letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
fe863a588ec728637a0bfb57ee45af619f53ecb1
pn-new-crm/src/lib/services/backup-destinations/bundle-encryption.ts
Matt fe863a588e
All checks were successful
Build & Push Docker Images / lint (push) Successful in 2m52s
Details
Build & Push Docker Images / build-and-push (push) Successful in 11m59s
Details
feat(backup): full DR bundle export + admin-configurable offsite destinations 
Backend-agnostic disaster-recovery backup engine that runs on the current
storage backend (no storage cutover required):

- Full-bundle export: db.dump (pg_dump custom) + every storage blob +
  manifest.json with per-object SHA-256, streamed as a tar. Entry points:
  admin UI download, GET /api/v1/admin/backup/export, scripts/create-full-backup.ts.
- Admin-configurable push destinations (backup_destinations table, migration
  0091): SFTP/SSH, S3-compatible (reuses the minio client), and mounted
  path/NAS behind one transport interface (test/push/prune). Secrets AES-GCM
  at rest; API returns only *IsSet markers.
- Opt-in per-destination AES-256 bundle encryption (scrypt KDF, streamed) +
  scripts/decrypt-backup.ts for restore.
- Wired the previously-dead database-backup cron to runScheduledBackupPush
  (push to enabled destinations, prune to retention, alert super-admins on
  failure).

Tests: 1608 unit/integration pass; tsc + lint clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 11:23:42 +02:00

110 lines
4.2 KiB
TypeScript
Raw Blame History

/**
* Opt-in client-side encryption for backup bundles
* (docs/superpowers/specs/2026-06-04-backup-destinations-design.md).
*
* When a destination has `encryptBundle` on, the tar is encrypted to
* `<name>.tar.enc` before it leaves this server, so a compromised destination
* (untrusted SFTP host, third-party bucket) never holds raw signed contracts +
* GDPR data.
*
* Format (AES-256-GCM, scrypt KDF):
*
* ┌────────┬──────────┬──────────┬──────────────┬──────────┐
* │ magic │ salt │ iv │ ciphertext … │ authTag │
* │ 5 bytes│ 16 bytes │ 12 bytes │ (streamed) │ 16 bytes │
* └────────┴──────────┴──────────┴──────────────┴──────────┘
*
* Streaming throughout (memory stays O(chunk)). The auth tag is written last
* because GCM only produces it after the final block; decryption reads it from
* the file tail first, then streams the ciphertext through the decipher.
*/
import { createCipheriv, createDecipheriv, randomBytes, scrypt as scryptCb } from 'node:crypto';
import { createReadStream, createWriteStream } from 'node:fs';
import { open, stat } from 'node:fs/promises';
import { pipeline } from 'node:stream/promises';
import { promisify } from 'node:util';
const scrypt = promisify(scryptCb);
const MAGIC = Buffer.from('PNBK1', 'ascii'); // 5 bytes
const SALT_LEN = 16;
const IV_LEN = 12;
const TAG_LEN = 16;
const HEADER_LEN = MAGIC.length + SALT_LEN + IV_LEN; // 33
async function deriveKey(passphrase: string, salt: Buffer): Promise<Buffer> {
return (await scrypt(passphrase, salt, 32)) as Buffer;
}
/** Encrypt `srcPath` → `destPath` with a passphrase-derived AES-256-GCM key. */
export async function encryptFileToFile(
srcPath: string,
destPath: string,
passphrase: string,
): Promise<void> {
const salt = randomBytes(SALT_LEN);
const iv = randomBytes(IV_LEN);
const key = await deriveKey(passphrase, salt);
const cipher = createCipheriv('aes-256-gcm', key, iv);
const out = createWriteStream(destPath);
out.write(Buffer.concat([MAGIC, salt, iv]));
// Pipe plaintext → cipher → file, writing to `out` by hand (rather than
// letting pipeline end it) so we can append the auth tag once the cipher has
// flushed its final block.
await pipeline(createReadStream(srcPath), cipher, async (source) => {
for await (const chunk of source) {
if (!out.write(chunk as Buffer)) {
await new Promise<void>((resolve) => out.once('drain', () => resolve()));
}
}
});
out.write(cipher.getAuthTag());
await new Promise<void>((resolve, reject) => {
out.end((err?: Error | null) => (err ? reject(err) : resolve()));
});
}
/** Decrypt a file produced by {@link encryptFileToFile}. Throws on wrong key / tamper. */
export async function decryptFileToFile(
srcPath: string,
destPath: string,
passphrase: string,
): Promise<void> {
const { size } = await stat(srcPath);
if (size < HEADER_LEN + TAG_LEN) {
throw new Error('Encrypted backup is too small / not a PNBK1 bundle');
}
// Read the fixed header + the trailing auth tag.
const fh = await open(srcPath, 'r');
try {
const header = Buffer.alloc(HEADER_LEN);
await fh.read(header, 0, HEADER_LEN, 0);
if (!header.subarray(0, MAGIC.length).equals(MAGIC)) {
throw new Error('Not a PNBK1 encrypted backup (bad magic)');
}
const salt = header.subarray(MAGIC.length, MAGIC.length + SALT_LEN);
const iv = header.subarray(MAGIC.length + SALT_LEN, HEADER_LEN);
const tag = Buffer.alloc(TAG_LEN);
await fh.read(tag, 0, TAG_LEN, size - TAG_LEN);
const key = await deriveKey(passphrase, salt);
const decipher = createDecipheriv('aes-256-gcm', key, iv);
decipher.setAuthTag(tag);
// Stream only the ciphertext region [HEADER_LEN, size - TAG_LEN).
const cipherStream = createReadStream(srcPath, {
start: HEADER_LEN,
end: size - TAG_LEN - 1,
});
await pipeline(cipherStream, decipher, createWriteStream(destPath));
} finally {
await fh.close();
}
}
Reference in New Issue View Git Blame Copy Permalink