feat(加密): 为加密功能添加盐值支持以增强安全性

在加密和解密过程中添加随机盐值生成，替代原有的固定盐值
修改数据模型、控制器及加密函数以支持盐值存储和使用

Author: zxdong262

src/server/control/data-control.ts

@@ -4,19 +4,20 @@ import { nanoid } from 'nanoid'
 import { enc, dec } from './enc'
 
 export async function createData (data: string, userId: string): Promise<Data> {
-  const { encrypted, iv } = await enc(data)
+  const { encrypted, iv, salt } = await enc(data)
   return await DataModel.create({
     id: nanoid(),
     data: encrypted,
     userId,
-    iv
+    iv,
+    salt
   })
 }
 
 export async function getData (id: string): Promise<{ id: string, data: string, userId: string }> {
   const data = await DataModel.get(id)
   if (data.data !== '{}') {
-    const decryptedData = await dec(data.data, data.iv)
+    const decryptedData = await dec(data.data, data.iv, data.salt ?? 'salt')
     data.data = decryptedData
   }
   return {
@@ -27,12 +28,13 @@ export async function getData (id: string): Promise<{ id: string, data: string,
 }
 
 export async function updateData (id: string, data: string): Promise<string> {
-  const { encrypted, iv } = await enc(data)
+  const { encrypted, iv, salt } = await enc(data)
   await DataModel.update({
     id
   }, {
     data: encrypted,
-    iv
+    iv,
+    salt
   })
   return 'ok'
 }

src/server/control/enc.ts

@@ -21,27 +21,26 @@ export const enc = async function (
   str: string = '',
   password: string = process.env.JWT_SECRET as string,
   algorithm: string = algorithmDefault,
-  iv: Buffer = crypto.randomBytes(16)
-): Promise<{ encrypted: string, iv: string }> {
-  const key = await scryptAsync(password, 'salt', 24)
-  // Use `crypto.randomBytes` to generate a random iv instead of the static iv
+  iv: Buffer = crypto.randomBytes(16),
+  salt: string = crypto.randomBytes(16).toString('hex')
+): Promise<{ encrypted: string, iv: string, salt: string }> {
+  const key = await scryptAsync(password, salt, 24)
   const cipher = crypto.createCipheriv(algorithm, key, iv)
   let encrypted = cipher.update(str, 'utf8', 'hex')
   encrypted += cipher.final('hex')
-  return { encrypted, iv: iv.toString('hex') }
+  return { encrypted, iv: iv.toString('hex'), salt }
 }
 
 export const dec = async function (
   encrypted: string = '',
   ivStr: string,
+  salt: string,
   password: string = process.env.JWT_SECRET as string,
   algorithm: string = algorithmDefault
 ): Promise<string> {
   const iv = Buffer.from(ivStr, 'hex')
-  // Use the async `crypto.scrypt()` instead.
-  const key = await scryptAsync(password, 'salt', 24)
+  const key = await scryptAsync(password, salt, 24)
   const decipher = crypto.createDecipheriv(algorithm, key, iv)
-  // Encrypted using same algorithm, key and iv.
   let decrypted = decipher.update(encrypted, 'hex', 'utf8')
   decrypted += decipher.final('utf8')
   return decrypted

src/server/models/data-model.ts

@@ -5,6 +5,7 @@ import { Item } from 'dynamoose/dist/Item'
 export interface Data extends Item {
   id: string
   iv: string
+  salt: string
   userId: string
   data: string
 }
@@ -23,5 +24,8 @@ export const dataSchema = {
   },
   iv: {
     type: String
+  },
+  salt: {
+    type: String
   }
 }