Issue #42: Remove encryption framework

Author: proofrock

README.md

@@ -69,7 +69,6 @@ Obtaining an answer of
 - [**CORS**](https://germ.gitbook.io/ws4sqlite/documentation/configuration-file#corsorigin) mode, configurable per-db;
 - [**Scheduled tasks**](https://germ.gitbook.io/ws4sqlite/documentation/sched_tasks), cron-like and/or at startup, also configurable per-db;
 - Scheduled tasks can be: backup (with rotation), vacuum and/or a set of SQL statements;
-- Builtin [**encryption**](https://germ.gitbook.io/ws4sqlite/documentation/encryption) of fields, given a symmetric key;
 - Provide [**initialization statements**](https://germ.gitbook.io/ws4sqlite/documentation/configuration-file#initstatements) to execute when a DB is created;
 - [**WAL**](https://sqlite.org/wal.html) mode enabled by default, can be [disabled](https://germ.gitbook.io/ws4sqlite/documentation/configuration-file#disablewalmode);
 - [**Quite fast**](features/performances.md)!

src/go.mod

@@ -4,9 +4,9 @@ go 1.20
 
 require (
 	github.com/gofiber/fiber/v2 v2.52.0
+	github.com/iancoleman/orderedmap v0.3.0
 	github.com/lnquy/cron v1.1.1
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/proofrock/crypgo v1.2.1
 	github.com/proofrock/go-mylittlelogger v0.4.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/wI2L/jettison v0.7.4
@@ -18,7 +18,6 @@ require (
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/iancoleman/orderedmap v0.3.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/klauspost/compress v1.17.6 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -30,7 +29,6 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.51.0 // indirect
 	github.com/valyala/tcplisten v1.0.0 // indirect
-	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/mod v0.15.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/tools v0.17.0 // indirect

src/go.sum

@@ -37,8 +37,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/proofrock/crypgo v1.2.1 h1:5d/JxYO8VGzgpQea2b87nsFDwN1uOdAvLRX1ECQPcDI=
-github.com/proofrock/crypgo v1.2.1/go.mod h1:FyJn1X+WEggBEC5IQQkWs3dExYoCFlJESEOjYFRVXhQ=
 github.com/proofrock/go-mylittlelogger v0.4.0 h1:nroZv7+Y9iQQn+wfh00GVqxiaXXCZR9xH2ErInIfAMM=
 github.com/proofrock/go-mylittlelogger v0.4.0/go.mod h1:XYdRJNt34V6ze+LNzFAGjWB27M1dfsYPoMcgCPBwugg=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
@@ -58,8 +56,6 @@ github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVS
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/wI2L/jettison v0.7.4 h1:ptjriu75R/k5RAZO0DJzy2t55f7g+dPiBxBY38icaKg=
 github.com/wI2L/jettison v0.7.4/go.mod h1:O+F+T7X7ZN6kTsd167Qk4aZMC8jNrH48SMedNmkfPb0=
-golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=

src/structs.go

@@ -20,8 +20,9 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
-	"github.com/iancoleman/orderedmap"
 	"sync"
+
+	"github.com/iancoleman/orderedmap"
 )
 
 // This is the ws4sqlite error type
@@ -106,20 +107,12 @@ type credentials struct {
 	Password string `json:"password"`
 }
 
-type requestItemCrypto struct {
-	Password         string   `json:"password"`
-	Fields           []string `json:"fields"`
-	CompressionLevel int      `json:"compressionLevel"`
-}
-
 type requestItem struct {
 	Query       string                       `json:"query"`
 	Statement   string                       `json:"statement"`
 	NoFail      bool                         `json:"noFail"`
 	Values      map[string]json.RawMessage   `json:"values"`
 	ValuesBatch []map[string]json.RawMessage `json:"valuesBatch"`
-	Encoder     *requestItemCrypto           `json:"encoder"`
-	Decoder     *requestItemCrypto           `json:"decoder"`
 }
 
 type request struct {

src/web_service.go

@@ -20,12 +20,12 @@ import (
 	"context"
 	"database/sql"
 	"errors"
-	"github.com/iancoleman/orderedmap"
 	"strings"
 	"time"
 
+	"github.com/iancoleman/orderedmap"
+
 	"github.com/gofiber/fiber/v2"
-	"github.com/proofrock/crypgo"
 )
 
 // Catches the panics and converts the argument in a struct that Fiber uses to
@@ -50,50 +50,6 @@ func errHandler(c *fiber.Ctx, err error) error {
 	return c.Status(ret.Code).JSON(ret)
 }
 
