UNPKG

aki-angular-secure-config

Version:

The `aki-angular-secure-config` is a new npm package developed to address a security vulnerability in Angular applications. This package ensures that sensitive configuration data in `config.json` is protected from being inspected or extracted via browser

medium.com/@ahmedkhaled1190/aki-angular-secure-configuration-8b9e7a8d1a0f

30 lines (23 loc) 1.34 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
const CryptoJS = require('crypto-js'); const fs = require('fs'); const path = require('path'); // Get configPath from command-line arguments const configPathArg = process.argv[2]; const configFileName = 'config.json'; // Generate key and IV const key = CryptoJS.lib.WordArray.random(32); // 32 bytes key for AES-256 const iv = CryptoJS.lib.WordArray.random(16); // 16 bytes IV // Read the config file const localConfigPath = path.join(__dirname, 'src', 'assets', 'configuration', configFileName); const hostConfigPath = path.join(`/usr/share/nginx/html/assets/configuration/${configFileName}`); const configPath = configPathArg ? hostConfigPath : localConfigPath; const config = fs.readFileSync(configPath, 'utf8'); // Encrypt the config file const encrypted = CryptoJS.AES.encrypt(config, key, { iv: iv }).toString(); // Update env.js with the data const localEnvironmentPath = path.join(__dirname, 'src', 'assets', 'env.js'); const hostEnvironmentPath = path.join('/usr/share/nginx/html/env.js'); const envPath = configPathArg ? hostEnvironmentPath : localEnvironmentPath; const newEnvironmentContent = `window.app = '${key.toString(CryptoJS.enc.Hex)}:${encrypted}:${iv.toString(CryptoJS.enc.Hex)}'`; fs.writeFileSync(envPath, newEnvironmentContent); console.log('Config file encrypted successfully');