Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: unintented encryptions/decryptions with a lock context #58

Merged
merged 4 commits into from
Jan 23, 2025
Merged

fix: unintented encryptions/decryptions with a lock context #58

merged 4 commits into from
Jan 23, 2025

Conversation

calvinbrewer
Copy link
Contributor

Enforced lock context to be called as a proto function rather than an optional argument for crypto functions.

There was a bug that caused the lock context to be interpreted as undefined when the users intention was to use it causing the encryption/decryption to fail.

This is a breaking change for users who were using the lock context as an optional argument, hence the major version bump.

To use the lock context, call the withLockContext method on the encrypt, decrypt, and bulk encrypt/decrypt functions, passing the lock context as a parameter rather than as an optional argument.

Old:

const ciphertext = await eqlClient.encrypt('plaintext', {
  column: 'column_name',
  table: 'users',
  lockContext,
})

const plaintext = await eqlClient.decrypt(ciphertext)

New:

const ciphertext = await eqlClient.encrypt('plaintext', {
  column: 'column_name',
  table: 'users',
}).withLockContext(lockContext)

coderdan
coderdan reviewed Jan 23, 2025
View reviewed changes
README.md Outdated Show resolved Hide resolved
coderdan
coderdan reviewed Jan 23, 2025
View reviewed changes
README.md Outdated Show resolved Hide resolved
coderdan
coderdan reviewed Jan 23, 2025
View reviewed changes
README.md Show resolved Hide resolved
coderdan
coderdan reviewed Jan 23, 2025
View reviewed changes
README.md Show resolved Hide resolved
@coderdan
Copy link

I'd prefer if we could use a stronger type guarantee of the use of LockContext. I've created an example of what I mean here. The idea is that when you call with_lock_context, you are converting this into a new type that always applies a context and must have a token. This makes testing easier as well as providing a strong guarantee of correctness.

coderdan
coderdan requested changes Jan 23, 2025
View reviewed changes
Copy link

@coderdan coderdan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to see this use the type state pattern like here: https://gist.github.com/coderdan/d6e620609b46b760471f5c9b65c2f47a

@calvinbrewer calvinbrewer requested a review from coderdan January 23, 2025 17:09
@calvinbrewer calvinbrewer merged commit 450801d into main Jan 23, 2025
1 check passed
@calvinbrewer calvinbrewer deleted the lock-prototype branch January 23, 2025 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderdan coderdan coderdan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@calvinbrewer @coderdan