jesus/Rustelo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Rustelo/info/encrypt_decrypt.md
Jesús Pérex 2f0f807331 feat: add dark mode functionality and improve navigation system 
- Add complete dark mode system with theme context and toggle
- Implement dark mode toggle component in navigation menu
- Add client-side routing with SSR-safe signal handling
- Fix language selector styling for better dark mode compatibility
- Add documentation system with mdBook integration
- Improve navigation menu with proper external/internal link handling
- Add comprehensive project documentation and configuration
- Enhance theme system with localStorage persistence
- Fix arena panic issues during server-side rendering
- Add proper TypeScript configuration and build optimizations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-11 20:53:20 +01:00

3.1 KiB
Raw Blame History

🔐 Comprehensive Encryption/Decryption System

Core Features Implemented:

  1. AES-256-GCM Encryption Service (crypto/mod.rs)

    • Secure encryption/decryption of strings and JSON objects
    • Automatic key generation and management
    • Base64 encoding for safe storage

  2. Encrypted Session Management (crypto/session.rs)

    • Encrypted user sessions with automatic expiration
    • Secure cookie handling with configurable options
    • Middleware for automatic session validation
    • User role and permission checking

  3. Encrypted Configuration Store (crypto/config.rs)

    • Encrypt sensitive config values (database URLs, API keys, etc.)
    • Automatic environment variable encryption
    • File-based storage with JSON format
    • Migration utilities for plain text to encrypted configs

  4. Integration Examples (crypto/integration.rs)

    • Complete auth system integration
    • Protected routes with encrypted sessions
    • Database connection with encrypted URLs
    • Admin endpoints for system management

  5. CLI Tool (bin/crypto_tool.rs)

    • Generate crypto keys
    • Encrypt/decrypt individual values
    • Manage encrypted configuration files
    • Validate and migrate configurations

Key Security Features:

  • Session Data Encryption: User info (name, categories, tags, preferences) is encrypted in sessions
  • Config Value Encryption: Sensitive values like database URLs, JWT secrets, OAuth keys are encrypted
  • Automatic Key Management: Keys can be generated automatically or loaded from environment
  • Session Expiration: Automatic validation of session timestamps
  • Secure Cookies: HTTP-only, secure, and SameSite protection

Easy Integration:

The system integrates seamlessly with the existing Rustelo auth system:

// Initialize crypto system
let app_state = AppStateWithCrypto::new().await?;

// Create encrypted session on login
let encrypted_session = session_helpers::login_user(&session_store, &cookies, &user).await?;

// Access encrypted config values
let db_url = config_store.get("database_url")?;

CLI Tool Usage:

# Generate new crypto key
cargo run --bin crypto_tool generate-key

# Initialize encrypted config with environment variables
cargo run --bin crypto_tool init-config --load-env

# Add encrypted value
cargo run --bin crypto_tool add-value --key "api_key" --value "secret" --hint "API key"

# Validate all encrypted values
cargo run --bin crypto_tool validate

Environment Setup:

# Required: 32-byte base64 encoded key
CRYPTO_KEY=your-32-byte-key-base64-encoded

# Optional: Environment type affects security settings
ENVIRONMENT=production

# Sensitive values (automatically encrypted when using --load-env)
DATABASE_URL=postgresql://user:password@localhost/db
JWT_SECRET=your-jwt-secret
SMTP_PASSWORD=your-smtp-password

The implementation provides enterprise-grade security for session management and configuration handling while maintaining ease of use for developers. All sensitive data is encrypted at rest and in transit, with comprehensive logging and error handling.