From eedc1460e5dadb00a731c1974642a4db7ab30868 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Tue, 8 Apr 2025 09:36:04 +0300
Subject: support transparent encryption for feed passwords, bump schema to
 drop length limit of ttrss_feeds.auth_pass

---
 classes/Feeds.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'classes/Feeds.php')

diff --git a/classes/Feeds.php b/classes/Feeds.php
index 7a81ec6c0..7d818598d 100644
--- a/classes/Feeds.php
+++ b/classes/Feeds.php
@@ -2376,5 +2376,29 @@ class Feeds extends Handler_Protected {
 		return [$query, $skip_first_id];
 	}
 
+
+	/** decrypts encrypted feed password if possible (key is available and data is a base64-encoded serialized object)
+	 *
+	 * @param $auth_pass possibly encrypted feed password
+	 *
+	 * @return string plaintext representation of an encrypted feed password if encrypted or plaintext password otherwise
+	 * */
+	static function decrypt_feed_pass(string $auth_pass) : string {
+		$key = Config::get(Config::ENCRYPTION_KEY);
+
+		if ($auth_pass && $key) {
+			$auth_pass_serialized = @base64_decode($auth_pass);
+
+			if ($auth_pass_serialized) {
+				$unserialized_data = @unserialize($auth_pass_serialized);
+
+				if ($unserialized_data !== false)
+					return Crypt::decrypt_string($unserialized_data);
+			}
+		}
+
+		return $auth_pass;
+	}
+
 }
 
-- 
cgit v1.2.3-54-g00ecf