Merge pull request #38 from telpirion/dev

feat: adds PII protection
telpirion · Nov 13, 2024 · aa7a159 · aa7a159
2 parents 5cee9b4 + c4d43fc
commit aa7a159
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/server/dlp.go b/server/dlp.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/sha256"
 	"fmt"
 
 	dlp "cloud.google.com/go/dlp/apiv2"
@@ -67,3 +68,13 @@ func deidentify(projectID, item string) (string, error) {
 
 	return resp.GetItem().GetValue(), nil
 }
+
+// transformEmail encrypts a string using a SHA256 hash.
+// This is for deidentification of email addresses used as keys in the
+// production database.
+func transformEmail(email string) string {
+	sha := sha256.New()
+	sha.Write([]byte(email))
+	encryptedEmail := fmt.Sprintf("%x", sha.Sum(nil))
+	return encryptedEmail
+}
diff --git a/server/main.go b/server/main.go
@@ -16,6 +16,7 @@ var (
 	r              *gin.Engine
 	projectID      string
 	userEmail      string = "[email protected]"
+	encryptedEmail string
 	userEmailParam string = "user"
 	convoContext   string
 	contextTokens  int32
@@ -77,11 +78,16 @@ func startConversation(c *gin.Context) {
 	writeTimeSeriesValue(projectID, "Start of conversation")
 	// extractParams will redirect if user isn't logged in.
 	userEmail = extractParams(c)
+	encryptedEmail = userEmail
+
+	if os.Getenv("CONFIGURATION_NAME") != "HerodotusDev" {
+		encryptedEmail = transformEmail(userEmail)
+	}
 
 	LogInfo("Start conversation request received")
 
 	// create a new conversation context
-	convoHistory, err := getConversation(userEmail, projectID)
+	convoHistory, err := getConversation(encryptedEmail, projectID)
 	if err != nil {
 		LogError(fmt.Sprintf("couldn't get conversation history: %v\n", err))
 	}
@@ -203,7 +209,7 @@ func updateDatabase(projectID, userMessage, modelName, promptTemplateName, botRe
 	// Store the conversation in Firestore and update the cachedContext
 	// This is dual-entry accounting so that we don't have to query Firestore
 	// every time to update the cached context
-	documentID, err := saveConversation(*convo, userEmail, projectID)
+	documentID, err := saveConversation(*convo, encryptedEmail, projectID)
 	if err != nil {
 		return "", fmt.Errorf("couldn't save conversation: %v", err)
 	}