added a new param - encryptIV, removed a param - noEncription

Author: Alqanar

README.md

@@ -64,7 +64,6 @@ It takes the following arguments:
 - `salt` (`string | undefined`) - (optional) the salt used to encode the URL. It must be a hex-encoded 16-byte string. This option overrides IMGPROXY_SALT environment variable from process.env for this call.
 - `key` (`string | undefined`) - (optional) the key used to encode the URL. It must be a hex-encoded 16-byte string. This option overrides IMGPROXY_KEY environment variable from process.env for this call.
 - `encryptKey` (`string | undefined`) - (optional, **PRO feature**) the key used to encrypt the URL. The key should be either 16, 24, or 32 bytes long for AES-128-CBC, AES-192-CBC, or AES-256-CBC, respectively. This option overrides IMGPROXY_SOURCE_URL_ENCRYPTION_KEY environment variable from process.env for this call. Actual only for plain url type.
-- `noEncription` (`boolean`) - (optional, **PRO feature**, default `false`) if true, the URL will not be encrypted. Actual only for plain url type. We strongly recommend to use encryption for url.
 
 ### generateImageInfoUrl
 
@@ -83,4 +82,3 @@ It takes the following arguments:
 - `salt` (`string | undefined`) - (optional) the salt used to encode the URL. It must be a hex-encoded 16-byte string. This option overrides IMGPROXY_SALT from process.env for one request.
 - `key` (`string | undefined`) - (optional) the key used to encode the URL. It must be a hex-encoded 16-byte string. This option overrides IMGPROXY_KEY from process.env for one request.
 - `encryptKey` (`string | undefined`) - (optional, **PRO feature**) the key used to encrypt the URL. The key should be either 16, 24, or 32 bytes long for AES-128-CBC, AES-192-CBC, or AES-256-CBC, respectively. This option overrides IMGPROXY_SOURCE_URL_ENCRYPTION_KEY from process.env for one request. Actual only for plain url type.
-- `noEncription` (`boolean`) - (optional, **PRO feature**, default `false`) if true, the URL will not be encrypted. Actual only for plain url type. We strongly recommend to use encryption for url.

src/methods/generateImageInfoUrl.ts

@@ -19,8 +19,8 @@ import type { IGenerateImageInfoUrl } from "../types";
  * @param {string} [key] - (optional) hex-encoded key. This option overrides IMGPROXY_KEY from process.env for this request
  * @param {string} [encryptKey] - (optional, PRO feature) hex-encoded key for encrypting url. Actual only for plain url type.
  * This option overrides IMGPROXY_SOURCE_URL_ENCRYPTION_KEY from process.env for this request
- * @param {boolean} [noEncription=false] - (optional, PRO feature) actual only for plain url type. If true, url will not be encrypted.
- * We strongly recommend to use encryption for url. default: `false`
+ ** @param {string} [encryptIV] - (optional, PRO feature) hex-encoded 16-bytes length IV for encrypting url.
+ * More details about IV you can read in [imgproxy docs](https://docs.imgproxy.net/usage/encrypting_source_url#iv-generation)
  *
  * @returns {string}
  *
@@ -46,9 +46,9 @@ const generateImageInfoUrl = ({
   salt,
   key,
   encryptKey,
-  noEncription,
+  encryptIV,
 }: IGenerateImageInfoUrl): string => {
-  const changedUrl = normalizeUrl({ url, encryptKey, noEncription });
+  const changedUrl = normalizeUrl({ url, encryptKey, encryptIV });
 
   //generating url with options
   const optionsString = generateImageInfoUrlCore(changedUrl, options);

src/methods/generateImageUrl.test.ts

@@ -81,18 +81,4 @@ describe("generateImageUrl", () => {
 
     expect(result).toContain("/enc/");
   });
-
-  it("shouldn't encrypt URL if noEncription is true", () => {
-    const result = generateImageUrl({
-      baseUrl: "https://imgproxy.example.com/",
-      url: { value: "https://example.com/image.jpg", resultType: "plain" },
-      salt: "520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5",
-      key: "943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881",
-      encryptKey:
-        "52dd01d54fcbd79ff247fcff1d2f200ce6b95546f960b084faa1d269fb95d600",
-      noEncription: true,
-    });
-
-    expect(result).toContain("/plain/");
-  });
 });

src/methods/generateImageUrl.ts

@@ -14,10 +14,10 @@ import type { IGenerateImageUrl } from "../types";
  * or in Options types in imgproxy-js-core.d.ts
  * @param {string} [salt] - (optional) hex-encoded salt. This option overrides IMGPROXY_SALT from process.env for this request
  * @param {string} [key] - (optional) hex-encoded key. This option overrides IMGPROXY_KEY from process.env for this request
- * @param {string} [encryptKey] - (optional, PRO feature) hex-encoded key for encrypting url. Actual only for plain url type.
+ * @param {string} [encryptKey] - (optional, PRO feature) hex-encoded key for encrypting url.
  * This option overrides IMGPROXY_SOURCE_URL_ENCRYPTION_KEY from process.env for this request
- * @param {boolean} [noEncription=false] - (optional, PRO feature) actual only for plain url type. If true, url will not be encrypted.
- * We strongly recommend to use encryption for url. default: `false`
+ * @param {string} [encryptIV] - (optional, PRO feature) hex-encoded 16-bytes length IV for encrypting url.
+ * More details about IV you can read in [imgproxy docs](https://docs.imgproxy.net/usage/encrypting_source_url#iv-generation)
  *
  * @returns {string}
  *
@@ -42,9 +42,9 @@ const generateImageUrl = ({
   salt,
   key,
   encryptKey,
-  noEncription,
+  encryptIV,
 }: IGenerateImageUrl): string => {
-  const changedUrl = normalizeUrl({ url, encryptKey, noEncription });
+  const changedUrl = normalizeUrl({ url, encryptKey, encryptIV });
 
