From 5d037e8297a192996b7281af0ca761c160aaed30 Mon Sep 17 00:00:00 2001 From: Ryan Mehri Date: Fri, 15 May 2020 17:58:09 -0600 Subject: Add encryption to content when password is specified --- backend/db/db.go | 21 ++++++++++++++++++--- backend/db/schemas.go | 1 + 2 files changed, 19 insertions(+), 3 deletions(-) (limited to 'backend/db') diff --git a/backend/db/db.go b/backend/db/db.go index 4e58188..b18eddf 100644 --- a/backend/db/db.go +++ b/backend/db/db.go @@ -5,7 +5,7 @@ import ( "os" "time" - "github.com/jackyzha0/ctrl-v/hashing" + "github.com/jackyzha0/ctrl-v/security" "github.com/joho/godotenv" log "github.com/sirupsen/logrus" ) @@ -30,7 +30,7 @@ const ContentLimit = 100000 // creates a new paste with title, content and hash, returns the hash of the created paste func New(ip, content, expiry, title, password string) (string, error) { // generate hash from ip - hash := hashing.GenerateURI(ip) + hash := security.GenerateURI(ip) // check for size of title and content errs := checkLengths(title, content) @@ -45,9 +45,24 @@ func New(ip, content, expiry, title, password string) (string, error) { Title: title, } + // if there is a password, encrypt content and hash the password if password != "" { + // use pass to encrypt content + key, salt, err := security.DeriveKey([]byte(password), nil) + if err != nil { + return "", fmt.Errorf("could not generate key: %s", err.Error()) + } + new.Salt = salt + + encryptedBytes, err := security.Encrypt(key, []byte(new.Content)) + if err != nil { + return "", fmt.Errorf("could not encrypt content: %s", err.Error()) + } + + new.Content = string(encryptedBytes) + // hash given password - hashedPass, err := hashing.HashPassword(password) + hashedPass, err := security.HashPassword(password) if err != nil { return "", fmt.Errorf("could not hash password: %s", err.Error()) } diff --git a/backend/db/schemas.go b/backend/db/schemas.go index 4c73f82..d3551fc 100644 --- a/backend/db/schemas.go +++ b/backend/db/schemas.go @@ -14,4 +14,5 @@ type Paste struct { Expiry time.Time `bson:"expiry"` Title string Password string + Salt []byte } -- cgit v1.2.3 From 4e03758e92887fe4251a73ce8125b93e8624b6a2 Mon Sep 17 00:00:00 2001 From: Ryan Mehri Date: Fri, 15 May 2020 19:00:21 -0600 Subject: Add comments and clean up encryption --- backend/db/db.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'backend/db') diff --git a/backend/db/db.go b/backend/db/db.go index b18eddf..df112d0 100644 --- a/backend/db/db.go +++ b/backend/db/db.go @@ -48,18 +48,18 @@ func New(ip, content, expiry, title, password string) (string, error) { // if there is a password, encrypt content and hash the password if password != "" { // use pass to encrypt content - key, salt, err := security.DeriveKey([]byte(password), nil) + key, salt, err := security.DeriveKey(password, nil) if err != nil { return "", fmt.Errorf("could not generate key: %s", err.Error()) } new.Salt = salt - encryptedBytes, err := security.Encrypt(key, []byte(new.Content)) + encryptedContent, err := security.Encrypt(key, new.Content) if err != nil { return "", fmt.Errorf("could not encrypt content: %s", err.Error()) } - new.Content = string(encryptedBytes) + new.Content = encryptedContent // hash given password hashedPass, err := security.HashPassword(password) -- cgit v1.2.3