backend/src/common/utils/crypto.util.ts

import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto';
import * as bcrypt from 'bcrypt';
import * as crypto from 'crypto';

export async function hash(data: string): Promise<string> {
  return bcrypt.hash(data, 10);
}

export async function generateApiKey(): Promise<{
  apiKey: string;
  apiSecret: string;
  apiKeyHash: string;
  apiSecretHash: string;
}> {
  const apiKey = `goa_${crypto.randomBytes(16).toString('hex')}`;
  const apiSecret = crypto.randomBytes(32).toString('hex');

  const [apiKeyHash, apiSecretHash] = await Promise.all([hash(apiKey), hash(apiSecret)]);

  return {
    apiKey,
    apiSecret,
    apiKeyHash,
    apiSecretHash,
  };
}

export class CryptoUtil {
  private static readonly ALGORITHM = 'aes-256-gcm';
  private static readonly SALT_LENGTH = 16;
  private static readonly TAG_LENGTH = 16;
  private static readonly IV_LENGTH = 16;

  static encrypt(data: string, password: string): string {
    const salt = randomBytes(CryptoUtil.SALT_LENGTH);
    const key = scryptSync(password, salt, 32);
    const iv = randomBytes(CryptoUtil.IV_LENGTH);

    const cipher = createCipheriv(CryptoUtil.ALGORITHM, key, iv);
    const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);

    const authTag = cipher.getAuthTag();

    return Buffer.concat([salt, iv, authTag, encrypted]).toString('hex');
  }

  static decrypt(encryptedData: string, password: string): string {
    const buffer = Buffer.from(encryptedData, 'hex');

    const salt = buffer.subarray(0, CryptoUtil.SALT_LENGTH);
    const iv = buffer.subarray(
      CryptoUtil.SALT_LENGTH,
      CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH,
    );
    const authTag = buffer.subarray(
      CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH,
      CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH + CryptoUtil.TAG_LENGTH,
    );
    const encrypted = buffer.subarray(
      CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH + CryptoUtil.TAG_LENGTH,
    );

    const key = scryptSync(password, salt, 32);
    const decipher = createDecipheriv(CryptoUtil.ALGORITHM, key, iv);
    decipher.setAuthTag(authTag);

    return decipher.update(encrypted) + decipher.final('utf8');
  }

  static generateKey(length: number = 32): string {
    return randomBytes(length).toString('hex');
  }

  static generateIV(length: number = 16): string {
    return randomBytes(length).toString('hex');
  }
}
feat: Goa GEL Blockchain e-Licensing Platform - Full Stack Implementation Complete implementation of the Goa Government e-Licensing platform with: Backend: - NestJS API with JWT authentication - PostgreSQL database with Knex ORM - Redis caching and session management - MinIO document storage - Hyperledger Besu blockchain integration - Multi-department workflow system - Comprehensive API tests (266/282 passing) Frontend: - Angular 21 with standalone components - Angular Material + TailwindCSS UI - Visual workflow builder - Document upload with progress tracking - Blockchain explorer integration - Role-based dashboards (Admin, Department, Citizen) - E2E tests with Playwright (37 tests) Infrastructure: - Docker Compose orchestration - Blockscout blockchain explorer - Development and production configurations 2026-02-07 10:23:29 -04:00			`import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto';`
			`import * as bcrypt from 'bcrypt';`
			`import * as crypto from 'crypto';`

			`export async function hash(data: string): Promise<string> {`
			`return bcrypt.hash(data, 10);`
			`}`

			`export async function generateApiKey(): Promise<{`
			`apiKey: string;`
			`apiSecret: string;`
			`apiKeyHash: string;`
			`apiSecretHash: string;`
			`}> {`
			const apiKey = `goa_${crypto.randomBytes(16).toString('hex')}`;
			`const apiSecret = crypto.randomBytes(32).toString('hex');`

