From 2ffa8f36e5a58c2a754f4a74cb548f5241d2eacc Mon Sep 17 00:00:00 2001
From: Andrea Vos <andrea@avris.it>
Date: Sun, 8 Oct 2023 23:32:54 +0200
Subject: [PATCH] (feature)(profile) cards backup - MR fixes

---
 server/routes/profile.js | 23 +++++++++++------------
 src/crypto.js            |  8 ++++----
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/server/routes/profile.js b/server/routes/profile.js
index 17786ae91..5e921a3f6 100644
--- a/server/routes/profile.js
+++ b/server/routes/profile.js
@@ -910,21 +910,20 @@ router.get('/profile/export', handleErrorAsync(async (req, res) => {
         profiles,
     });
 
-    const payload = {
+    const payload = JSON.stringify({
+        version: 1,
         profiles,
         images,
-    }
+    });
 
     const signature = crypto.sign(payload);
 
-    res.setHeader('Content-disposition', `attachment; filename=pronounspage-${req.user.username}-${+new Date}.json.gz`);
+    res.setHeader('Content-disposition', `attachment; filename=pronounspage-${req.user.username}-${+new Date}.sjson.gz`);
     res.setHeader('Content-type', 'application/gzip');
     res.end(
         zlib.gzipSync(
-            JSON.stringify({
-                ...payload,
-                signature,
-            })
+            payload + '\n' +
+            signature
         )
     );
 }));
@@ -938,16 +937,16 @@ router.post('/profile/import', multer({limits: {fileSize: 10 * 1024 * 1024}}).an
         return res.status(401).json({error: 'One file expected'});
     }
 
-    const payload = JSON.parse(zlib.gunzipSync(req.files[0].buffer));
-    const signature = payload.signature;
-    delete payload.signature;
+    const [payload, signature] = zlib.gunzipSync(req.files[0].buffer).toString('utf-8').split('\n');
 
     if (!crypto.validate(payload, signature)) {
         return res.status(400).json({error: 'profile.backup.error.signature'});
     }
 
+    const {version, profiles, images} = JSON.parse(payload);
+
     const s3 = new S3(awsConfig);
-    for (let [id, sizes] of Object.entries(payload.images)) {
+    for (let [id, sizes] of Object.entries(images)) {
         for (let [size, content] of Object.entries(sizes)) {
             try {
                 const data = await s3.headObject({
@@ -965,7 +964,7 @@ router.post('/profile/import', multer({limits: {fileSize: 10 * 1024 * 1024}}).an
         }
     }
 
-    for (let [locale, profile] of Object.entries(payload.profiles)) {
+    for (let [locale, profile] of Object.entries(profiles)) {
         await saveProfile(req, locale, profile);
     }
 
diff --git a/src/crypto.js b/src/crypto.js
index bf67900da..774d00d06 100644
--- a/src/crypto.js
+++ b/src/crypto.js
@@ -3,19 +3,19 @@ import fs from 'fs'
 
 class Crypto {
     constructor(privateKey, publicKey) {
-        this.privateKey = fs.readFileSync(privateKey);
-        this.publicKey = fs.readFileSync(publicKey);
+        this.privateKey = crypto.createPrivateKey(fs.readFileSync(privateKey));
+        this.publicKey = crypto.createPublicKey(fs.readFileSync(publicKey));
     }
 
     sign(payload) {
         const sign = crypto.createSign('SHA256');
-        sign.update(JSON.stringify(payload));
+        sign.update(payload);
         return sign.sign(this.privateKey, 'hex');
     }
 
     validate(payload, signature) {
         const verify = crypto.createVerify('SHA256');
-        verify.update(JSON.stringify(payload));
+        verify.update(payload);
         return verify.verify(this.publicKey, signature, 'hex');
     }
 }