feat: add a wrapper for encryption and decryption (#5502)

2025-11-02 21:07:58 +08:00 · 2024-08-07 17:50:36 +05:30
parent 3604b4ffac
commit f51b6c91a7
30 changed files with 746 additions and 358 deletions
--- a/crates/router/src/utils/user.rs
+++ b/crates/router/src/utils/user.rs
@ -3,7 +3,7 @@ use std::{collections::HashMap, sync::Arc};
 use api_models::user as user_api;
 use common_enums::UserAuthType;
 use common_utils::{
-    encryption::Encryption, errors::CustomResult, id_type, types::keymanager::Identifier,
+    encryption::Encryption, errors::CustomResult, id_type, type_name, types::keymanager::Identifier,
 };
 use diesel_models::{enums::UserStatus, user_role::UserRole};
 use error_stack::{report, ResultExt};
@ -260,15 +260,18 @@ pub async fn construct_public_and_private_db_configs(
                .change_context(UserErrors::InternalServerError)
                .attach_printable("Failed to convert auth config to json")?;

-            let encrypted_config = domain::types::encrypt::<serde_json::Value, masking::WithType>(
-                &state.into(),
-                private_config_value.into(),
-                Identifier::UserAuth(id),
-                encryption_key,
-            )
-            .await
-            .change_context(UserErrors::InternalServerError)
-            .attach_printable("Failed to encrypt auth config")?;
+            let encrypted_config =
+                domain::types::crypto_operation::<serde_json::Value, masking::WithType>(
+                    &state.into(),
+                    type_name!(diesel_models::user::User),
+                    domain::types::CryptoOperation::Encrypt(private_config_value.into()),
+                    Identifier::UserAuth(id),
+                    encryption_key,
+                )
+                .await
+                .and_then(|val| val.try_into_operation())
+                .change_context(UserErrors::InternalServerError)
+                .attach_printable("Failed to encrypt auth config")?;

            Ok((
                Some(encrypted_config.into()),
@ -309,13 +312,15 @@ pub async fn decrypt_oidc_private_config(
    .change_context(UserErrors::InternalServerError)
    .attach_printable("Failed to decode DEK")?;

-    let private_config = domain::types::decrypt_optional::<serde_json::Value, masking::WithType>(
+    let private_config = domain::types::crypto_operation::<serde_json::Value, masking::WithType>(
        &state.into(),
-        encrypted_config,
+        type_name!(diesel_models::user::User),
+        domain::types::CryptoOperation::DecryptOptional(encrypted_config),
        Identifier::UserAuth(id),
        &user_auth_key,
    )
    .await
+    .and_then(|val| val.try_into_optionaloperation())
    .change_context(UserErrors::InternalServerError)
    .attach_printable("Failed to decrypt private config")?
    .ok_or(UserErrors::InternalServerError)