feat: add server-side encryption for address and phone

backend/src/routes/addresses.js

@@ -3,13 +3,14 @@ import { createHash, randomInt } from 'crypto';
 import { z } from 'zod';
 import { pool } from '../db/connection.js';
 import { requireAuth } from '../middleware/auth.js';
+import { encryptText } from '../services/encryption.js';
 
 const router = Router();
 
 const hashCode = (code) => createHash('sha256').update(code).digest('hex');
 
 router.post('/change-request', requireAuth, async (req, res) => {
-  const parsed = z.object({ newAddressEncrypted: z.string().min(10) }).safeParse(req.body);
+  const parsed = z.object({ newAddress: z.string().min(10) }).safeParse(req.body);
   if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
 
   const verificationCode = String(randomInt(100000, 999999));
@@ -18,7 +19,7 @@ router.post('/change-request', requireAuth, async (req, res) => {
   const [result] = await pool.query(
     `INSERT INTO address_change_requests (user_id, new_address_encrypted, verification_code_hash)
      VALUES (?, ?, ?)`,
-    [req.user.userId, parsed.data.newAddressEncrypted, verificationCodeHash]
+    [req.user.userId, encryptText(parsed.data.newAddress), verificationCodeHash]
   );
 
   res.status(201).json({

backend/src/routes/profile.js

@@ -0,0 +1,19 @@
+import { Router } from 'express';
+import { z } from 'zod';
+import { pool } from '../db/connection.js';
+import { requireAuth } from '../middleware/auth.js';
+import { encryptText } from '../services/encryption.js';
+
+const router = Router();
+
+router.post('/phone', requireAuth, async (req, res) => {
+  const parsed = z.object({ phone: z.string().min(6).max(40) }).safeParse(req.body);
+  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+
+  const encryptedPhone = encryptText(parsed.data.phone);
+  await pool.query('UPDATE users SET phone_encrypted = ? WHERE id = ?', [encryptedPhone, req.user.userId]);
+
+  res.json({ status: 'updated' });
+});
+
+export default router;