37 lines
1.1 KiB
TypeScript
37 lines
1.1 KiB
TypeScript
|
import { randomBytes, createCipheriv, createDecipheriv } from 'crypto'
|
||
|
|
|
||
|
|
const algorithm = 'aes-256-gcm'
|
||
|
|
const secretKey = process.env.SECRET
|
||
|
|
|
||
|
|
export const encrypt = (
|
||
|
|
data: object
|
||
|
|
): { encryptedData: string; iv: string } => {
|
||
|
|
if (!secretKey) throw new Error(`SECRET is not in environment`)
|
||
|
|
const iv = randomBytes(16)
|
||
|
|
const cipher = createCipheriv(algorithm, secretKey, iv)
|
||
|
|
const dataString = JSON.stringify(data)
|
||
|
|
const encryptedData =
|
||
|
|
cipher.update(dataString, 'utf8', 'hex') + cipher.final('hex')
|
||
|
|
const tag = cipher.getAuthTag()
|
||
|
|
return {
|
||
|
|
encryptedData,
|
||
|
|
iv: iv.toString('hex') + '.' + tag.toString('hex'),
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
export const decrypt = (encryptedData: string, auth: string): object => {
|
||
|
|
if (!secretKey) throw new Error(`SECRET is not in environment`)
|
||
|
|
const [iv, tag] = auth.split('.')
|
||
|
|
const decipher = createDecipheriv(
|
||
|
|
algorithm,
|
||
|
|
secretKey,
|
||
|
|
Buffer.from(iv, 'hex')
|
||
|
|
)
|
||
|
|
decipher.setAuthTag(Buffer.from(tag, 'hex'))
|
||
|
|
return JSON.parse(
|
||
|
|
(
|
||
|
|
decipher.update(Buffer.from(encryptedData, 'hex')) + decipher.final('hex')
|
||
|
|
).toString()
|
||
|
|
)
|
||
|
|
}
|