fortify2-js
Version:
MOST POWERFUL JavaScript Security Library! Military-grade cryptography + 19 enhanced object methods + quantum-resistant algorithms + perfect TypeScript support. More powerful than Lodash with built-in security.
217 lines (213 loc) • 7.51 kB
JavaScript
'use strict';
var EncryptionService = require('../../../../../encryption/EncryptionService.js');
var nehoid = require('nehoid');
/**
* Console Encryption Module
* Handles encryption and decryption of console logs using FortifyJS crypto utilities
*/
/**
* Console Encryption Handler
* Uses FortifyJS encryption utilities for production-grade console log encryption
*/
class ConsoleEncryption {
constructor(config) {
this.derivedKey = null;
this.keyVersion = 1;
this.config = config;
this.logBuffer = {
entries: [],
maxSize: 1000, // Maximum number of encrypted logs to keep in memory
currentSize: 0,
};
}
/**
* Encrypt a console log entry
*/
async encryptLogEntry(call) {
if (!this.config.enabled || !this.config.key) {
throw new Error("Encryption is not enabled or key is not set");
}
try {
// Prepare log data
const logData = {
method: call.method,
args: call.args,
timestamp: call.timestamp,
level: call.level,
source: call.source,
stackTrace: call.stackTrace,
};
// Map our algorithm to EncryptionService algorithm
const algorithm = this.config.algorithm === "aes-256-gcm"
? "aes-256-gcm"
: "chacha20-poly1305";
// Use FortifyJS EncryptionService for production-grade encryption
const encryptedData = await EncryptionService.EncryptionService.encrypt(logData, this.config.key, {
algorithm,
keyDerivationIterations: this.config.iterations,
quantumSafe: algorithm === "chacha20-poly1305", // Enable quantum-safe features
});
// EncryptionService returns a JSON string with the encrypted package
// We'll store it directly as our encrypted data
const entry = {
id: this.generateEntryId(),
timestamp: call.timestamp,
encrypted: encryptedData, // Store the entire encrypted package
iv: "", // Not needed since EncryptionService handles this
authTag: "", // Not needed since EncryptionService handles this
salt: "", // Not needed since EncryptionService handles this
metadata: {
algorithm: this.config.algorithm || "aes-256-gcm",
keyDerivation: this.config.keyDerivation || "pbkdf2",
iterations: this.config.iterations || 100000,
},
};
// Add to buffer
this.addToBuffer(entry);
return entry;
}
catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
throw new Error(`Failed to encrypt log entry: ${errorMessage}`);
}
}
/**
* Decrypt a log entry
*/
async decryptLogEntry(entry, key) {
try {
// The encrypted data is already in the format expected by EncryptionService
const decryptedData = await EncryptionService.EncryptionService.decrypt(entry.encrypted, key);
return decryptedData;
}
catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
throw new Error(`Failed to decrypt log entry: ${errorMessage}`);
}
}
/**
* Get all encrypted logs from buffer
*/
getEncryptedLogs() {
return [...this.logBuffer.entries];
}
/**
* Get encrypted logs as strings (for external transmission)
*/
getEncryptedLogsAsStrings() {
return this.logBuffer.entries.map((entry) => JSON.stringify(entry));
}
/**
* Restore logs from encrypted strings
*/
async restoreFromEncryptedStrings(encryptedStrings, key) {
const results = [];
for (const encryptedString of encryptedStrings) {
try {
const entry = JSON.parse(encryptedString);
const decrypted = await this.decryptLogEntry(entry, key);
results.push(decrypted);
}
catch (error) {
const errorMessage = error instanceof Error ? error.message : String(error);
console.warn(`Failed to restore encrypted log entry: ${errorMessage}`);
}
}
return results;
}
/**
* Clear the log buffer
*/
clearBuffer() {
// Securely wipe the buffer
this.logBuffer.entries.forEach((entry) => {
// Overwrite sensitive data
entry.encrypted = "";
entry.iv = "";
entry.authTag = "";
entry.salt = "";
});
this.logBuffer.entries = [];
this.logBuffer.currentSize = 0;
}
/**
* Update encryption configuration
*/
updateConfig(newConfig) {
this.config = { ...this.config, ...newConfig };
// If key changed, invalidate derived key
if (newConfig.key) {
this.derivedKey = null;
this.keyVersion++;
}
}
/**
* Get buffer statistics
*/
getBufferStats() {
const memoryUsage = this.logBuffer.entries.reduce((total, entry) => {
return total + JSON.stringify(entry).length;
}, 0);
return {
totalEntries: this.logBuffer.entries.length,
bufferSize: this.logBuffer.currentSize,
maxSize: this.logBuffer.maxSize,
memoryUsage,
};
}
// Private helper methods
generateEntryId() {
// Generate a unique ID for the log entry
return nehoid.NehoID.generate({ prefix: "op.nehonix.log", size: 16 });
}
addToBuffer(entry) {
// Add entry to buffer
this.logBuffer.entries.push(entry);
this.logBuffer.currentSize++;
// Maintain buffer size limit
if (this.logBuffer.currentSize > this.logBuffer.maxSize) {
const removed = this.logBuffer.entries.shift();
if (removed) {
// Securely wipe removed entry
removed.encrypted = "";
removed.iv = "";
removed.authTag = "";
removed.salt = "";
this.logBuffer.currentSize--;
}
}
}
/**
* Export encrypted logs for external transmission
*/
async exportForExternalLogging() {
const logs = this.getEncryptedLogsAsStrings();
return {
logs,
metadata: {
totalLogs: logs.length,
exportTimestamp: Date.now(),
keyVersion: this.keyVersion,
algorithm: this.config.algorithm || "aes-256-gcm",
},
};
}
/**
* Batch encrypt multiple log entries for performance
*/
async batchEncryptLogEntries(calls) {
const results = [];
for (const call of calls) {
try {
const encrypted = await this.encryptLogEntry(call);
results.push(encrypted);
}
catch (error) {
console.warn(`Failed to encrypt log entry: ${error.message}`);
}
}
return results;
}
}
exports.ConsoleEncryption = ConsoleEncryption;
//# sourceMappingURL=ConsoleEncryption.js.map