krao/fourge-portal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
fourge-portal/supabase/functions/fourge-passwords-crypto/index.ts
T
Krao Hasanee eee0885811 Fix file sharing load speed and move error; misc updates 
- Remove recursive directory size calculations (single Seafile API call per list)
- Remove 'Used in this location' usage display
- Fix move using v2 per-type endpoints instead of broken batch endpoint
- Send entry type from frontend for correct move routing

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 14:20:38 -04:00

100 lines
3.4 KiB
TypeScript
Raw Permalink Blame History

// deno-lint-ignore-file
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
}
const json = (body: Record<string, unknown>, status: number) =>
new Response(JSON.stringify(body), {
status,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
})
function encodeBase64(bytes: Uint8Array) {
return btoa(String.fromCharCode(...bytes))
}
function decodeBase64(value: string) {
return Uint8Array.from(atob(value), char => char.charCodeAt(0))
}
async function requireTeam(authHeader: string) {
const supabaseUrl = Deno.env.get('SUPABASE_URL') ?? ''
const supabaseKey = Deno.env.get('SUPABASE_ANON_KEY') || Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') || ''
const callerClient = createClient(
supabaseUrl,
supabaseKey,
{ global: { headers: { Authorization: authHeader } } }
)
const { data: userData, error: userError } = await callerClient.auth.getUser()
if (userError || !userData?.user) return { ok: false, error: `Auth failed: ${userError?.message ?? 'no user'}`, status: 401 }
const { data: profile, error: profileError } = await callerClient
.from('profiles').select('role').eq('id', userData.user.id).single()
if (profileError) return { ok: false, error: `Profile error: ${profileError.message}`, status: 500 }
if (profile?.role !== 'team') return { ok: false, error: 'Forbidden: team only', status: 403 }
return { ok: true }
}
async function getKey() {
const secret = Deno.env.get('PASSWORD_VAULT_KEY') ?? ''
if (!secret) throw new Error('PASSWORD_VAULT_KEY is not configured.')
const rawKey = decodeBase64(secret)
return crypto.subtle.importKey('raw', rawKey, 'AES-GCM', false, ['encrypt', 'decrypt'])
}
Deno.serve(async (req) => {
if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })
try {
const authHeader = req.headers.get('Authorization') ?? ''
if (!authHeader) return json({ error: 'No authorization header' }, 401)
const auth = await requireTeam(authHeader)
if (!auth.ok) return json({ error: auth.error as string }, auth.status as number)
const body = await req.json()
const action = body?.action
const key = await getKey()
if (action === 'encrypt') {
const plaintext = String(body?.plaintext ?? '')
if (!plaintext) return json({ error: 'plaintext required' }, 400)
const iv = crypto.getRandomValues(new Uint8Array(12))
const encoded = new TextEncoder().encode(plaintext)
const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded)
return json({
ciphertext: encodeBase64(new Uint8Array(ciphertext)),
iv: encodeBase64(iv),
}, 200)
}
if (action === 'decrypt') {
const ciphertext = String(body?.ciphertext ?? '')
const ivValue = String(body?.iv ?? '')
if (!ciphertext || !ivValue) return json({ error: 'ciphertext and iv required' }, 400)
const decrypted = await crypto.subtle.decrypt(
{ name: 'AES-GCM', iv: decodeBase64(ivValue) },
key,
decodeBase64(ciphertext),
)
return json({ plaintext: new TextDecoder().decode(decrypted) }, 200)
}
return json({ error: 'Invalid action' }, 400)
} catch (err) {
return json({ error: `Unexpected: ${String(err)}` }, 500)
}
})
Reference in New Issue View Git Blame Copy Permalink