Skip to content

File encryptions for public and protected folder #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 19, 2021
Merged

File encryptions for public and protected folder #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 43 additions & 18 deletions src/AtRestCryptoService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use Psr\Log\LoggerInterface;
use ReflectionClass;
use ReflectionException;
use SilverStripe\Assets\FilenameParsing\ParsedFileID;
use SilverStripe\Assets\Storage\AssetStore;
use SilverStripe\Core\Environment;
use SilverStripe\Core\Injector\Injector;
Expand Down Expand Up @@ -57,18 +58,27 @@ public function decrypt($ciphertext, $key = null)
* @throws BadFormatException
* @throws EnvironmentIsBrokenException
*/
public function encryptFile($file, $key = null)
public function encryptFile($file, $key = null, $visibility = AssetStore::VISIBILITY_PROTECTED)
{
$key = $this->getKey($key);
try {
$currentPath = $this->getFullPath($file);
$currentPath = $this->getFullPath($file, $visibility);
$encryptedFilename = $currentPath . '.enc';
File::encryptFile($currentPath, $encryptedFilename, $key);
$filename = $file->getFilename() . '.enc';
$file->deleteFile();
$isDeleted = $file->deleteFile();
$file->File->setField('Filename', $filename);
$file->write();
$file->protectFile();

if ($visibility === AssetStore::VISIBILITY_PROTECTED) {
$file->protectFile();
} elseif ($visibility === AssetStore::VISIBILITY_PUBLIC) {
$file->publishFile();
}

if (!$isDeleted && file_exists($currentPath)) {
@unlink($currentPath);
}

return $file;
} catch (Exception $e) {
Expand All @@ -87,18 +97,27 @@ public function encryptFile($file, $key = null)
* @throws BadFormatException
* @throws EnvironmentIsBrokenException
*/
public function decryptFile($file, $key = null)
public function decryptFile($file, $key = null, $visibility = AssetStore::VISIBILITY_PROTECTED)
{
$key = $this->getKey($key);
try {
$currentPath = $this->getFullPath($file);
$decryptedFilename = str_replace('.enc', '', $currentPath);
File::decryptFile($currentPath, $decryptedFilename, $key);
$currentPath = $this->getFullPath($file, $visibility);
$filename = str_replace('.enc', '', $file->getFilename());
$file->deleteFile();
$decryptedFilename = str_replace($file->getFilename(), $filename, $currentPath);
File::decryptFile($currentPath, $decryptedFilename, $key);
$isDeleted = $file->deleteFile();
$file->File->setField('Filename', $filename);
$file->write();
$file->protectFile();

if ($visibility === AssetStore::VISIBILITY_PROTECTED) {
$file->protectFile();
} elseif ($visibility === AssetStore::VISIBILITY_PUBLIC) {
$file->publishFile();
}

if (!$isDeleted && file_exists($currentPath)) {
@unlink($currentPath);
}

return $file;
} catch (Exception $e) {
Expand Down Expand Up @@ -146,15 +165,21 @@ protected function getFullPath($file, $visibility = AssetStore::VISIBILITY_PROTE
{
$assetStore = Injector::inst()->get(AssetStore::class);

$filesystem = $visibility === AssetStore::VISIBILITY_PROTECTED
? $assetStore->getProtectedFilesystem()
: $assetStore->getPublicFilesystem();
$adapter = $filesystem->getAdapter();
$adapter = $visibility === AssetStore::VISIBILITY_PROTECTED
? $assetStore->getProtectedFilesystem()->getAdapter()
: $assetStore->getPublicFilesystem()->getAdapter();

$reflection = new ReflectionClass(get_class($assetStore));
$method = $reflection->getMethod('getFileID');
$method->setAccessible(true);
$fileID = $method->invokeArgs($assetStore, [$file->Filename, $file->Hash, $file->Variant]);
$strategy = $visibility === AssetStore::VISIBILITY_PROTECTED
? $assetStore->getProtectedResolutionStrategy()
: $assetStore->getPublicResolutionStrategy();

$parsedFileID = new ParsedFileID($file->getFilename(), $file->getHash(), $file->getVariant());

try {
$fileID = $strategy->buildFileID($parsedFileID);
} catch (Exception $e) {
$fileID = rtrim($filename, '\\/');
}

return $adapter->applyPathPrefix($fileID);
}
Expand Down
122 changes: 113 additions & 9 deletions tests/AtRestCryptoServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,16 @@

use Madmatt\EncryptAtRest\AtRestCryptoService;
use SilverStripe\Assets\File;
use SilverStripe\Assets\FilenameParsing\ParsedFileID;
use SilverStripe\Assets\Storage\AssetStore;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\SapphireTest;

class AtRestCryptoServiceTest extends SapphireTest
{

protected $usesDatabase = true;

public function testEncrypt()
{
/** @var AtRestCryptoService $service */
Expand Down Expand Up @@ -54,29 +59,128 @@ public function testDecrypt()
$this->assertEquals($expectedString, $service->decrypt($encrypted2String));
}

