Secrets are now stored as AES encrypted -> Base64 encoded strings, retrieval is still plaintext and will need to be updated to reflect the required unencoding and decryption process

2022-07-29 20:31:58 -05:00
parent bbe315c450
commit 478384aae9
8 changed files with 50 additions and 32 deletions
--- a/src/Core/SQLite.hs
+++ b/src/Core/SQLite.hs
@ -22,3 +22,8 @@ dbPath :: PurrAction String
 dbPath = do
  conf  <- lift ask
  return $ dbFile conf
+
+encKey :: PurrAction String
+encKey = do
+  conf  <- lift ask
+  return $ dbKey conf
--- a/src/Core/Types.hs
+++ b/src/Core/Types.hs
@ -20,6 +20,6 @@ data DhallConfig = DhallConfig
  , applicationHost :: String
  , applicationPort :: Int
  , dbFile          :: String
-  , dbSalt          :: String
+  , dbKey           :: String
  , linkLength      :: Int
  } deriving (Generic, Show)
--- a/src/Feature/Sharing/SQLite.hs
+++ b/src/Feature/Sharing/SQLite.hs
@ -4,14 +4,18 @@ import Core.Types
 import Core.SQLite
 import Feature.Sharing.Types

-import Control.Monad.Reader (ask, lift, liftIO)
-import Data.Maybe (listToMaybe)
-import Data.Time.Clock.POSIX (getPOSIXTime)
+import Control.Monad.Reader           (ask, lift, liftIO)
+import Crypto.Simple.CBC              (encrypt, decrypt)
+import Data.Maybe                     (listToMaybe)
+import Data.Time.Clock.POSIX          (getPOSIXTime)
 import Database.SQLite.Simple
 import Database.SQLite.Simple.FromRow

-import qualified Data.Text      as T
-import qualified Data.Text.Lazy as LT
+import qualified Data.ByteString.Base64 as B64
+import qualified Data.ByteString.Char8  as B
+import qualified Data.Text              as T
+import qualified Data.Text.Encoding     as ET
+import qualified Data.Text.Lazy         as LT

 findByLink :: String -> PurrAction (Maybe SecretEntry)
 findByLink link = do
@ -23,13 +27,18 @@ findByLink link = do

 insertNewSecret :: T.Text -> T.Text -> PurrAction ()
 insertNewSecret sec link = do
-  db   <- dbPath
-  conn <- liftIO $ open db
-  time <- liftIO $ epochTime
+  db     <- dbPath
+  key    <- encKey
+  encSec <- liftIO $ encrypt (B.pack key) (ET.encodeUtf8 sec)
+  conn   <- liftIO $ open db
+  time   <- liftIO $ epochTime
  liftIO $ execute conn 
    "INSERT INTO pws (link, secret, date) VALUES (?, ?, ?)"
-      (SecretEntry link sec time)
+      (SecretEntry link (encodeSecret encSec) time)
  liftIO $ close conn

 epochTime :: IO Integer
 epochTime = fmap round getPOSIXTime
+
+encodeSecret :: B.ByteString -> T.Text
+encodeSecret b = ET.decodeUtf8 $ B64.encode b