Search code examples
javascriptnode.jscryptojs

how this function processes json object?

I need help to understand how the following function in nodejs processes json, i'am aware that the function receives a json body and an aes key to encrypt the fields:

function encryptAllValuesFromObject(body, key) {
    var bodyEnc = __assign({}, body);
    var parametersNames = Object.keys(body);
    parametersNames.forEach(function (parameter) {
        bodyEnc[parameter] = crypto_js_1.AES.encrypt(typeof (body[parameter]) !== 'string' ? JSON.stringify(body[parameter]) : body[parameter], key).toString();
    });
    return bodyEnc;
}

Assuming the function receives the following json, what should the output be like?

{
   "origin": {
      "typeId": "RUT",
      "numberId": "13501153-3",
      "accountId": "50010789193",
      "productId": "5",
      "subProductId": "5-202"
   },
   "destiny": {
      "typeId": "RUT",
      "numberId": "12870857-k",
      "name": "Prueba",
      "email": "prueba@gmail.com",
      "bankCode": "051",
      "bankDesc": "Banco Falabella",
      "accountId": "10012461337",
      "accountTypeId": "1",
      "accountDesc": "Cuenta Corriente"
       "isFavourite": true,
      "isNewContact": true,
      "saveContact": true
   },
   "subject": "Prueba Transferencia Mobile",
   "amount": "1",
   "softToken": "123456"
}

the output is supposed to be like this before being sent via post request: enter image description here

Solution

  • The function expects an object (body) and a key.

    function encryptAllValuesFromObject(body, key) {

    __assign isn't a standard function, but I assume it's a shortcut to Object.assign which do a shallow copy of one or more objects into the first object. They copy the data from body into an empty object, so that they don't change data in the body object.

    var bodyEnc = __assign({}, body);

    Object.keys retrieves all the own keys from the body object and return them in an array, so it can be used to iterate over the keys. With "own keys" I mean the properties owned by the object, and not any keys from the prototype chain.

    var parametersNames = Object.keys(body);

    Since parametersNames is an array, they use forEach to iterate over the keys, and it calls the anonymous function for every key.

    parametersNames.forEach(function (parameter) {

    Now it is time to replace the value in bodyEnc for each paramter.

        bodyEnc[parameter] =

    It calls the function to encrypt the data

        crypto_js_1.AES.encrypt(

    It checks it the parameter is not a string.

        typeof (body[parameter]) !== 'string' ?

    If it isn't a string, they call JSON.stringify to convert the object into a string (here you have JSON).

    JSON.stringify(body[parameter]) :

    If it is a string, it is supplied directly to the encrypt function

    body[parameter]

    As the second parameter to the encrypt function they supply the key , key)

    And convert the encrypted data to a string.

    .toString();

});

    And the they return the new object with the encrypted data.

      return bodyEnc;
}

    The function can be simplified. There is no need to handle strings differently: Just call JSON.stingify on everything. It makes the decryption easier, since you no longer have to know if it was a string or object when encrypting.

    Why not encrypt the whole object instead? Then you don't leak the keys, and it is easier to code.