From a1df2ce31fc1c2b9190e0967862a5c20dc22fd84 Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Tue, 31 Jan 2023 11:18:20 +0530 Subject: [PATCH] [server] use encryption_key for couchbase env as hash is reserved keyword --- Makefile | 9 +++++---- scripts/couchbase-test.sh | 4 +--- server/crypto/aes.go | 2 ++ server/db/models/env.go | 13 +++++++------ server/db/providers/couchbase/env.go | 5 ++++- server/db/providers/couchbase/provider.go | 12 +++++++----- server/env/persist_env.go | 2 ++ server/resolvers/admin_signup.go | 1 + server/test/admin_signup_test.go | 1 - 9 files changed, 29 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index 53c9ca4..abc3eb8 100644 --- a/Makefile +++ b/Makefile @@ -34,17 +34,18 @@ test-dynamodb: cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test docker rm -vf dynamodb-local-test test-couchbase: - # docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest - # create a docker container, set the cluster information and then run the tests + docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest + sh scripts/couchbase-test.sh cd server && go clean --testcache && TEST_DBS="couchbase" go test -p 1 -v ./test - # docker rm -vf couchbase-local-test + docker rm -vf couchbase-local-test test-all-db: rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15 docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4 docker run -d --name dynamodb-local-test -p 8000:8000 amazon/dynamodb-local:latest - # docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest + docker run -d --name couchbase-local-test -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest + sh scripts/couchbase-test.sh cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test docker rm -vf authorizer_scylla_db docker rm -vf authorizer_mongodb_db diff --git a/scripts/couchbase-test.sh b/scripts/couchbase-test.sh index c7ee194..b2c5e78 100644 --- a/scripts/couchbase-test.sh +++ b/scripts/couchbase-test.sh @@ -36,6 +36,4 @@ if [ "$TYPE" = "WORKER" ]; then else couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password fi; -fi; - -fg 1 \ No newline at end of file +fi; \ No newline at end of file diff --git a/server/crypto/aes.go b/server/crypto/aes.go index 422f694..6c68c38 100644 --- a/server/crypto/aes.go +++ b/server/crypto/aes.go @@ -4,6 +4,7 @@ import ( "crypto/aes" "crypto/cipher" "crypto/rand" + "fmt" "io" "github.com/authorizerdev/authorizer/server/constants" @@ -56,6 +57,7 @@ func DecryptAES(text string) (string, error) { func EncryptAESEnv(text []byte) ([]byte, error) { var res []byte k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey) + fmt.Println("=> key:", k) if err != nil { return res, err } diff --git a/server/db/models/env.go b/server/db/models/env.go index 633e1af..8c39cd6 100644 --- a/server/db/models/env.go +++ b/server/db/models/env.go @@ -4,10 +4,11 @@ package models // Env model for db type Env struct { - Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb - ID string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"` - EnvData string `json:"env" bson:"env" cql:"env" dynamo:"env"` - Hash string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"` - UpdatedAt int64 `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"` - CreatedAt int64 `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"` + Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb + ID string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"` + EnvData string `json:"env" bson:"env" cql:"env" dynamo:"env"` + Hash string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"` + EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs. + UpdatedAt int64 `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"` + CreatedAt int64 `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"` } diff --git a/server/db/providers/couchbase/env.go b/server/db/providers/couchbase/env.go index 50b2e84..3addb9f 100644 --- a/server/db/providers/couchbase/env.go +++ b/server/db/providers/couchbase/env.go @@ -18,6 +18,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro env.CreatedAt = time.Now().Unix() env.UpdatedAt = time.Now().Unix() env.Key = env.ID + env.EncryptionKey = env.Hash insertOpt := gocb.InsertOptions{ Context: ctx, @@ -32,6 +33,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro // UpdateEnv to update environment information in database func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) { env.UpdatedAt = time.Now().Unix() + env.EncryptionKey = env.Hash updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env) _, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{ @@ -50,7 +52,7 @@ func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, e func (p *provider) GetEnv(ctx context.Context) (models.Env, error) { var env models.Env - query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env) + query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env) q, err := p.db.Query(query, &gocb.QueryOptions{ Context: ctx, ScanConsistency: gocb.QueryScanConsistencyRequestPlus, @@ -63,5 +65,6 @@ func (p *provider) GetEnv(ctx context.Context) (models.Env, error) { if err != nil { return env, err } + env.Hash = env.EncryptionKey return env, nil } diff --git a/server/db/providers/couchbase/provider.go b/server/db/providers/couchbase/provider.go index 92dfa41..5b5f3e4 100644 --- a/server/db/providers/couchbase/provider.go +++ b/server/db/providers/couchbase/provider.go @@ -52,9 +52,9 @@ func NewProvider() (*provider, error) { scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName) v := reflect.ValueOf(models.Collections) for i := 0; i < v.NumField(); i++ { - field := v.Field(i) + collectionName := v.Field(i) user := gocb.CollectionSpec{ - Name: field.String(), + Name: collectionName.String(), ScopeName: scopeName, } collectionOpts := gocb.CreateCollectionOptions{ @@ -64,8 +64,11 @@ func NewProvider() (*provider, error) { if err != nil && !errors.Is(err, gocb.ErrCollectionExists) { return nil, err } - indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, field.String()) - scope.Query(indexQuery, nil) + indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String()) + _, err = scope.Query(indexQuery, nil) + if err != nil { + fmt.Println("=> err", err, collectionName.String()) + } } indices := GetIndex(scopeIdentifier) @@ -85,7 +88,6 @@ func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName st settings := gocb.BucketSettings{ Name: bucketName, RAMQuotaMB: 1000, - NumReplicas: 1, BucketType: gocb.CouchbaseBucketType, EvictionPolicy: gocb.EvictionPolicyTypeValueOnly, FlushEnabled: true, diff --git a/server/env/persist_env.go b/server/env/persist_env.go index a224336..1b663d5 100644 --- a/server/env/persist_env.go +++ b/server/env/persist_env.go @@ -3,6 +3,7 @@ package env import ( "context" "encoding/json" + "fmt" "os" "reflect" "strconv" @@ -115,6 +116,7 @@ func PersistEnv() error { if err != nil || env.EnvData == "" { // AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid hash := uuid.New().String()[:36-4] + fmt.Println("hash:", hash) err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, hash) if err != nil { log.Debug("Error while updating encryption env variable: ", err) diff --git a/server/resolvers/admin_signup.go b/server/resolvers/admin_signup.go index c1dd5c1..4b54fa6 100644 --- a/server/resolvers/admin_signup.go +++ b/server/resolvers/admin_signup.go @@ -67,6 +67,7 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m envData, err := crypto.EncryptEnvData(storeData) if err != nil { log.Debug("Failed to encrypt envstore: ", err) + fmt.Println("Failed to encrypt envstore: ", err) return res, err } diff --git a/server/test/admin_signup_test.go b/server/test/admin_signup_test.go index 6aedc17..fc0b13a 100644 --- a/server/test/admin_signup_test.go +++ b/server/test/admin_signup_test.go @@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) { _, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{ AdminSecret: "admin123", }) - assert.Nil(t, err) }) }