From c1bab07fb5e7846223132796e326ca8f8ceaf7d6 Mon Sep 17 00:00:00 2001 From: Nevo David Date: Fri, 17 Oct 2025 00:59:26 +0700 Subject: [PATCH] feat: replace cipher --- libraries/helpers/src/auth/auth.service.ts | 51 +++++++++++++--------- package.json | 1 + pnpm-lock.yaml | 25 ++++++----- 3 files changed, 46 insertions(+), 31 deletions(-) diff --git a/libraries/helpers/src/auth/auth.service.ts b/libraries/helpers/src/auth/auth.service.ts index 1a31ccc5..c0b8b4f8 100644 --- a/libraries/helpers/src/auth/auth.service.ts +++ b/libraries/helpers/src/auth/auth.service.ts @@ -1,7 +1,35 @@ import { sign, verify } from 'jsonwebtoken'; import { hashSync, compareSync } from 'bcrypt'; -import bcrypt from 'bcrypt'; import crypto from 'crypto'; +import EVP_BytesToKey from 'evp_bytestokey'; +const KEY_SIZE = 24; +const algorithm = 'aes-256-cbc'; + +function decrypt_legacy_using_IV(text) { + const result = EVP_BytesToKey( + process.env.JWT_SECRET, + null, + KEY_SIZE * 8, // byte to bit size + 16 + ); + + const decipher = crypto.createDecipheriv(algorithm, result.key, result.iv); + const decrypted = decipher.update(text, 'hex', 'utf8') + decipher.final('utf8'); + return decrypted.toString(); +} + +function encrypt_legacy_using_IV(text) { + const result = EVP_BytesToKey( + process.env.JWT_SECRET, + null, + KEY_SIZE * 8, // byte to bit size + 16 + ); + + const cipher = crypto.createCipheriv(algorithm, result.key, result.iv); + const encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex'); + return encrypted.toString(); +} export class AuthService { static hashPassword(password: string) { @@ -18,27 +46,10 @@ export class AuthService { } static fixedEncryption(value: string) { - // encryption algorithm - const algorithm = 'aes-256-cbc'; - - // create a cipher object - const cipher = crypto.createCipher(algorithm, process.env.JWT_SECRET); - - // encrypt the plain text - let encrypted = cipher.update(value, 'utf8', 'hex'); - encrypted += cipher.final('hex'); - - return encrypted; + return encrypt_legacy_using_IV(value); } static fixedDecryption(hash: string) { - const algorithm = 'aes-256-cbc'; - const decipher = crypto.createDecipher(algorithm, process.env.JWT_SECRET); - - // decrypt the encrypted text - let decrypted = decipher.update(hash, 'hex', 'utf8'); - decrypted += decipher.final('utf8'); - - return decrypted; + return decrypt_legacy_using_IV(hash); } } diff --git a/package.json b/package.json index a6ab5a7c..a4c1e46c 100644 --- a/package.json +++ b/package.json @@ -152,6 +152,7 @@ "dotenv": "^16.5.0", "dotenv-cli": "^8.0.0", "emoji-picker-react": "^4.12.0", + "evp_bytestokey": "^1.0.3", "facebook-nodejs-business-sdk": "^21.0.5", "fast-xml-parser": "^4.5.1", "google-auth-library": "^9.11.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6a2fe4a7..8cd5f68b 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -11,7 +11,7 @@ importers: dependencies: '@ag-ui/mastra': specifier: 0.2.0 - version: 0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@copilotkit/runtime@1.10.6(35415372e5e36eaf8297399bb868a9dd))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76) + version: 0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@copilotkit/runtime@1.10.6(d13074c5646666f7f1336979aaba8e8f))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76) '@ai-sdk/openai': specifier: ^2.0.52 version: 2.0.52(zod@3.25.76) @@ -38,7 +38,7 @@ importers: version: 1.10.6(@types/react@18.3.1)(graphql@16.11.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) '@copilotkit/runtime': specifier: 1.10.6 - version: 1.10.6(35415372e5e36eaf8297399bb868a9dd) + version: 1.10.6(d13074c5646666f7f1336979aaba8e8f) '@hookform/resolvers': specifier: ^3.3.4 version: 3.10.0(react-hook-form@7.65.0(react@18.3.1)) @@ -336,6 +336,9 @@ importers: emoji-picker-react: specifier: ^4.12.0 version: 4.14.1(react@18.3.1) + evp_bytestokey: + specifier: ^1.0.3 + version: 1.0.3 facebook-nodejs-business-sdk: specifier: ^21.0.5 version: 21.0.5 @@ -16736,10 +16739,10 @@ snapshots: '@ag-ui/core': 0.0.39 '@ag-ui/proto': 0.0.39 - '@ag-ui/langgraph@0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)': + '@ag-ui/langgraph@0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1)': dependencies: '@ag-ui/client': 0.0.40 - '@ag-ui/core': 0.0.37 + '@ag-ui/core': 0.0.39 '@langchain/core': 0.3.78(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76)) '@langchain/langgraph-sdk': 0.1.10(@langchain/core@0.3.78(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76)))(react-dom@18.3.1(react@18.3.1))(react@18.3.1) partial-json: 0.1.7 @@ -16752,12 +16755,12 @@ snapshots: - react - react-dom - '@ag-ui/mastra@0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@copilotkit/runtime@1.10.6(35415372e5e36eaf8297399bb868a9dd))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)': + '@ag-ui/mastra@0.2.0(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@copilotkit/runtime@1.10.6(d13074c5646666f7f1336979aaba8e8f))(@mastra/core@0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76))(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76)': dependencies: '@ag-ui/client': 0.0.40 - '@ag-ui/core': 0.0.37 + '@ag-ui/core': 0.0.39 '@ai-sdk/ui-utils': 1.2.11(zod@3.25.76) - '@copilotkit/runtime': 1.10.6(35415372e5e36eaf8297399bb868a9dd) + '@copilotkit/runtime': 1.10.6(d13074c5646666f7f1336979aaba8e8f) '@mastra/client-js': 0.15.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76) '@mastra/core': 0.20.2(effect@3.16.12)(openapi-types@12.1.3)(react@18.3.1)(zod@3.25.76) rxjs: 7.8.1 @@ -18702,12 +18705,12 @@ snapshots: - encoding - graphql - '@copilotkit/runtime@1.10.6(35415372e5e36eaf8297399bb868a9dd)': + '@copilotkit/runtime@1.10.6(d13074c5646666f7f1336979aaba8e8f)': dependencies: '@ag-ui/client': 0.0.40 - '@ag-ui/core': 0.0.37 + '@ag-ui/core': 0.0.39 '@ag-ui/encoder': 0.0.39 - '@ag-ui/langgraph': 0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.37)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + '@ag-ui/langgraph': 0.0.18(@ag-ui/client@0.0.40)(@ag-ui/core@0.0.39)(@opentelemetry/api@1.9.0)(@opentelemetry/exporter-trace-otlp-proto@0.203.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.1.0(@opentelemetry/api@1.9.0))(openai@6.4.0(ws@8.18.3(bufferutil@4.0.9)(utf-8-validate@5.0.10))(zod@3.25.76))(react-dom@18.3.1(react@18.3.1))(react@18.3.1) '@ag-ui/proto': 0.0.39 '@anthropic-ai/sdk': 0.57.0 '@copilotkit/shared': 1.10.6 @@ -32004,7 +32007,7 @@ snapshots: md5.js@1.3.5: dependencies: - hash-base: 3.0.5 + hash-base: 3.1.2 inherits: 2.0.4 safe-buffer: 5.2.1