Merge branch 'main' of https://github.com/Infisical/infisical into main

.github/workflows/helm-chart-release.yaml

@@ -0,0 +1,36 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.1
+        with:
+          charts_dir: helm-charts
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

docs/contributing/FAQ.mdx

@@ -0,0 +1,16 @@
+---
+title: "Frequently Asked Questions"
+description: "Have any questions? [Join our Slack community](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g)."
+---
+
+## Problem with SMTP
+
+You can normally populate `SMTP_USERNAME` and `SMTP_PASSWORD` with your usual login and password (you could also create a 'burner' email). Sometimes, there still are problems. 
+
+You can go to your Gmail account settings > security and enable “less secure apps”. This would allow Infisical to use your Gmail to send emails.
+
+If it still doesn't work, [this](https://stackoverflow.com/questions/72547853/unable-to-send-email-in-c-sharp-less-secure-app-access-not-longer-available/72553362#72553362) should help.
+
+## `MONGO_URL` issues
+
+Your `MONGO_URL` should be something like `mongodb://root:example@mongo:27017/?authSource=admin`. If you want to change it (not recommended), you should make sure that you keep this URL in line with `MONGO_USERNAME=root` and `MONGO_PASSWORD=example`.

docs/mint.json

@@ -162,7 +162,8 @@
       "pages": [
         "contributing/overview",
         "contributing/code-of-conduct",
-        "contributing/developing"
+        "contributing/developing",
+        "contributing/FAQ"
       ]
     }
   ],

frontend/components/basic/dialog/AddServiceTokenDialog.js

@@ -37,7 +37,7 @@ const AddServiceTokenDialog = ({
   const [serviceTokenCopied, setServiceTokenCopied] = useState(false);
 
   const generateServiceToken = async () => {
-    const latestFileKey = await getLatestFileKey(workspaceId);
+    const latestFileKey = await getLatestFileKey({ workspaceId });
 
     const key = decryptAssymmetric({
       ciphertext: latestFileKey.latestKey.encryptedKey,

frontend/components/basic/layout.js

@@ -56,10 +56,10 @@ export default function Layout({ children }) {
     const workspaces = await getWorkspaces();
     const currentWorkspaces = workspaces.map((workspace) => workspace.name);
     if (!currentWorkspaces.includes(workspaceName)) {
-      const newWorkspace = await createWorkspace(
+      const newWorkspace = await createWorkspace({
         workspaceName,
-        localStorage.getItem("orgData.id")
-      );
+        organizationId: localStorage.getItem("orgData.id")
+    });
       let newWorkspaceId;
       try {
         newWorkspaceId = newWorkspace._id;

frontend/components/basic/table/UserTable.js

@@ -88,7 +88,7 @@ const UserTable = ({
   }, [userData, myUser]);
 
   const grantAccess = async (id, publicKey) => {
-    let result = await getLatestFileKey(router.query.id);
+    let result = await getLatestFileKey({workspaceId: router.query.id});
 
     const PRIVATE_KEY = localStorage.getItem("PRIVATE_KEY");
 

frontend/components/navigation/NavHeader.tsx

@@ -25,12 +25,12 @@ export default function NavHeader({ pageName, isProjectRelated } : { pageName: s
   useEffect(() => {
     (async () => {
       const orgId = localStorage.getItem("orgData.id")
-      let org = await getOrganization({
+      const org = await getOrganization({
         orgId: orgId ? orgId : "",
       });
       setOrgName(org.name);
 
-      let workspace = await getProjectInfo({
+      const workspace = await getProjectInfo({
         projectId: String(router.query.id),
       });
       setWorkspaceName(workspace.name);

frontend/components/utilities/secrets/pushKeys.ts

@@ -7,20 +7,30 @@ import { envMapping } from "../../../public/data/frequentConstants";
 const crypto = require("crypto");
 const {
   decryptAssymmetric,
-  decryptSymmetric,
   encryptSymmetric,
   encryptAssymmetric,
 } = require("../cryptography/crypto");
 const nacl = require("tweetnacl");
 nacl.util = require("tweetnacl-util");
 
