Merge pull request #10 from simonratner/issue-5

Allow specifying a custom id field name

Author: simonratner

lib/encrypted-attr.js

@@ -11,6 +11,12 @@ function EncryptedAttributes (attributes, options) {
 
   let prefix = Buffer.from(`${alg}$`).toString('base64')
 
+  // Default to `id` attribute as the object identifier, but allow override.
+  let verifyId = options.verifyId
+  if (verifyId && typeof verifyId !== 'string') {
+    verifyId = 'id'
+  }
+
   function encryptAttribute (obj, val) {
     // Encrypted attributes are prefixed with "aes-256-gcm$", the base64
     // encoding of which is in `prefix`. Nulls are not encrypted.
@@ -20,13 +26,13 @@ function EncryptedAttributes (attributes, options) {
     if (typeof val !== 'string') {
       throw new Error('Encrypted attribute must be a string')
     }
-    if (options.verifyId && !obj.id) {
-      throw new Error('Cannot encrypt without \'id\' attribute')
+    if (verifyId && !obj[verifyId]) {
+      throw new Error(`Cannot encrypt without '${verifyId}'`)
     }
     // Recommended 96-bit nonce with AES-GCM.
     let iv = crypto.randomBytes(12)
     let aad = Buffer.from(
-      `${alg}$${options.verifyId ? obj.id.toString() : ''}$${options.keyId}`)
+      `${alg}$${verifyId ? obj[verifyId].toString() : ''}$${options.keyId}`)
     let key = Buffer.from(options.keys[options.keyId], 'base64')
     let gcm = crypto.createCipheriv(alg, key, iv)
     gcm.setAAD(aad)
@@ -55,8 +61,8 @@ function EncryptedAttributes (attributes, options) {
     if (typeof val !== 'string' || !val.startsWith(prefix)) {
       return val
     }
-    if (options.verifyId && !obj.id) {
-      throw new Error('Cannot decrypt without \'id\' attribute')
+    if (verifyId && !obj[verifyId]) {
+      throw new Error(`Cannot decrypt without '${verifyId}'`)
     }
     let parts = val.split('$').map((x) => Buffer.from(x, 'base64'))
     let aad = parts[0]
@@ -68,8 +74,8 @@ function EncryptedAttributes (attributes, options) {
     let id = parts[1]
     let keyId = parts[2]
 
-    if (options.verifyId && (id !== obj.id.toString())) {
-      throw new Error('Encrypted attribute has invalid id')
+    if (verifyId && (id !== obj[verifyId].toString())) {
+      throw new Error(`Encrypted attribute has invalid '${verifyId}'`)
     }
     if (!options.keys[keyId]) {
       throw new Error('Encrypted attribute has invalid key id')

test/encrypted-attr.spec.js

@@ -78,6 +78,18 @@ describe('encrypted attributes', function () {
     expect(() => enc.encryptAttribute(obj, 'value'), 'to throw', /cannot encrypt without 'id'/i)
   })
 
+  it('should throw when encrypting without id (custom field)', function () {
+    let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: '_id'}))
+    let obj = {}
+    expect(() => enc.encryptAttribute(obj, 'value'), 'to throw', /cannot encrypt without '_id'/i)
+  })
+
+  it('should encrypt with custom id field name', function () {
+    let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: '_id'}))
+    let obj = {_id: 1}
+    expect(() => enc.encryptAttribute(obj, 'value'), 'not to throw')
+  })
+
   it('should encrypt without id when verify id option is false', function () {
     let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: false}))
     let obj = {}
@@ -142,7 +154,15 @@ describe('encrypted attributes', function () {
     let obj = {id: 1}
     // aad: aes-256-gcm$02$k1
     let invalidId = 'YWVzLTI1Ni1nY20kMiRrMQ==$sK91YfUvv+O8Jx/m$OOQniq8=$WLbWYz7uCQBTNO3Fc+5UvA'
-    expect(() => enc.decryptAttribute(obj, invalidId), 'to throw', /invalid id/i)
+    expect(() => enc.decryptAttribute(obj, invalidId), 'to throw', /invalid 'id'/i)
+  })
+
+  it('should throw when decrypting with invalid id (custom field)', function () {
+    let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: '_id'}))
+    let obj = {_id: 1}
+    // aad: aes-256-gcm$02$k1
+    let invalidId = 'YWVzLTI1Ni1nY20kMiRrMQ==$sK91YfUvv+O8Jx/m$OOQniq8=$WLbWYz7uCQBTNO3Fc+5UvA'
+    expect(() => enc.decryptAttribute(obj, invalidId), 'to throw', /invalid '_id'/i)
   })
 
   it('should throw when decrypting with invalid key id', function () {
@@ -176,6 +196,20 @@ describe('encrypted attributes', function () {
     expect(() => enc.decryptAttribute(obj, encrypted), 'to throw', /cannot decrypt without 'id'/i)
   })
 
+  it('should throw when decrypting without id (custom field)', function () {
+    let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: '_id'}))
+    let obj = {}
+    let encrypted = 'YWVzLTI1Ni1nY20kMSRrMQ==$sK91YfUvv+O8Jx/m$OOQniq8=$WLbWYz7uCQBTNO3Fc+5UvA'
+    expect(() => enc.decryptAttribute(obj, encrypted), 'to throw', /cannot decrypt without '_id'/i)
+  })
+
+  it('should decrypt with custom id field name', function () {
+    let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: '_id'}))
+    let obj = {_id: 1}
+    let encrypted = 'YWVzLTI1Ni1nY20kMSRrMQ==$sK91YfUvv+O8Jx/m$OOQniq8=$WLbWYz7uCQBTNO3Fc+5UvA'
+    expect(() => enc.decryptAttribute(obj, encrypted), 'not to throw')
+  })
+
   it('should decrypt without id when verify id option is false', function () {
     let enc = EncryptedAttributes(['secret'], Object.assign(this.options, {verifyId: false}))
     let obj = {}