hobokenchicken/GopherGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: prioritize database provider configs and implement API key encryption
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Build (push) Has been cancelled
Details

Browse Source 
- Added AES-GCM encryption/decryption for provider API keys in the database.
- Implemented RefreshProviders to load provider configs from the database with precedence over environment variables.
- Updated dashboard handlers to encrypt keys on save and trigger in-memory provider refresh.
- Updated Grok test model to grok-3-mini for better compatibility.
This commit is contained in:
Dustin Newkirk
2026-03-25 13:04:26 +00:00
parent 9380580504
commit 348341f304
3 changed files with 182 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
internal/utils/crypto.go Normal file
View File

@@ -0,0 +1,71 @@
package utils
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"fmt"
"io"
)
// Encrypt encrypts plain text using AES-GCM with the given 32-byte key.
func Encrypt(plainText string, key []byte) (string, error) {
if len(key) != 32 {
return "", fmt.Errorf("encryption key must be 32 bytes")
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
nonce := make([]byte, gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return "", err
}
// The nonce should be prepended to the ciphertext
cipherText := gcm.Seal(nonce, nonce, []byte(plainText), nil)
return base64.StdEncoding.EncodeToString(cipherText), nil
}
// Decrypt decrypts base64-encoded cipher text using AES-GCM with the given 32-byte key.
func Decrypt(encodedCipherText string, key []byte) (string, error) {
if len(key) != 32 {
return "", fmt.Errorf("encryption key must be 32 bytes")
}
cipherText, err := base64.StdEncoding.DecodeString(encodedCipherText)
if err != nil {
return "", err
}
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
nonceSize := gcm.NonceSize()
if len(cipherText) < nonceSize {
return "", fmt.Errorf("cipher text too short")
}
nonce, actualCipherText := cipherText[:nonceSize], cipherText[nonceSize:]
plainText, err := gcm.Open(nil, nonce, actualCipherText, nil)
if err != nil {
return "", err
}
return string(plainText), nil
}