Encrypt sensitive user data with aes256

2024-10-27 13:29:46 +01:00
parent d7cbb34814
commit 8ed0676e51
10 changed files with 246 additions and 47 deletions
--- a/cmd/backend/config.go
+++ b/cmd/backend/config.go
@@ -12,6 +12,7 @@ import (
 )

 type Config struct {
+	AESKeyFile   string
 	ArticleDir   string
 	ConfigFile   string
 	DBName       string
@@ -19,7 +20,7 @@ type Config struct {
 	Domain       string
 	AtomFeed     string
 	FirebaseKey  string
-	KeyFile      string
+	GOBKeyFile   string
 	Link         string
 	LogFile      string
 	PDFDir       string
@@ -34,12 +35,13 @@ type Config struct {

 func newConfig() *Config {
 	return &Config{
+		AESKeyFile:   "/var/www/cpolis/aes.key",
 		ArticleDir:   "/var/www/cpolis/articles",
 		ConfigFile:   "/etc/cpolis/config.toml",
 		DBName:       "cpolis",
 		AtomFeed:     "/var/www/cpolis/cpolis.atom",
 		FirebaseKey:  "/var/www/cpolis/serviceAccountKey.json",
-		KeyFile:      "/var/www/cpolis/cpolis.key",
+		GOBKeyFile:   "/var/www/cpolis/gob.key",
 		LogFile:      "/var/log/cpolis.log",
 		MaxImgHeight: 1080,
 		MaxImgWidth:  1920,
@@ -102,6 +104,7 @@ func (c *Config) handleCliArgs() error {
 	var port int
 	var err error

+	flag.StringVar(&c.AESKeyFile, "aes", c.AESKeyFile, "aes key file")
 	flag.StringVar(&c.ArticleDir, "articles", c.ArticleDir, "articles directory")
 	flag.StringVar(&c.AtomFeed, "feed", c.AtomFeed, "atom feed file")
 	flag.StringVar(&c.ConfigFile, "config", c.ConfigFile, "config file")
@@ -109,7 +112,7 @@ func (c *Config) handleCliArgs() error {
 	flag.StringVar(&c.Description, "desc", c.Description, "channel description")
 	flag.StringVar(&c.Domain, "domain", c.Domain, "domain name")
 	flag.StringVar(&c.FirebaseKey, "firebase", c.FirebaseKey, "Firebase service account key file")
-	flag.StringVar(&c.KeyFile, "key", c.KeyFile, "key file")
+	flag.StringVar(&c.GOBKeyFile, "gob", c.GOBKeyFile, "gob key file")
 	flag.StringVar(&c.Link, "link", c.Link, "channel Link")
 	flag.StringVar(&c.LogFile, "log", c.LogFile, "log file")
 	flag.StringVar(&c.PDFDir, "pdfs", c.PDFDir, "pdf directory")
@@ -147,6 +150,14 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 	var err error
 	defaultConfig := newConfig()

+	if cliConfig.AESKeyFile != defaultConfig.AESKeyFile {
+		c.AESKeyFile = cliConfig.AESKeyFile
+	}
+	c.AESKeyFile, err = mkFile(c.AESKeyFile, 0600, 0700)
+	if err != nil {
+		return fmt.Errorf("error setting up file: %v", err)
+	}
+
 	if cliConfig.ArticleDir != defaultConfig.ArticleDir {
 		c.ArticleDir = cliConfig.ArticleDir
 	}
@@ -187,10 +198,10 @@ func (c *Config) setupConfig(cliConfig *Config) error {
 		return fmt.Errorf("error setting up file: %v", err)
 	}

-	if cliConfig.KeyFile != defaultConfig.KeyFile {
-		c.KeyFile = cliConfig.KeyFile
+	if cliConfig.GOBKeyFile != defaultConfig.GOBKeyFile {
+		c.GOBKeyFile = cliConfig.GOBKeyFile
 	}
-	c.KeyFile, err = mkFile(c.KeyFile, 0600, 0700)
+	c.GOBKeyFile, err = mkFile(c.GOBKeyFile, 0600, 0700)
 	if err != nil {
 		return fmt.Errorf("error setting up file: %v", err)
 	}