diff --git a/backend/package-lock.json b/backend/package-lock.json index 227374b..9973f6b 100755 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -11,6 +11,7 @@ "dependencies": { "body-parser": "^1.20.2", "cors": "^2.8.5", + "crypto": "^1.0.1", "dotenv": "^16.4.5", "express": "^4.18.3", "mongodb": "^6.4.0" @@ -155,6 +156,13 @@ "node": ">= 0.10" } }, + "node_modules/crypto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/crypto/-/crypto-1.0.1.tgz", + "integrity": "sha512-VxBKmeNcqQdiUQUW2Tzq0t377b54N2bMtXO/qiLa+6eRRmmC4qT3D4OnTGoT/U6O9aklQ/jTwbOtRMTTY8G0Ig==", + "deprecated": "This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in.", + "license": "ISC" + }, "node_modules/debug": { "version": "2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", diff --git a/backend/package.json b/backend/package.json index 7b5a8f6..182a584 100755 --- a/backend/package.json +++ b/backend/package.json @@ -12,8 +12,9 @@ "dependencies": { "body-parser": "^1.20.2", "cors": "^2.8.5", + "crypto": "^1.0.1", "dotenv": "^16.4.5", "express": "^4.18.3", "mongodb": "^6.4.0" } -} \ No newline at end of file +} diff --git a/backend/server.js b/backend/server.js index c073b88..06bb253 100755 --- a/backend/server.js +++ b/backend/server.js @@ -3,6 +3,33 @@ const dotenv = require("dotenv"); const { MongoClient, ObjectId } = require("mongodb"); const bodyParser = require("body-parser"); const cors = require("cors"); +const crypto = require("crypto"); + +// Encryption and Decryption keys +const ENCRYPTION_KEY = crypto.randomBytes(32); // Must be 256 bits (32 bytes) +const IV_LENGTH = 16; // For AES, this is always 16 + + +// Encrypt a password +const encrypt = (text) => { + const iv = crypto.randomBytes(IV_LENGTH); + const cipher = crypto.createCipheriv("aes-256-cbc", Buffer.from(ENCRYPTION_KEY), iv); + let encrypted = cipher.update(text, "utf8", "hex"); + encrypted += cipher.final("hex"); + return iv.toString("hex") + ":" + encrypted; // Store IV with the encrypted password +}; + +// Decrypt function +function decrypt(text) { + let ivBuffer = Buffer.from(text.iv, "hex"); + let encryptedText = text.encryptedData; + + let decipher = crypto.createDecipheriv("aes-256-cdc", Buffer.from(ENCRYPTION_KEY), ivBuffer); + let decrypted = decipher.update(encryptedText, "hex", "utf-8"); + decrypted += decipher.final("utf-8"); + + return decrypted; +} dotenv.config(); @@ -55,7 +82,9 @@ app.post("/", async (req, res) => { const db = client.db(dbName); const collection = db.collection("passwords"); - const result = await collection.insertOne({ site, username, password }); + // Encrypt the password before saving + const encryptedPassword = encrypt(password); + const result = await collection.insertOne({ site, username, password: encryptedPassword }); res.status(201).json({ success: true, result }); } catch (error) { console.error("Error saving password:", error); @@ -78,9 +107,13 @@ app.put("/:id", async (req, res) => { const db = client.db(dbName); const collection = db.collection("passwords"); + + // Encrypt the new password before updating + const encryptedPassword = encrypt(password); + const result = await collection.updateOne( { _id: new ObjectId(id) }, - { $set: { site, username, password } } + { $set: { site, username, password: encryptedPassword } } // Use the encrypted password here ); if (result.matchedCount === 0) { @@ -100,6 +133,7 @@ app.put("/:id", async (req, res) => { } }); + // Delete a password by id app.delete("/:id", async (req, res) => { try {