Browse Source

feat: add upgrader to decrypt and store datasource config

pull/9499/head
Pranav C 2 months ago
parent
commit
0f15435289
  1. 20
      packages/nocodb/src/models/Integration.ts
  2. 102
      packages/nocodb/src/version-upgrader/ncDatasourceDecrypt.ts

20
packages/nocodb/src/models/Integration.ts

@ -56,10 +56,10 @@ export default class Integration implements IntegrationType {
'is_private', 'is_private',
]); ]);
insertObj.config = CryptoJS.AES.encrypt( // insertObj.config = CryptoJS.AES.encrypt(
JSON.stringify(insertObj.config), // JSON.stringify(insertObj.config),
Noco.getConfig()?.auth?.jwt?.secret, // Noco.getConfig()?.auth?.jwt?.secret,
).toString(); // ).toString();
if ('meta' in insertObj) { if ('meta' in insertObj) {
insertObj.meta = stringifyMetaProp(insertObj); insertObj.meta = stringifyMetaProp(insertObj);
@ -123,12 +123,12 @@ export default class Integration implements IntegrationType {
'is_private', 'is_private',
]); ]);
if (updateObj.config) { // if (updateObj.config) {
updateObj.config = CryptoJS.AES.encrypt( // updateObj.config = CryptoJS.AES.encrypt(
JSON.stringify(integration.config), // JSON.stringify(integration.config),
Noco.getConfig()?.auth?.jwt?.secret, // Noco.getConfig()?.auth?.jwt?.secret,
).toString(); // ).toString();
} // }
// type property is undefined even if not provided // type property is undefined even if not provided
if (!updateObj.type) { if (!updateObj.type) {

102
packages/nocodb/src/version-upgrader/ncDatasourceDecrypt.ts

@ -0,0 +1,102 @@
import type { NcUpgraderCtx } from './NcUpgrader';
import Noco from '~/Noco';
import { MetaTable, RootScopes } from '~/utils/globals';
import CryptoJS from 'crypto-js';
const logger = {
log: (message: string) => {
console.log(
`[ncXcdbCreatedAndUpdatedSystemFieldsUpgrader ${Date.now()}] ` + message,
);
},
error: (message: string) => {
console.error(
`[ncXcdbCreatedAndUpdatedSystemFieldsUpgrader ${Date.now()}] ` + message,
);
},
};
const decyptConfig = async (encryptedConfig: string, secret: string) => {
return CryptoJS.AES.decrypt(
encryptedConfig,
secret,
).toString(CryptoJS.enc.Utf8),
}
// decrypt datasource details in source table and integration table
export default async function ({ ncMeta }: NcUpgraderCtx) {
let encryptionKey = process.env.NC_AUTH_JWT_SECRET;
if (!encryptionKey) {
encryptionKey = (
await this._ncMeta.metaGet(
RootScopes.ROOT,
RootScopes.ROOT,
MetaTable.STORE,
{
key: 'nc_auth_jwt_secret',
},
)
)?.value;
}
// if encryption key is not present, return
if (!encryptionKey) {
return;
}
// get all external sources
const sources = await ncMeta.knexConnection(MetaTable.BASES).condition({
_not: {
_or: [
{
is_meta: {
eq: 1,
},
},
...(Noco.isEE()
? [
{
is_local: {
eq: 1,
},
},
]
: []),
],
},
});
// iterate, decrypt and update
for (const source of sources) {
if (source?.config) {
try {
const decrypted = await decyptConfig(source.config, encryptionKey);
await ncMeta.knexConnection(MetaTable.BASES).update({
config: decrypted,
});
} catch (e) {
logger.error(`Failed to decrypt source ${source.id}`);
throw e
}
}
}
// get all integrations
const integrations = await ncMeta.knexConnection(MetaTable.INTEGRATIONS);
// iterate, decrypt and update
for (const integration of integrations) {
if (integration?.config) {
try {
const decrypted = await decyptConfig(integration.config, encryptionKey);
await ncMeta.knexConnection(MetaTable.INTEGRATIONS).update({
config: decrypted,
});
} catch (e) {
logger.error(`Failed to decrypt integration ${integration.id}`);
throw e
}
}
}
}
Loading…
Cancel
Save