public function testEncryptFile()
/**
* @dataProvider dataEncryptFile
*/
public function testEncryptFile($filename, $contents, $visibility)
{
$originalText = 'This is a test file';
$originalFilename = 'test-filename.txt';
$originalText = $contents;
$originalFilename = $filename;
$assetStore = Injector::inst()->get(AssetStore::class);
$strategy = $visibility === AssetStore::VISIBILITY_PROTECTED
? $assetStore->getProtectedResolutionStrategy()
: $assetStore->getPublicResolutionStrategy();
$adapter = $visibility === AssetStore::VISIBILITY_PROTECTED
? $assetStore->getProtectedFilesystem()->getAdapter()
: $assetStore->getPublicFilesystem()->getAdapter();

$file = File::create();
$file->setFromString($originalText, $originalFilename);
$file->write();
$oldFilename = $file->getFilename();
$this->assertFileExists($file->File->getSourceURL());

if ($visibility === AssetStore::VISIBILITY_PROTECTED) {
$file->protectFile();
} elseif ($visibility === AssetStore::VISIBILITY_PUBLIC) {
$file->publishFile();
}

$oldFilename = $adapter->applyPathPrefix(
$strategy->buildFileID(
new ParsedFileID(
$file->getFilename(),
$file->getHash(),
$file->getVariant()
)
)
);

// Confirm file exists
$this->assertFileExists($oldFilename);
$this->assertTrue(ctype_print($file->getString()));
$this->assertEquals($originalText, $file->getString());
$this->assertEquals($originalFilename, $file->Name);
$this->assertEquals($originalFilename, $file->getFilename());

if ($visibility === AssetStore::VISIBILITY_PROTECTED) {
$this->assertContains('assets/.protected/', $oldFilename);
} elseif ($visibility === AssetStore::VISIBILITY_PUBLIC) {
$this->assertNotContains('assets/.protected/', $oldFilename);
}

/** @var AtRestCryptoService $service */
$service = Injector::inst()->get(AtRestCryptoService::class);
$encryptedFile = $service->encryptFile($file);
$encryptedFile = $service->encryptFile($file, null, $visibility);
$this->assertEquals($file->Name, $encryptedFile->Name);
$this->assertEquals($originalFilename . '.enc', $encryptedFile->getFilename());

// Confirm the old file has been deleted
$this->assertFileNotExists($oldFilename);

$encryptedFilename = $adapter->applyPathPrefix(
$strategy->buildFileID(
new ParsedFileID(
$encryptedFile->getFilename(),
$encryptedFile->getHash(),
$encryptedFile->getVariant()
)
)
);

// Confirm the new file exists
$this->assertFileExists($encryptedFile->getFilename());
$this->assertFileExists($encryptedFilename);

if ($visibility === AssetStore::VISIBILITY_PROTECTED) {
$this->assertContains('assets/.protected/', $encryptedFilename);
} elseif ($visibility === AssetStore::VISIBILITY_PUBLIC) {
$this->assertNotContains('assets/.protected/', $encryptedFilename);
}

// Confirm the new file is encrypted
$this->assertStringStartsWith('def', $encryptedFile->File->getString());
$this->assertNotEquals($originalText, $encryptedFile->File->getString());
$this->assertFalse(ctype_print($encryptedFile->getString()));
$this->assertNotEquals($originalText, $encryptedFile->getString());
$this->assertEquals($originalFilename, $encryptedFile->Name);
$this->assertEquals($originalFilename . '.enc', $file->getFilename());

// Now decrypt the file back
$decryptedFile = $service->decryptFile($encryptedFile, null, $visibility);
$decryptedFilename = $adapter->applyPathPrefix(
$strategy->buildFileID(
new ParsedFileID(
$decryptedFile->getFilename(),
$decryptedFile->getHash(),
$decryptedFile->getVariant()
)
)
);

// Confirm that old file has been recreated
$this->assertFileExists($oldFilename);
$this->assertEquals($oldFilename, $decryptedFilename);
$this->assertEquals($originalFilename, $decryptedFile->Name);
$this->assertEquals($originalFilename, $decryptedFile->getFilename());

if ($visibility === AssetStore::VISIBILITY_PROTECTED) {
$this->assertContains('assets/.protected/', $decryptedFilename);
} elseif ($visibility === AssetStore::VISIBILITY_PUBLIC) {
$this->assertNotContains('assets/.protected/', $decryptedFilename);
}

// Confirm that original text has been decoded properly
$this->assertEquals($originalText, $decryptedFile->getString());

// Confirm that encrypted file has been deleted
$this->assertFileNotExists($encryptedFilename);
}

/**
* @see testEncryptFile
*/
public function dataEncryptFile()
{
return [
['test-public-filename.txt', 'This is a test file', AssetStore::VISIBILITY_PUBLIC],
['test-protect-filename.txt', 'This is a test file', AssetStore::VISIBILITY_PROTECTED],
];
}

}