From acb2ee23a5c1da3d5fec0f3a9ef339fdbc17f119 Mon Sep 17 00:00:00 2001
From: Eugen Istoc <eugenistoc@gmail.com>
Date: Tue, 24 Dec 2024 18:15:51 -0300
Subject: [PATCH] refactor: prevent decryption and encryption of null,
 undefined, or empty string values in EncryptedHandler

---
 packages/runtime/src/enhancements/node/encrypted.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/runtime/src/enhancements/node/encrypted.ts b/packages/runtime/src/enhancements/node/encrypted.ts
index cb26cfea7..c3ff04415 100644
--- a/packages/runtime/src/enhancements/node/encrypted.ts
+++ b/packages/runtime/src/enhancements/node/encrypted.ts
@@ -141,6 +141,9 @@ class EncryptedHandler extends DefaultPrismaProxyHandler {
 
             const shouldDecrypt = fieldInfo.attributes?.find((attr) => attr.name === '@encrypted');
             if (shouldDecrypt) {
+                // Don't decrypt null, undefined or empty string values
+                if (!entityData[field]) return;
+
                 entityData[field] = await this.decrypt(fieldInfo, entityData[field]);
             }
         }
@@ -151,7 +154,7 @@ class EncryptedHandler extends DefaultPrismaProxyHandler {
             field: async (field, _action, data, context) => {
                 // Don't encrypt null, undefined or empty string values
                 if (!data) return;
-                
+
                 const encAttr = field.attributes?.find((attr) => attr.name === '@encrypted');
                 if (encAttr && field.type === 'String') {
                     context.parent[field.name] = await this.encrypt(field, data);