From 5d037e8297a192996b7281af0ca761c160aaed30 Mon Sep 17 00:00:00 2001
From: Ryan Mehri <ryan.mehri1@gmail.com>
Date: Fri, 15 May 2020 17:58:09 -0600
Subject: Add encryption to content when password is specified

---
 backend/cache/cache.go | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'backend/cache/cache.go')

diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 71007e5..6d5eb42 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -2,7 +2,7 @@ package cache
 
 import (
 	"errors"
-	"github.com/jackyzha0/ctrl-v/hashing"
+	"github.com/jackyzha0/ctrl-v/security"
 	"sync"
 
 	"github.com/jackyzha0/ctrl-v/db"
@@ -17,6 +17,7 @@ var C *Cache
 
 var PasteNotFound = errors.New("could not find a paste with that hash")
 var UserUnauthorized = errors.New("paste is password protected")
+var EncryptionError = errors.New("could not encrypt the given content")
 
 func init() {
 	C = &Cache{
@@ -46,9 +47,22 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 	// if there is a password, check the provided one against it
 	if p.Password != "" {
 		// if passwords do not match, the user is unauthorized
-		if !hashing.PasswordsEqual(p.Password, userPassword) {
+		if !security.PasswordsEqual(p.Password, userPassword) {
 			return db.Paste{}, UserUnauthorized
 		}
+
+		// if password matches, decrypt content
+		key, _, err := security.DeriveKey([]byte(userPassword), p.Salt)
+		if err != nil {
+			return db.Paste{}, EncryptionError
+		}
+
+		decryptedBytes, err := security.Decrypt(key, []byte(p.Content))
+		if err != nil {
+			return db.Paste{}, EncryptionError
+		}
+
+		p.Content = string(decryptedBytes)
 	}
 
 	return p, nil
-- 
cgit v1.2.3


From 4e03758e92887fe4251a73ce8125b93e8624b6a2 Mon Sep 17 00:00:00 2001
From: Ryan Mehri <ryan.mehri1@gmail.com>
Date: Fri, 15 May 2020 19:00:21 -0600
Subject: Add comments and clean up encryption

---
 backend/cache/cache.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'backend/cache/cache.go')

diff --git a/backend/cache/cache.go b/backend/cache/cache.go
index 6d5eb42..43e615a 100644
--- a/backend/cache/cache.go
+++ b/backend/cache/cache.go
@@ -17,7 +17,6 @@ var C *Cache
 
 var PasteNotFound = errors.New("could not find a paste with that hash")
 var UserUnauthorized = errors.New("paste is password protected")
-var EncryptionError = errors.New("could not encrypt the given content")
 
 func init() {
 	C = &Cache{
@@ -52,17 +51,17 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) {
 		}
 
 		// if password matches, decrypt content
-		key, _, err := security.DeriveKey([]byte(userPassword), p.Salt)
+		key, _, err := security.DeriveKey(userPassword, p.Salt)
 		if err != nil {
-			return db.Paste{}, EncryptionError
+			return db.Paste{}, security.EncryptionError
 		}
 
-		decryptedBytes, err := security.Decrypt(key, []byte(p.Content))
+		decryptedContent, err := security.Decrypt(key, p.Content)
 		if err != nil {
-			return db.Paste{}, EncryptionError
+			return db.Paste{}, security.EncryptionError
 		}
 
-		p.Content = string(decryptedBytes)
+		p.Content = decryptedContent
 	}
 
 	return p, nil
-- 
cgit v1.2.3