Election creation dates, IP hashes, migration scripts #456
Conversation
| } | ||
|
|
||
| export function hashString(inputString: string) { | ||
| return createHash('sha1').update(inputString).digest('hex') |
There was a problem hiding this comment.
sha256 might be a better option
sounds like sha1 is still pretty secure overall, but if we're committing to one I figure we may as well go with the stronger option
There was a problem hiding this comment.
Good catch, I meant to use 256 but forgot to update it.
| @@ -46,12 +47,12 @@ export async function getOrCreateElectionRoll(req: IRequest, election: Election, | |||
| election_id: String(election.election_id), | |||
| email: req.user?.email ? req.user.email : undefined, | |||
| voter_id: new_voter_id, | |||
| ip_address: req.ip, | |||
| ip_hash: hashString(req.ip), | |||
There was a problem hiding this comment.
nit
Could we use the ip_hash variable here?
There was a problem hiding this comment.
Updated to reuse the variable, but changed the logic some to preserve the behavior. I'm not sure if this is what we want, but currently when we submit a new voter roll there we always include the IP address even if it isn't required for authentication. The ip_hash variable was being set to null if it isn't required so that the PG query knows to ignore it. I updated the ip_hash to be its own variable and the one sent to the the PG querry to require_ip_hash
Description
Built on top of #455
Updates election DB to include creation date, public election flag, and claim key. Existing elections in DB at time of migration will be given creation time based on current time.
Changes IP addresses in voter roll and ballots to IP hashes instead, though I don't think we're currently saving that for ballots.
Adds scripts to migrate the database up and down to help with development.
Adds a NewElection type for the forms in the frontend that just removes the election id and creation date since they're assigned in the server.
Related Issues
#451