-// Scans the values for a db request and encrypts them as needed
-func encrypt(encoder requestItemCrypto, values map[string]interface{}) error {
-	for i := range encoder.Fields {
-		sval, ok := values[encoder.Fields[i]].(string)
-		if !ok {
-			return errors.New("attempting to encrypt a non-string field")
-		}
-		var eval string
-		var err error
-		if encoder.CompressionLevel < 1 {
-			eval, err = crypgo.Encrypt(encoder.Password, sval)
-		} else if encoder.CompressionLevel < 20 {
-			eval, err = crypgo.CompressAndEncrypt(encoder.Password, sval, encoder.CompressionLevel)
-		} else {
-			return errors.New("compression level is in the range 0-19")
-		}
-		if err != nil {
-			return err
-		}
-		values[encoder.Fields[i]] = eval
-	}
-	return nil
-}
-
-// Scans the results from a db request and decrypts them as needed
-func decrypt(decoder requestItemCrypto, results *orderedmap.OrderedMap) error {
-	if decoder.CompressionLevel > 0 {
-		return errors.New("cannot specify compression level for decryption")
-	}
-	for i := range decoder.Fields {
-		// sval, ok := results[decoder.Fields[i]].(string)
-		sval, ok := results.Get(decoder.Fields[i])
-		if !ok {
-			return errors.New("attempting to decrypt a non-string field")
-		}
-		dval, err := crypgo.Decrypt(decoder.Password, sval.(string))
-		if err != nil {
-			return err
-		}
-		results.Set(decoder.Fields[i], dval)
-	}
-	return nil
-}
-
 // For a single query item, deals with a failure, determining if it must invalidate all of the transaction
 // or just report an error in the single query. In the former case, fails fast (panics), else it appends
 // the error to the response items, so the caller needs to return7continue
@@ -107,7 +63,7 @@ func reportError(err error, code int, reqIdx int, noFail bool, results []respons
 // Processes a query, and returns a suitable responseItem
 //
 // This method is needed to execute properly the defers.
-func processWithResultSet(tx *sql.Tx, query string, decoder *requestItemCrypto, values map[string]interface{}) (*responseItem, error) {
+func processWithResultSet(tx *sql.Tx, query string, values map[string]interface{}) (*responseItem, error) {
 	resultSet := make([]orderedmap.OrderedMap, 0)
 
 	rows, err := tx.Query(query, vals2nameds(values)...)
@@ -132,11 +88,6 @@ func processWithResultSet(tx *sql.Tx, query string, decoder *requestItemCrypto,
 			toAdd.Set(fields[i], values[i])
 		}
 
-		if decoder != nil {
-			if err := decrypt(*decoder, toAdd); err != nil {
-				return nil, err
-			}
-		}
 		resultSet = append(resultSet, *toAdd)
 	}
 
@@ -264,16 +215,6 @@ func handler(databaseId string) func(c *fiber.Ctx) error {
 
 			hasResultSet := txItem.Query != ""
 
-			if hasResultSet && txItem.Encoder != nil {
-				reportError(errors.New("cannot specify an encoder for a query"), fiber.StatusBadRequest, i, txItem.NoFail, ret.Results)
-				continue
-			}
-
-			if !hasResultSet && txItem.Decoder != nil {
-				reportError(errors.New("cannot specify a decoder for a statement"), fiber.StatusBadRequest, i, txItem.NoFail, ret.Results)
-				continue
-			}
-
 			if len(txItem.Values) != 0 && len(txItem.ValuesBatch) != 0 {
 				reportError(errors.New("cannot specify both values and valuesBatch"), fiber.StatusBadRequest, i, txItem.NoFail, ret.Results)
 				continue
@@ -323,13 +264,6 @@ func handler(databaseId string) func(c *fiber.Ctx) error {
 						continue
 					}
 
-					if txItem.Encoder != nil {
-						if err := encrypt(*txItem.Encoder, values); err != nil {
-							reportError(err, fiber.StatusInternalServerError, i, txItem.NoFail, ret.Results)
-							continue
-						}
-					}
-
 					valuesBatch = append(valuesBatch, values)
 				}
 
@@ -348,17 +282,10 @@ func handler(databaseId string) func(c *fiber.Ctx) error {
 					continue
 				}
 
-				if txItem.Encoder != nil {
-					if err := encrypt(*txItem.Encoder, values); err != nil {
-						reportError(err, fiber.StatusInternalServerError, i, txItem.NoFail, ret.Results)
-						continue
-					}
-				}
-
 				if hasResultSet {
 					// Query
 					// Externalized in a func so that defer rows.Close() actually runs
-					retWR, err := processWithResultSet(tx, sqll, txItem.Decoder, values)
+					retWR, err := processWithResultSet(tx, sqll, values)
 					if err != nil {
 						reportError(err, fiber.StatusInternalServerError, i, txItem.NoFail, ret.Results)
 						continue