플로우 외부db연결

2025-10-20 17:50:27 +09:00
parent 7d8abc0449
commit 1f12df2f79
16 changed files with 3711 additions and 40 deletions
--- a/backend-node/src/utils/credentialEncryption.ts
+++ b/backend-node/src/utils/credentialEncryption.ts
@@ -0,0 +1,61 @@
+import crypto from "crypto";
+
+/**
+ * 자격 증명 암호화 유틸리티
+ * AES-256-GCM 알고리즘 사용
+ */
+export class CredentialEncryption {
+  private algorithm = "aes-256-gcm";
+  private key: Buffer;
+
+  constructor(secretKey: string) {
+    // scrypt로 안전한 키 생성
+    this.key = crypto.scryptSync(secretKey, "salt", 32);
+  }
+
+  /**
+   * 평문을 암호화
+   */
+  encrypt(text: string): string {
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv(
+      this.algorithm,
+      this.key,
+      iv
+    ) as crypto.CipherGCM;
+
+    let encrypted = cipher.update(text, "utf8", "hex");
+    encrypted += cipher.final("hex");
+
+    const authTag = cipher.getAuthTag();
+
+    // IV:AuthTag:EncryptedText 형식으로 반환
+    return `${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted}`;
+  }
+
+  /**
+   * 암호문을 복호화
+   */
+  decrypt(encrypted: string): string {
+    const [ivHex, authTagHex, encryptedText] = encrypted.split(":");
+
+    if (!ivHex || !authTagHex || !encryptedText) {
+      throw new Error("Invalid encrypted string format");
+    }
+
+    const iv = Buffer.from(ivHex, "hex");
+    const authTag = Buffer.from(authTagHex, "hex");
+    const decipher = crypto.createDecipheriv(
+      this.algorithm,
+      this.key,
+      iv
+    ) as crypto.DecipherGCM;
+
+    decipher.setAuthTag(authTag);
+
+    let decrypted = decipher.update(encryptedText, "hex", "utf8");
+    decrypted += decipher.final("utf8");
+
+    return decrypted;
+  }
+}