frontend: encrypt grouping names

ffreddow · ffreddow · commit 95924629f0c0 · 2025-11-05T14:36:45.000+01:00
diff --git a/frontend/src/components/device/GroupingModal.tsx b/frontend/src/components/device/GroupingModal.tsx
@@ -12,15 +12,17 @@ interface GroupingModalProps {
     devices: StateDevice[];
     groupings: Grouping[];
     onClose: () => void;
-    onGroupingsUpdated: (groupings: Grouping[]) => void;
+    encryptGroupingName: (name: string) => Promise<string | undefined>;
+    loadGroupings: () => Promise<void>;
 }
 
 export function GroupingModal({
     show,
     devices,
     groupings,
     onClose,
-    onGroupingsUpdated
+    encryptGroupingName,
+    loadGroupings: loadGroupingsFromParent
 }: GroupingModalProps) {
     const { t } = useTranslation("", { useSuspense: false, keyPrefix: "chargers" });
     const [editingGrouping, setEditingGrouping] = useState<Grouping | null>(null);
@@ -86,7 +88,7 @@ export function GroupingModal({
             }
 
             // Reload groupings
-            await loadGroupings();
+            await loadGroupingsFromParent();
             handleCancel();
         } catch (error) {
             console.error("Error saving grouping:", error);
@@ -105,7 +107,7 @@ export function GroupingModal({
             });
 
             if (response.status === 200) {
-                await loadGroupings();
+                await loadGroupingsFromParent();
             } else {
                 showAlert(t("delete_grouping_failed", { error: error || response.status }), "danger");
             }
@@ -115,8 +117,14 @@ export function GroupingModal({
     };
 
     const createGrouping = async (name: string, deviceIds: Set<string>) => {
+        const encryptedName = await encryptGroupingName(name);
+        if (!encryptedName) {
+            showAlert(t("create_grouping_failed", { error: "Failed to encrypt name" }), "danger");
+            throw new Error("Failed to encrypt grouping name");
+        }
+
         const { data, response, error } = await fetchClient.POST("/grouping/create", {
-            body: { name },
+            body: { name: encryptedName },
             credentials: "same-origin"
         });
 
@@ -140,6 +148,25 @@ export function GroupingModal({
         const existingGrouping = groupings.find(g => g.id === groupingId);
         if (!existingGrouping) return;
 
+        // Update name if changed
+        if (name !== existingGrouping.name) {
+            const encryptedName = await encryptGroupingName(name);
+            if (!encryptedName) {
+                showAlert(t("update_grouping_failed", { error: "Failed to encrypt name" }), "danger");
+                throw new Error("Failed to encrypt grouping name");
+            }
+
+            const { response, error } = await fetchClient.PUT("/grouping/edit", {
+                body: { grouping_id: groupingId, name: encryptedName },
+                credentials: "same-origin"
+            });
+
+            if (response.status !== 200 || error) {
+                showAlert(t("update_grouping_failed", { error: error || response.status }), "danger");
+                throw new Error("Failed to update grouping name");
+            }
+        }
+
         // Devices to add
         const devicesToAdd = Array.from(deviceIds).filter(id => !existingGrouping.device_ids.includes(id));
         // Devices to remove
@@ -162,24 +189,6 @@ export function GroupingModal({
         }
     };
 
-    const loadGroupings = async () => {
-        try {
-            const { data, error, response } = await fetchClient.GET("/grouping/list", {
-                credentials: "same-origin"
-            });
-
-            if (error || !data) {
-                const errorMsg = error ? String(error) : response.status || "Unknown error";
-                showAlert(t("load_groupings_failed", { error: errorMsg }), "danger");
-                return;
-            }
-
-            onGroupingsUpdated(data.groupings);
-        } catch (error) {
-            showAlert(t("load_groupings_failed", { error: String(error) }), "danger");
-        }
-    };
-
     const filterDevices = (devices: StateDevice[]): StateDevice[] => {
         if (!deviceSearchQuery.trim()) {
             return devices;
diff --git a/frontend/src/components/device/__tests__/GroupingModal.test.tsx b/frontend/src/components/device/__tests__/GroupingModal.test.tsx
@@ -10,6 +10,7 @@ vi.mock('../../../utils', () => ({
     POST: vi.fn(),
     DELETE: vi.fn(),
     GET: vi.fn(),
+    PUT: vi.fn(),
   },
 }));
 
