syc0123
4c42cc7b53
- IMAP 계정 등록/수정/삭제/연결테스트 - SSE 스트리밍으로 메일 목록 로드 (폴더별 지원) - 메일 상세 조회, 읽음 처리, 삭제(휴지통 이동), 폴더 이동 - 첨부파일 다운로드 (ReadableStream 진행바) - SMTP 발송, 답장, 전달 - imapConnectionPool, mailCache 서비스 - encryptionService Node 22+ 호환 수정 - authMiddleware query token 지원 추가 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
77 lines
2.4 KiB
TypeScript
77 lines
2.4 KiB
TypeScript
import crypto from 'crypto';
|
|
|
|
class EncryptionService {
|
|
private readonly algorithm = 'aes-256-gcm';
|
|
private readonly key: Buffer;
|
|
|
|
constructor() {
|
|
const keyString = process.env.ENCRYPTION_KEY;
|
|
if (!keyString) {
|
|
throw new Error('ENCRYPTION_KEY environment variable is required');
|
|
}
|
|
this.key = crypto.scryptSync(keyString, 'salt', 32);
|
|
}
|
|
|
|
encrypt(text: string): string {
|
|
const iv = crypto.randomBytes(16);
|
|
const cipher = crypto.createCipheriv(this.algorithm, this.key, iv);
|
|
|
|
let encrypted = cipher.update(text, 'utf8', 'hex');
|
|
encrypted += cipher.final('hex');
|
|
|
|
const authTag = cipher.getAuthTag();
|
|
|
|
return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
|
|
}
|
|
|
|
decrypt(encryptedText: string): string {
|
|
const [ivHex, authTagHex, encrypted] = encryptedText.split(':');
|
|
|
|
if (!ivHex || !authTagHex || !encrypted) {
|
|
throw new Error('Invalid encrypted text format');
|
|
}
|
|
|
|
const iv = Buffer.from(ivHex, 'hex');
|
|
const authTag = Buffer.from(authTagHex, 'hex');
|
|
|
|
const decipher = crypto.createDecipheriv(this.algorithm, this.key, iv);
|
|
decipher.setAuthTag(authTag);
|
|
|
|
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
|
|
decrypted += decipher.final('utf8');
|
|
|
|
return decrypted;
|
|
}
|
|
|
|
// 비밀번호 해싱 (bcrypt 대신 사용)
|
|
hashPassword(password: string): string {
|
|
const salt = crypto.randomBytes(16).toString('hex');
|
|
const hash = crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha512').toString('hex');
|
|
return salt + ':' + hash;
|
|
}
|
|
|
|
verifyPassword(password: string, hashedPassword: string): boolean {
|
|
const [salt, hash] = hashedPassword.split(':');
|
|
const verifyHash = crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha512').toString('hex');
|
|
return hash === verifyHash;
|
|
}
|
|
|
|
// 랜덤 토큰 생성
|
|
generateToken(length: number = 32): string {
|
|
return crypto.randomBytes(length).toString('hex');
|
|
}
|
|
|
|
// HMAC 서명 생성
|
|
createHmac(data: string, secret: string): string {
|
|
return crypto.createHmac('sha256', secret).update(data).digest('hex');
|
|
}
|
|
|
|
// HMAC 검증
|
|
verifyHmac(data: string, signature: string, secret: string): boolean {
|
|
const expectedSignature = this.createHmac(data, secret);
|
|
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature));
|
|
}
|
|
}
|
|
|
|
export const encryptionService = new EncryptionService();
|