Skip to content

Commit

Permalink
fix encrypt
Browse files Browse the repository at this point in the history
  • Loading branch information
@Flaque
Flaque committed Nov 20, 2024
1 parent 7091554 commit dac3698
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 24 deletions.
4 changes: 2 additions & 2 deletions src/apiClient.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import type { paths } from "./schema.ts"; // generated by openapi-typescript

let __client: Client<paths, `${string}/${string}`> | undefined;

export const apiClient = async () => {
export const apiClient = async (token?: string) => {
if (__client) {
return __client;
}
Expand All @@ -13,7 +13,7 @@ export const apiClient = async () => {
__client = createClient<paths>({
baseUrl: config.api_url,
headers: {
Authorization: `Bearer ${await getAuthToken()}`,
Authorization: `Bearer ${token ?? (await getAuthToken())}`,
"Content-Type": "application/json",
},
});
Expand Down
46 changes: 36 additions & 10 deletions src/lib/clusters/clusters.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
import type { Command } from "commander";
import { apiClient } from "../../apiClient.ts";
import { logAndQuit } from "../../helpers/errors.ts";
import { getKeys } from "./keys.tsx";
import { decryptSecret, getKeys } from "./keys.tsx";

export function registerClusters(program: Command) {
const clusters = program
.command("clusters")
Expand All @@ -15,9 +16,11 @@ export function registerClusters(program: Command) {
.alias("ls")
.description("List clusters")
.option("--json", "Output in JSON format")
.option("--token <token>", "API token")
.action(async (options) => {
await listClustersAction({
returnJson: options.json,
token: options.token,
});
});

Expand All @@ -31,20 +34,24 @@ export function registerClusters(program: Command) {
.requiredOption("--cluster <cluster>", "name of the cluster")
.requiredOption("--user <username>", "Username to add")
.option("--json", "Output in JSON format")
.option("--token <token>", "API token")
.action(async (options) => {
await addClusterUserAction({
clusterName: options.cluster,
username: options.user,
token: options.token,
});
});

users
.command("rm <id>")
.description("Remove a user from a cluster")
.option("--json", "Output in JSON format")
.option("--token <token>", "API token")
.action(async (id, options) => {
await removeClusterUserAction({
id,
token: options.token,
});
});

Expand All @@ -53,13 +60,17 @@ export function registerClusters(program: Command) {
.alias("ls")
.description("List users in a cluster")
.option("--json", "Output in JSON format")
.option("--token <token>", "API token")
.action(async (options) => {
await listClusterUsersAction({ returnJson: options.json });
await listClusterUsersAction({
returnJson: options.json,
token: options.token,
});
});
}

async function listClustersAction({ returnJson }: { returnJson?: boolean }) {
const api = await apiClient();
async function listClustersAction({ returnJson, token }: { returnJson?: boolean, token?: string }) {
const api = await apiClient(token);

const { data, error, response } = await api.GET("/v0/clusters");

Expand All @@ -84,11 +95,13 @@ async function listClustersAction({ returnJson }: { returnJson?: boolean }) {
async function addClusterUserAction({
clusterName,
username,
token,
}: {
clusterName: string;
username: string;
token?: string;
}) {
const api = await apiClient();
const api = await apiClient(token);
const { publicKey } = await getKeys();

const { data, error, response } = await api.POST("/v0/credentials", {
Expand All @@ -115,8 +128,8 @@ async function addClusterUserAction({
console.log(data);
}

async function removeClusterUserAction({ id }: { id: string }) {
const api = await apiClient();
async function removeClusterUserAction({ id, token }: { id: string, token?: string }) {
const api = await apiClient(token);

const { data, error, response } = await api.DELETE("/v0/credentials/{id}", {
params: {
Expand All @@ -140,8 +153,8 @@ async function removeClusterUserAction({ id }: { id: string }) {
console.log(data);
}

async function listClusterUsersAction({ returnJson }: { returnJson?: boolean }) {
const api = await apiClient();
async function listClusterUsersAction({ returnJson, token }: { returnJson?: boolean, token?: string }) {
const api = await apiClient(token);

const { data, error, response } = await api.GET("/v0/credentials");

