Merge pull request #5718 from nocodb/fix/add-migrator-to-fix-malformed-project-config

fix: Update project base config encryption with proper secret key

packages/nocodb/src/models/Base.ts

@@ -91,6 +91,7 @@ export default class Base implements BaseType {
     base: BaseType & {
       id: string;
       projectId: string;
+      skipReorder?: boolean;
     },
     ncMeta = Noco.ncMeta,
   ) {
@@ -144,6 +145,7 @@ export default class Base implements BaseType {
     // call before reorder to update cache
     const returnBase = await this.get(oldBase.id, ncMeta);
 
+    if (!base.skipReorder)
       await this.reorderBases(base.projectId, returnBase.id, ncMeta);
 
     return returnBase;

packages/nocodb/src/services/app-init.service.ts

@@ -35,7 +35,7 @@ export const appInitServiceProvider: Provider = {
     metaService: MetaService,
     eventEmitter: IEventEmitter,
   ) => {
-    process.env.NC_VERSION = '0105004';
+    process.env.NC_VERSION = '0107004';
 
     await NocoCache.init();
 

packages/nocodb/src/version-upgrader/NcUpgrader.ts

@@ -13,6 +13,7 @@ import ncProjectUpgraderV2_0090000 from './ncProjectUpgraderV2_0090000';
 import ncProjectEnvUpgrader0011045 from './ncProjectEnvUpgrader0011045';
 import ncProjectEnvUpgrader from './ncProjectEnvUpgrader';
 import ncHookUpgrader from './ncHookUpgrader';
+import ncProjectConfigUpgrader from './ncProjectConfigUpgrader';
 import type { MetaService } from '../meta/meta.service';
 import type { NcConfig } from '../interface/config';
 
@@ -48,6 +49,7 @@ export default class NcUpgrader {
         { name: '0105002', handler: ncStickyColumnUpgrader },
         { name: '0105003', handler: ncFilterUpgrader_0105003 },
         { name: '0105004', handler: ncHookUpgrader },
+        { name: '0107004', handler: ncProjectConfigUpgrader },
       ];
       if (!(await ctx.ncMeta.knexConnection?.schema?.hasTable?.('nc_store'))) {
         return;

packages/nocodb/src/version-upgrader/ncProjectConfigUpgrader.ts

@@ -0,0 +1,48 @@
+import CryptoJS from 'crypto-js';
+import { Base } from '../models';
+import { MetaTable } from '../utils/globals';
+import type { NcUpgraderCtx } from './NcUpgrader';
+
+const TEMP_KEY = 'temporary-key';
+
+// In version 0.107.0 we were used a temporary fallback secret key for JWT token encryption and project base config encryption.
+// So any project created in version 0.107.0 won't be able to decrypt the project base config.
+// So we need to update the project base config with the new secret key.
+// Get all the project bases and update the project config with the new secret key.
+export default async function ({ ncMeta }: NcUpgraderCtx) {
+  const actions = [];
+
+  // Get all the project bases
+  const bases = await ncMeta.metaList2(null, null, MetaTable.BASES);
+
+  // Update the base config with the new secret key if we could decrypt the base config with the fallback secret key
+  for (const base of bases) {
+    let config;
+
+    // Try to decrypt the base config with the fallback secret key
+    // if we could decrypt the base config with the fallback secret key then we will update the base config with the new secret key
+    // otherwise we will skip the base config update since it is already encrypted with the new secret key
+    try {
+      config = JSON.parse(
+        CryptoJS.AES.decrypt(base.config, TEMP_KEY).toString(CryptoJS.enc.Utf8),
+      );
+
+      // Update the base config with the new secret key
+      actions.push(
+        Base.updateBase(
+          base.id,
+          {
+            id: base.id,
+            projectId: base.project_id,
+            config,
+            skipReorder: true,
+          },
+          ncMeta,
+        ),
+      );
+    } catch (e) {
+      // ignore the error
+    }
+  }
+  await Promise.all(actions);
+}