Add encryption to content when password is specified

2 files changed, 19 insertions, 3 deletions

diff --git a/backend/db/db.go b/backend/db/db.go
index 4e58188..b18eddf 100644
--- a/backend/db/db.go
+++ b/backend/db/db.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"time"
 
-	"github.com/jackyzha0/ctrl-v/hashing"
+	"github.com/jackyzha0/ctrl-v/security"
 	"github.com/joho/godotenv"
 	log "github.com/sirupsen/logrus"
 )
@@ -30,7 +30,7 @@ const ContentLimit = 100000
 // creates a new paste with title, content and hash, returns the hash of the created paste
 func New(ip, content, expiry, title, password string) (string, error) {
 	// generate hash from ip
-	hash := hashing.GenerateURI(ip)
+	hash := security.GenerateURI(ip)
 
 	// check for size of title and content
 	errs := checkLengths(title, content)
@@ -45,9 +45,24 @@ func New(ip, content, expiry, title, password string) (string, error) {
 		Title:   title,
 	}
 
+	// if there is a password, encrypt content and hash the password
 	if password != "" {
+		// use pass to encrypt content
+		key, salt, err := security.DeriveKey([]byte(password), nil)
+		if err != nil {
+			return "", fmt.Errorf("could not generate key: %s", err.Error())
+		}
+		new.Salt = salt
+
+		encryptedBytes, err := security.Encrypt(key, []byte(new.Content))
+		if err != nil {
+			return "", fmt.Errorf("could not encrypt content: %s", err.Error())
+		}
+
+		new.Content = string(encryptedBytes)
+
 		// hash given password
-		hashedPass, err := hashing.HashPassword(password)
+		hashedPass, err := security.HashPassword(password)
 		if err != nil {
 			return "", fmt.Errorf("could not hash password: %s", err.Error())
 		}
diff --git a/backend/db/schemas.go b/backend/db/schemas.go
index 4c73f82..d3551fc 100644
--- a/backend/db/schemas.go
+++ b/backend/db/schemas.go
@@ -14,4 +14,5 @@ type Paste struct {
 	Expiry   time.Time `bson:"expiry"`
 	Title    string
 	Password string
+	Salt     []byte
 }