Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature to Encrypt user email in database #2627

Open
wants to merge 50 commits into
base: develop
Choose a base branch
from
Open

Feature to Encrypt user email in database #2627

Show file tree
Hide file tree
Changes from 37 commits
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
f3af8ed
first
prayanshchh Oct 13, 2024
7583235
email encryption
prayanshchh Oct 13, 2024
3bcb124
conflicts
prayanshchh Oct 17, 2024
a895e95
Merge branch 'develop' into encrypt_email
prayanshchh Oct 18, 2024
cfcb403
added hashedEmails for faster lookups
prayanshchh Oct 20, 2024
5259ac7
Merge branch 'develop' of https://github.com/PalisadoesFoundation/tal…
prayanshchh Oct 20, 2024
908f567
Merge branch 'encrypt_email' of https://github.com/prayanshchh/prayan…
prayanshchh Oct 20, 2024
333ddc1
using crypto for hashing emails
prayanshchh Oct 24, 2024
8799953
tests for hashing and utility function
prayanshchh Oct 27, 2024
a0fba68
coderrabitai suggestion
prayanshchh Oct 29, 2024
7ffee91
suggestions
prayanshchh Oct 29, 2024
7dad60c
last_suggestion
prayanshchh Oct 29, 2024
789069c
fixing tests
prayanshchh Oct 29, 2024
483ac61
new suggestions
prayanshchh Oct 29, 2024
ae7120f
Resolved merge conflicts with upstream/develop
prayanshchh Oct 29, 2024
c3ed5c3
added Tsdoc comments for encryption file
prayanshchh Oct 29, 2024
5b0c87d
Merge branch 'develop' into encrypt_email
prayanshchh Oct 30, 2024
5dcf341
fixing linting errors
prayanshchh Oct 30, 2024
f0eed10
Merge branch 'encrypt_email' of https://github.com/prayanshchh/prayan…
prayanshchh Oct 30, 2024
b92fef9
fixing tests 2
prayanshchh Oct 30, 2024
9abd2db
fixing import errors
prayanshchh Oct 30, 2024
32ac7c4
eslint disable fix
prayanshchh Oct 30, 2024
5a976c5
Merge branch 'develop' into encrypt_email
prayanshchh Nov 4, 2024
b1d22ae
eslint fix
prayanshchh Nov 4, 2024
88d4c4d
commit 25
prayanshchh Nov 4, 2024
07516b6
encryption edit
prayanshchh Nov 4, 2024
6d4dab8
Merge branch 'develop' into encrypt_email
prayanshchh Nov 5, 2024
d513a7b
encryption regex
prayanshchh Nov 5, 2024
8932b62
Merge branch 'encrypt_email' of https://github.com/prayanshchh/prayan…
prayanshchh Nov 5, 2024
7bb92d6
eslint errors fix
prayanshchh Nov 5, 2024
558488d
user.ts fix
prayanshchh Nov 5, 2024
a8ce670
setup.ts lint fix
prayanshchh Nov 5, 2024
6104867
setup.ts import fix
prayanshchh Nov 6, 2024
4d298c1
format fix
prayanshchh Nov 6, 2024
f45df1c
disable line
prayanshchh Nov 7, 2024
476e9a3
format-changed-files
prayanshchh Nov 7, 2024
0a2fcbd
hash_pepper setup
prayanshchh Nov 8, 2024
e68a298
hard code new env variables
prayanshchh Nov 8, 2024
7e0242c
resolving failing tests
prayanshchh Nov 9, 2024
9737ca1
final resolves
prayanshchh Nov 9, 2024
fa3a3ab
increasing code coverage
prayanshchh Nov 10, 2024
be77cba
lint error in code cov
prayanshchh Nov 10, 2024
359d762
fix lint
prayanshchh Nov 10, 2024
cac3465
fix tests
prayanshchh Nov 10, 2024
729aa2e
Merge branch 'develop' into encrypt_email
prayanshchh Nov 11, 2024
3bbf4e0
test fix
prayanshchh Nov 11, 2024
fc0ad07
cleaner-error-handling
prayanshchh Nov 12, 2024
9f3342b
Merge branch 'develop' into encrypt_email
prayanshchh Nov 12, 2024
27916b7
unused vars
prayanshchh Nov 12, 2024
12a7e58
Merge branch 'develop' into encrypt_email
prayanshchh Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion .env.sample
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,20 @@ MINIO_DATA_DIR=

