CHAI
/
chtech-anythingllm
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
235 MiB
Tree: aa535db511
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aa535db511'
${ noResults }
chtech-anythingllm/collector/middleware/setDataSigner.js

40 lines
2.1 KiB
Raw Normal View History

first commit
11 months ago
  1. const { EncryptionWorker } = require("../utils/EncryptionWorker");
  2. const { CommunicationKey } = require("../utils/comKey");
  4. /**
  5. * Express Response Object interface with defined encryptionWorker attached to locals property.
  6. * @typedef {import("express").Response & import("express").Response['locals'] & {encryptionWorker: EncryptionWorker} } ResponseWithSigner
  7. */
  9. // You can use this middleware to assign the EncryptionWorker to the response locals
  10. // property so that if can be used to encrypt/decrypt arbitrary data via response object.
  11. // eg: Encrypting API keys in chunk sources.
  13. // The way this functions is that the rolling RSA Communication Key is used server-side to private-key encrypt the raw
  14. // key of the persistent EncryptionManager credentials. Since EncryptionManager credentials do _not_ roll, we should not send them
  15. // even between server<>collector in plaintext because if the user configured the server/collector to be public they could technically
  16. // be exposing the key in transit via the X-Payload-Signer header. Even if this risk is minimal we should not do this.
  18. // This middleware uses the CommunicationKey public key to first decrypt the base64 representation of the EncryptionManager credentials
  19. // and then loads that in to the EncryptionWorker as a buffer so we can use the same credentials across the system. Should we ever break the
  20. // collector out into its own service this would still work without SSL/TLS.
  22. /**
  23. *
  24. * @param {import("express").Request} request
  25. * @param {import("express").Response} response
  26. * @param {import("express").NextFunction} next
  27. */
  28. function setDataSigner(request, response, next) {
  29. const comKey = new CommunicationKey();
  30. const encryptedPayloadSigner = request.header("X-Payload-Signer");
  31. if (!encryptedPayloadSigner) console.log('Failed to find signed-payload to set encryption worker! Encryption calls will fail.');
  33. const decryptedPayloadSignerKey = comKey.decrypt(encryptedPayloadSigner);
  34. const encryptionWorker = new EncryptionWorker(decryptedPayloadSignerKey);
  35. response.locals.encryptionWorker = encryptionWorker;
  36. next();
  37. }
  39. module.exports = {
  40. setDataSigner
  41. }