fix: safe compare encryption tags

Akord-com · Nov 22, 2023 · 2f3148c · 2f3148c
1 parent c968815
commit 2f3148c
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/package.json b/package.json
@@ -32,7 +32,7 @@
   },
   "dependencies": {
     "@akord/akord-auth": "0.29.2",
-    "@akord/crypto": "0.16.0",
+    "@akord/crypto": "0.20.0",
     "@akord/ts-cacheable": "1.0.13",
     "@esm2cjs/p-queue": "^7.3.0",
     "axios": "^1.6.2",

diff --git a/src/core/membership.ts b/src/core/membership.ts
@@ -423,7 +423,7 @@ class MembershipService extends Service {
           const tags = await this.api.getTransactionTags(uri);
           const encryptedKey = tags.find(tag => tag.name.toLowerCase() === encryptionTags.ENCRYPTED_KEY.toLowerCase()
             || tag.name.toLowerCase() === encryptionTagsLegacy.ENCRYPTED_KEY.toLowerCase())?.value
-          const iv = tags.find(tag => tag.name === encryptionTags.IV
+          const iv = tags.find(tag => tag.name.toLowerCase() === encryptionTags.IV.toLowerCase()
             || tag.name.toLowerCase() === encryptionTagsLegacy.IV.toLowerCase())?.value
           if (encryptedKey) {
             workerMessage.key = await service.dataEncrypter.decryptKey(encryptedKey);

diff --git a/yarn.lock b/yarn.lock
@@ -33,10 +33,10 @@
     reflect-metadata "^0.1.13"
     tweetnacl "^1.0.3"
 
-"@akord/crypto@0.16.0":
-  version "0.16.0"
-  resolved "https://registry.yarnpkg.com/@akord/crypto/-/crypto-0.16.0.tgz#0d8ff519808cb1a0796a1f7403176e52423ac198"
-  integrity sha512-N/XN12F3/AcYGSDiC1rRBGlNrMzyPd3YL6HdbMoE/hv36P8/NCW1cWX9+aD//S5ERRahX2SXzpPAA9/TKyynmw==
+"@akord/crypto@0.20.0":
+  version "0.20.0"
+  resolved "https://registry.yarnpkg.com/@akord/crypto/-/crypto-0.20.0.tgz#bc9685e1a5cc52a00cdbcf10333498db04bda8e2"
+  integrity sha512-wdkRFM4BbzBlzca7yy+GCAMFaGkg4xZ6V0iG6PiDUJvutNRAaqedfactudpUtEhKnqRPMyy4tS4kChhR5kcRgA==
   dependencies:
     "@akord/browser-level" "^1.0.2"
     bip39 "^3.1.0"