Forum Academy Marketplace Showcase Pricing Features

Encrypt database

I think that the logs would only see the encrypted values (as only the front end runs the encrypt/decrypt) but I guess it depends on if the plugin inputs get shown in the log …

2 Likes

Right, here is a webtask URL that does what is needed. You really don’t want to pass every single bit of text externally !! But it can be used to prove a point.

https://wt-nigel_godfrey-gmail_com-0.sandbox.auth0-extend.com/encrypt?input=secret

https://wt-nigel_godfrey-gmail_com-0.sandbox.auth0-extend.com/decrypt?input=bd7a1d49f4dcca856f3dec44fecf7486a65e2ac1f9a8ace4b02552049b23a6bd3d16954a9a18e5fea0d7481e16f7684dS1VKn2P7dJHO4FM4CCVgPQ==

Here is the code. …

// Specify a string key:
var key = 'real secret keys should be long and random';
// Create an encryptor:
var encryptor = require('simple-encryptor')(key);
module.exports = function(context, cb) {
cb(null, encryptor.encrypt(context.query.input));
}

I have no idea why webtask takes a couple of minutes to get working, and bubble’s server side plugin editor is such a torturous route it is really really simple.

1 Like

The issue here is that, as soon as the decrypted information hits the browser, the Bubble page can send it back unencrypted to someone with edit access to the app, thus violating the “not even WE can see your data!” thing.

If someone with edit access wants, they can just run a “phone home” code at the page with the information they collected and no one will ever even know this is going on.

The other problem is that somehow you’ll have to handle both keys of the encryption, and with that you have the power to decrypt stuff.

It’s tricky to reach THAT level of privacy through encryption.

NINJA EDIT: You can tell the user to do his own manual encryption offline, but then the user would be better off with other more “underground” or p2p apps or just using facebook chat to transport his manually encrypted texts.

2 Likes

This is a long term project and Webtask doesn’t take any more clients. I’m just wondering if the easiest option is to save all data in AWS except for login data (saved at Bubble). Have some service at AWS that encrypts and decrypts (Lamba) the data using an API connected to Bubble?
I have no idea how to do this but It feels as the best longterm profesional option, an option I would be ready to pay if necessary. If someone can help me with any freelancing and any interest in taking on this project please contact me.

Thanks

Yes, and you would not want to do it externally either.

But what you can build in webtask you can build in a Server Side plugin - except that Bubble make it really difficult.

That was just intended to be a proof of concept.

2 Likes

I have this set up working with a Lambda function. I can check it out on Monday if you are willing to wait. I havent used it a lot but i think it works fine

2 Likes

Yes of course. But please be patient with me, I am a non developer. I really need to understand how to set this up from start to finish for dummies.

Thanks

Hi @boostsalesgroup , were you able to look into this?

Thanks

Hey1 I have this script working as a AWS Lambda function.
You need to create a AWS API Gateway endpoint and send your parameters there.

 const crypto = require('crypto')

    function encrypt(text, password){
    
    const cipher = crypto.createCipher('aes256', password)
    var encrypted = cipher.update(text, 'utf8', 'hex')
    encrypted += cipher.final('hex')
    console.log("Encrypted key: "+encrypted)
    return encrypted
}

function decrypt(text, password){
    
    const decipher = crypto.createDecipher('aes256', password)
    var decrypted = decipher.update(text, 'hex', 'utf8')
    decrypted += decipher.final('utf8')
    console.log("Decrypted key: "+decrypted)
    return decrypted
    
}

exports.handler = async (event) => {
    var password = "123456789"
    var authValue = event["headers"]["Authorization"]
    
    if(authValue == "1234567890"){
        const action = event['queryStringParameters']['action']
        var text1 = event['queryStringParameters']['text1']
        var text2 = event['queryStringParameters']['text2']
        var text3 = event['queryStringParameters']['text3']
        console.log(password+text1)
        if(action == 1){
            var text1 = encrypt(text1, password)
            var res2 = encrypt(text2, password)
            var res3 = encrypt(text3, password)
        }
        else{
            var res1 = decrypt(text1, password)
            var res2 = decrypt(text2, password)
            var res3 = decrypt(text3, password)
        }
    }
    else{
        var res = "Authentication failed! Access key missing"
    }

    const response = {
        statusCode: 200,
        body: JSON.stringify({ text1: text1, res2 : res2, res3 : res3 })
    };
    return response;
};
2 Likes

Is there a way to include NPM functions in AWS Lambda, or do you have to do it locally and zupload a .zip ?

i haven’t really this encrypting/decrypting with all of my data fields. You can use API gateway with Bubble’s API Connector or you can build a plugin for it.

Lambda does have a code editor
https://docs.aws.amazon.com/lambda/latest/dg/code-editor.html

or your can use https://www.npmjs.com/package/node-lambda (I haven’t tried using this)

1 Like

Non modules need to be packaged locally and uploaded to lambda

1 Like

Thank you. That is what I had feared. I tried Stackery.io to simplify but I got very lost.

From reading around the subject, what I am trying to do (and several other nocoders too) is not at all aligned to how Lambda and Firebase processes work for coders :slight_smile:

I basically want to type the code into an online editor, run it a couple of times, and bingo. Rather than test it all locally and finally deploy it all at once via github.

Webtask was perfect for this. Server side functions should be the answer but just aren’t.

All I really want to do is wrap an NPM module in an API had have it cloud hosted.

The search continues !

Sure. The “longer” answer is, that you can build “layers” in Lambda that can be re-used. A layer is a zip-file with packages that you upload so that you can use it in more than one function. There are also community layers with the most common npm modules so that you dont have to package the modules yourself.

Another solution I have tested for a bit is https://pipedream.com. I think that might be an ideal combination of developer/no-coder platform as workflows can be made by drag-n-drop, but you still have the option to mess with the code if you want to. I dont know if it work with all npm modules though.

2 Likes

For anyone who is interested, Bubble have finally added a feature to remove the “Run as”.

(8/25) For collaborators on your app, there’s a new permission level for accessing the data of your app that lets the collaborator see the data, but not use “Run as”. @zoe

3 Likes

Thanks for auto following your issue :slight_smile:

@mangooly, did you ever work out a solution to this issue? I have the same challenge. My users don’t want me to be able to “peek” at their data.

Hi @tom10

As mentioned in my earlier post, you can remove the ‘Run as’ option for collaborators, so that they can look at the database but not use the ‘Run as’ feature or both.

Regards

1 Like

Thanks @mangooly . I’m new to this. So it isn’t obvious to me that this resolves the issue of someone like me being able to see the live data in backend of the database when I’m inside the app editor–which I don’t want to be able to do. I assume from your answer that this resolves that issue.

This only applies to collaborators of your app. App owners have full administrator rights to ‘Run as’ feature.

1 Like