synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-03-25 14:05:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

format: backend source code

Browse Source
This commit is contained in:
Mahyar Mirrashed
2025-03-11 16:48:22 -07:00
parent 1d5a7b3674
commit baa810c5e1
74 changed files with 443 additions and 603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.direnv/flake-profile Symbolic link
View File

@ -0,0 +1 @@
flake-profile-2-link

1
.direnv/flake-profile-2-link Symbolic link
View File

@ -0,0 +1 @@
/nix/store/4v9175202sb5ky8zf6wcdxbpdjfark74-nix-shell-env

9
backend/e2e-test/routes/v1/secret-approval-policy.spec.ts
View File

@ -1,7 +1,12 @@
import { seedData1 } from "@app/db/seed-data";
import { ApproverType } from "@app/ee/services/access-approval-policy/access-approval-policy-types";
const createPolicy = async (dto: { name: string; secretPath: string; approvers: {type: ApproverType.User, id: string}[]; approvals: number }) => {
const createPolicy = async (dto: {
name: string;
secretPath: string;
approvers: { type: ApproverType.User; id: string }[];
approvals: number;
}) => {
const res = await testServer.inject({
method: "POST",
url: `/api/v1/secret-approvals`,
@ -27,7 +32,7 @@ describe("Secret approval policy router", async () => {
const policy = await createPolicy({
secretPath: "/",
approvals: 1,
approvers: [{id:seedData1.id, type: ApproverType.User}],
approvers: [{ id: seedData1.id, type: ApproverType.User }],
name: "test-policy"
});

2
backend/scripts/create-migration.ts
View File

@ -2,7 +2,7 @@
import { execSync } from "child_process";
import path from "path";
import promptSync from "prompt-sync";
import slugify from "@sindresorhus/slugify"
import slugify from "@sindresorhus/slugify";
const prompt = promptSync({ sigint: true });

12
backend/src/db/instance.ts
View File

@ -20,9 +20,7 @@ export const initDbConnection = ({
// eslint-disable-next-line
let readReplicaDbs: Knex<any, unknown[]>[];
// @ts-expect-error the querybuilder type is expected but our intension is to return a knex instance
knex.QueryBuilder.extend("primaryNode", () => {
return db;
});
knex.QueryBuilder.extend("primaryNode", () => db);
// @ts-expect-error the querybuilder type is expected but our intension is to return a knex instance
knex.QueryBuilder.extend("replicaNode", () => {
@ -111,13 +109,9 @@ export const initAuditLogDbConnection = ({
});
// we add these overrides so that auditLogDb and the primary DB are interchangeable
db.primaryNode = () => {
return db;
};
db.primaryNode = () => db;
db.replicaNode = () => {
return db;
};
db.replicaNode = () => db;
return db;
};

4
backend/src/db/migrations/utils/ring-buffer.ts
View File

@ -11,9 +11,7 @@ export const createCircularCache = <T>(bufferSize = 10) => {
bufferIndex = (bufferIndex + 1) % bufferSize;
};
const getItem = (id: string) => {
return bufferItems.find((i) => i.id === id)?.item;
};
const getItem = (id: string) => bufferItems.find((i) => i.id === id)?.item;
return { push, getItem };
};

5
backend/src/db/seed-data.ts
View File

@ -155,14 +155,13 @@ export const buildUserProjectKey = (privateKey: string, publickey: string) => {
return { nonce, ciphertext };
};
export const getUserProjectKey = async (privateKey: string, ciphertext: string, nonce: string, publicKey: string) => {
return decryptAsymmetric({
export const getUserProjectKey = async (privateKey: string, ciphertext: string, nonce: string, publicKey: string) =>
decryptAsymmetric({
ciphertext,
nonce,
publicKey,
privateKey
});
};
export const encryptSecret = (encKey: string, key: string, value?: string, comment?: string) => {
// encrypt key

4
backend/src/ee/services/certificate-est/certificate-est-service.ts
View File

@ -174,9 +174,7 @@ export const certificateEstServiceFactory = ({
if (!estConfig.disableBootstrapCertValidation) {
const caCerts = estConfig.caChain
.match(/-----BEGIN CERTIFICATE-----[\s\S]+?-----END CERTIFICATE-----/g)
?.map((cert) => {
return new x509.X509Certificate(cert);
});
?.map((cert) => new x509.X509Certificate(cert));
if (!caCerts) {
throw new BadRequestError({ message: "Failed to parse certificate chain" });

6
backend/src/ee/services/dynamic-secret/providers/aws-elasticache.ts
View File

@ -211,11 +211,9 @@ export const AwsElastiCacheDatabaseProvider = (): TDynamicProviderFns => {
return { entityId };
};
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

