🗃 Enable pgcrypto extension

SAMIBETTAYEB · achrinza · commit dcc2d96265c8 · 2021-09-12T22:41:38.000+08:00
Signed-off-by: SAMI BETTAYEB &lt;sami3639@gmail.com&gt;
diff --git a/lib/migration.js b/lib/migration.js
@@ -351,7 +351,8 @@ function mixinMigration(PostgreSQL) {
     });
     // default extension
     if (!createExtensions) {
-      createExtensions = 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";';
+      createExtensions = `CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+      CREATE EXTENSION IF NOT EXISTS "pgcrypto";`;
     }
 
     // Please note IF NOT EXISTS is introduced in postgresql v9.3
diff --git a/lib/postgresql.js b/lib/postgresql.js
@@ -112,6 +112,7 @@ PostgreSQL.prototype.connect = function(callback) {
     self.client = client;
     process.nextTick(releaseCb);
     callback && callback(err, client);
+    if (!err) self.execute('CREATE EXTENSION IF NOT EXISTS pgcrypto', function(createExtensionError) {});
   });
 };
 
@@ -588,6 +589,17 @@ PostgreSQL.prototype.buildWhere = function(model, where) {
   return whereClause;
 };
 
+PostgreSQL.prototype.getEncryptionFields = function(modelDefinition) {
+  if (modelDefinition
+    && modelDefinition.settings
+    && modelDefinition.settings.mixins
+    && modelDefinition.settings.mixins.Encryption
+    && modelDefinition.settings.mixins.Encryption.fields) {
+    return modelDefinition.settings.mixins.Encryption.fields;
+  }
+  return [];
+};
+
 /**
  * @private
  * @param model
@@ -606,6 +618,7 @@ PostgreSQL.prototype._buildWhere = function(model, where) {
   const self = this;
   const props = self.getModelDefinition(model).properties;
 
+  const encryptedFields = this.getEncryptionFields(this.getModelDefinition(model));
   const whereStmts = [];
   for (const key in where) {
     const stmt = new ParameterizedSQL('', []);
@@ -646,7 +659,18 @@ PostgreSQL.prototype._buildWhere = function(model, where) {
     }
     // eslint-disable one-var
     let expression = where[key];
-    const columnName = self.columnEscaped(model, key);
+    let columnName = self.columnEscaped(model, key);
+    if (encryptedFields.includes(key)) {
+      columnName = `convert_from(
+        decrypt_iv(
+          DECODE(${key},'hex')::bytea,
+          decode('${process.env.ENCRYPTION_HEX_KEY}','hex')::bytea,
+          decode('${process.env.ENCRYPTION_HEX_IV}','hex')::bytea,
+          'aes'
+        ),
+        'utf8'
+      )`;
+    }
     // eslint-enable one-var
     if (expression === null || expression === undefined) {
       stmt.merge(columnName + ' IS NULL');

Original file line number	Diff line number	Diff line change
`@@ -351,7 +351,8 @@ function mixinMigration(PostgreSQL) {`
`351`	`351`	`});`
`352`	`352`	`// default extension`
`353`	`353`	`if (!createExtensions) {`
`354`		`- createExtensions = 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";';`
	`354`	+ createExtensions = `CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
	`355`	+ CREATE EXTENSION IF NOT EXISTS "pgcrypto";`;
`355`	`356`	`}`
`356`	`357`
`357`	`358`	`// Please note IF NOT EXISTS is introduced in postgresql v9.3`