Skip to content

Commit dac3698

Browse files
FlaqueFlaque
committed
fix encrypt
1 parent 7091554 commit dac3698

File tree

4 files changed

+66
-24
lines changed

4 files changed

+66
-24
lines changed

src/apiClient.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import type { paths } from "./schema.ts"; // generated by openapi-typescript
44

55
let __client: Client<paths, `${string}/${string}`> | undefined;
66

7-
export const apiClient = async () => {
7+
export const apiClient = async (token?: string) => {
88
if (__client) {
99
return __client;
1010
}
@@ -13,7 +13,7 @@ export const apiClient = async () => {
1313
__client = createClient<paths>({
1414
baseUrl: config.api_url,
1515
headers: {
16-
Authorization: `Bearer ${await getAuthToken()}`,
16+
Authorization: `Bearer ${token ?? (await getAuthToken())}`,
1717
"Content-Type": "application/json",
1818
},
1919
});

src/lib/clusters/clusters.tsx

Lines changed: 36 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
import type { Command } from "commander";
22
import { apiClient } from "../../apiClient.ts";
33
import { logAndQuit } from "../../helpers/errors.ts";
4-
import { getKeys } from "./keys.tsx";
4+
import { decryptSecret, getKeys } from "./keys.tsx";
5+
56
export function registerClusters(program: Command) {
67
const clusters = program
78
.command("clusters")
@@ -15,9 +16,11 @@ export function registerClusters(program: Command) {
1516
.alias("ls")
1617
.description("List clusters")
1718
.option("--json", "Output in JSON format")
19+
.option("--token <token>", "API token")
1820
.action(async (options) => {
1921
await listClustersAction({
2022
returnJson: options.json,
23+
token: options.token,
2124
});
2225
});
2326

@@ -31,20 +34,24 @@ export function registerClusters(program: Command) {
3134
.requiredOption("--cluster <cluster>", "name of the cluster")
3235
.requiredOption("--user <username>", "Username to add")
3336
.option("--json", "Output in JSON format")
37+
.option("--token <token>", "API token")
3438
.action(async (options) => {
3539
await addClusterUserAction({
3640
clusterName: options.cluster,
3741
username: options.user,
42+
token: options.token,
3843
});
3944
});
4045

4146
users
4247
.command("rm <id>")
4348
.description("Remove a user from a cluster")
4449
.option("--json", "Output in JSON format")
50+
.option("--token <token>", "API token")
4551
.action(async (id, options) => {
4652
await removeClusterUserAction({
4753
id,
54+
token: options.token,
4855
});
4956
});
5057

@@ -53,13 +60,17 @@ export function registerClusters(program: Command) {
5360
.alias("ls")
5461
.description("List users in a cluster")
5562
.option("--json", "Output in JSON format")
63+
.option("--token <token>", "API token")
5664
.action(async (options) => {
57-
await listClusterUsersAction({ returnJson: options.json });
65+
await listClusterUsersAction({
66+
returnJson: options.json,
67+
token: options.token,
68+
});
5869
});
5970
}
6071

61-
async function listClustersAction({ returnJson }: { returnJson?: boolean }) {
62-
const api = await apiClient();
72+
async function listClustersAction({ returnJson, token }: { returnJson?: boolean, token?: string }) {
73+
const api = await apiClient(token);
6374

6475
const { data, error, response } = await api.GET("/v0/clusters");
6576

@@ -84,11 +95,13 @@ async function listClustersAction({ returnJson }: { returnJson?: boolean }) {
8495
async function addClusterUserAction({
8596
clusterName,
8697
username,
98+
token,
8799
}: {
88100
clusterName: string;
89101
username: string;
102+
token?: string;
90103
}) {
91-
const api = await apiClient();
104+
const api = await apiClient(token);
92105
const { publicKey } = await getKeys();
93106

94107
const { data, error, response } = await api.POST("/v0/credentials", {
@@ -115,8 +128,8 @@ async function addClusterUserAction({
115128
console.log(data);
116129
}
117130

118-
async function removeClusterUserAction({ id }: { id: string }) {
119-
const api = await apiClient();
131+
async function removeClusterUserAction({ id, token }: { id: string, token?: string }) {
132+
const api = await apiClient(token);
120133

121134
const { data, error, response } = await api.DELETE("/v0/credentials/{id}", {
122135
params: {
@@ -140,8 +153,8 @@ async function removeClusterUserAction({ id }: { id: string }) {
140153
console.log(data);
141154
}
142155

143-
async function listClusterUsersAction({ returnJson }: { returnJson?: boolean }) {
144-
const api = await apiClient();
156+
async function listClusterUsersAction({ returnJson, token }: { returnJson?: boolean, token?: string }) {
157+
const api = await apiClient(token);
145158

146159
const { data, error, response } = await api.GET("/v0/credentials");
147160

@@ -156,7 +169,20 @@ async function listClusterUsersAction({ returnJson }: { returnJson?: boolean })
156169
);
157170
}
158171

