vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

feat: Wave 2 — entities, security guards, API key encryption (15 files)
All checks were successful
Test Asgard Runner / test (push) Successful in 2s
Details

Browse Source 
Entities:
- Create 5 new TypeORM entities: webstore_config, webstore_categories,
  webstore_items, webstore_transactions, module_store (all verified against live DB)
- Fix wipe-profile entity: remove incorrect default {} for pre/post wipe configs

Security:
- Add @RequirePermission guards to 7 controllers (36 endpoints total):
  team, webstore, notifications, alerts, analytics, settings, schedules
- Encrypt panel API key with AES-256-GCM in setup service (was plaintext)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
2026-02-21 13:28:48 -05:00
parent 208622000c
commit e1a3ea3b78
15 changed files with 268 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend-nest/src/modules/setup/setup.service.ts
View File

@@ -1,4 +1,5 @@
import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { ServerConnection } from '../../entities/server-connection.entity';
@@ -12,6 +13,7 @@ import * as crypto from 'crypto';
@Injectable()
export class SetupService {
constructor(
private readonly configService: ConfigService,
@InjectRepository(ServerConnection)
private readonly connectionRepo: Repository<ServerConnection>,
@InjectRepository(ServerConfig)
@@ -51,8 +53,17 @@ export class SetupService {
// Store encrypted API key if provided
if (dto.panel_api_key) {
// Stub - would encrypt in production
connection.panel_api_key_encrypted = dto.panel_api_key;
const encryptionKey = this.configService.get<string>('encryption.key', '');
const keyBuffer = Buffer.from(encryptionKey, 'hex');
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-gcm', keyBuffer, iv);
const encrypted = Buffer.concat([
cipher.update(dto.panel_api_key, 'utf8'),
cipher.final(),
]);
const authTag = cipher.getAuthTag();
connection.panel_api_key_encrypted =
`${iv.toString('hex')}:${encrypted.toString('hex')}:${authTag.toString('hex')}`;
}
connection.updated_at = new Date();