search

generalpiston / typeorm-encrypted

Encrypted field for typeorm.
MIT License
74 stars 19 forks source link

Can I use this for the mongoDB column encryption? #30

Closed Shashi-GS closed 3 years ago

Shashi-GS commented 3 years ago

I am trying to use as transformer, its not working.

generalpiston commented 3 years ago

Seems dependent on https://github.com/typeorm/typeorm/issues/4268.

generalpiston commented 3 years ago

Try using subscribers.

Shashi-GS commented 3 years ago

Oh! I tried to use subscribers. Still no luck.

13|api | Error: Invalid IV length 13|api | at Decipheriv.createCipherBase (internal/crypto/cipher.js:79:18) 13|api | at Decipheriv.createCipherWithIV (internal/crypto/cipher.js:115:20) 13|api | at new Decipheriv (internal/crypto/cipher.js:254:22) 13|api | at Object.createDecipheriv (crypto.js:117:10) 13|api | at Object.decryptData (/home/pulse/teamconnect/pulse-api-team/node_modules/typeorm-encrypted/lib/crypto.js:36:29) 13|api | at Object.decrypt (/home/pulse/teamconnect/pulse-api-team/node_modules/typeorm-encrypted/lib/entity.js:67:53) 13|api | at AutoEncryptSubscriber.afterLoad (/home/pulse/teamconnect/pulse-api-team/node_modules/typeorm-encrypted/lib/subscribers/AutoEncryptSubscriber.js:30:18) 13|api | at /home/pulse/teamconnect/pulse-api-team/node_modules/typeorm/subscriber/Broadcaster.js:285:58 13|api | at Array.forEach () 13|api | at /home/pulse/teamconnect/pulse-api-team/node_modules/typeorm/subscriber/Broadcaster.js:283:58 13|api | at Array.forEach () 13|api | at Broadcaster.broadcastLoadEventsForAll (/home/pulse/teamconnect/pulse-api-team/node_modules/typeorm/subscriber/Broadcaster.js:258:18) 13|api | at /home/pulse/teamconnect/pulse-api-team/node_modules/typeorm/entity-manager/MongoEntityManager.js:647:45 13|api | at process._tickCallback (internal/process/next_tick.js:68:7)

first access itself its returning this. any idea with this?

generalpiston commented 3 years ago

A couple of questions for you?

  1. Did your model have data in it before adding the encrypted field?
  2. Does your setup follow the README?

    type: "varchar",
    nullable: false,
    encrypt: {
      key: "d85117047fd06d3afa79b6e44ee3a52eb426fc24c3a2e3667732e8da0342b4da",
      algorithm: "aes-256-cbc",
      ivLength: 16
    }
  })```
Shashi-GS commented 3 years ago

Sorry for the late response.

  1. Yes I have existing data. Yet to migrate that data as well. I am trying to figure out the migration process as well.
  2. Yes I followed the README steps with both Transformers and subscribers. Subscriber I am getting this error but transformer is not at all working.
generalpiston commented 3 years ago

Here is a step by step way of doing it: https://github.com/generalpiston/typeorm-encrypted/issues/19#issuecomment-650979933.

Shashi-GS commented 3 years ago

Thank You for the quick response. Yes I am able to do this with some work around. There are couple of problems, please let me know is there any way I can solve this.

  1. @BeforeUpdate event is not working in mongodb with typeorm. I am using the update with ID method (this.dao.update(id.toString(), dataObj)). Right now I am doing work around for this.
  2. In some places of the application I have to use the encrypted field in where condition. Thinking how I can tackle this problem.
generalpiston commented 3 years ago

From typeorm docs:

You can define a method with any name in the entity and mark it with @BeforeUpdate and TypeORM will call it before an existing entity is updated using repository/manager save.

You cannot use typeorm-encrypted and perform complex queries. The reason being the contents in the database are encrypted. You'll probably want database level encryption like MySQL data-at-rest encryption or MongoDB data-at-rest encryption.