in server/cmd/harp-server/internal/dispatchers/vault/routes/transit.go [85:121]
func (h *vaultTransitHandler) decryptData() http.HandlerFunc {
type request struct {
CipherText string `json:"ciphertext,omitempty"`
}
return func(w http.ResponseWriter, r *http.Request) {
var req request
if err := decodeJSONBody(w, r, &req); err != nil {
http.Error(w, "request is invalid", http.StatusBadRequest)
return
}
// Remove Vault prefix
req.CipherText = strings.TrimPrefix(req.CipherText, "vault:v1:")
// Check plaintext encoding
rawCipherText, err := base64.StdEncoding.DecodeString(req.CipherText)
if err != nil {
http.Error(w, "ciphertext must be a valid base64 encoded value", http.StatusBadRequest)
return
}
// Encrypt plaintext with transformer
cipherRaw, err := h.tr.From(r.Context(), rawCipherText)
if err != nil {
http.Error(w, "unable to decrypt ciphertext", http.StatusBadRequest)
return
}
// Return response
with(w, r, http.StatusOK, &KV{
"data": &KV{
"plaintext": base64.StdEncoding.EncodeToString(cipherRaw),
},
})
}
}