- Restricted public auth endpoints to only /login and /register in SecurityConfig
- Added contentLength header and improved error response in FileController download API
- Refactored JwtService to load secret key and expiration from application properties
- Improved signing key handling using Base64 decoding
- Updated RefreshTokenRepository with @Transactional @Modifying delete query
- Ensured proper refresh token cleanup with flush() in RefreshTokenService
- Annotated refresh token methods with @Transactional for consistency
- Changed file upload logic to:
- Generate random AES key per file
- Encrypt AES key using user's RSA public key
- Store encrypted AES key, IV, and salt in FileMetadata entity
- Changed file download logic to:
- Decrypt AES key using user's RSA private key (encrypted with password-derived AES)
- Use decrypted AES key and IV to decrypt file contents from HDFS
- Modified FileMetadata entity:
- Changed `encryptedKey` to @Lob byte[] to support large encrypted AES keys
- Updated User entity:
- Encrypted private RSA key with password-derived AES
- Stored associated salt and IV for decryption
- Updated AuthenticationService:
- Generate RSA keypair during sign-up
- Encrypt and store private key with AES (salt, IV)
- Create user folder in HDFS upon registration
- Updated FileService:
- Rewrote upload and download logic to support hybrid encryption
- Handled key wrapping and unwrapping securely
- Added logging for upload/download events
- Fixed FileController upload to remove password from endpoint
- Password now only required during download for private key decryption
- Updated EncryptionUtil and RSAKeyUtil:
- Added RSA OAEP support and helper methods
- Added AES key generation, encryption, decryption utilities
FILE UPLOAD AND ENCRYPTION WORKS! TESTED USING HEXDUMP.
- Replaced direct encryption logic in FileController with FileService delegation
- Added JWT-based username extraction in file operations
- Updated FileMetadata entity to include `uploadedAt` field and removed redundant getters/setters
- Refactored EncryptionUtil:
- Switched to AES-CBC with PBKDF2 key derivation
- Removed RSA-based encryption logic
- Added salt and IV generation helpers
- Changed JwtAuthenticationFilter to fetch user by username (not email)
- Renamed method in FileMetadataRepository to match new parameter order
FILE UPLOAD NOW WORKS! TESTED USING CURL.
- FileController encrypts uploads using AES-GCM with salt and IV.
- Downloads are decrypted on-the-fly using user-supplied password.
- File metadata (salt, IV, username, path) stored in DB.
Kshitij
