Initial Agrarmonitor connector

src/crypto/AesGcmCookieEncryptor.ts

@@ -0,0 +1,45 @@
+import * as crypto from 'crypto';
+import type { CookieEncryptor } from '../types';
+
+export class AesGcmCookieEncryptor implements CookieEncryptor {
+  private readonly key: Buffer;
+
+  constructor(secret: string) {
+    if (!secret || secret.trim().length < 16) {
+      throw new Error('Cookie encryption secret muss mindestens 16 Zeichen lang sein');
+    }
+
+    this.key = crypto.createHash('sha256').update(secret).digest();
+  }
+
+  encrypt(text: string): string {
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', this.key, iv);
+
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+
+    const authTag = cipher.getAuthTag();
+
+    return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+  }
+
+  decrypt(encryptedText: string): string {
+    const [ivHex, authTagHex, encrypted] = encryptedText.split(':');
+
+    if (!ivHex || !authTagHex || !encrypted) {
+      throw new Error('Ungueltiges verschluesseltes Cookie-Format');
+    }
+
+    const iv = Buffer.from(ivHex, 'hex');
+    const authTag = Buffer.from(authTagHex, 'hex');
+
+    const decipher = crypto.createDecipheriv('aes-256-gcm', this.key, iv);
+    decipher.setAuthTag(authTag);
+
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+
+    return decrypted;
+  }
+}