From 1a41da24ed467f5d068101223866f8b12e5b454b Mon Sep 17 00:00:00 2001 From: Benjamin Palko Date: Thu, 13 Feb 2025 12:07:06 -0500 Subject: [PATCH] crypto for twilio config was not properly implemented --- src/lib/server/twilio/index.ts | 20 ++++++++++++++++++++ src/routes/app/settings/+page.server.ts | 25 +++++++++++++++++++------ src/routes/app/sms/+page.server.ts | 9 +++++++-- 3 files changed, 46 insertions(+), 8 deletions(-) create mode 100644 src/lib/server/twilio/index.ts diff --git a/src/lib/server/twilio/index.ts b/src/lib/server/twilio/index.ts new file mode 100644 index 0000000..7654f9e --- /dev/null +++ b/src/lib/server/twilio/index.ts @@ -0,0 +1,20 @@ +import type { TwilioConfig } from '@prisma/client'; +import { decrypt, encrypt } from '../crypto'; + +type TwilioCore = Pick; + +export function encryptTwilioConfig({ accountSID, authToken, phoneNumber }: TwilioCore) { + return { + accountSID: encrypt(accountSID), + authToken: encrypt(authToken), + phoneNumber: encrypt(phoneNumber), + }; +} + +export function decryptTwilioConfig({ accountSID, authToken, phoneNumber }: TwilioCore) { + return { + accountSID: decrypt(accountSID), + authToken: decrypt(authToken), + phoneNumber: decrypt(phoneNumber), + }; +} diff --git a/src/routes/app/settings/+page.server.ts b/src/routes/app/settings/+page.server.ts index 3a0c553..0738b34 100644 --- a/src/routes/app/settings/+page.server.ts +++ b/src/routes/app/settings/+page.server.ts @@ -1,6 +1,7 @@ import { PhoneRegex } from '$lib/regex'; import { logger } from '$lib/server/logger'; import { prisma } from '$lib/server/prisma'; +import { encryptTwilioConfig, decryptTwilioConfig } from '$lib/server/twilio'; import { fail, type Actions } from '@sveltejs/kit'; import zod from 'zod'; @@ -20,8 +21,16 @@ export const load = async (event) => { }, }); + if (!configs) { + return {}; + } + return { - configs: configs, + configs: { + ...(configs.twilioConfig && { + twilioConfig: decryptTwilioConfig(configs.twilioConfig), + }), + }, }; }; @@ -65,28 +74,32 @@ export const actions = { create: { tenantId: tenantId, twilioConfig: { - create: { + create: encryptTwilioConfig({ accountSID: accountSID, authToken: authToken, phoneNumber: phoneNumber, - }, + }), }, }, update: { tenantId: tenantId, twilioConfig: { - update: { + update: encryptTwilioConfig({ accountSID: accountSID, authToken: authToken, phoneNumber: phoneNumber, - }, + }), }, }, select: { twilioConfig: true }, }); return { - configs: configs, + configs: { + ...(configs.twilioConfig && { + twilioConfig: decryptTwilioConfig(configs.twilioConfig), + }), + }, }; }, } satisfies Actions; diff --git a/src/routes/app/sms/+page.server.ts b/src/routes/app/sms/+page.server.ts index 1a3aff0..34f1ff6 100644 --- a/src/routes/app/sms/+page.server.ts +++ b/src/routes/app/sms/+page.server.ts @@ -1,6 +1,7 @@ import type { Recipient } from '$lib/components/SMS'; import { logger } from '$lib/server/logger'; import { prisma } from '$lib/server/prisma/index.js'; +import { decryptTwilioConfig } from '$lib/server/twilio/index.js'; import { fail, type Actions } from '@sveltejs/kit'; import twilio from 'twilio'; import zod from 'zod'; @@ -24,6 +25,8 @@ export const load = async (event) => { const { success, error: validationError } = zod .object({ accountSID: zod.string(), + authToken: zod.string(), + phoneNumber: zod.string(), }) .safeParse(configs?.twilioConfig); @@ -84,14 +87,16 @@ export const actions = { return fail(307, { error: 'no_twilio_config' }); } - const client = twilio(config.accountSID, config.authToken); + const decryptedConfig = decryptTwilioConfig(config); + + const client = twilio(decryptedConfig.accountSID, decryptedConfig.authToken); for (const recipient of recipients) { try { const result = await client.messages.create({ to: recipient.phone, body: message, - from: config.phoneNumber, + from: decryptedConfig.phoneNumber, }); logger.debug(result); } catch (e) {