Expand All @@ -156,7 +169,20 @@ async function listClusterUsersAction({ returnJson }: { returnJson?: boolean })
);
}

if (data.data.length === 0) {
console.log("No users found");
return;
}

const { privateKey } = await getKeys();
for (const item of data.data) {
console.log(item);
if (item.object !== "k8s_credential") {
continue;
}
if (!item.encrypted_token) {
continue;
}
const res = decryptSecret(item.encrypted_token, privateKey);
console.log(res);
}
}
22 changes: 16 additions & 6 deletions src/lib/clusters/keys.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,24 @@ function generateKeyPair() {
};
}

export function decryptSecret(secret: string, privateKey: string) {
const decrypted = crypto.privateDecrypt({
key: privateKey,
padding: crypto.constants.RSA_PKCS1_PADDING,
}, Buffer.from(secret, 'base64'));
return decrypted.toString('utf8');
export function decryptSecret(encrypted_secret: string, privateKey: string) {
try {
const decoded = Buffer.from(encrypted_secret, 'base64');
const decrypted = crypto.privateDecrypt({
key: privateKey,
padding: crypto.constants.RSA_PKCS1_PADDING,
}, decoded);

// Convert decrypted array to Buffer
const decryptedBuffer = Buffer.isBuffer(decrypted) ? decrypted : Buffer.from(decrypted);

return decryptedBuffer.toString('utf8');
} catch (err) {
throw new Error(`Failed to decrypt secret: ${err}`);
}
}


async function saveKeys(keys: { publicKey: string; privateKey: string }) {
const { publicKey, privateKey } = keys;
const publicKeyPath = path.join(os.homedir(), ".sf", "public.pem");
Expand Down
18 changes: 12 additions & 6 deletions src/schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1737,14 +1737,15 @@ export interface operations {
username?: string;
label?: string;
pubkey: string;
cluster: {
cluster?: {
/** @constant */
object: "kubernetes_cluster";
kubernetes_api_url?: string;
name: string;
kubernetes_namespace: string;
kubernetes_ca_cert?: string;
};
encrypted_token?: string;
})[];
has_more: boolean;
/** @constant */
Expand All @@ -1764,14 +1765,15 @@ export interface operations {
username?: string;
label?: string;
pubkey: string;
cluster: {
cluster?: {
/** @constant */
object: "kubernetes_cluster";
kubernetes_api_url?: string;
name: string;
kubernetes_namespace: string;
kubernetes_ca_cert?: string;
};
encrypted_token?: string;
})[];
has_more: boolean;
/** @constant */
Expand All @@ -1791,14 +1793,15 @@ export interface operations {
username?: string;
label?: string;
pubkey: string;
cluster: {
cluster?: {
/** @constant */
object: "kubernetes_cluster";
kubernetes_api_url?: string;
name: string;
kubernetes_namespace: string;
kubernetes_ca_cert?: string;
};
encrypted_token?: string;
})[];
has_more: boolean;
/** @constant */
Expand Down Expand Up @@ -1942,14 +1945,15 @@ export interface operations {
username?: string;
label?: string;
pubkey: string;
cluster: {
cluster?: {
/** @constant */
object: "kubernetes_cluster";
kubernetes_api_url?: string;
name: string;
kubernetes_namespace: string;
kubernetes_ca_cert?: string;
};
encrypted_token?: string;
};
"multipart/form-data": {
/** @constant */
Expand All @@ -1964,14 +1968,15 @@ export interface operations {
username?: string;
label?: string;
pubkey: string;
cluster: {
cluster?: {
/** @constant */
object: "kubernetes_cluster";
kubernetes_api_url?: string;
name: string;
kubernetes_namespace: string;
kubernetes_ca_cert?: string;
};
encrypted_token?: string;
};
"text/plain": {
/** @constant */
Expand All @@ -1986,14 +1991,15 @@ export interface operations {
username?: string;
label?: string;
pubkey: string;
cluster: {
cluster?: {
/** @constant */
object: "kubernetes_cluster";
kubernetes_api_url?: string;
name: string;
kubernetes_namespace: string;
kubernetes_ca_cert?: string;
};
encrypted_token?: string;
};
};
};
Expand Down

0 comments on commit dac3698

Please sign in to comment.