make sure to encrypt email address when storing agreements

2026-01-28 02:18:43 +00:00 · 2021-07-16 16:27:25 +03:00
parent a0faf1cd61
commit d51befeff9
2 changed files with 50 additions and 22 deletions
--- a/src/agreements_db.go
+++ b/src/agreements_db.go
@@ -38,6 +38,10 @@ func (dbobj dbcon) acceptAgreement(userTOKEN string, mode string, identity strin
 	if len(referencecode) > 0 {
 		bdoc["referencecode"] = referencecode
 	}
+	encIdentity := ""
+	if len(identity) > 0 {
+		encIdentity := basicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode())
+	}
 	if len(userTOKEN) > 0 {
 		// first check if this agreement exists, then update
 		raw, err := dbobj.store.GetRecord2(storage.TblName.Agreements, "token", userTOKEN, "brief", brief)
@@ -53,14 +57,14 @@ func (dbobj dbcon) acceptAgreement(userTOKEN string, mode string, identity strin
 			}
 			return false, nil
 		}
-	} else {
-		raw, err := dbobj.store.GetRecord2(storage.TblName.Agreements, "who", identity, "brief", brief)
+	} else if len(identity) > 0 {
+		raw, err := dbobj.store.GetRecord2(storage.TblName.Agreements, "who", encIdentity, "brief", brief)
 		if err != nil {
 			fmt.Printf("error to find:%s", err)
 			return false, err
 		}
 		if raw != nil {
-			dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", identity, "brief", brief, &bdoc, nil)
+			dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", encIdentity, "brief", brief, &bdoc, nil)
 			if status != raw["status"].(string) {
 				// status changed
 				return true, nil
@@ -70,7 +74,7 @@ func (dbobj dbcon) acceptAgreement(userTOKEN string, mode string, identity strin
 	}
 	bdoc["brief"] = brief
 	bdoc["mode"] = mode
-	bdoc["who"] = identity
+	bdoc["who"] = encIdentity
 	bdoc["token"] = userTOKEN
 	bdoc["creationtime"] = now
 	if len(agreementmethod) > 0 {
@@ -88,28 +92,32 @@ func (dbobj dbcon) acceptAgreement(userTOKEN string, mode string, identity strin
 }

 // link consent record to userToken
-func (dbobj dbcon) linkAgreementRecords(userTOKEN string, mode string, identity string) error {
+func (dbobj dbcon) linkAgreementRecords(userTOKEN string, encIdentity string) error {
 	bdoc := bson.M{}
 	bdoc["token"] = userTOKEN
-	_, err := dbobj.store.UpdateRecord2(storage.TblName.Agreements, "token", "", "who", identity, &bdoc, nil)
+	_, err := dbobj.store.UpdateRecord2(storage.TblName.Agreements, "token", "", "who", encIdentity, &bdoc, nil)
 	return err
 }

 func (dbobj dbcon) withdrawAgreement(userTOKEN string, brief string, mode string, identity string, lastmodifiedby string) error {
 	now := int32(time.Now().Unix())
 	// update date, status
+	encIdentity := ""
+	if len(identity) > 0 {
+		encIdentity = basicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode())
+	}
 	bdoc := bson.M{}
 	bdoc["when"] = now
 	bdoc["mode"] = mode
-	bdoc["who"] = identity
+	bdoc["who"] = encIdentity
 	bdoc["endtime"] = 0
 	bdoc["status"] = "no"
 	bdoc["lastmodifiedby"] = lastmodifiedby
 	if len(userTOKEN) > 0 {
 		fmt.Printf("%s %s\n", userTOKEN, brief)
 		dbobj.store.UpdateRecord2(storage.TblName.Agreements, "token", userTOKEN, "brief", brief, &bdoc, nil)
-	} else {
-		dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", identity, "brief", brief, &bdoc, nil)
+	} else if len(identity) > 0 {
+		dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", encIdentity, "brief", brief, &bdoc, nil)
 	}
 	return nil
 }
@@ -123,6 +131,15 @@ func (dbobj dbcon) listAgreementRecords(userTOKEN string) ([]byte, int, error) {
 	if count == 0 {
 		return []byte("[]"), 0, err
 	}
+	for _, rec := range records {
+		encIdentity := rec["who"].(string)
+		if len(encIdentity) > 0 {
+			identity, _ := basicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode())
+			if len(identity) > 0 {
+				rec["who"] = identity
+			}
+		}
+	}
 	resultJSON, err := json.Marshal(records)
 	if err != nil {
 		return nil, 0, err
@@ -132,7 +149,8 @@ func (dbobj dbcon) listAgreementRecords(userTOKEN string) ([]byte, int, error) {
 }

