 0.0.39
      '@langchain/core': 0.3.78(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))
      '@langchain/langgraph-sdk': 0.1.10(@langchain/core@0.3.78(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76)))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
      partial-json: 0.1.7
@ -16752,12 +16755,12 @@ snapshots:
      - react
      - react-dom

-  '@ag-ui/mastra@0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@copilotkit/runtime@1.10.6(35415372e5e36eaf8297399bb868a9dd))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)':
+  '@ag-ui/mastra@0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@copilotkit/runtime@1.10.6(d13074c5646666f7f1336979aaba8e8f))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)':
    dependencies:
      '@ag-ui/client': 0.0.40
-      '@ag-ui/core': 0.0.37
+      '@ag-ui/core': 0.0.39
      '@ai-sdk/ui-utils': 1.2.11(zod@3.25.76)
-      '@copilotkit/runtime': 1.10.6(35415372e5e36eaf8297399bb868a9dd)
+      '@copilotkit/runtime': 1.10.6(d13074c5646666f7f1336979aaba8e8f)
      '@mastra/client-js': 0.15.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)
      '@mastra/core': 0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)
      rxjs: 7.8.1
@ -18702,12 +18705,12 @@ snapshots:
      - encoding
      - graphql

-  '@copilotkit/runtime@1.10.6(35415372e5e36eaf8297399bb868a9dd)':
+  '@copilotkit/runtime@1.10.6(d13074c5646666f7f1336979aaba8e8f)':
    dependencies:
      '@ag-ui/client': 0.0.40
-      '@ag-ui/core': 0.0.37
+      '@ag-ui/core': 0.0.39
      '@ag-ui/encoder': 0.0.39
-      '@ag-ui/langgraph': 0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      '@ag-ui/langgraph': 0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
      '@ag-ui/proto': 0.0.39
      '@anthropic-ai/sdk': 0.57.0
      '@copilotkit/shared': 1.10.6
@ -32004,7 +32007,7 @@ snapshots:

  md5.js@1.3.5:
    dependencies:
-      hash-base: 3.0.5
+      hash-base: 3.1.2
      inherits: 2.0.4
      safe-buffer: 5.2.1