feat: using the edge function

outerbase · Mar 19, 2024 · 13903bc · 13903bc
1 parent ff347cf
commit 13903bc
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 10 deletions.
diff --git a/src/app/api/database/[database_id]/route.ts b/src/app/api/database/[database_id]/route.ts
@@ -4,7 +4,7 @@ import { NextResponse } from "next/server";
 import { database } from "@/db/schema";
 import { eq } from "drizzle-orm";
 import { db } from "@/db";
-import { encrypt } from "@/lib/encryption";
+import { encrypt } from "@/lib/encryption-edge";
 import { env } from "@/env";
 import { SavedConnectionItemConfig } from "@/app/connect/saved-connection-storage";
 
@@ -65,7 +65,6 @@ export const PUT = withDatabaseOperation(
     }
 
     const data = parsed.data;
-    const key = Buffer.from(env.ENCRYPTION_KEY, "base64");
 
     if (!permission.isOwner) {
       return NextResponse.json({ error: "Unauthorization" }, { status: 500 });
@@ -78,7 +77,9 @@ export const PUT = withDatabaseOperation(
         description: data.description,
         name: data.name,
         host: data.config.url,
-        token: data.config.token ? encrypt(key, data.config.token) : undefined,
+        token: data.config.token
+          ? await encrypt(env.ENCRYPTION_KEY, data.config.token)
+          : undefined,
       })
       .where(eq(database.id, databaseInfo.id));
 

diff --git a/src/app/api/ops/[database_id]/batch/route.ts b/src/app/api/ops/[database_id]/batch/route.ts
@@ -1,5 +1,5 @@
 import { env } from "@/env";
-import { decrypt } from "@/lib/encryption";
+import { decrypt } from "@/lib/encryption-edge";
 import withDatabaseOperation from "@/lib/with-database-ops";
 import { createClient } from "@libsql/client/web";
 import { NextResponse } from "next/server";
@@ -21,9 +21,8 @@ export const POST = withDatabaseOperation<{
     );
   }
 
-  const key = Buffer.from(env.ENCRYPTION_KEY, "base64");
   const url = database.host ?? "";
-  const token = decrypt(key, database.token ?? "");
+  const token = await decrypt(env.ENCRYPTION_KEY, database.token ?? "");
 
   const client = createClient({
     url,

diff --git a/src/app/api/ops/[database_id]/query/route.ts b/src/app/api/ops/[database_id]/query/route.ts
@@ -1,5 +1,5 @@
 import { env } from "@/env";
-import { decrypt } from "@/lib/encryption";
+import { decrypt } from "@/lib/encryption-edge";
 import withDatabaseOperation from "@/lib/with-database-ops";
 import { createClient } from "@libsql/client/web";
 import { NextResponse } from "next/server";
@@ -19,9 +19,8 @@ export const POST = withDatabaseOperation<{
     );
   }
 
-  const key = Buffer.from(env.ENCRYPTION_KEY, "base64");
   const url = database.host ?? "";
-  const token = decrypt(key, database.token ?? "");
+  const token = await decrypt(env.ENCRYPTION_KEY, database.token ?? "");
 
   const client = createClient({
     url,

diff --git a/src/env.ts b/src/env.ts
@@ -1,4 +1,3 @@
-import "dotenv/config";
 import { createEnv } from "@t3-oss/env-nextjs";
 import { z } from "zod";
 

diff --git a/src/lib/encryption-edge.ts b/src/lib/encryption-edge.ts
@@ -0,0 +1,65 @@
+const RANDOM_IV_LENGTH = 12;
+const AUTH_TAG_SIZE = 16;
+
+function base64ToArrayBuffer(base64: string) {
+  const binaryString = atob(base64);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  return bytes.buffer;
+}
+
+function arrayBufferToBase64(buffer: Uint8Array) {
+  let binary = "";
+  const bytes = new Uint8Array(buffer);
+  const len = bytes.byteLength;
+  for (let i = 0; i < len; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+
+export async function encrypt(keyInBase64: string, text: string) {
+  const iv = crypto.getRandomValues(new Uint8Array(RANDOM_IV_LENGTH));
+  const encoded = new TextEncoder().encode(text);
+  const keyBuffer = base64ToArrayBuffer(keyInBase64);
+
+  const key = await crypto.subtle.importKey(
+    "raw",
+    keyBuffer,
+    { name: "AES-GCM" },
+    false,
+    ["encrypt"]
+  );
+
+  const c = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv, tagLength: AUTH_TAG_SIZE * 8 },
+    key,
+    encoded
+  );
+
+  return arrayBufferToBase64(new Uint8Array([...iv, ...new Uint8Array(c)]));
+}
+
+export async function decrypt(keyInBase64: string, base64: string) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    base64ToArrayBuffer(keyInBase64),
+    { name: "AES-GCM" },
+    false,
+    ["decrypt"]
+  );
+
+  const e = base64ToArrayBuffer(base64);
+  const iv = e.slice(0, RANDOM_IV_LENGTH);
+  const content = e.slice(RANDOM_IV_LENGTH);
+
+  const c = await crypto.subtle.decrypt(
+    { name: "AES-GCM", iv, tagLength: AUTH_TAG_SIZE * 8 },
+    key,
+    content
+  );
+
+  return new TextDecoder().decode(c);
+}