Added public/private keypairs for user (and hid from logging)

2023-01-05 22:33:03 -06:00 · 2023-01-05 22:33:03 -06:00 · 9f33c8b21d
parent dc7f902182
commit 9f33c8b21d
3 changed files with 952 additions and 925 deletions
--- a/core/logger.js
+++ b/core/logger.js
@ -32,7 +32,7 @@ module.exports = class Log {
        };

        //  try to remove sensitive info by default, e.g. 'password' fields
-        ['formData', 'formValue'].forEach(keyName => {
+        ['formData', 'formValue', 'user'].forEach(keyName => {
            serializers[keyName] = fd => Log.hideSensitive(fd);
        });

@ -65,7 +65,7 @@ module.exports = class Log {
            //
            return JSON.parse(
                JSON.stringify(obj).replace(
-                    /"(password|passwordConfirm|key|authCode)"\s?:\s?"([^"]+)"/,
+                    /"(password|passwordConfirm|key|authCode|private_key_main)"\s?:\s?"([^"]+)"/,
                    (match, valueName) => {
                        return `"${valueName}":"********"`;
                    }
--- a/core/user.js
+++ b/core/user.js
@ -547,6 +547,11 @@ module.exports = class User {

    async.series(
      [
+        function setKeyPair(callback) {
+          self.generateMainKeyPair(err => {
+            return callback(err);
+          });
+        },
        function saveProps(callback) {
          self.persistProperties(self.properties, trans, err => {
            return callback(err);
@ -638,6 +643,26 @@ module.exports = class User {
    );
  }

+  generateMainKeyPair(cb) {
+    crypto.generateKeyPair('rsa', {
+      modulusLength: 4096,
+      publicKeyEncoding: {
+        type: 'spki',
+        format: 'pem'
+      },
+      privateKeyEncoding: {
+        type: 'pkcs8',
+        format: 'pem'
+      }
+    }, (err, publicKey, privateKey) => {
+      if (!err) {
+        this.setProperty(UserProps.PrivateKeyMain, privateKey);
+        this.setProperty(UserProps.PublicKeyMain, publicKey);
+      }
+      return cb(err);
+    });
+  }
+
  persistProperties(properties, transOrDb, cb) {
    if (!_.isFunction(cb) && _.isFunction(transOrDb)) {
      cb = transOrDb;
--- a/core/user_property.js
+++ b/core/user_property.js
@ -66,4 +66,6 @@ module.exports = {
    AuthFactor2OTP: 'auth_factor2_otp', //  If present, OTP type for 2FA. See OTPTypes
    AuthFactor2OTPSecret: 'auth_factor2_otp_secret', //  Secret used in conjunction with OTP 2FA
    AuthFactor2OTPBackupCodes: 'auth_factor2_otp_backup', //  JSON array of backup codes
+    PublicKeyMain: 'public_key_main', // RSA public key for user
+    PrivateKeyMain: 'private_key_main', // RSA private key (corresponding to PublicKeyMain)
 };