Merge branch 'session-encryption' into 'master'

add optional encryption for stored session data using Sodium library See merge request tt-rss/tt-rss!117
author: Andrew Dolgov <fox@fakecake.org> 2025-04-08 10:54:24 +0000
committer: Andrew Dolgov <fox@fakecake.org> 2025-04-08 10:54:24 +0000
commit: 008c518d5d8e60c0168cd107dbfd1f23f9c4a701 (patch)
tree: 8f3d8afbbf73ae7d59791a3347a557c194f691d0 /classes/Feeds.php
parent: bb2c4b380165731c3f8abf0596fffb2a0953265b (diff)
parent: 17b4e98249462a1feb71586d10cd5293d9487ab8 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/classes/Feeds.php b/classes/Feeds.php
index 7a81ec6c0..7d818598d 100644
--- a/classes/Feeds.php
+++ b/classes/Feeds.php
@@ -2376,5 +2376,29 @@ class Feeds extends Handler_Protected {
 		return [$query, $skip_first_id];
 	}
 
+
+	/** decrypts encrypted feed password if possible (key is available and data is a base64-encoded serialized object)
+	 *
+	 * @param $auth_pass possibly encrypted feed password
+	 *
+	 * @return string plaintext representation of an encrypted feed password if encrypted or plaintext password otherwise
+	 * */
+	static function decrypt_feed_pass(string $auth_pass) : string {
+		$key = Config::get(Config::ENCRYPTION_KEY);
+
+		if ($auth_pass && $key) {
+			$auth_pass_serialized = @base64_decode($auth_pass);
+
+			if ($auth_pass_serialized) {
+				$unserialized_data = @unserialize($auth_pass_serialized);
+
+				if ($unserialized_data !== false)
+					return Crypt::decrypt_string($unserialized_data);
+			}
+		}
+
+		return $auth_pass;
+	}
+
 }
author	Andrew Dolgov <fox@fakecake.org>	2025-04-08 10:54:24 +0000
committer	Andrew Dolgov <fox@fakecake.org>	2025-04-08 10:54:24 +0000
commit	008c518d5d8e60c0168cd107dbfd1f23f9c4a701 (patch)
tree	8f3d8afbbf73ae7d59791a3347a557c194f691d0 /classes/Feeds.php
parent	bb2c4b380165731c3f8abf0596fffb2a0953265b (diff)
parent	17b4e98249462a1feb71586d10cd5293d9487ab8 (diff)