 func (dbobj dbcon) listAgreementRecordsByIdentity(identity string) ([]byte, int, error) {
-	records, err := dbobj.store.GetList(storage.TblName.Agreements, "who", identity, 0, 0, "")
+	encIdentity := basicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode())
+	records, err := dbobj.store.GetList(storage.TblName.Agreements, "who", encIdentity, 0, 0, "")
 	if err != nil {
 		return nil, 0, err
 	}
@@ -140,6 +158,9 @@ func (dbobj dbcon) listAgreementRecordsByIdentity(identity string) ([]byte, int,
 	if count == 0 {
 		return []byte("[]"), 0, err
 	}
+	for _, rec := range records {
+		rec["who"] = identity
+	}
 	resultJSON, err := json.Marshal(records)
 	if err != nil {
 		return nil, 0, err
@@ -153,6 +174,13 @@ func (dbobj dbcon) viewAgreementRecord(userTOKEN string, brief string) ([]byte,
 	if record == nil || err != nil {
 		return nil, err
 	}
+	encIdentity := record["who"].(string)
+	if len(encIdentity) > 0 {
+		identity, _ := basicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode())
+		if len(identity) > 0 {
+			record["who"] = identity
+		}
+	}
 	resultJSON, err := json.Marshal(record)
 	if err != nil {
 		return nil, err
@@ -180,8 +208,9 @@ func (dbobj dbcon) expireAgreementRecords(notifyURL string) error {
 			dbobj.store.UpdateRecord2(storage.TblName.Agreements, "token", userTOKEN, "brief", brief, &bdoc, nil)
 			notifyConsentChange(notifyURL, brief, "expired", "token", userTOKEN)
 		} else {
-			identity := rec["who"].(string)
-			dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", identity, "brief", brief, &bdoc, nil)
+			encIdentity := rec["who"].(string)
+			dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", encIdentity, "brief", brief, &bdoc, nil)
+			identity, _ := basicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode())
 			notifyConsentChange(notifyURL, brief, "expired", rec["mode"].(string), identity)
 		}

--- a/src/users_api.go
+++ b/src/users_api.go
@@ -86,25 +86,24 @@ func (e mainEnv) userNew(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		returnError(w, r, "internal error", 405, err, event)
 		return
 	}
+	encPhoneIdx := ""
 	if len(parsedData.emailIdx) > 0 {
-		e.db.linkAgreementRecords(userTOKEN, "email", parsedData.emailIdx)
+		encEmailIdx := basicStringEncrypt(parsedData.emailIdx, e.db.masterKey, e.db.GetCode())
+		e.db.linkAgreementRecords(userTOKEN, encEmailIdx)
 	}
 	if len(parsedData.phoneIdx) > 0 {
-		e.db.linkAgreementRecords(userTOKEN, "phone", parsedData.phoneIdx)
+		encPhoneIdx = basicStringEncrypt(parsedData.phoneIdx, e.db.masterKey, e.db.GetCode())
+		e.db.linkAgreementRecords(userTOKEN, encPhoneIdx)
 	}
 	if len(parsedData.emailIdx) > 0 && len(parsedData.phoneIdx) > 0 {
 		// delete duplicate consent records for user
-		records, _ := e.db.store.GetList(storage.TblName.Agreements, "who", parsedData.emailIdx, 0, 0, "")
+		records, _ := e.db.store.GetList(storage.TblName.Agreements, "token", userTOKEN, 0, 0, "")
 		var briefCodes []string
 		for _, val := range records {
-			//fmt.Printf("adding brief code: %s\n", val["brief"].(string))
-			briefCodes = append(briefCodes, val["brief"].(string))
-		}
-		records, _ = e.db.store.GetList(storage.TblName.Agreements, "who", parsedData.phoneIdx, 0, 0, "")
-		for _, val := range records {
-			//fmt.Printf("XXX checking brief code for duplicates: %s\n", val["brief"].(string))
 			if contains(briefCodes, val["brief"].(string)) == true {
-				e.db.store.DeleteRecord2(storage.TblName.Agreements, "token", userTOKEN, "who", parsedData.phoneIdx)
+				e.db.store.DeleteRecord2(storage.TblName.Agreements, "token", userTOKEN, "who", encPhoneIdx)
+			} else {
+				briefCodes = append(briefCodes, val["brief"].(string))
 			}
 		}
 	}