I just finished an app and, for safety reasons, I would like the content of some fields of the db to be readable only by the user. This involves client side encryption and I think that I found a decent pure js implementation.
Typically, I would go for an AES 256 CBC using parts of the user's password hash (client side computation) as key an vi (stored somehow) to feed the encrypt and decrypt functions.
Here comes the thing. The decryption is pretty straightforward. Spontaneously, I would call the function directly in the templates using the objects passed in context as inputs for my function. It would look like:
<div class=whatever_the_class>
<script>
decrypt_function({{ patient.first_name }}, key, vi)
decrypt_function({{ patient.last_name }}, key, vi)
</script>
</div>
However, I am not sure how to deal with encryption in forms. I think that I need to bypass somehow the way my forms work (in this example form_add) to take the output of my encrypt function as data but I really do not know how/where to do it. In the widget section of my form? In the template?
Any thoughts? Any clean way to do it? (I am also interested in similar questions/posts/projects to get a clearer picture)
# template
<form id="add_patient" method="post" action="add-patient/">
{% csrf_token %}
{{ form_add }}
<input type="submit" value="Entrer">
</form>
# view
def index(request):
try:
user = request.user
form_add = AddPatientForm()
return render(request, 'jengu/index.html', {'form_add': form_add, 'form_record': form_record})
except:
return redirect('/')
# form
class AddPatientForm(forms.Form):
last_name = forms.CharField(label='Nom', max_length=40)
first_name = forms.CharField(label='Prénom', max_length=40)
birthday = forms.DateField(label='date de naissance',
widget=forms.DateInput(format='%d/%m/%Y',attrs={'placeholder': '31/03/1989'}),
input_formats=['%d/%m/%Y',])