encrypt the sensitive password before caching

1 year ago · 14fda53d06
2 changed files with 20 additions and 8 deletions
--- a/docs/en/framework/infrastructure/blob-storing/bunny.md
+++ b/docs/en/framework/infrastructure/blob-storing/bunny.md
@ -61,3 +61,4 @@ Bunny Blob Provider organizes BLOB name and implements some conventions. The ful

 * `BunnyBlobProvider` is the main service that implements the Bunny BLOB storage provider, if you want to override/replace it via [dependency injection](../../fundamentals/dependency-injection.md) (don't replace `IBlobProvider` interface, but replace `BunnyBlobProvider` class).
 * `IBunnyBlobNameCalculator` is used to calculate the full BLOB name (that is explained above). It is implemented by the `DefaultBunnyBlobNameCalculator` by default.
+* `IBunnyClientFactory` is implemented by `DefaultBunnyClientFactory` by default. You can override/replace it,if you want customize.
--- a/framework/src/Volo.Abp.BlobStoring.Bunny/Volo/Abp/BlobStoring/Bunny/DefaultBunnyClientFactory.cs
+++ b/framework/src/Volo.Abp.BlobStoring.Bunny/Volo/Abp/BlobStoring/Bunny/DefaultBunnyClientFactory.cs
@ -8,25 +8,30 @@ using BunnyCDN.Net.Storage;
 using Microsoft.Extensions.Caching.Distributed;
 using Volo.Abp.Caching;
 using Volo.Abp.DependencyInjection;
+using Volo.Abp.Security.Encryption;

 namespace Volo.Abp.BlobStoring.Bunny;

-public class BunnyClientFactory : IBunnyClientFactory, ITransientDependency
+public class DefaultBunnyClientFactory : IBunnyClientFactory, ITransientDependency
 {
    private readonly IDistributedCache<StorageZone> _cache;
    private readonly IHttpClientFactory _httpClientFactory;
+    private readonly IStringEncryptionService _stringEncryptionService;
+
    private const string CacheKeyPrefix = "BunnyStorageZone:";
    private static TimeSpan CacheDuration = TimeSpan.FromHours(12);

-    public BunnyClientFactory(
+    public DefaultBunnyClientFactory(
        IHttpClientFactory httpClient,
-        IDistributedCache<StorageZone> cache)
+        IDistributedCache<StorageZone> cache,
+        IStringEncryptionService stringEncryptionService)
    {
        _cache = cache;
        _httpClientFactory = httpClient;
+        _stringEncryptionService = stringEncryptionService;
    }

-    public async Task<BunnyCDNStorage> CreateAsync(string accessKey, string containerName, string region = "de")
+    public virtual async Task<BunnyCDNStorage> CreateAsync(string accessKey, string containerName, string region = "de")
    {
        var cacheKey = $"{CacheKeyPrefix}{containerName}";
        var storageZoneInfo = await _cache.GetOrAddAsync(
@ -37,6 +42,9 @@ public class BunnyClientFactory : IBunnyClientFactory, ITransientDependency
                {
                    throw new AbpException($"Storage zone '{containerName}' not found");
                }
+
+                // Encrypt the sensitive password before caching
+                result.Password = _stringEncryptionService.Encrypt(result.Password!)!;
                return result;
            },
            () => new DistributedCacheEntryOptions
@ -50,10 +58,13 @@ public class BunnyClientFactory : IBunnyClientFactory, ITransientDependency
            throw new AbpException($"Could not retrieve storage zone information for container '{containerName}'");
        }

-        return new BunnyCDNStorage(containerName, storageZoneInfo.Password, region);
+        // Decrypt the password before using it
+        var decryptedPassword = _stringEncryptionService.Decrypt(storageZoneInfo.Password);
+
+        return new BunnyCDNStorage(containerName, decryptedPassword, region);
    }

-    public async Task EnsureStorageZoneExistsAsync(
+    public virtual async Task EnsureStorageZoneExistsAsync(
        string accessKey,
        string containerName,
        string region = "de",
@ -78,7 +89,7 @@ public class BunnyClientFactory : IBunnyClientFactory, ITransientDependency
        }
    }

-    private async Task<StorageZone> CreateStorageZoneAsync(
+    protected virtual async Task<StorageZone> CreateStorageZoneAsync(
        string accessKey,
        string containerName,
        string region)
@ -122,7 +133,7 @@ public class BunnyClientFactory : IBunnyClientFactory, ITransientDependency
        return createdZone;
    }

-    private async Task<StorageZone?> GetStorageZoneAsync(string accessKey, string containerName)
+    protected virtual async Task<StorageZone?> GetStorageZoneAsync(string accessKey, string containerName)
    {
        using var _client = _httpClientFactory.CreateClient("BunnyApiClient");
        _client.DefaultRequestHeaders.Add("AccessKey", accessKey);