feat: Runtime configuration and Docker deployment improvements Frontend: - Add runtime configuration service for deployment-time API URL injection - Create docker-entrypoint.sh to generate config.json from environment variables - Update ApiService, ApprovalService, and DocumentViewer to use RuntimeConfigService - Add APP_INITIALIZER to load runtime config before app starts Backend: - Fix init-blockchain.js to properly quote mnemonic phrases in .env file - Improve docker-entrypoint.sh with health checks and better error handling Docker: - Add API_BASE_URL environment variable to frontend container - Update docker-compose.yml with clear documentation for remote deployment - Reorganize .env.example with clear categories (REQUIRED FOR REMOTE, PRODUCTION, AUTO-GENERATED) Workflow fixes: - Fix DepartmentApproval interface to match backend schema - Fix stage transformation for 0-indexed stageOrder - Fix workflow list to show correct stage count from definition.stages Cleanup: - Move development artifacts to .trash directory - Remove root-level package.json (was only for utility scripts) - Add .trash/ to .gitignore 2026-02-08 18:44:05 -04:00			`const [apiKeyHash, apiSecretHash] = await Promise.all([hash(apiKey), hash(apiSecret)]);`
feat: Goa GEL Blockchain e-Licensing Platform - Full Stack Implementation Complete implementation of the Goa Government e-Licensing platform with: Backend: - NestJS API with JWT authentication - PostgreSQL database with Knex ORM - Redis caching and session management - MinIO document storage - Hyperledger Besu blockchain integration - Multi-department workflow system - Comprehensive API tests (266/282 passing) Frontend: - Angular 21 with standalone components - Angular Material + TailwindCSS UI - Visual workflow builder - Document upload with progress tracking - Blockchain explorer integration - Role-based dashboards (Admin, Department, Citizen) - E2E tests with Playwright (37 tests) Infrastructure: - Docker Compose orchestration - Blockscout blockchain explorer - Development and production configurations 2026-02-07 10:23:29 -04:00
			`return {`
			`apiKey,`
			`apiSecret,`
			`apiKeyHash,`
			`apiSecretHash,`
			`};`
			`}`

			`export class CryptoUtil {`
			`private static readonly ALGORITHM = 'aes-256-gcm';`
			`private static readonly SALT_LENGTH = 16;`
			`private static readonly TAG_LENGTH = 16;`
			`private static readonly IV_LENGTH = 16;`

			`static encrypt(data: string, password: string): string {`
			`const salt = randomBytes(CryptoUtil.SALT_LENGTH);`
			`const key = scryptSync(password, salt, 32);`
			`const iv = randomBytes(CryptoUtil.IV_LENGTH);`

			`const cipher = createCipheriv(CryptoUtil.ALGORITHM, key, iv);`
feat: Runtime configuration and Docker deployment improvements Frontend: - Add runtime configuration service for deployment-time API URL injection - Create docker-entrypoint.sh to generate config.json from environment variables - Update ApiService, ApprovalService, and DocumentViewer to use RuntimeConfigService - Add APP_INITIALIZER to load runtime config before app starts Backend: - Fix init-blockchain.js to properly quote mnemonic phrases in .env file - Improve docker-entrypoint.sh with health checks and better error handling Docker: - Add API_BASE_URL environment variable to frontend container - Update docker-compose.yml with clear documentation for remote deployment - Reorganize .env.example with clear categories (REQUIRED FOR REMOTE, PRODUCTION, AUTO-GENERATED) Workflow fixes: - Fix DepartmentApproval interface to match backend schema - Fix stage transformation for 0-indexed stageOrder - Fix workflow list to show correct stage count from definition.stages Cleanup: - Move development artifacts to .trash directory - Remove root-level package.json (was only for utility scripts) - Add .trash/ to .gitignore 2026-02-08 18:44:05 -04:00			`const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);`
feat: Goa GEL Blockchain e-Licensing Platform - Full Stack Implementation Complete implementation of the Goa Government e-Licensing platform with: Backend: - NestJS API with JWT authentication - PostgreSQL database with Knex ORM - Redis caching and session management - MinIO document storage - Hyperledger Besu blockchain integration - Multi-department workflow system - Comprehensive API tests (266/282 passing) Frontend: - Angular 21 with standalone components - Angular Material + TailwindCSS UI - Visual workflow builder - Document upload with progress tracking - Blockchain explorer integration - Role-based dashboards (Admin, Department, Citizen) - E2E tests with Playwright (37 tests) Infrastructure: - Docker Compose orchestration - Blockscout blockchain explorer - Development and production configurations 2026-02-07 10:23:29 -04:00
			`const authTag = cipher.getAuthTag();`

			`return Buffer.concat([salt, iv, authTag, encrypted]).toString('hex');`
			`}`

			`static decrypt(encryptedData: string, password: string): string {`
			`const buffer = Buffer.from(encryptedData, 'hex');`

			`const salt = buffer.subarray(0, CryptoUtil.SALT_LENGTH);`
			`const iv = buffer.subarray(`
			`CryptoUtil.SALT_LENGTH,`
			`CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH,`
			`);`
			`const authTag = buffer.subarray(`
			`CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH,`
			`CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH + CryptoUtil.TAG_LENGTH,`
			`);`
			`const encrypted = buffer.subarray(`
			`CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH + CryptoUtil.TAG_LENGTH,`
			`);`

			`const key = scryptSync(password, salt, 32);`
			`const decipher = createDecipheriv(CryptoUtil.ALGORITHM, key, iv);`
			`decipher.setAuthTag(authTag);`

			`return decipher.update(encrypted) + decipher.final('utf8');`
			`}`

			`static generateKey(length: number = 32): string {`
			`return randomBytes(length).toString('hex');`
			`}`

			`static generateIV(length: number = 16): string {`
			`return randomBytes(length).toString('hex');`
			`}`
			`}`