Make Encrypted type strict

This simply matches the existing types, not what we would like `EncString`, `EncArrayBuffer`, and `Encrypted` to represent. We can't throw in construction of EncStrings because that would cause early errors all over the place we aren't ready to deal with, yet.
2026-02-10 21:50:15 +00:00 · 2025-03-04 15:08:59 -08:00
parent 9754167faa
commit 3392d18957
3 changed files with 25 additions and 28 deletions
--- a/libs/common/src/platform/interfaces/encrypted.ts
+++ b/libs/common/src/platform/interfaces/encrypted.ts
@@ -2,7 +2,7 @@ import { EncryptionType } from "../enums";

 export interface Encrypted {
  encryptionType?: EncryptionType;
-  dataBytes: Uint8Array;
-  macBytes: Uint8Array;
-  ivBytes: Uint8Array;
+  dataBytes: Uint8Array | null;
+  macBytes: Uint8Array | null | undefined;
+  ivBytes: Uint8Array | null;
 }
--- a/libs/common/src/platform/models/domain/enc-array-buffer.ts
+++ b/libs/common/src/platform/models/domain/enc-array-buffer.ts
@@ -1,5 +1,3 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 import { Utils } from "../../../platform/misc/utils";
 import { EncryptionType } from "../../enums";
 import { Encrypted } from "../../interfaces/encrypted";
@@ -10,16 +8,16 @@ const MAC_LENGTH = 32;
 const MIN_DATA_LENGTH = 1;

 export class EncArrayBuffer implements Encrypted {
-  readonly encryptionType: EncryptionType = null;
-  readonly dataBytes: Uint8Array = null;
-  readonly ivBytes: Uint8Array = null;
-  readonly macBytes: Uint8Array = null;
+  readonly encryptionType?: EncryptionType;
+  readonly dataBytes: Uint8Array | null = null;
+  readonly ivBytes: Uint8Array | null = null;
+  readonly macBytes: Uint8Array | undefined | null = null;

  constructor(readonly buffer: Uint8Array) {
    const encBytes = buffer;
-    const encType = encBytes[0];
+    this.encryptionType = encBytes[0];

-    switch (encType) {
+    switch (this.encryptionType) {
      case EncryptionType.AesCbc128_HmacSha256_B64:
      case EncryptionType.AesCbc256_HmacSha256_B64: {
        const minimumLength = ENC_TYPE_LENGTH + IV_LENGTH + MAC_LENGTH + MIN_DATA_LENGTH;
@@ -48,8 +46,6 @@ export class EncArrayBuffer implements Encrypted {
      default:
        this.throwDecryptionError();
    }
-
-    this.encryptionType = encType;
  }

  private throwDecryptionError() {
--- a/libs/common/src/platform/models/domain/enc-string.ts
+++ b/libs/common/src/platform/models/domain/enc-string.ts
@@ -1,5 +1,3 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 import { Jsonify, Opaque } from "type-fest";

 import { EncryptService } from "../../../key-management/crypto/abstractions/encrypt.service";
@@ -17,7 +15,7 @@ export class EncString implements Encrypted {
  decryptedValue?: string;
  data?: string;
  iv?: string;
-  mac?: string;
+  mac: string | undefined | null;

  constructor(
    encryptedStringOrType: string | EncryptionType,
@@ -32,15 +30,15 @@ export class EncString implements Encrypted {
    }
  }

-  get ivBytes(): Uint8Array {
+  get ivBytes(): Uint8Array | null {
    return this.iv == null ? null : Utils.fromB64ToArray(this.iv);
  }

-  get macBytes(): Uint8Array {
+  get macBytes(): Uint8Array | null {
    return this.mac == null ? null : Utils.fromB64ToArray(this.mac);
  }

-  get dataBytes(): Uint8Array {
+  get dataBytes(): Uint8Array | null {
    return this.data == null ? null : Utils.fromB64ToArray(this.data);
  }

@@ -48,7 +46,7 @@ export class EncString implements Encrypted {
    return this.encryptedString as string;
  }

-  static fromJSON(obj: Jsonify<EncString>): EncString {
+  static fromJSON(obj: Jsonify<EncString>): EncString | null {
    if (obj == null) {
      return null;
    }
@@ -56,7 +54,12 @@ export class EncString implements Encrypted {
    return new EncString(obj);
  }

-  private initFromData(encType: EncryptionType, data: string, iv: string, mac: string) {
+  private initFromData(
+    encType: EncryptionType,
+    data: string,
+    iv: string | undefined,
+    mac: string | undefined,
+  ) {
    if (iv != null) {
      this.encryptedString = (encType + "." + iv + "|" + data) as EncryptedString;
    } else {
@@ -119,15 +122,13 @@ export class EncString implements Encrypted {
  } {
    const headerPieces = encryptedString.split(".");
    let encType: EncryptionType;
-    let encPieces: string[] = null;
+    let encPieces: string[];

    if (headerPieces.length === 2) {
      try {
-        encType = parseInt(headerPieces[0], null);
+        encType = parseInt(headerPieces[0]);
        encPieces = headerPieces[1].split("|");
-        // FIXME: Remove when updating file. Eslint update
-        // eslint-disable-next-line @typescript-eslint/no-unused-vars
-      } catch (e) {
+      } catch {
        return { encType: NaN, encPieces: [] };
      }
    } else {
@@ -160,7 +161,7 @@ export class EncString implements Encrypted {

  async decrypt(
    orgId: string | null,
-    key: SymmetricCryptoKey = null,
+    key: SymmetricCryptoKey | null = null,
    context?: string,
  ): Promise<string> {
    if (this.decryptedValue != null) {
@@ -219,7 +220,7 @@ export class EncString implements Encrypted {

    return this.decryptedValue;
  }
-  private async getKeyForDecryption(orgId: string) {
+  private async getKeyForDecryption(orgId: string | null) {
    const keyService = Utils.getContainerService().getKeyService();
    return orgId != null
      ? await keyService.getOrgKey(orgId)