chore(encryption): rename encrypted to encryption

[ymc9]

No description provided.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a significant refactoring of the encryption functionality in the runtime package. The changes involve removing the old encrypted.ts file and introducing a new encryption.ts file with a more comprehensive encryption mechanism for Prisma clients. The implementation now provides a withEncrypted function that uses a proxy-based approach to handle encryption and decryption of fields marked with the @encrypted attribute. The create-enhancement.ts file has been updated to integrate this new encryption enhancement into the existing enhancement system.

Changes

File	Change Summary
packages/runtime/src/enhancements/edge/encrypted.ts	File removed - Previous encryption implementation
packages/runtime/src/enhancements/edge/encryption.ts	New file added with withEncrypted function and EncryptedHandler class implementing advanced encryption handling
packages/runtime/src/enhancements/node/create-enhancement.ts	Updated ALL_ENHANCEMENTS constant to include 'encryption' and modified enhancement creation logic

Sequence Diagram

sequenceDiagram
    participant Client
    participant Prisma
    participant EncryptedHandler
    participant Encryption

    Client->>Prisma: Apply withEncrypted
    Prisma->>EncryptedHandler: Create proxy
    EncryptedHandler->>Encryption: Validate options
    Client->>Prisma: Write data
    Prisma->>EncryptedHandler: Preprocess write payload
    EncryptedHandler->>Encryption: Encrypt fields
    Prisma->>Client: Save encrypted data
    Client->>Prisma: Read data
    Prisma->>EncryptedHandler: Process result
    EncryptedHandler->>Encryption: Decrypt fields
    EncryptedHandler->>Client: Return decrypted data

Loading

Possibly related PRs

• feat: Add @encrypted enhancer #1922: Introduces the original @encrypted enhancer and withEncrypted function
• feat: improvements to "encryption" enhancement #1927: Modifies the create-enhancement.ts file to update naming conventions for encryption enhancement

Tip

CodeRabbit's docstrings feature is now available as part of our Early Access Program! Simply use the command @coderabbitai generate docstrings to have CodeRabbit automatically generate docstrings for your pull request. We would love to hear your feedback on Discord.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

packages/runtime/src/enhancements/edge/encryption.ts (3)

1-1: Remove or clarify unused reference on line 1
It appears that ../node/encryption.ts is left at the top of this file without being imported, which can cause confusion. If this file reference is no longer needed, consider removing it or converting it to a comment to clarify its purpose.

-../node/encryption.ts
+// ../node/encryption.ts   // Clarify or remove if unused

---

Line range hint 21-32: Ensure robust validation of encryption options
Within the constructor, the checks for encryption options are good. However, storing options.encryption in a local member variable can improve readability and maintainability (instead of accessing this.options.encryption! repeatedly).

 constructor(prisma: DbClientContract, model: string, options: InternalEnhancementOptions) {
     super(prisma, model, options);

+    const encryptionConfig = options.encryption;
     if (!options.encryption) {
         throw this.queryUtils.unknownError('Encryption options must be provided');
     }

     if (this.isCustomEncryption(options.encryption!)) {
         if (!options.encryption.encrypt || !options.encryption.decrypt) {
             throw this.queryUtils.unknownError('Custom encryption must provide encrypt and decrypt functions');
         }
     } else {
         if (!options.encryption.encryptionKey) {
             throw this.queryUtils.unknownError('Encryption key must be provided');
         }
         if (options.encryption.encryptionKey.length !== 32) {
             throw this.queryUtils.unknownError('Encryption key must be 32 bytes');
         }
     }
 }

---

Line range hint 55-78: Cache imported CryptoKey to improve performance
Repeatedly calling crypto.subtle.importKey inside encrypt can be expensive if this method is invoked frequently. Consider caching the imported CryptoKey in the constructor or a lazy-loaded property.

 private cachedKey: CryptoKey | undefined;

 private async encrypt(field: FieldInfo, data: string): Promise<string> {
     const encryption = this.options.encryption!;
     if (this.isCustomEncryption(encryption)) {
         return encryption.encrypt(this.model, field, data);
     }

-    const key = await this.getKey(encryption.encryptionKey);
+    const key = this.cachedKey ?? await this.getKey(encryption.encryptionKey);
+    this.cachedKey = key;

     const iv = crypto.getRandomValues(new Uint8Array(12));
     ...
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8486f64 and 296b58c.

