feat(encryption): add AES-SIV support and legacy blind-index errors #5044
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the encryption integration to @boringnode/encryption@^1.0.0, adds AES-SIV driver support, and makes legacy blind-index behavior explicitly erroring.
Changes:
- Added AES-SIV driver export/config wiring (exports map, driver wrapper, config factory, type export).
- Introduced a package-level encryption
errorsexport including a legacy blind-index unsupported error. - Added tests asserting legacy blind-index calls throw.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| types/encryption.ts | Exposes AESSIVDriverConfig type for consumers. |
| tests/encryption/legacy.spec.ts | Adds coverage for legacy driver blind-index error behavior. |
| package.json | Exports AES-SIV entrypoint and bumps @boringnode/encryption dependency. |
| modules/encryption/main.ts | Re-exports module-specific errors and updates driver list docs. |
| modules/encryption/errors.ts | Defines E_LEGACY_BLIND_INDEX_NOT_SUPPORTED and aggregates exported errors. |
| modules/encryption/drivers/legacy.ts | Implements legacy blindIndex/blindIndexes as explicit throws. |
| modules/encryption/drivers/aes_siv.ts | Adds AES-SIV driver shim export for the module. |
| modules/encryption/define_config.ts | Adds drivers.aessiv() config provider factory. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| assert.throws( | ||
| () => encryption.blindIndex('foo@example.com', 'users.email'), | ||
| 'Blind indexes are not supported by the legacy encryption driver' | ||
| ) |
There was a problem hiding this comment.
If this assert is Node.js-style (or Node-compatible), passing a string as the 2nd argument is treated as the assertion message (used when the assertion fails), not as a matcher for the thrown error message. This means these tests may not actually validate the thrown error details. Prefer matching the thrown error via a RegExp / error constructor / { message: ... } object so the test asserts the correct failure mode.
| assert.throws( | ||
| () => encryption.blindIndexes('foo@example.com', 'users.email'), | ||
| 'Blind indexes are not supported by the legacy encryption driver' | ||
| ) |
There was a problem hiding this comment.
If this assert is Node.js-style (or Node-compatible), passing a string as the 2nd argument is treated as the assertion message (used when the assertion fails), not as a matcher for the thrown error message. This means these tests may not actually validate the thrown error details. Prefer matching the thrown error via a RegExp / error constructor / { message: ... } object so the test asserts the correct failure mode.
| aessiv: (config) => { | ||
| return configProvider.create(async () => { | ||
| const { AESSIV } = await import('./drivers/aes_siv.ts') | ||
| debug('configuring aessiv encryption driver') | ||
| return { | ||
| driver: (key) => new AESSIV({ id: config.id, key }), | ||
| keys: [config.key].filter((key) => !!key), | ||
| } | ||
| }) | ||
| }, |
There was a problem hiding this comment.
Using .filter((key) => !!key) does not reliably narrow the array type in TypeScript, which can leave keys typed as (string | undefined)[] even if EncryptionConfig expects string[]. Use a type-predicate filter (e.g. (key): key is string => Boolean(key)) or avoid filtering entirely if config.key is required.
| blindIndex(_payload: any, _purpose: string): string { | ||
| throw new E_LEGACY_BLIND_INDEX_NOT_SUPPORTED() | ||
| } | ||
|
|
||
| /** | ||
| * Legacy driver does not support blind indexes. | ||
| */ | ||
| blindIndexes(_payload: any, _purpose: string): string[] { |
There was a problem hiding this comment.
Using any for _payload weakens type-safety for callers and makes it easier to accidentally pass unsupported values without compiler feedback. If the contract allows it, prefer unknown (or a narrower union) for _payload since the method intentionally does not consume it.
| blindIndex(_payload: any, _purpose: string): string { | |
| throw new E_LEGACY_BLIND_INDEX_NOT_SUPPORTED() | |
| } | |
| /** | |
| * Legacy driver does not support blind indexes. | |
| */ | |
| blindIndexes(_payload: any, _purpose: string): string[] { | |
| blindIndex(_payload: unknown, _purpose: string): string { | |
| throw new E_LEGACY_BLIND_INDEX_NOT_SUPPORTED() | |
| } | |
| /** | |
| * Legacy driver does not support blind indexes. | |
| */ | |
| blindIndexes(_payload: unknown, _purpose: string): string[] { |
| blindIndex(_payload: any, _purpose: string): string { | ||
| throw new E_LEGACY_BLIND_INDEX_NOT_SUPPORTED() | ||
| } | ||
|
|
||
| /** | ||
| * Legacy driver does not support blind indexes. | ||
| */ | ||
| blindIndexes(_payload: any, _purpose: string): string[] { |
There was a problem hiding this comment.
Using any for _payload weakens type-safety for callers and makes it easier to accidentally pass unsupported values without compiler feedback. If the contract allows it, prefer unknown (or a narrower union) for _payload since the method intentionally does not consume it.
| blindIndex(_payload: any, _purpose: string): string { | |
| throw new E_LEGACY_BLIND_INDEX_NOT_SUPPORTED() | |
| } | |
| /** | |
| * Legacy driver does not support blind indexes. | |
| */ | |
| blindIndexes(_payload: any, _purpose: string): string[] { | |
| blindIndex(_payload: unknown, _purpose: string): string { | |
| throw new E_LEGACY_BLIND_INDEX_NOT_SUPPORTED() | |
| } | |
| /** | |
| * Legacy driver does not support blind indexes. | |
| */ | |
| blindIndexes(_payload: unknown, _purpose: string): string[] { |
1 participant
Hey there! 👋🏻
This PR updates @boringnode/encryption to version 1.0.0.
It adds AES-SIV driver exports, and makes legacy driver behavior explicit for blind index operations.