From 04a8cecf35c129e32d06e765a0a546c8a9b3d3b0 Mon Sep 17 00:00:00 2001 From: Stef Coenen Date: Mon, 11 Dec 2023 09:38:52 +0100 Subject: [PATCH] Better hashed iv from the queryString; --- package-lock.json | 2 +- .../js-lib/src/core/InterceptionEncryptionUtil.ts | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index b45f8fa7c..a74a2a6d1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11697,7 +11697,7 @@ }, "packages/js-lib": { "name": "@youfoundation/js-lib", - "version": "0.0.2-alpha.12", + "version": "0.0.2-alpha.13", "dependencies": { "guid-typescript": "^1.0.9" }, diff --git a/packages/js-lib/src/core/InterceptionEncryptionUtil.ts b/packages/js-lib/src/core/InterceptionEncryptionUtil.ts index e3aa87958..71f7cb668 100644 --- a/packages/js-lib/src/core/InterceptionEncryptionUtil.ts +++ b/packages/js-lib/src/core/InterceptionEncryptionUtil.ts @@ -30,8 +30,17 @@ export const encryptData = async (data: string, iv: Uint8Array, ss: Uint8Array) export const buildIvFromQueryString = async (querystring: string) => { const searchParams = new URLSearchParams(querystring); - const uniqueQueryKey = - searchParams.get('fileId') || (searchParams.has('alias') ? querystring : undefined); + const uniqueQueryKey = (() => { + // Check if it's a direct file request + if (searchParams.has('fileId')) + return `${searchParams.get('fileId')} ${ + searchParams.get('key') || searchParams.get('payloadKey') + }-${searchParams.get('height')}x${searchParams.get('width')}`; + // Check if it's a query-batch/modifed request; Queries on a single drive (alias) + else if (searchParams.has('alias')) return querystring; + // undefined => and we'll use a random IV + else return undefined; + })(); const hashedQueryKey = uniqueQueryKey && typeof crypto.subtle.digest !== 'undefined'