ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Use libsodium to encrypt all data, related to OAuth2

Browse Source
This commit is contained in:
ErickSkrauch
2019-12-06 14:37:51 +03:00
parent 642db2e045
commit 6fb32ec76d
10 changed files with 71 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/components/Tokens/Component.php
View File

@ -94,14 +94,14 @@ class Component extends BaseComponent {
public function encryptValue(string $rawValue): string {
/** @noinspection PhpUnhandledExceptionInspection */
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$cipher = base64_encode($nonce . sodium_crypto_secretbox($rawValue, $nonce, $this->encryptionKey));
$cipher = $this->base64UrlEncode($nonce . sodium_crypto_secretbox($rawValue, $nonce, $this->encryptionKey));
sodium_memzero($rawValue);
return $cipher;
}
public function decryptValue(string $encryptedValue): string {
$decoded = base64_decode($encryptedValue);
$decoded = $this->base64UrlDecode($encryptedValue);
Assert::true($decoded !== false, 'passed value has an invalid base64 encoding');
Assert::true(mb_strlen($decoded, '8bit') >= (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES));
$nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
@ -137,4 +137,12 @@ class Component extends BaseComponent {
return $value;
}
private function base64UrlEncode(string $rawValue): string {
return rtrim(strtr(base64_encode($rawValue), '+/', '-_'), '=');
}
private function base64UrlDecode(string $encodedValue): string {
return base64_decode(str_pad(strtr($encodedValue, '-_', '+/'), strlen($encodedValue) % 4, '=', STR_PAD_RIGHT));
}
}