added the possibility to encrypt donations

core/priv/gettext/en/LC_MESSAGES/eyra-storage.po

@@ -75,6 +75,10 @@ msgstr "WebDAV Url"
 msgid "surfresearchdrive.folder.label"
 msgstr "Folder name"
 
+#, elixir-autogen, elixir-format
+msgid "surfresearchdrive.passphrase.label"
+msgstr "Passphrase for encryption"
+
 #, elixir-autogen, elixir-format
 msgid "aws.annotation"
 msgstr "<div>Use Amazon S3 storage. More information: <a href=\"https://aws.amazon.com/s3\">https://aws.amazon.com/s3</a></div>"

core/priv/gettext/eyra-storage.pot

@@ -75,6 +75,10 @@ msgstr ""
 msgid "surfresearchdrive.folder.label"
 msgstr ""
 
+#, elixir-autogen, elixir-format
+msgid "surfresearchdrive.passphrase.label"
+msgstr ""
+
 #, elixir-autogen, elixir-format
 msgid "aws.annotation"
 msgstr ""

core/priv/repo/migrations/20231025125051_add_storage.exs

@@ -38,6 +38,7 @@ defmodule Core.Repo.Migrations.AddStorage do
       add(:password, :string)
       add(:url, :string)
       add(:folder, :string)
+      add(:passphrase, :string)
 
       timestamps()
     end

core/systems/storage/surfresearchdrive/backend.ex

@@ -1,7 +1,7 @@
 defmodule Systems.Storage.SurfResearchDrive.Backend do
   @behaviour Systems.Storage.Backend
 
-  alias Systems.Storage.SurfResearchDrive
+  alias Systems.Storage.SurfResearchDrive.Encryption 
 
   require Logger
 
@@ -10,7 +10,8 @@ defmodule Systems.Storage.SurfResearchDrive.Backend do
           "user" => username,
           "password" => password,
           "url" => url,
-          "folder" => folder
+          "folder" => folder,
+          "passphrase" => passphrase,
         } = _endpoint,
         data,
         meta_data
@@ -24,6 +25,13 @@ defmodule Systems.Storage.SurfResearchDrive.Backend do
       {"Authorization", "Basic #{credentials}"}
     ]
 
+
+    data = if passphrase != nil do 
+      Encryption.encrypt(data, passphrase)
+    else
+      data
+    end
+
     case HTTPoison.put(file_url, data, headers) do
       {:ok, %{status_code: 201}} ->
         :ok
@@ -32,7 +40,7 @@ defmodule Systems.Storage.SurfResearchDrive.Backend do
         {:error, "status_code=#{status_code},message=#{body}"}
 
       {:error, error} ->
-        Logger.error("[SurfResearchDrive.Backend] #{error}")
+        IO.inspect(error)
         {:error, error}
     end
   end

core/systems/storage/surfresearchdrive/encryption.ex

@@ -0,0 +1,42 @@
+defmodule Systems.Storage.SurfResearchDrive.Encryption do
+  @moduledoc """
+  Documentation for `Systems.Storage.SurfResearchDrive.Encryption`.
+  """
+
+  @doc """
+  Encrypt file with AES-256-CBC 
+
+  The hashed passphrase is the encryption key
+  The hash function is there to guarantee the key consists of 256 bits
+  The hasing function does not offer protection.
+  If you know the hash or the passphrase you can decrypt the data
+
+  Decryption can be done with:
+  openssl enc -d -aes-256-cbc -in <(tail -c +17 file.enc) \
+    -out file.txt \
+    -K <sha256 of passphrase> \
+    -iv <base16 encode of first 16 bytes of file.enc>
+  """
+  def encrypt(content, passphrase) do
+
+    # generate key and iv
+    key = :crypto.hash(:sha256, passphrase)
+    iv = :crypto.strong_rand_bytes(16)
+
+    padded_content = pad(content, 16)
+
+    # Encrypt content
+    cipher_text = :crypto.crypto_one_time(:aes_256_cbc, key, iv, padded_content, true)
+
+    # Prepend IV and write the result
+    iv <> cipher_text
+  end
+
+  @doc """
+  Applies PKCS7 padding to the given binary.
+  """
+  def pad(data, block_size) do
+    padding_size = block_size - rem(byte_size(data), block_size)
+    data <> :binary.copy(<<padding_size>>, padding_size)
+  end
+end

core/systems/storage/surfresearchdrive/endpoint_form.ex

@@ -13,11 +13,9 @@ defmodule Systems.Storage.SurfResearchDrive.EndpointForm do
           <.password_input form={form} field={:password} label_text={dgettext("eyra-storage", "surfresearchdrive.password.label")} debounce="0" reserve_error_space={false} />
           <.text_input form={form} field={:url} label_text={dgettext("eyra-storage", "surfresearchdrive.url.label")} placeholder="https://{url}/remote.php/webdav/>" debounce="0" reserve_error_space={false} />
           <.text_input form={form} field={:folder} label_text={dgettext("eyra-storage", "surfresearchdrive.folder.label")} debounce="0" reserve_error_space={false} />
+          <.text_input form={form} field={:passphrase} label_text={dgettext("eyra-storage", "surfresearchdrive.passphrase.label")} placeholder="Leave blank for no encryption" debounce="0" reserve_error_space={false} />
           <div class="flex flex-row gap-4 items-center mt-2">
             <Button.dynamic_bar buttons={[@submit_button]} />
-            <%= if @show_status do %>
-              <.account_status connected?={@connected?}/>
-            <% end %>
           </div>
         </div>
       </.form>

core/systems/storage/surfresearchdrive/endpoint_model.ex

@@ -5,16 +5,17 @@ defmodule Systems.Storage.SurfResearchDrive.EndpointModel do
   import Ecto.Changeset
   alias Systems.Storage.SurfResearchDrive
 
-  @fields ~w(user password url folder)a
+  @fields ~w(user password url folder passphrase)a
   @required_fields @fields
 
   @derive {Jason.Encoder, only: @fields}
-  @derive {Inspect, except: [:user, :password]}
+  @derive {Inspect, except: [:user, :password, :passphrase]}
   schema "storage_endpoints_surfresearchdrive" do
     field(:user, :string)
     field(:password, :string)
     field(:url, :string)
     field(:folder, :string)
+    field(:passphrase, :string)
 
     timestamps()
   end