Skip to content

Item decryption: avoid to read item from db unnecessarily #340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 9, 2025
Merged

Item decryption: avoid to read item from db unnecessarily #340

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 12 additions & 9 deletions api/v1/controllers/items.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ export async function get (req, res, next) {

// Decrypt content
try {
item.data = await Item.decrypt(itemid, req)
item.data = await Item.decrypt(item, req)
} catch (e) {
res.status(R.UNPROCESSABLE_ENTITY).send(R.ko('This item is corrupted and cannot be decrypted'))
return
Expand Down Expand Up @@ -482,20 +482,23 @@ export async function update (req, res, next) {
}
}

// Recalculate the data
let encData
const updateStruct = {}
// Check if the new folder is personal
let newIsPersonal = item.personal
if (folderFromURL) {
// If the folder is changing, check if the new folder is personal
newIsPersonal = await Folder.isPersonal(folderFromURL)
}

// Reencrypt the data
const updateStruct = {}
let newData
let encData

// If data is given, use it, otherwise decrypt the current data
if (req.body?.data) {
newData = req.body.data
} else {
// If no data is given, decrypt the current data
newData = await Item.decrypt(itemid, req)
newData = await Item.decrypt(item, req)
}

// Encrypt according to the new folder
Expand Down Expand Up @@ -527,7 +530,7 @@ export async function update (req, res, next) {
updateStruct.type = req.body.type || null
}

// Check if something has changed
// Check if something has changed in non encrypted fields
const changedFields = []
if (updateStruct?.title && updateStruct.title !== item.title) {
changedFields.push('title')
Expand All @@ -544,7 +547,7 @@ export async function update (req, res, next) {

// Check what has changed in data
if (req.body?.data) {
const decData = await Item.decrypt(itemid, req)
const decData = await Item.decrypt(item, req)
if (decData !== req.body.data) {
// If JSON, check all properties for changes
const olddata = JSON.parse(decData)
Expand Down Expand Up @@ -721,7 +724,7 @@ export async function clone (req, res, next) {
}

// Reencrypt data
const oldData = await Item.decrypt(itemid, req)
const oldData = await Item.decrypt(item, req)
let newData
if (item.personal) {
newData = await Item.encrypt(oldData, req.user, req.personaltoken)
Expand Down
15 changes: 10 additions & 5 deletions api/v1/controllers/onetimetokens.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import * as Config from '../../../lib/config.mjs'
import * as Events from '../../../lib/event.mjs'
import * as Const from '../../../lib/const.mjs'
import * as JV from '../../../lib/jsonvalidator.mjs'
import * as Items from '../../../model/item.mjs'
import * as Item from '../../../model/item.mjs'
import * as KMS from '../../../lib/kms/kms.mjs'
import * as Metrics from '../../../lib/metrics.mjs'

Expand Down Expand Up @@ -98,16 +98,21 @@ export async function get (req, res, next) {
if (ottoken.type === 1) {
// Get item relevant fields
const item = await DB.items.findUnique({
where: { id: ottoken.itemid },
select: { id: true, type: true, title: true }
where: { id: ottoken.itemid }
})
if (item === null) {
res.status(R.NOT_FOUND).send(R.ko('Item not found'))
return
}
item.data = await Items.decrypt(ottoken.itemid, req)
item.data = await Item.decrypt(item, req)

resp.item = Crypt.encryptedPayload(key, JSON.stringify(item))
const retpayload = {
id: item.id,
title: item.title,
type: item.type,
data: item.data
}
resp.item = Crypt.encryptedPayload(key, JSON.stringify(retpayload))
}

// Delete token
Expand Down
22 changes: 4 additions & 18 deletions model/item.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,25 +43,11 @@ export async function updateFTS (id) {

/**
* Decrypt user data
* @param {string} itemid Item ID
* @param {object} req Express request
* @returns {string} Decrypted data
* @param {Object} item Item db record
* @param {Object} req Express request
* @returns {string} Decrypted data, base64 encoded
*/
export async function decrypt (itemid, req) {
// Search item
const item = await DB.items.findUniqueOrThrow({
where: { id: itemid },
select: {
data: true,
dataiv: true,
dataauthtag: true,
algo: true,
personal: true,
kmsid: true,
dek: true
}
})

export async function decrypt (item, req) {
let data
data = await KMS.decrypt(item.kmsid, item.dek, item.data, item.dataiv, item.dataauthtag, item.algo)

Expand Down