From dec6f0bcfb1edad71da945245e454332f02985ab Mon Sep 17 00:00:00 2001 From: petruki <31597636+petruki@users.noreply.github.com> Date: Mon, 26 Feb 2024 21:54:30 -0800 Subject: [PATCH] Replaced non-descriptive hash salt --- .github/FUNDING.yml | 1 - .github/workflows/master.yml | 2 +- .github/workflows/re-release.yml | 2 +- .github/workflows/release.yml | 2 +- README.md | 8 -------- package.json | 6 +++--- src/models/admin.js | 3 ++- src/models/common/index.js | 5 +++++ src/models/component.js | 3 ++- tests/fixtures/db_api.js | 3 ++- tests/fixtures/db_client.js | 7 +++---- tests/fixtures/db_client_payload.js | 9 ++++----- tests/fixtures/db_factory.js | 5 +++-- tests/fixtures/db_metrics.js | 3 ++- tests/model/component.test.js | 5 +++-- 15 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 55650d8..890ded4 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -2,4 +2,3 @@ patreon: switcherapi ko_fi: petruki -custom: ['https://www.paypal.com/donate/?business=A5R6K3JAD8SW4&no_recurring=0&item_name=Thank+you+for+supporting+the+Open+Source+Community¤cy_code=CAD'] diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index fe45aa7..1cda1e8 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Use Node.js 20.x - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.x diff --git a/.github/workflows/re-release.yml b/.github/workflows/re-release.yml index 743a49b..c97b74f 100644 --- a/.github/workflows/re-release.yml +++ b/.github/workflows/re-release.yml @@ -21,7 +21,7 @@ jobs: ref: ${{ github.event.inputs.tag }} - name: Use Node.js 20.x - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.x diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b20bc3d..fdfc926 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: fetch-depth: 0 - name: Use Node.js 20.x - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 20.x diff --git a/README.md b/README.md index b1f1f9e..5b38f9c 100644 --- a/README.md +++ b/README.md @@ -119,11 +119,3 @@ See also our SDKs to integrate Switcher API with your application. - **Auth** - Client API: /criteria/auth [POST] - **Executing** - Client API: /criteria?key=SWITCHER_KEY [POST] - -* * * - -## Donations -Donations for coffee, cookies or pizza are extremely welcomed.
-Please, find the sponsor button at the top for more options. - -[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/donate/?business=A5R6K3JAD8SW4&no_recurring=0&item_name=Thank+you+for+supporting+the+Open+Source+Community¤cy_code=CAD) diff --git a/package.json b/package.json index 07218c4..54287e5 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "jsonwebtoken": "^9.0.2", "moment": "^2.30.1", "mongodb": "^6.3.0", - "mongoose": "^8.1.3", + "mongoose": "^8.2.0", "pino": "^8.19.0", "pino-pretty": "^10.3.1", "swagger-ui-express": "^5.0.0", @@ -57,11 +57,11 @@ "babel-jest": "^29.7.0", "babel-polyfill": "^6.26.0", "env-cmd": "^10.1.0", - "eslint": "^8.56.0", + "eslint": "^8.57.0", "jest": "^29.7.0", "jest-sonar-reporter": "^2.0.0", "node-notifier": "^10.0.1", - "nodemon": "^3.0.3", + "nodemon": "^3.1.0", "sinon": "^17.0.1", "supertest": "^6.3.4" }, diff --git a/src/models/admin.js b/src/models/admin.js index 175eb98..c8bd07c 100644 --- a/src/models/admin.js +++ b/src/models/admin.js @@ -5,6 +5,7 @@ import crypto from 'crypto'; import jwt from 'jsonwebtoken'; import { Team } from './team'; import { notifyAcCreation, notifyAcDeletion } from '../external/switcher-api-facade'; +import { EncryptionSalts } from './common'; const adminSchema = new mongoose.Schema({ name: { @@ -196,7 +197,7 @@ adminSchema.pre('save', async function (next) { const admin = this; if (admin.isModified('password')) { - admin.password = await bcryptjs.hash(admin.password, 8); + admin.password = await bcryptjs.hash(admin.password, EncryptionSalts.ADMIN); notifyAcCreation(admin._id); } diff --git