diff --git a/packages/nocodb/src/version-upgrader/NcUpgrader.ts b/packages/nocodb/src/version-upgrader/NcUpgrader.ts index c2d351dc2f..951a93099f 100644 --- a/packages/nocodb/src/version-upgrader/NcUpgrader.ts +++ b/packages/nocodb/src/version-upgrader/NcUpgrader.ts @@ -13,6 +13,7 @@ import ncProjectUpgraderV2_0090000 from './ncProjectUpgraderV2_0090000'; import ncProjectEnvUpgrader0011045 from './ncProjectEnvUpgrader0011045'; import ncProjectEnvUpgrader from './ncProjectEnvUpgrader'; import ncHookUpgrader from './ncHookUpgrader'; +import ncProjectConfigUpgrader from './ncProjectConfigUpgrader'; import type { MetaService } from '../meta/meta.service'; import type { NcConfig } from '../interface/config'; @@ -48,6 +49,7 @@ export default class NcUpgrader { { name: '0105002', handler: ncStickyColumnUpgrader }, { name: '0105003', handler: ncFilterUpgrader_0105003 }, { name: '0105004', handler: ncHookUpgrader }, + { name: '0107004', handler: ncProjectConfigUpgrader }, ]; if (!(await ctx.ncMeta.knexConnection?.schema?.hasTable?.('nc_store'))) { return; diff --git a/packages/nocodb/src/version-upgrader/ncProjectConfigUpgrader.ts b/packages/nocodb/src/version-upgrader/ncProjectConfigUpgrader.ts new file mode 100644 index 0000000000..40c3d0a157 --- /dev/null +++ b/packages/nocodb/src/version-upgrader/ncProjectConfigUpgrader.ts @@ -0,0 +1,47 @@ +import CryptoJS from 'crypto-js'; +import { Base } from '../models'; +import { MetaTable } from '../utils/globals'; +import type { NcUpgraderCtx } from './NcUpgrader'; + +const TEMP_KEY = 'temporary-key'; + +// In version 0.107.0 we were used a temporary fallback secret key for JWT token encryption and project base config encryption. +// So any project created in version 0.107.0 won't be able to decrypt the project base config. +// So we need to update the project base config with the new secret key. +// Get all the project bases and update the project config with the new secret key. +export default async function ({ ncMeta }: NcUpgraderCtx) { + const actions = []; + + // Get all the project bases + const bases = await ncMeta.metaList2(null, null, MetaTable.BASES); + + // Update the base config with the new secret key if we could decrypt the base config with the fallback secret key + for (const base of bases) { + let config; + + // Try to decrypt the base config with the fallback secret key + // if we could decrypt the base config with the fallback secret key then we will update the base config with the new secret key + // otherwise we will skip the base config update since it is already encrypted with the new secret key + try { + config = JSON.parse( + CryptoJS.AES.decrypt(base.config, TEMP_KEY).toString(CryptoJS.enc.Utf8), + ); + } catch (e) { + continue; + } + + if (!config) { + continue; + } + + // Update the base config with the new secret key + actions.push( + Base.updateBase(base.id, { + id: base.id, + projectId: base.project_id, + config: base.config, + }), + ); + } + await Promise.all(actions); +}