@@ -72,6 +73,8 @@ const defaultProps = {
   groupings: mockGroupings,
   onClose: vi.fn(),
   onGroupingsUpdated: vi.fn(),
+  encryptGroupingName: vi.fn((name: string) => Promise.resolve(`encrypted_${name}`)),
+  loadGroupings: vi.fn(),
 };
 
 describe('GroupingModal', () => {
@@ -178,50 +181,52 @@ describe('GroupingModal', () => {
       error: undefined,
     });
 
-    const mockGet = vi.mocked(fetchClient.GET);
-    mockGet.mockResolvedValue({
-      data: { groupings: [...mockGroupings, { id: 'new-group-id', name: 'New Group', device_ids: ['device1'] }] },
-      response: { status: 200 } as Response,
-      error: undefined,
-    });
+    const mockLoadGroupings = vi.fn();
 
-    render(<GroupingModal {...defaultProps} />);
+    render(<GroupingModal {...defaultProps} loadGroupings={mockLoadGroupings} />);
 
     const createButton = screen.getByRole('button', { name: /create/i });
     fireEvent.click(createButton);
 
-    await waitFor(async () => {
-      const nameInput = screen.getByPlaceholderText('grouping_name_placeholder');
-      fireEvent.change(nameInput, { target: { value: 'New Group' } });
+    await waitFor(() => {
+      expect(screen.getByPlaceholderText('grouping_name_placeholder')).toBeInTheDocument();
+    });
 
-      const checkboxes = screen.getAllByRole('checkbox');
-      fireEvent.click(checkboxes[0]);
+    const nameInput = screen.getByPlaceholderText('grouping_name_placeholder');
+    fireEvent.change(nameInput, { target: { value: 'New Group' } });
 
-  const saveButton = screen.getByRole('button', { name: 'save' });
-      fireEvent.click(saveButton);
+    const checkboxes = screen.getAllByRole('checkbox');
+    fireEvent.click(checkboxes[0]);
 
-      await waitFor(() => {
-        expect(mockPost).toHaveBeenCalledWith('/grouping/create', expect.any(Object));
-      });
+    const saveButton = screen.getByRole('button', { name: 'save' });
+    fireEvent.click(saveButton);
+
+    await waitFor(() => {
+      expect(mockPost).toHaveBeenCalledWith('/grouping/create', expect.objectContaining({
+        body: expect.objectContaining({ name: 'encrypted_New Group' })
+      }));
+      expect(mockLoadGroupings).toHaveBeenCalled();
     });
   });
 
   it('updates existing grouping when save is clicked after editing', async () => {
     const mockPost = vi.mocked(fetchClient.POST);
     mockPost.mockResolvedValue({
-      data: null,
+      data: undefined,
       response: { status: 200 } as Response,
       error: undefined,
     });
 
-    const mockGet = vi.mocked(fetchClient.GET);
-    mockGet.mockResolvedValue({
-      data: { groupings: mockGroupings },
+    const mockPut = vi.mocked(fetchClient.PUT);
+    mockPut.mockResolvedValue({
+      data: undefined,
       response: { status: 200 } as Response,
       error: undefined,
     });
 
-    render(<GroupingModal {...defaultProps} />);
+    const mockLoadGroupings = vi.fn();
+
+    render(<GroupingModal {...defaultProps} loadGroupings={mockLoadGroupings} />);
 
     // Click edit on first grouping
     const editButtons = screen.getAllByRole('button', { name: '' });
@@ -238,8 +243,11 @@ describe('GroupingModal', () => {
         fireEvent.click(saveButton);
 
         await waitFor(() => {
-          // Should call POST to add/remove devices
-          expect(mockPost).toHaveBeenCalled();
+          // Should call PUT to update name
+          expect(mockPut).toHaveBeenCalledWith('/grouping/edit', expect.objectContaining({
+            body: expect.objectContaining({ name: 'encrypted_Updated Group Name' })
+          }));
+          expect(mockLoadGroupings).toHaveBeenCalled();
         });
       });
     }
@@ -252,19 +260,14 @@ describe('GroupingModal', () => {
 
     const mockDelete = vi.mocked(fetchClient.DELETE);
     mockDelete.mockResolvedValue({
-      data: null,
+      data: undefined,
       response: { status: 200 } as Response,
       error: undefined,
     });
 
-    const mockGet = vi.mocked(fetchClient.GET);
-    mockGet.mockResolvedValue({
-      data: { groupings: [mockGroupings[1]] },
-      response: { status: 200 } as Response,
-      error: undefined,
-    });
+    const mockLoadGroupings = vi.fn();
 
