New Deployment.enc_is_on flag to optionally disable encryption for a test deployment

[mr-z-ro]

Suggested Plan: Optionally disable encryption based on new Deployment.enc_is_on flag

• Current State: All encryption happens at interfaces to LDLN from the public world (exhaustive list: mobile apps, web app, rest api). Web socket logic does not deal with encryption itself, and decryption already has a de facto flag in “dek” for when it should be invoked (explained below)

  • All locations where the string “Encrypt(“ exists in our codebase are listed here
  • All locations where the string “Decrypt(“ exists in our codebase are listed here
  • Note: should leave the logic in those two functions themselves alone, since they’ll still be used for User creation/auth.

• Places that should be updated depending on a flag:

  • Mobile Apps (covered in separate sections)
  • Relevant “Decrypt()” calls:
    • Here in web-app syncable_objects controller; this is only a check to ensure a previous encryption call worked; should be updated to be called only when that previous encrypt call is invoked (see below)
    • Here in websocket-server response to diff request, only if “dek” is included as part of request; no change needed in this code itself, but need to update clients to not send dek (which is only being done here by the web app at the moment) and logic will send the raw db contents
  • Relevant “Encrypt()” calls:
    • Here in web-app syncable_objects controller; this is an interface to the LDLN platform, and should be set up based on a org-level config flag
    • Here in rest-api app controller; this is an interface to the LDLN platform, and should be set up based on a org-level config flag.

[mr-z-ro]

Started this today, will need to test on the GCE environment then will submit a pull request for this code.