📒 Files selected for processing (3)

• packages/runtime/src/enhancements/edge/encrypted.ts (0 hunks)
• packages/runtime/src/enhancements/edge/encryption.ts (1 hunks)
• packages/runtime/src/enhancements/node/create-enhancement.ts (1 hunks)

💤 Files with no reviewable changes (1)

• packages/runtime/src/enhancements/edge/encrypted.ts

🔇 Additional comments (3)

packages/runtime/src/enhancements/edge/encryption.ts (2)

Line range hint 123-147: Confirm consistent encryption across all field types
Within preprocessWritePayload, only string fields are encrypted. If a future use case expands encryption to other data types (e.g., JSON or Buffer fields), this logic might need adjustment.

Consider searching the codebase for all @encrypted usage to ensure only string fields are annotated:

✅ Verification successful

Based on the search results, I can provide the final response:

@encrypted attribute is correctly restricted to String fields only

The codebase shows consistent handling of encrypted fields:

• The @encrypted attribute is explicitly restricted to String fields in the schema definition (stdlib.zmodel): @@@targetField([StringField])
• The encryption implementation in packages/runtime/src/enhancements/node/encryption.ts validates field type: if (encAttr && field.type === 'String')
• Test cases confirm this restriction:
  • All valid test cases use String fields with @encrypted
  • There's a test verifying that using @encrypted on a Bytes field fails with "attribute '@encrypted' cannot be used on this type of field"

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for @encrypted usage throughout the project
rg -A 4 '@encrypted'

Length of output: 9659

---

Line range hint 80-101: Validate ciphertext length prior to decryption
The decryption method expects at least 12 bytes for the IV. Consider validating the decrypted byte array length before slicing to avoid runtime errors on malformed or truncated data.

 const bytes = Uint8Array.from(atob(data), (c) => c.charCodeAt(0));

-const decrypted = await crypto.subtle.decrypt(
-    {
-        name: 'AES-GCM',
-        iv: bytes.slice(0, 12),
-    },
-    key,
-    bytes.slice(12)
-);
+if (bytes.length < 12) {
+    throw this.queryUtils.unknownError('Ciphertext too short to contain IV');
+}
+const decrypted = await crypto.subtle.decrypt(
+  {
+    name: 'AES-GCM',
+    iv: bytes.slice(0, 12),
+  },
+  key,
+  bytes.slice(12)
+);

packages/runtime/src/enhancements/node/create-enhancement.ts (1)

13-13: Encapsulate encryption import usage
The addition of withEncrypted is a logical replacement for the removed encrypted.ts. Confirm that all references to the old file are removed and that no stale imports remain.

✅ Verification successful

No stale imports or references to old encrypted.ts found

Based on the comprehensive search results, there are no references to the old encrypted.ts file in the codebase. The encryption-related code is properly organized with:

• The new withEncrypted import from './encryption'
• Consistent usage of encryption-related functionality across the codebase
• No stale or conflicting imports detected

The migration from the old encrypted.ts to the new structure appears to be complete and clean.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any reference to the old `encrypted.ts` file
rg 'encrypted.ts'

Length of output: 17

---

Script:

#!/bin/bash
# Search for any references to 'encrypted' in the codebase
rg -i 'encrypted' --type ts

Length of output: 7699

---

Script:

#!/bin/bash
# Search for any imports related to encryption
ast-grep --pattern 'import { $_ } from $path' | grep -i 'encrypt'

Length of output: 65

---

Script:

#!/bin/bash
# Find all TypeScript files that might contain encryption-related code
fd -e ts -e tsx | xargs grep -l -i 'encrypt'

Length of output: 501