UNPKG

mongoose-encryption

Version:

Simple encryption and authentication plugin for Mongoose

github.com/joegoldbeck/mongoose-encryption

joegoldbeck/mongoose-encryption

94 lines (85 loc) 3.34 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
'use strict'; var async = require('async'); var _ = require('underscore'); var mongooseEncryption = require('./mongoose-encryption.js'); var VERSION_A_BUF = new Buffer('a'); /** * Export For Migrations * * Should not be used in conjunction with the main encryption plugin. */ module.exports = function(schema, options) { options.middleware = false; // don't run middleware during the migration mongooseEncryption(schema, options); // get all instance methods schema.statics.migrateToA = function(cb) { this.find({}, function(err, docs){ // find all docs in collection if (err) { return cb(err); } async.each(docs, function(doc, errCb){ // for each doc if (doc._ac) { // don't migrate if already migrated return errCb(); } if (doc._ct) { // if previously encrypted doc._ct = Buffer.concat([VERSION_A_BUF, doc._ct]); // append version to ciphertext doc.sign(function(err){ // sign if (err) { return errCb(err); } return doc.save(errCb); // save }); } else { // if not previously encrypted doc.encrypt(function(err){ // encrypt if (err) { return errCb(err); } doc.sign(function(err){ // sign if (err) { return errCb(err); } return doc.save(errCb); // save }); }); } }, cb); }); }; schema.statics.migrateSubDocsToA = function(subDocField, cb) { if (typeof subDocField !== 'string'){ cb(new Error('First argument must be the name of a field in which subdocuments are stored')); } this.find({}, function(err, docs){ // find all docs in collection if (err) { return cb(err); } async.each(docs, function(doc, errCb){ // for each doc if (doc[subDocField]) { _.each(doc[subDocField], function(subDoc){ // for each subdoc if (subDoc._ct) { // if previously encrypted subDoc._ct = Buffer.concat([VERSION_A_BUF, subDoc._ct]); // append version to ciphertext } }); return doc.save(errCb); // save } else { errCb() } }, cb); }); }; // sign all the documents in a collection schema.statics.signAll = function(cb) { this.find({}, function(err, docs){ // find all docs in collection if (err) { return cb(err); } async.each(docs, function(doc, errCb){ // for each doc doc.sign(function(err){ // sign if (err) { return errCb(err); } doc.save(errCb); // save }); }, cb); }); }; };