+export interface IK {
+  publicKey: string;
+  userId: string;
+}
 
-const pushKeys = async (obj, workspaceId, env) => {
-  let sharedKey = await getLatestFileKey(workspaceId);
+/**
+ * This function pushes the keys to the database after decrypting them end-to-end
+ * @param {object} obj 
+ * @param {object} obj.obj - object with all the key pairs
+ * @param {object} obj.workspaceId - the id of a project to which a user is pushing
+ * @param {object} obj.env - which environment a user is pushing to 
+ */
+const pushKeys = async({ obj, workspaceId, env }: { obj: object; workspaceId: string; env: string; }) => {
+  const sharedKey = await getLatestFileKey({ workspaceId });
 
   const PRIVATE_KEY = localStorage.getItem("PRIVATE_KEY");
 
-  let randomBytes;
+  let randomBytes: string;
   if (Object.keys(sharedKey).length > 0) {
     // case: a (shared) key exists for the workspace
     randomBytes = decryptAssymmetric({
@@ -51,11 +61,11 @@ const pushKeys = async (obj, workspaceId, env) => {
       iv: ivValue,
       tag: tagValue,
     } = encryptSymmetric({
-      plaintext: obj[key][0],
+      plaintext: obj[key as keyof typeof obj][0],
       key: randomBytes,
     });
 
-    const visibility = obj[key][1] != null ? obj[key][1] : "personal";
+    const visibility = obj[key as keyof typeof obj][1] != null ? obj[key as keyof typeof obj][1] : "personal";
 
     return {
       ciphertextKey,
@@ -65,7 +75,7 @@ const pushKeys = async (obj, workspaceId, env) => {
       ciphertextValue,
       ivValue,
       tagValue,
-      hashValue: crypto.createHash("sha256").update(obj[key][0]).digest("hex"),
+      hashValue: crypto.createHash("sha256").update(obj[key as keyof typeof obj][0]).digest("hex"),
       type: visibility,
     };
   });
@@ -76,7 +86,7 @@ const pushKeys = async (obj, workspaceId, env) => {
   });
 
   // assymmetrically encrypt key with each receiver public keys
-  const keys = publicKeys.map((k) => {
+  const keys = publicKeys.map((k: IK) => {
     const { ciphertext, nonce } = encryptAssymmetric({
       plaintext: randomBytes,
       publicKey: k.publicKey,
@@ -95,7 +105,7 @@ const pushKeys = async (obj, workspaceId, env) => {
     workspaceId,
     secrets,
     keys,
-    environment: envMapping[env],
+    environment: envMapping[env as keyof typeof envMapping],
   });
 };
 

frontend/pages/api/organization/GetOrgUsers.ts

@@ -6,7 +6,7 @@ import SecurityClient from "~/utilities/SecurityClient";
  * @param {string} obj.orgId - organization Id
  * @returns
  */
-const getOrganizationUsers = ({ orgId }) => {
+const getOrganizationUsers = ({ orgId }: { orgId: string; }) => {
   return SecurityClient.fetchCall(
     "/api/v1/organization/" + orgId + "/users",
     {
@@ -16,7 +16,7 @@ const getOrganizationUsers = ({ orgId }) => {
       },
     }
   ).then(async (res) => {
-    if (res.status == 200) {
+    if (res?.status == 200) {
       return (await res.json()).users;
     } else {
       console.log("Failed to get org users");

frontend/pages/api/workspace/createWorkspace.ts

@@ -1,11 +1,12 @@
 import SecurityClient from "~/utilities/SecurityClient";
 
 /**
- * This route creates a new workspace for a user.
- * @param {*} workspaceName
+ * This route creates a new workspace for a user within a certain organization.
+ * @param {string} workspaceName - project Name
+ * @param {string} organizationId - org ID
  * @returns
  */
-const createWorkspace = (workspaceName, organizationId) => {
+const createWorkspace = ( { workspaceName, organizationId }: { workspaceName: string; organizationId: string; }) => {
   return SecurityClient.fetchCall("/api/v1/workspace", {
     method: "POST",
     headers: {
@@ -16,7 +17,7 @@ const createWorkspace = (workspaceName, organizationId) => {
       organizationId: organizationId,
     }),
   }).then(async (res) => {
-    if (res.status == 200) {
+    if (res?.status == 200) {
       return (await res.json()).workspace;
     } else {
       console.log("Failed to create a project");

frontend/pages/api/workspace/getLatestFileKey.ts

@@ -2,10 +2,10 @@ import SecurityClient from "~/utilities/SecurityClient";
 