-    render(<GroupingModal {...defaultProps} />);
+    render(<GroupingModal {...defaultProps} loadGroupings={mockLoadGroupings} />);
 
     const deleteButtons = screen.getAllByRole('button', { name: '' });
     // Find delete button (should be the second icon button)
@@ -275,6 +278,7 @@ describe('GroupingModal', () => {
     await waitFor(() => {
       expect(window.confirm).toHaveBeenCalled();
       expect(mockDelete).toHaveBeenCalledWith('/grouping/delete', expect.any(Object));
+      expect(mockLoadGroupings).toHaveBeenCalled();
     });
 
     // Restore original confirm
@@ -394,32 +398,27 @@ describe('GroupingModal', () => {
   });
 
   it('calls onGroupingsUpdated after successful operations', async () => {
-    const mockGet = vi.mocked(fetchClient.GET);
-    mockGet.mockResolvedValue({
-      data: { groupings: mockGroupings },
-      response: { status: 200 } as Response,
-      error: undefined,
-    });
+    const mockLoadGroupings = vi.fn();
 
     const originalConfirm = window.confirm;
     window.confirm = vi.fn(() => true);
 
     const mockDelete = vi.mocked(fetchClient.DELETE);
     mockDelete.mockResolvedValue({
-      data: null,
+      data: undefined,
       response: { status: 200 } as Response,
       error: undefined,
     });
 
-    render(<GroupingModal {...defaultProps} />);
+    render(<GroupingModal {...defaultProps} loadGroupings={mockLoadGroupings} />);
 
     const deleteButtons = screen.getAllByRole('button', { name: '' });
     const deleteButton = deleteButtons[deleteButtons.length - 1];
 
     fireEvent.click(deleteButton);
 
     await waitFor(() => {
-      expect(defaultProps.onGroupingsUpdated).toHaveBeenCalledWith(mockGroupings);
+      expect(mockLoadGroupings).toHaveBeenCalled();
     });
 
     window.confirm = originalConfirm;
diff --git a/frontend/src/pages/Devices.tsx b/frontend/src/pages/Devices.tsx
@@ -91,6 +91,42 @@ export class DeviceList extends Component<{}, DeviceListState> {
         }
     }
 
+    async decryptGroupingName(name: string) {
+        if (!pub_key || !secret) {
+            await get_decrypted_secret();
+        }
+
+        if (!name) {
+            return "";
+        }
+        const nameBytes = Base64.toUint8Array(name);
+        try {
+            // pub_key and secret are null-checked before this function is called
+            const decryptedName = sodium.crypto_box_seal_open(nameBytes, pub_key as Uint8Array, secret as Uint8Array);
+            const decoder = new TextDecoder();
+            return decoder.decode(decryptedName);
+        } catch {
+            return undefined;
+        }
+    }
+
+    async encryptGroupingName(name: string) {
+        if (!pub_key || !secret) {
+            await get_decrypted_secret();
+        }
+
+        if (!name) {
+            return "";
+        }
+        try {
+            // pub_key and secret are null-checked before this function is called
+            const encryptedName = sodium.crypto_box_seal(name, pub_key as Uint8Array);
+            return Base64.fromUint8Array(encryptedName);
+        } catch {
+            return undefined;
+        }
+    }
+
     async updateChargers() {
         if (!secret) {
             await get_decrypted_secret();
@@ -176,7 +212,16 @@ export class DeviceList extends Component<{}, DeviceListState> {
                 return;
             }
 
-            this.setState({ groupings: data.groupings });
+            // Decrypt grouping names
+            const decryptedGroupings = await Promise.all(data.groupings.map(async (grouping) => {
+                const decryptedName = await this.decryptGroupingName(grouping.name);
+                return {
+                    ...grouping,
+                    name: decryptedName !== undefined ? decryptedName : i18n.t("chargers.invalid_key")
+                };
+            }));
+
+            this.setState({ groupings: decryptedGroupings });
         } catch (error) {
             console.error("Failed to load groupings:", error);
         }
@@ -456,7 +501,8 @@ export class DeviceList extends Component<{}, DeviceListState> {
                     devices={this.state.devices}
                     groupings={this.state.groupings}
                     onClose={() => this.setState({ showGroupingModal: false })}
-                    onGroupingsUpdated={this.handleGroupingsUpdated}
+                    encryptGroupingName={async (name: string) => this.encryptGroupingName(name)}
+                    loadGroupings={async () => this.loadGroupings()}
                 />
 
                 <Container fluid>