172+
if (data.data.length === 0) {
173+
console.log("No users found");
174+
return;
175+
}
176+
177+
const { privateKey } = await getKeys();
159178
for (const item of data.data) {
160-
console.log(item);
179+
if (item.object !== "k8s_credential") {
180+
continue;
181+
}
182+
if (!item.encrypted_token) {
183+
continue;
184+
}
185+
const res = decryptSecret(item.encrypted_token, privateKey);
186+
console.log(res);
161187
}
162188
}

src/lib/clusters/keys.tsx

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -37,14 +37,24 @@ function generateKeyPair() {
3737
};
3838
}
3939

40-
export function decryptSecret(secret: string, privateKey: string) {
41-
const decrypted = crypto.privateDecrypt({
42-
key: privateKey,
43-
padding: crypto.constants.RSA_PKCS1_PADDING,
44-
}, Buffer.from(secret, 'base64'));
45-
return decrypted.toString('utf8');
40+
export function decryptSecret(encrypted_secret: string, privateKey: string) {
41+
try {
42+
const decoded = Buffer.from(encrypted_secret, 'base64');
43+
const decrypted = crypto.privateDecrypt({
44+
key: privateKey,
45+
padding: crypto.constants.RSA_PKCS1_PADDING,
46+
}, decoded);
47+
48+
// Convert decrypted array to Buffer
49+
const decryptedBuffer = Buffer.isBuffer(decrypted) ? decrypted : Buffer.from(decrypted);
50+
51+
return decryptedBuffer.toString('utf8');
52+
} catch (err) {
53+
throw new Error(`Failed to decrypt secret: ${err}`);
54+
}
4655
}
4756

57+
4858
async function saveKeys(keys: { publicKey: string; privateKey: string }) {
4959
const { publicKey, privateKey } = keys;
5060
const publicKeyPath = path.join(os.homedir(), ".sf", "public.pem");

src/schema.ts

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1737,14 +1737,15 @@ export interface operations {
17371737
username?: string;
17381738
label?: string;
17391739
pubkey: string;
1740-
cluster: {
1740+
cluster?: {
17411741
/** @constant */
17421742
object: "kubernetes_cluster";
17431743
kubernetes_api_url?: string;
17441744
name: string;
17451745
kubernetes_namespace: string;
17461746
kubernetes_ca_cert?: string;
17471747
};
1748+
encrypted_token?: string;
17481749
})[];
17491750
has_more: boolean;
17501751
/** @constant */
@@ -1764,14 +1765,15 @@ export interface operations {
17641765
username?: string;
17651766
label?: string;
17661767
pubkey: string;
1767-
cluster: {
1768+
cluster?: {
17681769
/** @constant */
17691770
object: "kubernetes_cluster";
17701771
kubernetes_api_url?: string;
17711772
name: string;
17721773
kubernetes_namespace: string;
17731774
kubernetes_ca_cert?: string;
17741775
};
1776+
encrypted_token?: string;
17751777
})[];
17761778
has_more: boolean;
17771779
/** @constant */
@@ -1791,14 +1793,15 @@ export interface operations {
17911793
username?: string;
17921794
label?: string;
17931795
pubkey: string;
1794-
cluster: {
1796+
cluster?: {
17951797
/** @constant */
17961798
object: "kubernetes_cluster";
17971799
kubernetes_api_url?: string;
17981800
name: string;
17991801
kubernetes_namespace: string;
18001802
kubernetes_ca_cert?: string;
18011803
};
1804+
encrypted_token?: string;
18021805
})[];
18031806
has_more: boolean;
18041807
/** @constant */
@@ -1942,14 +1945,15 @@ export interface operations {
19421945
username?: string;
19431946
label?: string;
19441947
pubkey: string;
1945-
cluster: {
1948+
cluster?: {
19461949
/** @constant */
19471950
object: "kubernetes_cluster";
19481951
kubernetes_api_url?: string;
19491952
name: string;
19501953
kubernetes_namespace: string;
19511954
kubernetes_ca_cert?: string;
19521955
};
1956+
encrypted_token?: string;
19531957
};
19541958
"multipart/form-data": {
19551959
/** @constant */
@@ -1964,14 +1968,15 @@ export interface operations {
19641968
username?: string;
19651969
label?: string;
19661970
pubkey: string;
1967-
cluster: {
1971+
cluster?: {
19681972
/** @constant */
19691973
object: "kubernetes_cluster";
19701974
kubernetes_api_url?: string;
19711975
name: string;
19721976
kubernetes_namespace: string;
19731977
kubernetes_ca_cert?: string;
19741978
};
1979+
encrypted_token?: string;
19751980
};
19761981
"text/plain": {
19771982
/** @constant */
@@ -1986,14 +1991,15 @@ export interface operations {
19861991
username?: string;
19871992
label?: string;
19881993
pubkey: string;
1989-
cluster: {
1994+
cluster?: {
19901995
/** @constant */
19911996
object: "kubernetes_cluster";
19921997
kubernetes_api_url?: string;
19931998
name: string;
19941999
kubernetes_namespace: string;
19952000
kubernetes_ca_cert?: string;
19962001
};
2002+
encrypted_token?: string;
19972003
};
19982004
};
19992005
};

0 commit comments

Comments
 (0)