scottk/databunker
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/databunker.git synced 2025-11-01 10:27:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

finally encrypt audit who & record key in database

Browse Source
This commit is contained in:
root
2020-08-22 20:07:37 +00:00
parent d1d46cee71
commit b8658587aa
3 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/audit_db.go
View File

@@ -44,7 +44,7 @@ func (event auditEvent) submit(db *dbcon) {
bdoc["atoken"] = atoken bdoc["atoken"] = atoken
bdoc["when"] = event.When bdoc["when"] = event.When
if len(event.Who) > 0 { if len(event.Who) > 0 {
bdoc["who"] = event.Who bdoc["who"], _ = basicStringEncrypt(event.Who, db.masterKey, db.GetCode())
} }
if len(event.Mode) > 0 { if len(event.Mode) > 0 {
bdoc["mode"] = event.Mode bdoc["mode"] = event.Mode
@@ -53,7 +53,7 @@ func (event auditEvent) submit(db *dbcon) {
bdoc["identity"] = event.Identity bdoc["identity"] = event.Identity
} }
if len(event.Record) > 0 { if len(event.Record) > 0 {
bdoc["record"] = event.Record bdoc["record"], _ = basicStringEncrypt(event.Record, db.masterKey, db.GetCode())
} }
if len(event.App) > 0 { if len(event.App) > 0 {
bdoc["app"] = event.App bdoc["app"] = event.App
@@ -90,6 +90,7 @@ func (dbobj dbcon) getAuditEvents(userTOKEN string, offset int32, limit int32) (
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
} }
code := dbobj.GetCode()
for _, element := range records { for _, element := range records {
element["more"] = false element["more"] = false
if _, ok := element["before"]; ok { if _, ok := element["before"]; ok {
@@ -104,6 +105,12 @@ func (dbobj dbcon) getAuditEvents(userTOKEN string, offset int32, limit int32) (
element["more"] = true element["more"] = true
element["debug"] = "" element["debug"] = ""
} }
if _, ok := element["record"]; ok {
element["record"], _ = basicStringDecrypt(element["record"].(string), dbobj.masterKey, code)
}
if _, ok := element["who"]; ok {
element["who"], _ = basicStringDecrypt(element["who"].(string), dbobj.masterKey, code)
}
results = append(results, element) results = append(results, element)
} }
resultJSON, err := json.Marshal(records) resultJSON, err := json.Marshal(records)
@@ -126,6 +133,7 @@ func (dbobj dbcon) getAdminAuditEvents(offset int32, limit int32) ([]byte, int64
if err != nil { if err != nil {
return nil, 0, err return nil, 0, err
} }
code := dbobj.GetCode()
for _, element := range records { for _, element := range records {
element["more"] = false element["more"] = false
if _, ok := element["before"]; ok { if _, ok := element["before"]; ok {
@@ -140,6 +148,12 @@ func (dbobj dbcon) getAdminAuditEvents(offset int32, limit int32) ([]byte, int64
element["more"] = true element["more"] = true
element["debug"] = "" element["debug"] = ""
} }
if _, ok := element["record"]; ok {
element["record"], _ = basicStringDecrypt(element["record"].(string), dbobj.masterKey, code)
}
if _, ok := element["who"]; ok {
element["who"], _ = basicStringDecrypt(element["who"].(string), dbobj.masterKey, code)
}
results = append(results, element) results = append(results, element)
} }
resultJSON, err := json.Marshal(records) resultJSON, err := json.Marshal(records)

4
src/conf.go
View File

@@ -70,3 +70,7 @@ func (dbobj dbcon) GlobalUserChangeEmail(oldEmail string, newEmail string) {
// not implemented // not implemented
} }
func (dbobj dbcon) GetCode() []byte {
code := dbobj.hash[4:12]
return code
}

46
src/cryptor.go
View File

@@ -4,6 +4,8 @@ import (
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/rand" "crypto/rand"
"encoding/base64"
"log"
"io" "io"
) )
@@ -74,3 +76,47 @@ func encrypt(masterKey []byte, userKey []byte, plaintext []byte) ([]byte, error)
ciphertext = append(ciphertext, nonce...) ciphertext = append(ciphertext, nonce...)
return ciphertext, nil return ciphertext, nil
} }
func basicStringEncrypt(plaintext string, masterKey []byte, code []byte) (string, error) {
//log.Printf("Going to encrypt %s", plaintext)
nonce := []byte("$DataBunker$")
key := append(masterKey, code...)
block, err := aes.NewCipher(key)
if err != nil {
log.Printf("error in aes.NewCipher %s", err)
return "", err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
log.Printf("error in cipher.NewGCM: %s", err)
return "", err
}
ciphertext := aesgcm.Seal(nil, nonce, []byte(plaintext), nil)
result := base64.StdEncoding.EncodeToString(ciphertext)
//log.Printf("ciphertext : %s", result)
return result, nil
}
func basicStringDecrypt(data string, masterKey []byte, code []byte) (string, error) {
ciphertext, err := base64.StdEncoding.DecodeString(data)
if err != nil {
return "", err
}
nonce := []byte("$DataBunker$")
key := append(masterKey, code...)
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
return "", err
}
//log.Printf("decrypt result : %s", string(plaintext))
return string(plaintext), err
}