   //generating url with options
   const optionsString = generateUrl(changedUrl, options);

src/types.ts

@@ -4,16 +4,21 @@ import type {
   URL,
 } from "@imgproxy/imgproxy-js-core";
 
-export interface IMaybePair {
+export interface IMaybeSignPair {
   salt: string | undefined;
   key: string | undefined;
 }
 
-export interface IPair {
+export interface ISignPair {
   salt: string;
   key: string;
 }
 
+export interface ICryptPair {
+  key: string;
+  iv: string;
+}
+
 export interface IRawUrl {
   value: string;
   resultType?: URL["type"];
@@ -25,7 +30,7 @@ interface BaseGenerateImageUrl {
   salt?: string;
   key?: string;
   encryptKey?: string;
-  noEncription?: boolean;
+  encryptIV?: string;
 }
 
 export interface IGenerateImageInfoUrl extends BaseGenerateImageUrl {

src/utils/getEncryptKey.test.ts

@@ -1,18 +1,39 @@
-import { describe, expect, it } from "vitest";
-import getEncryptKey from "./getEncryptKey";
+import { describe, expect, it, vi } from "vitest";
+import crypto from "crypto";
+import getEncryptPair from "./getEncryptPair";
 
 describe("getEncryptKey", () => {
   it("should return undefined if key is not defined", () => {
-    const result = getEncryptKey(undefined);
+    const result = getEncryptPair(undefined);
 
     expect(result).toBe(undefined);
   });
 
-  it("should return String if key is defined", () => {
-    const result = getEncryptKey(
+  it("should return object with key and generated iv if key is defined", () => {
+    const spy = vi.spyOn(crypto, "randomBytes");
+    spy.mockImplementationOnce(() =>
+      Buffer.from("e664535f505d3b6ae939fe1169b22e2d", "hex")
+    );
+
+    const result = getEncryptPair(
       "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1"
     );
 
-    expect(typeof result).toBe("string");
+    expect(result).toStrictEqual({
+      key: "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1",
+      iv: "e664535f505d3b6ae939fe1169b22e2d",
+    });
+  });
+
+  it("should return object with key and iv if they are defined", () => {
+    const result = getEncryptPair(
+      "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1",
+      "e664535f505d3b6ae939fe1169b22e2d"
+    );
+
+    expect(result).toStrictEqual({
+      key: "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1",
+      iv: "e664535f505d3b6ae939fe1169b22e2d",
+    });
   });
 });

src/utils/getEncryptKey.ts

@@ -0,0 +1,20 @@
+import crypto from "crypto";
+import type { ICryptPair } from "../types";
+
+const KEY = process.env.IMGPROXY_SOURCE_URL_ENCRYPTION_KEY;
+
+const getEncryptPair = (
+  key: string | undefined,
+  genIv?: string | undefined
+): ICryptPair | undefined => {
+  const k = key || KEY;
+
+  if (!k) return undefined;
+
+  return {
+    key: k,
+    iv: genIv ? genIv : crypto.randomBytes(16).toString("hex"),
+  };
+};
+
+export default getEncryptPair;

src/utils/getEncryptPair.ts

@@ -1,18 +1,12 @@
-import { describe, expect, it, vi } from "vitest";
-import crypto from "crypto";
+import { describe, expect, it } from "vitest";
 import { getEncryptedUrl } from "./getEncryptedUrl";
 
 describe("getEncryptedUrl", () => {
   it("should return a valid encrypted URL", () => {
-    const spy = vi.spyOn(crypto, "randomBytes");
-    spy.mockImplementationOnce(() =>
-      Buffer.from("e664535f505d3b6ae939fe1169b22e2d", "hex")
-    );
-
-    const result = getEncryptedUrl(
-      "https://example.com/image.jpg",
-      "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1"
-    );
+    const result = getEncryptedUrl("https://example.com/image.jpg", {
+      key: "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1",
+      iv: "e664535f505d3b6ae939fe1169b22e2d",
+    });
 
     expect(result).toBe(
       "5mRTX1BdO2rpOf4RabIuLRo5XHgNeEqAfturvYUVzVXfh75f8b5ulIvbh2JawTzP"

src/utils/getEncryptedUrl.test.ts

@@ -1,10 +1,11 @@
 import crypto from "crypto";
+import { ICryptPair } from "../types.js";
 import withCache from "./withCache.js";
 
-const getEncryptedUrl = (url: string, key: string): string => {
-  const bufferKey = Buffer.from(key, "hex");
+const getEncryptedUrl = (url: string, pair: ICryptPair): string => {
+  const bufferKey = Buffer.from(pair.key, "hex");
+  const iv = Buffer.from(pair.iv, "hex");
   const data = Buffer.from(url).toString("binary");
-  const iv = crypto.randomBytes(16);
   const cipher = crypto.createCipheriv("aes-256-cbc", bufferKey, iv);
 
   const encrypted = Buffer.from(