# this environment variable is for setting the environment variable for Image Upload size

IMAGE_SIZE_LIMIT_KB=3000
IMAGE_SIZE_LIMIT_KB=3000

# This environment variable provides the encryption key for securing user email addresses.
# Format: Base64-encoded 32-byte key
# Generation: Use a cryptographically secure method to generate this key
# WARNING: Keep this value secret and never commit it to version control
ENCRYPTION_KEY=

# This environment variable provides additional entropy for email hashing
# Format: Random string of at least 32 characters
# Generation: Use a cryptographically secure random string generator
# Example generation: openssl rand -hex 32
# Example format: HASH_PEPPER=YOUR_HEX_STRING
# WARNING: Keep this value secret and never commit it to version control
# NOTE: Changing this value will invalidate all existing email hashes.
# Ensure database migration strategy is in place before changing.
HASH_PEPPER=
3 changes: 3 additions & 0 deletions .github/workflows/pull-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,9 @@ jobs:
LAST_RESORT_SUPERADMIN_EMAIL: "abc@gmail.com"
COLORIZE_LOGS: "true"
LOG_LEVEL: "info"
ENCRYPTION_KEY: ${{secrets.ENCRYPTION_KEY}}
HASH_PEPPER: ${{secrets.HASH_PEPPER}}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Environment variables properly configured, but documentation needed

The verification shows:

  1. .env.sample includes both variables with appropriate placeholders
  2. GraphQL schema confirms email encryption implementation with hashedEmail field and encryption boolean
  3. No setup documentation found for the new encryption variables

Please add documentation in a README.md or docs folder explaining:

  • Purpose and format of ENCRYPTION_KEY and HASH_PEPPER
  • Steps to generate secure values for these variables
  • How to configure them in GitHub secrets
🔗 Analysis chain

Verify GitHub secrets configuration for encryption.

The new environment variables for email encryption look good. However, please ensure:

  1. These secrets are properly configured in the GitHub repository settings
  2. Documentation is updated to explain how to set up these secrets
  3. The .env.sample file includes these variables with appropriate descriptions

Let's verify the integration points:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if .env.sample has been updated with the new variables
echo "Checking .env.sample for new variables..."
rg "ENCRYPTION_KEY|HASH_PEPPER" .env.sample

# Check if documentation has been updated
echo "Checking documentation for setup instructions..."
rg -i "encryption.*key|hash.*pepper" "*.md"

Length of output: 411

Script:

#!/bin/bash
# Check for documentation in docs directory and other common locations
echo "Checking for documentation in various locations..."
fd -e md -x rg -i "encryption.*key|hash.*pepper" {}

# Check for setup instructions in repository
echo "Checking for setup related files..."
fd -g "*setup*" -g "*install*" -g "*config*" -x rg -i "encryption.*key|hash.*pepper" {}

# Look for any GraphQL schema changes related to email encryption
echo "Checking GraphQL schema..."
fd -g "schema.graphql" -x cat {}

Length of output: 46113

Script:

#!/bin/bash
# Check for email-related fields and types in GraphQL schema
echo "Checking for email-related fields in User type..."
rg -A 5 -B 5 "email.*:" schema.graphql

# Check for setup/config files that might need encryption key configuration
echo "Checking for setup and config files..."
fd -g "*setup*" -g "*config*" -g "*.env*" -x cat {}

# Look for any email-related mutations or types
echo "Checking for email-related mutations and types..."
rg -i "email|encrypt" schema.graphql

Length of output: 2317

# ACCESS_TOKEN_SECRET: ${{ secrets.ACCESS_TOKEN_SECRET }}
# REFRESH_TOKEN_SECRET: ${{ secrets.REFRESH_TOKEN_SECRET }}

Expand Down
3 changes: 2 additions & 1 deletion sample_data/defaultUser.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@
"pluginCreationAllowed": true,
"firstName": "Default",
"lastName": "Admin",
"email": "defaultadmin@example.com",
"email": "SAMPLE_IV:SAMPLE_SALT:SAMPLE_ENCRYPTED_EMAIL",
"hashedEmail": "SAMPLE_HASHED_EMAIL_VALUE",
"password": "$2a$12$bSYpay6TRMpTOaAmYPFXku4avwmqfFBtmgg39TabxmtFEiz4plFtW",
"image": null,
"createdAt": "2023-04-13T04:53:17.742Z",
Expand Down
Loading
Loading