a/src/models/common/index.js b/src/models/common/index.js index 6b43724..c9777f0 100644 --- a/src/models/common/index.js +++ b/src/models/common/index.js @@ -1,6 +1,11 @@ import History from '../history'; import { checkHistory } from '../../external/switcher-api-facade'; +export const EncryptionSalts = Object.freeze({ + ADMIN: 8, + COMPONENT: 8 +}); + function checkDifference(diff, documents, defaultIgnoredFields, keyArr, keys, pos) { diff --git a/src/models/component.js b/src/models/component.js index 3515529..a2a2e60 100644 --- a/src/models/component.js +++ b/src/models/component.js @@ -5,6 +5,7 @@ import { randomUUID } from 'crypto'; import jwt from 'jsonwebtoken'; import { Config } from './config'; import Domain from './domain'; +import { EncryptionSalts } from './common'; const componentSchema = new mongoose.Schema({ name: { @@ -56,7 +57,7 @@ componentSchema.methods.generateApiKey = async function () { const component = this; const apiKey = randomUUID(); - const hash = await bcryptjs.hash(apiKey, 8); + const hash = await bcryptjs.hash(apiKey, EncryptionSalts.COMPONENT); component.apihash = hash; await component.save(); diff --git a/tests/fixtures/db_api.js b/tests/fixtures/db_api.js index 5dbfc5e..3041183 100644 --- a/tests/fixtures/db_api.js +++ b/tests/fixtures/db_api.js @@ -15,6 +15,7 @@ import { Metric } from '../../src/models/metric'; import { EnvType, Environment } from '../../src/models/environment'; import { ConfigStrategy, StrategiesType, OperationsType } from '../../src/models/config-strategy'; import Slack from '../../src/models/slack'; +import { EncryptionSalts } from '../../src/models/common'; process.env.JWT_SECRET = process.env.JWT_SECRET || 'test_secret'; @@ -274,7 +275,7 @@ export const setupDatabase = async () => { await new Permission(permissionAll3).save(); await new Permission(permissionAll4).save(); - const hash = await bcryptjs.hash(component1Key, 8); + const hash = await bcryptjs.hash(component1Key, EncryptionSalts.COMPONENT); component1.apihash = hash; await new Component(component1).save(); }; \ No newline at end of file diff --git a/tests/fixtures/db_client.js b/tests/fixtures/db_client.js index 1f7607c..0b49c99 100644 --- a/tests/fixtures/db_client.js +++ b/tests/fixtures/db_client.js @@ -14,6 +14,7 @@ import { ConfigStrategy, StrategiesType, OperationsType } from '../../src/models import { ActionTypes, RouterTypes, Permission } from '../../src/models/permission'; import { Team } from '../../src/models/team'; import Slack from '../../src/models/slack'; +import { EncryptionSalts } from '../../src/models/common'; process.env.JWT_SECRET = process.env.JWT_SECRET || 'test_secret'; @@ -37,7 +38,7 @@ export const adminAccount = { active: true }; -export let apiKey; +export const apiKey = randomUUID(); export const domainId = new mongoose.Types.ObjectId(); export const domainDocument = { _id: domainId, @@ -237,9 +238,7 @@ export const setupDatabase = async () => { await new ConfigStrategy(configStrategyTIME_BETWEENDocument).save(); await new ConfigStrategy(configStrategyTIME_GREATDocument).save(); - const newApiKey = randomUUID(); - const hash = await bcryptjs.hash(newApiKey, 8); + const hash = await bcryptjs.hash(apiKey, EncryptionSalts.COMPONENT); component1.apihash = hash; await new Component(component1).save(); - apiKey = newApiKey; }; \ No newline at end of file diff --git a/tests/fixtures/db_client_payload.js b/tests/fixtures/db_client_payload.js index 2e556a4..7e30241 100644 --- a/tests/fixtures/db_client_payload.js +++ b/tests/fixtures/db_client_payload.js @@ -9,6 +9,7 @@ import { Config } from '../../src/models/config'; import Component from '../../src/models/component'; import { Environment, EnvType } from '../../src/models/environment'; import { ConfigStrategy, StrategiesType, OperationsType } from '../../src/models/config-strategy'; +import { EncryptionSalts } from '../../src/models/common'; process.env.JWT_SECRET = process.env.JWT_SECRET || 'test_secret'; @@ -32,7 +33,7 @@ export const adminAccount = { active: true }; -export let apiKey = undefined; +export const apiKey = randomUUID(); export const domainId = new mongoose.Types.ObjectId(); export const domainDocument = { _id: domainId, @@ -115,10 +116,8 @@ export const setupDatabase = async () => { await new GroupConfig(groupConfigDocument).save(); await new Config(configPayloadDocument).save(); await new ConfigStrategy(configStrategyPAYLOAD_HAS_ONEDocument).save(); - - const newApiKey = randomUUID(); - const hash = await bcryptjs.hash(newApiKey, 8); + + const hash = await bcryptjs.hash(apiKey, EncryptionSalts.COMPONENT); component1.apihash = hash; await new Component(component1).save(); - apiKey = newApiKey; }; \ No newline at end of file diff --git a/tests/fixtures/db_factory.js b/tests/fixtures/db_factory.js index d3fb029..949e3e0 100644 --- a/tests/fixtures/db_factory.js +++ b/tests/fixtures/db_factory.js @@ -3,6 +3,7 @@ import bcryptjs from 'bcryptjs'; import Component from '../../src/models/component'; import Domain from '../../src/models/domain'; import { EnvType } from '../../src/models/environment'; +import { EncryptionSalts } from '../../src/models/common'; export async function createDummyDomain(domainName, accountId) { const domainDocument = { @@ -26,8 +27,8 @@ export async function createDummyComponent(componentName, domainId, accountId) { owner: accountId }; - const apiKey = await bcryptjs.hash(componentDocument._id + componentDocument.name, 8); - const hash = await bcryptjs.hash(apiKey, 8); + const apiKey = await bcryptjs.hash(componentDocument._id + componentDocument.name, EncryptionSalts.COMPONENT); + const hash = await bcryptjs.hash(apiKey, EncryptionSalts.COMPONENT); componentDocument.apihash = hash; await new Component(componentDocument).save(); diff --git a/tests/fixtures/db_metrics.js b/tests/fixtures/db_metrics.js index 83c42eb..b59814a 100644 --- a/tests/fixtures/db_metrics.js +++ b/tests/fixtures/db_metrics.js @@ -9,6 +9,7 @@ import GroupConfig from '../../src/models/group-config'; import { Config } from '../../src/models/config'; import Domain from '../../src/models/domain'; import Component from '../../src/models/component'; +import { EncryptionSalts } from '../../src/models/common'; process.env.JWT_SECRET = process.env.JWT_SECRET || 'test_secret'; @@ -171,7 +172,7 @@ export const setupDatabase = async () => { await new Metric(entry4).save(); const newApiKey = randomUUID(); - const hash = await bcryptjs.hash(newApiKey, 8); + const hash = await bcryptjs.hash(newApiKey, EncryptionSalts.COMPONENT); component1.apihash = hash; await new Component(component1).save(); }; \ No newline at end of file diff --git a/tests/model/component.test.js b/tests/model/component.test.js index af333e9..3b07309 100644 --- a/tests/model/component.test.js +++ b/tests/model/component.test.js @@ -10,6 +10,7 @@ import { domainDocument } from '../fixtures/db_api'; import Component from '../../src/models/component'; +import { EncryptionSalts } from '../../src/models/common'; afterAll(async () => { await new Promise(resolve => setTimeout(resolve, 1000)); @@ -25,13 +26,13 @@ describe('(Deprecated) Testing component authentication', () => { const generateApiKeyDeprecated = async (component) => { const buffer = randomBytes(32); const apiKey = Buffer.from(buffer).toString('base64'); - const hash = await bcryptjs.hash(apiKey, 8); + const hash = await bcryptjs.hash(apiKey, EncryptionSalts.COMPONENT); component.apihash = hash; await component.save(); const generatedApiKey = Buffer.from(apiKey).toString('base64'); return generatedApiKey; - } + }; test('COMPONENT_MODEL - Should authenticate component using old API key format', async () => { // Given