✨ Add support to query encrypted data

Signed-off-by: SAMI BETTAYEB <[email protected]>

Author: SAMIBETTAYEB

lib/postgresql.js

@@ -588,6 +588,17 @@ PostgreSQL.prototype.buildWhere = function(model, where) {
   return whereClause;
 };
 
+PostgreSQL.prototype.getEncryptionFields = function(modelDefinition) {
+  if(modelDefinition 
+    && modelDefinition.settings 
+    && modelDefinition.settings.mixins 
+    && modelDefinition.settings.mixins.Encryption 
+    && modelDefinition.settings.mixins.Encryption.fields){
+      return modelDefinition.settings.mixins.Encryption.fields
+    }
+  return []
+}
+
 /**
  * @private
  * @param model
@@ -606,6 +617,7 @@ PostgreSQL.prototype._buildWhere = function(model, where) {
   const self = this;
   const props = self.getModelDefinition(model).properties;
 
+  const encryptedFields = this.getEncryptionFields(this.getModelDefinition(model))
   const whereStmts = [];
   for (const key in where) {
     const stmt = new ParameterizedSQL('', []);
@@ -646,7 +658,18 @@ PostgreSQL.prototype._buildWhere = function(model, where) {
     }
     // eslint-disable one-var
     let expression = where[key];
-    const columnName = self.columnEscaped(model, key);
+    let columnName = self.columnEscaped(model, key);
+    if(encryptedFields.includes(key)){
+      columnName = `convert_from(
+        decrypt_iv(
+          DECODE(${key},'hex')::bytea,
+          decode('${process.env.ENCRYPTION_HEX_KEY}','hex')::bytea,
+          decode('${process.env.ENCRYPTION_HEX_IV}','hex')::bytea, 
+          'aes'
+        ),
+        'utf8'
+      )`
+    }
     // eslint-enable one-var
     if (expression === null || expression === undefined) {
       stmt.merge(columnName + ' IS NULL');