44 Zeilen
1.4 KiB
JavaScript
44 Zeilen
1.4 KiB
JavaScript
const CryptoJS = require('crypto-js')
|
|
const crypto = require('crypto')
|
|
|
|
const FIELD_ENCRYPTION_KEY = process.env.FIELD_ENCRYPTION_KEY || 'dev_field_key_change_in_production_32chars_min!'
|
|
|
|
function encrypt(text) {
|
|
if (!text) return null
|
|
try {
|
|
return CryptoJS.AES.encrypt(text, FIELD_ENCRYPTION_KEY).toString()
|
|
} catch (e) {
|
|
return text
|
|
}
|
|
}
|
|
|
|
function hash(text) {
|
|
if (!text) return null
|
|
return crypto.createHash('sha256').update(String(text).toLowerCase()).digest('hex')
|
|
}
|
|
|
|
module.exports.up = function up(db) {
|
|
// Ensure users table has email_hash column
|
|
try {
|
|
db.exec('ALTER TABLE users ADD COLUMN email_hash TEXT')
|
|
} catch {}
|
|
// Populate encryption/hash where missing
|
|
const users = db.prepare('SELECT id, email FROM users').all()
|
|
const update = db.prepare('UPDATE users SET email = ?, email_hash = ? WHERE id = ?')
|
|
const tx = db.transaction(() => {
|
|
for (const u of users) {
|
|
const hasEncryptedMarker = typeof u.email === 'string' && u.email.includes('U2FsdGVkX1')
|
|
const plainEmail = u.email
|
|
const encrypted = hasEncryptedMarker ? u.email : encrypt(plainEmail)
|
|
const hashed = hash(plainEmail)
|
|
update.run(encrypted, hashed, u.id)
|
|
}
|
|
})
|
|
tx()
|
|
// Add unique constraint index for email_hash if not exists
|
|
try {
|
|
db.exec('CREATE UNIQUE INDEX IF NOT EXISTS idx_users_email_hash_unique ON users(email_hash)')
|
|
} catch {}
|
|
}
|
|
|