-
Notifications
You must be signed in to change notification settings - Fork 12
/
handler.js
57 lines (55 loc) · 2.05 KB
/
handler.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
'use strict';
const AWS = require('aws-sdk');
const openpgp = require('openpgp');
openpgp.config.show_version = false;
openpgp.config.show_comment = false;
module.exports.encrypt = (event, context, callback) => {
if(!event.Records[0].s3.object.key.endsWith('.pgp')){// don't try to encrypt files that are already encrypted
const s3 = new AWS.S3();
const s3bucket = event.Records[0].s3.bucket.name;
const s3key = event.Records[0].s3.object.key.replace(/\+/g,' ').replace(/%2B/g, '+');
s3.getObject({
'Bucket': s3bucket,
'Key': s3key,
}, function(err, data){
let fileBuffer = Buffer.from(data.Body);
openpgp.initWorker({}); // initialise openpgpjs
const openpgpPublicKey = openpgp.key.readArmored(Buffer.from(process.env.BASE64ENCODEDPUBLICKEY, 'base64').toString('ascii').trim());
const fileForOpenpgpjs = new Uint8Array(fileBuffer);
const options = {
data: fileForOpenpgpjs,
publicKeys: openpgpPublicKey.keys,
armor: false
};
openpgp.encrypt(options).then(function(cipherText) {
let encrypted = cipherText.message.packets.write();
let s3params = {
Body: Buffer.from(encrypted),
Bucket: s3bucket,
Key: s3key + '.pgp',
};
s3.putObject(s3params, function(err){
if(err){
// eslint-disable-next-line
console.log(err, err.stack);
}else{
//successfully encrypted file, delete unencrypted original
let deleteParams = {
Bucket: s3bucket,
Key: s3key,
};
s3.deleteObject(deleteParams, function(err, data){
if(err){
// eslint-disable-next-line
console.log(err, err.stack);
}else{
// eslint-disable-next-line
console.log('s3-pgp-encryptor replaced ' + s3bucket + '/' + s3key + ' with ' + s3key + '.pgp');
}
});
}
});
});
});
}
};