Add encrypted captcha answer, move AES utils

src/controllers/api/captcha.ts

@@ -1,6 +1,9 @@
 import { createCanvas, loadImage } from '@gfx/canvas-wasm';
+import { encodeBase64 } from '@std/encoding/base64';
 
 import { AppController } from '@/app.ts';
+import { DittoWallet } from '@/DittoWallet.ts';
+import { aesEncrypt } from '@/utils/aes.ts';
 
 export const captchaController: AppController = async (c) => {
   const { puzzle, piece, solution } = await generateCaptcha(
@@ -14,9 +17,20 @@ export const captchaController: AppController = async (c) => {
     },
   );
 
+  const answerData = {
+    solution,
+    created_at: new Date().toISOString(),
+  };
+
+  const encoded = new TextEncoder().encode(JSON.stringify(answerData));
+  const encrypted = await aesEncrypt(DittoWallet.captchaKey, encoded);
+
   return c.json({
+    type: 'puzzle',
+    token: crypto.randomUUID(),
     puzzle: puzzle.toDataURL(),
     piece: piece.toDataURL(),
+    answer_data: encodeBase64(encrypted),
   });
 };
 

src/controllers/api/oauth.ts

@@ -8,7 +8,8 @@ import { Conf } from '@/config.ts';
 import { Storages } from '@/storages.ts';
 import { nostrNow } from '@/utils.ts';
 import { parseBody } from '@/utils/api.ts';
-import { encryptSecretKey, generateToken } from '@/utils/auth.ts';
+import { aesEncrypt } from '@/utils/aes.ts';
+import { generateToken } from '@/utils/auth.ts';
 
 const passwordGrantSchema = z.object({
   grant_type: z.literal('password'),
@@ -98,7 +99,7 @@ async function getToken(
   await kysely.insertInto('auth_tokens').values({
     token_hash: hash,
     pubkey,
-    nip46_sk_enc: await encryptSecretKey(Conf.seckey, nip46Seckey),
+    nip46_sk_enc: await aesEncrypt(Conf.seckey, nip46Seckey),
     nip46_relays: relays,
     created_at: new Date(),
   }).execute();