apps/gateway/src/services/crypto.ts

Metadata

• Purpose: Gateway service module implementing business logic or integrations.
• Domain: applications
• Language: ts
• Bytes: 2093
• Lines: 62
• Content hash (short): 77331be7
• Source (start): apps/gateway/src/services/crypto.ts:1
• Source (end): apps/gateway/src/services/crypto.ts:62

Indexed Symbols

• isEncryptedEnvelope (line 12, function) - Implements is encrypted envelope for service-layer operations.
• encryptJsonPayload (line 20, function) - Implements encrypt json payload for service-layer operations.
• decryptJsonPayload (line 43, function) - Implements decrypt json payload for service-layer operations.

Markdown Headings (if applicable)

No markdown headings detected.

Source Preview

import { createCipheriv, createDecipheriv, randomBytes } from "node:crypto";
import { env } from "../config/env.js";

type EncryptedEnvelope = {
  _enc: "anchor.v1";
  alg: "aes-256-gcm";
  iv: string;
  tag: string;
  data: string;
};

function isEncryptedEnvelope(value: unknown): value is EncryptedEnvelope {
  if (!value || typeof value !== "object") {
    return false;
  }
  const candidate = value as Partial<EncryptedEnvelope>;
  return candidate._enc === "anchor.v1" && candidate.alg === "aes-256-gcm" && typeof candidate.iv === "string";
}

export function encryptJsonPayload(payload: unknown): unknown {
  if (!env.resourceEncryptionKey) {
    if (env.nodeEnv === "development" || env.nodeEnv === "test") {
      return payload;
    }
    throw new Error("RESOURCE_ENCRYPTION_KEY_B64 is required for encrypted resources");