Open danstis opened 3 weeks ago
β±οΈ Estimated effort to review: 4 π΅π΅π΅π΅βͺ |
π§ͺ No relevant tests |
π No security concerns identified |
β‘ Key issues to review Possible Bug The loop for checking if a generated key already exists in the database does not wait for the database query to complete due to JavaScript's non-blocking nature. This might result in an infinite loop or incorrect data being inserted into the database. Security Concern The method `decrypt` in `CryptorV1` uses `crypto.createDecipher`, which is deprecated and considered insecure. It should be replaced with `crypto.createDecipheriv` for better security. Error Handling The error handling in the encryption and decryption process does not differentiate between different types of errors (e.g., database errors, encryption errors), which might lead to misleading error messages being shown to the user. |
PR Type
enhancement, dependencies, configuration changes
Description
CryptorFactory
andCryptor
classes.key
parameter withid
for entry identification.express
,body-parser
, andi18n
.Changes walkthrough π
3 files
index.js
Implement encryption refactoring and error handling
routes/index.js
CryptorFactory
class andCryptor
classes forencryption and decryption.
key
parameter withid
for identifying entries.app.js
Update database import and export configuration
app.js
nedb
import to use@seald-io/nedb
.nedb
instance for external usage.index.ejs
Update form input field for entry identification
views/index.ejs - Changed hidden input field from `key` to `id`.
3 files
docker-image.yml
Add Docker image CI workflow
.github/workflows/docker-image.yml
Dockerfile
Update Git repository URL in Dockerfile
docker/Dockerfile - Updated Git repository URL for cloning.
docker-compose.yml
Update Docker Compose service configuration
docker/docker-compose.yml
wemove/read2burn:latest
.1 files
package.json
Update project dependencies
package.json
express
,body-parser
, andi18n
.@seald-io/nedb
andbase-x
.1 files
readme.md
Simplify Docker usage instructions
docker/readme.md
1 files
package-lock.json
...
package-lock.json ...