 /**
  * Get the latest key pairs from a certain workspace
- * @param {*} workspaceId
+ * @param {string} workspaceId
  * @returns
  */
-const getLatestFileKey = (workspaceId) => {
+const getLatestFileKey = ({ workspaceId } : { workspaceId: string; }) => {
   return SecurityClient.fetchCall(
     "/api/v1/key/" + workspaceId + "/latest",
     {
@@ -15,7 +15,7 @@ const getLatestFileKey = (workspaceId) => {
       },
     }
   ).then(async (res) => {
-    if (res.status == 200) {
+    if (res?.status == 200) {
       return await res.json();
     } else {
       console.log("Failed to get the latest key pairs for a certain project");

frontend/pages/api/workspace/getWorkspaceKeys.ts

@@ -2,13 +2,12 @@ import SecurityClient from "~/utilities/SecurityClient";
 
 /**
  * This route lets us get the public keys of everyone in your workspace.
- * @param {*} req
- * @param {*} res
+ * @param {string} workspaceId
  * @returns
  */
-const getWorkspaceKeys = (req, res) => {
+const getWorkspaceKeys = ({ workspaceId }: { workspaceId: string; }) => {
   return SecurityClient.fetchCall(
-    "/api/v1/workspace/" + req.workspaceId + "/keys",
+    "/api/v1/workspace/" + workspaceId + "/keys",
     {
       method: "GET",
       headers: {
@@ -16,7 +15,7 @@ const getWorkspaceKeys = (req, res) => {
       },
     }
   ).then(async (res) => {
-    if (res.status == 200) {
+    if (res?.status == 200) {
       return (await res.json()).publicKeys;
     } else {
       console.log("Failed to get the public keys of everyone in the workspace");

frontend/pages/api/workspace/getWorkspaceUsers.ts

@@ -2,13 +2,12 @@ import SecurityClient from "~/utilities/SecurityClient";
 
 /**
  * This route lets us get all the users in the workspace.
- * @param {*} req
- * @param {*} res
+ * @param {string} workspaceId - workspace ID
  * @returns
  */
-const getWorkspaceUsers = (req, res) => {
+const getWorkspaceUsers = ({ workspaceId }: { workspaceId: string; }) => {
   return SecurityClient.fetchCall(
-    "/api/v1/workspace/" + req.workspaceId + "/users",
+    "/api/v1/workspace/" + workspaceId + "/users",
     {
       method: "GET",
       headers: {
@@ -16,7 +15,7 @@ const getWorkspaceUsers = (req, res) => {
       },
     }
   ).then(async (res) => {
-    if (res.status == 200) {
+    if (res?.status == 200) {
       return (await res.json()).users;
     } else {
       console.log("Failed to get Project Users");

frontend/pages/api/workspace/getWorkspaces.ts

@@ -1,19 +1,17 @@
 import SecurityClient from "~/utilities/SecurityClient";
 
 /**
- * This route lets us get the public keys of everyone in your workspace.
- * @param {*} req
- * @param {*} res
+ * This route lets us get the workspaces of a certain user
  * @returns
  */
-const getWorkspaces = (req, res) => {
+const getWorkspaces = () => {
   return SecurityClient.fetchCall("/api/v1/workspace", {
     method: "GET",
     headers: {
       "Content-Type": "application/json",
     },
   }).then(async (res) => {
-    if (res.status == 200) {
+    if (res?.status == 200) {
       return (await res.json()).workspaces;
     } else {
       console.log("Failed to get projects");

frontend/pages/dashboard/[id].js

@@ -378,9 +378,9 @@ export default function Dashboard() {
     } else if (duplicatesExist) {
       console.log("Remove the duplicated entries first!");
     } else {
-      // Once "Save changed is clicked", disable that button
+      // Once "Save changes is clicked", disable that button
       setButtonReady(false);
-      pushKeys(obj, router.query.id, env);
+      pushKeys({obj, workspaceId: router.query.id, env});
 
       /**
        * Check which integrations are active for this project and environment

helm-charts/README.md

@@ -0,0 +1,22 @@
+## Usage
+
+[Helm](https://helm.sh) must be installed to use the charts.  Please refer to
+Helm's [documentation](https://helm.sh/docs) to get started.
+
+Once Helm has been set up correctly, add the repo as follows:
+
+```
+  helm repo add <alias> https://infisical.github.io/helm-charts
+```
+
+If you had already added this repo earlier, run `helm repo update` to retrieve
+the latest versions of the packages.  You can then run `helm search repo
+<alias>` to see the charts.
+
+To install the <chart-name> chart:
+
+    helm install my-<chart-name> <alias>/<chart-name>
+
+To uninstall the chart:
+
+    helm delete my-<chart-name>