admin-mrrm/mrrmlabapp
1
0
Fork 0
Code Issues 15 Pull requests Projects Releases 40 Packages 5 Wiki Activity Actions

IMAP-Credentials verschlüsselt in DB speichern #104

New issue
Closed
opened 2026-04-26 23:00:56 +02:00 by admin-mrrm · 0 comments
admin-mrrm commented 2026-04-26 23:00:56 +02:00
Owner
Copy link

Ziel

Passwörter/App-Tokens für IMAP-Accounts dürfen nicht im Klartext in der DB liegen.

Lösung

AES-256-GCM Verschlüsselung mit einem App-Secret aus der NestJS Config.

Akzeptanzkriterien

  • EncryptionService mit encrypt/decrypt
  • mail_accounts.encrypted_password wird nie unverschlüsselt geloggt
  • Secret kommt aus ENV, nicht aus Code
  • Test: encrypt → decrypt roundtrip
## Ziel Passwörter/App-Tokens für IMAP-Accounts dürfen nicht im Klartext in der DB liegen. ## Lösung AES-256-GCM Verschlüsselung mit einem App-Secret aus der NestJS Config. ## Akzeptanzkriterien - [ ] `EncryptionService` mit encrypt/decrypt - [ ] `mail_accounts.encrypted_password` wird nie unverschlüsselt geloggt - [ ] Secret kommt aus ENV, nicht aus Code - [ ] Test: encrypt → decrypt roundtrip
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/roadmap-rc32-done
feat/rc32-fdroid-nightly
feat/rc31-auto-index-on-mutation
feat/rc30-auto-index
chore/roadmap-rc28-done
feat/360-projects-source
chore/roadmap-rc27-done
feat/habits-ui
chore/roadmap-rc26-done
feat/planner-v1-depends-on
chore/roadmap-rc25-done
feat/calendar-settings-ui
chore/roadmap-rc24-done
feat/candidate-mark-done
chore/roadmap-rc23-done
fix/shared-schema-todo
chore/roadmap-rc22-done
chore/release-rc22
feat/todo-candidate-writer
chore/roadmap-rc21-done
chore/roadmap-rc21-json-fix
chore/release-v0.6.6-rc21
feat/day-planner-empty-state-ctas
chore/roadmap-rc17-rc18-done
chore/phase2-smoke-manual-trigger
chore/roadmap-rc19-done
fix/list-screens-scrollable
feat/dev-user-header-env-gate
wireup/ai-foundation-phase1
feat/443-search-ui
feat/442-background-indexer
feat/441-data-source-interface
feat/440-sqlite-vec
feat/439-embedding-service
feat/425-mlkit-image-preview-integration
archive/spike-77-ocr-mobile
fix/gitea-release-shell-scope
feat/396-version-sync
feat/376-e2e-drone-integration
feat/374-e2e-playwright-setup
feat/372-planner-v1
feat/370-calendar-read
feat/368-planner-v0
feat/366-habit-source
feat/178-mail-candidate-writer
feat/253-nli-template-ab
fix/348-settings-nav-hijack-v2
fix/347-web-side-drawer
fix/349-profile-menu-close
feat-297-sender-memory-ui
feat-296-web-classifier-sender-memory
feat/294-sender-label-memory
chore/268-analyze-script-dynamic-labels
fix/268-nli-threshold-025
fix/266-imap-getmessage-timeout
fix-imap-unhandled-error
fix-175-onnxruntime-anchor
fix-175-onnxruntime-mainapp
ci-release-gate-apk
ci-mobile-bundle-check
fix-175-native-startup
fix-175-stub-onnxruntime-web
fix-175-import-meta-hermes
feat-web-parcel-scan-toggle
feat-tracking-manual-sync
fix-track17-carrier-ids
feat-232-mail-scanner
feat-233-trackings-post
feat-aftership-provider
feat-195-loading-skeletons
feat-197-error-boundary
feat-194-toast-system
chore/add-claude-md
155-auth-callback-route
feat/fdroid-deploy
fix/mail-messages-pagination-types
feat/ocr-correction-review
fix/ocr-inference-oom
fix/ocr-oom-and-finetune-training
feat/ocr-easyocr-and-training-data
feat/ocr-image-rotate-preview
feat/mobile-image-picker-57
feat/ocr-parse-image-endpoint
feat/lists-notes-e2e
fix/web-show-auth-error-body
fix/deploy-envfile
fix/deploy-ssh-port
feat/drone-deploy
fix/drone-secret-names
fix/dockerfile-deploy-flag
feat/drone-ci
feat/apps-web
feat/shopping-list-crud
v0.6.7-rc33
v0.6.6-rc32
v0.6.6-rc31
v0.6.6-rc30
v0.6.6-rc29
v0.6.6-rc28
v0.6.6-rc27
v0.6.6-rc26
v0.6.6-rc25
v0.6.6-rc24
v0.6.6-rc23
v0.6.6-rc22
v0.6.6-rc21
v0.6.6-rc20
v0.6.6-rc19
debug-rpi5
v0.6.6-rc18
v0.6.6-rc17
v0.6.6-rc16
v0.6.6-rc15
v0.6.6-rc14
v0.6.6-rc13
v0.6.6-rc12
v0.6.6-rc11
v0.6.6-rc10
v0.6.6-rc9
v0.6.6-rc8
v0.6.6-rc7
v0.6.6-rc6
v0.6.6-rc5
v0.6.6-rc4
v0.6.6-rc3
v0.6.6-rc2
v0.6.6-rc1
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.6
v0.4.5
v1.0.515
v1.0.468
v1.0.449
v1.0.442
Labels
Clear labels   
app/archiv

Document & email archive (Paperless-ngx integration)

  
app/einkaufslisten

   
app/imap-client

   
app/wissensbasis

   
arch-answered

arch-question wurde vom Architekten beantwortet und vom PM in Produkt-Entscheidung übersetzt

  
arch-question

Anfrage an Software-Architekt — Tech-/Architektur-Entscheidung gebraucht (PM hat sie nicht selbst getroffen)

  
area/api

NestJS backend

  
area/auth

Keycloak / OIDC

  
area/infra

Monorepo / CI / tooling

  
area/mobile

Expo React Native app

  
area/shared

Shared packages

  
area/ui

Tamagui UI package

  
area/web

Vite web app

  
portfolio-status

Wöchentlicher CEO-Portfolio-Status

  
prio/high

High priority

  
prio/low

Low priority

  
prio/medium

Medium priority

  
roadmap/public

In der public Roadmap der App sichtbar (roadmap.json kuratiert)

  
size/l

2-3 days

  
size/m

About 1 day

  
size/s

Half a day

  
size/xl

More than 3 days — should be split

  
size/xs

Less than 1 hour

  
status/blocked

Waiting on something

  
status/needs-info

Open questions before work can continue

  
type/bug

Something is broken

  
type/chore

Infra / tooling / maintenance

  
type/docs

Documentation

  
type/feature

New user-facing functionality

  
type/idea

   
type/refactor

Code refactor without behavior change

No labels
app/archiv
app/einkaufslisten
app/imap-client
app/wissensbasis
arch-answered
arch-question
area/api
area/auth
area/infra
area/mobile
area/shared
area/ui
area/web
portfolio-status
prio/high
prio/low
prio/medium
roadmap/public
size/l
size/m
size/s
size/xl
size/xs
status/blocked
status/needs-info
type/bug
type/chore
type/docs
type/feature
type/idea
type/refactor
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
admin-mrrm/mrrmlabapp#104
No description provided.