53 lines
1.4 KiB
JavaScript
53 lines
1.4 KiB
JavaScript
const fs = require("fs");
|
|
const path = require("path");
|
|
const crypto = require("crypto");
|
|
|
|
const CONFIG_PATH = path.join(__dirname, "..", "config.enc");
|
|
|
|
function getKey() {
|
|
const raw = process.env.CONFIG_KEY;
|
|
if (!raw) {
|
|
throw new Error("CONFIG_KEY fehlt in .env");
|
|
}
|
|
return crypto.createHash("sha256").update(raw).digest(); // 32 bytes
|
|
}
|
|
|
|
function encrypt(obj) {
|
|
const iv = crypto.randomBytes(12);
|
|
const key = getKey();
|
|
const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
|
|
|
|
const data = Buffer.from(JSON.stringify(obj), "utf8");
|
|
const enc = Buffer.concat([cipher.update(data), cipher.final()]);
|
|
const tag = cipher.getAuthTag();
|
|
|
|
// [iv(12)] + [tag(16)] + [encData]
|
|
return Buffer.concat([iv, tag, enc]);
|
|
}
|
|
|
|
function decrypt(buf) {
|
|
const iv = buf.subarray(0, 12);
|
|
const tag = buf.subarray(12, 28);
|
|
const enc = buf.subarray(28);
|
|
|
|
const key = getKey();
|
|
const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
|
|
decipher.setAuthTag(tag);
|
|
|
|
const data = Buffer.concat([decipher.update(enc), decipher.final()]);
|
|
return JSON.parse(data.toString("utf8"));
|
|
}
|
|
|
|
function loadConfig() {
|
|
if (!fs.existsSync(CONFIG_PATH)) return null;
|
|
const buf = fs.readFileSync(CONFIG_PATH);
|
|
return decrypt(buf);
|
|
}
|
|
|
|
function saveConfig(cfg) {
|
|
const buf = encrypt(cfg);
|
|
fs.writeFileSync(CONFIG_PATH, buf);
|
|
}
|
|
|
|
module.exports = { loadConfig, saveConfig, CONFIG_PATH };
|