devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

[server] use encryption_key for couchbase env as hash is reserved keyword

Browse Source
This commit is contained in:
Lakhan Samani 2023-01-31 11:18:20 +05:30
parent 748761926d
commit a1df2ce31f
9 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -34,17 +34,18 @@ test-dynamodb:
cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
docker rm -vf dynamodb-local-test
test-couchbase:
# docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
# create a docker container, set the cluster information and then run the tests
docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
sh scripts/couchbase-test.sh
cd server && go clean --testcache && TEST_DBS="couchbase" go test -p 1 -v ./test
# docker rm -vf couchbase-local-test
docker rm -vf couchbase-local-test
test-all-db:
rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal
docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
docker run -d --name dynamodb-local-test -p 8000:8000 amazon/dynamodb-local:latest
# docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
sh scripts/couchbase-test.sh
cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
docker rm -vf authorizer_scylla_db
docker rm -vf authorizer_mongodb_db

4
scripts/couchbase-test.sh
View File

@ -36,6 +36,4 @@ if [ "$TYPE" = "WORKER" ]; then
else
couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
fi;
fi;
fg 1
fi;

2
server/crypto/aes.go
View File

@ -4,6 +4,7 @@ import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
"io"
"github.com/authorizerdev/authorizer/server/constants"
@ -56,6 +57,7 @@ func DecryptAES(text string) (string, error) {
func EncryptAESEnv(text []byte) ([]byte, error) {
var res []byte
k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
fmt.Println("=> key:", k)
if err != nil {
return res, err
}

13
server/db/models/env.go
View File

@ -4,10 +4,11 @@ package models
// Env model for db
type Env struct {
Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
ID string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
EnvData string `json:"env" bson:"env" cql:"env" dynamo:"env"`
Hash string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
UpdatedAt int64 `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
CreatedAt int64 `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
ID string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
EnvData string `json:"env" bson:"env" cql:"env" dynamo:"env"`
Hash string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs.
UpdatedAt int64 `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
CreatedAt int64 `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
}

5
server/db/providers/couchbase/env.go
View File

@ -18,6 +18,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
env.CreatedAt = time.Now().Unix()
env.UpdatedAt = time.Now().Unix()
env.Key = env.ID
env.EncryptionKey = env.Hash
insertOpt := gocb.InsertOptions{
Context: ctx,
@ -32,6 +33,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
// UpdateEnv to update environment information in database
func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
env.UpdatedAt = time.Now().Unix()
env.EncryptionKey = env.Hash
updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env)
_, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{
@ -50,7 +52,7 @@ func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, e
func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
var env models.Env
query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
q, err := p.db.Query(query, &gocb.QueryOptions{
Context: ctx,
ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
@ -63,5 +65,6 @@ func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
if err != nil {
return env, err
}
env.Hash = env.EncryptionKey
return env, nil
}

12
server/db/providers/couchbase/provider.go
View File

@ -52,9 +52,9 @@ func NewProvider() (*provider, error) {
scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName)
v := reflect.ValueOf(models.Collections)
for i := 0; i < v.NumField(); i++ {
field := v.Field(i)
collectionName := v.Field(i)
user := gocb.CollectionSpec{
Name: field.String(),
Name: collectionName.String(),
ScopeName: scopeName,
}
collectionOpts := gocb.CreateCollectionOptions{
@ -64,8 +64,11 @@ func NewProvider() (*provider, error) {
if err != nil && !errors.Is(err, gocb.ErrCollectionExists) {
return nil, err
}
indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, field.String())
scope.Query(indexQuery, nil)
indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String())
_, err = scope.Query(indexQuery, nil)
if err != nil {
fmt.Println("=> err", err, collectionName.String())
}
}
indices := GetIndex(scopeIdentifier)
@ -85,7 +88,6 @@ func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName st
settings := gocb.BucketSettings{
Name: bucketName,
RAMQuotaMB: 1000,
NumReplicas: 1,
BucketType: gocb.CouchbaseBucketType,
EvictionPolicy: gocb.EvictionPolicyTypeValueOnly,
FlushEnabled: true,

2
server/env/persist_env.go vendored
View File

@ -3,6 +3,7 @@ package env
import (
"context"
"encoding/json"
"fmt"
"os"
"reflect"
"strconv"
@ -115,6 +116,7 @@ func PersistEnv() error {
if err != nil || env.EnvData == "" {
// AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid
hash := uuid.New().String()[:36-4]
fmt.Println("hash:", hash)
err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, hash)
if err != nil {
log.Debug("Error while updating encryption env variable: ", err)

1
server/resolvers/admin_signup.go
View File

@ -67,6 +67,7 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
envData, err := crypto.EncryptEnvData(storeData)
if err != nil {
log.Debug("Failed to encrypt envstore: ", err)
fmt.Println("Failed to encrypt envstore: ", err)
return res, err
}

1
server/test/admin_signup_test.go
View File

@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) {
_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{
AdminSecret: "admin123",
})
assert.Nil(t, err)
})
}