10
backend/src/ee/services/dynamic-secret/providers/aws-iam.ts
View File

@ -23,9 +23,7 @@ import { alphaNumericNanoId } from "@app/lib/nanoid";
import { DynamicSecretAwsIamSchema, TDynamicProviderFns } from "./models";
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
export const AwsIamProvider = (): TDynamicProviderFns => {
const validateProviderInputs = async (inputs: unknown) => {
@ -178,11 +176,9 @@ export const AwsIamProvider = (): TDynamicProviderFns => {
return { entityId: username };
};
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

18
backend/src/ee/services/dynamic-secret/providers/azure-entra-id.ts
View File

@ -112,21 +112,17 @@ export const AzureEntraIDProvider = (): TDynamicProviderFns & {
throw new BadRequestError({ message: "Failed to fetch users" });
}
const users = response.data.value.map((user) => {
return {
name: user.displayName,
id: user.id,
email: user.userPrincipalName
};
});
const users = response.data.value.map((user) => ({
name: user.displayName,
id: user.id,
email: user.userPrincipalName
}));
return users;
};
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

4
backend/src/ee/services/dynamic-secret/providers/cassandra.ts
View File

@ -13,9 +13,7 @@ const generatePassword = (size = 48) => {
return customAlphabet(charset, 48)(size);
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
export const CassandraProvider = (): TDynamicProviderFns => {
const validateProviderInputs = async (inputs: unknown) => {

10
backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
View File

@ -12,9 +12,7 @@ const generatePassword = () => {
return customAlphabet(charset, 64)();
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
export const ElasticSearchProvider = (): TDynamicProviderFns => {
const validateProviderInputs = async (inputs: unknown) => {
@ -95,11 +93,9 @@ export const ElasticSearchProvider = (): TDynamicProviderFns => {
return { entityId };
};
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

15
backend/src/ee/services/dynamic-secret/providers/ldap.ts
View File

@ -21,9 +21,7 @@ const encodePassword = (password?: string) => {
return base64Password;
};
const generateUsername = () => {
return alphaNumericNanoId(20);
};
const generateUsername = () => alphaNumericNanoId(20);
const generateLDIF = ({
username,
@ -52,8 +50,8 @@ export const LdapProvider = (): TDynamicProviderFns => {
return providerInputs;
};
const $getClient = async (providerInputs: z.infer<typeof LdapSchema>): Promise<ldapjs.Client> => {
return new Promise((resolve, reject) => {
const $getClient = async (providerInputs: z.infer<typeof LdapSchema>): Promise<ldapjs.Client> =>
new Promise((resolve, reject) => {
const client = ldapjs.createClient({
url: providerInputs.url,
tlsOptions: {
@ -79,7 +77,6 @@ export const LdapProvider = (): TDynamicProviderFns => {
}
});
});
};
const validateConnection = async (inputs: unknown) => {
const providerInputs = await validateProviderInputs(inputs);
@ -267,11 +264,9 @@ export const LdapProvider = (): TDynamicProviderFns => {
return { entityId };
};
const renew = async (inputs: unknown, entityId: string) => {
const renew = async (inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

4
backend/src/ee/services/dynamic-secret/providers/mongo-atlas.ts
View File

@ -12,9 +12,7 @@ const generatePassword = (size = 48) => {
return customAlphabet(charset, 48)(size);
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
export const MongoAtlasProvider = (): TDynamicProviderFns => {
const validateProviderInputs = async (inputs: unknown) => {

10
backend/src/ee/services/dynamic-secret/providers/mongo-db.ts
View File

@ -12,9 +12,7 @@ const generatePassword = (size = 48) => {
return customAlphabet(charset, 48)(size);
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
export const MongoDBProvider = (): TDynamicProviderFns => {
const validateProviderInputs = async (inputs: unknown) => {
@ -87,11 +85,9 @@ export const MongoDBProvider = (): TDynamicProviderFns => {
return { entityId: username };
};
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

10
backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
View File

@ -15,9 +15,7 @@ const generatePassword = () => {
return customAlphabet(charset, 64)();
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
type TCreateRabbitMQUser = {
axiosInstance: Axios;
@ -141,11 +139,9 @@ export const RabbitMqProvider = (): TDynamicProviderFns => {
return { entityId };
};
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

4
backend/src/ee/services/dynamic-secret/providers/redis.ts
View File

@ -14,9 +14,7 @@ const generatePassword = () => {
return customAlphabet(charset, 64)();
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
const executeTransactions = async (connection: Redis, commands: string[]): Promise<(string | null)[] | null> => {
// Initiate a transaction

10
backend/src/ee/services/dynamic-secret/providers/sap-ase.ts
View File

@ -14,9 +14,7 @@ const generatePassword = (size = 48) => {
return customAlphabet(charset, 48)(size);
};
const generateUsername = () => {
return alphaNumericNanoId(25);
};
const generateUsername = () => alphaNumericNanoId(25);
enum SapCommands {
CreateLogin = "sp_addlogin",
@ -130,11 +128,9 @@ export const SapAseProvider = (): TDynamicProviderFns => {
return { entityId: username };
};
const renew = async (_: unknown, username: string) => {
const renew = async (_: unknown, username: string) =>
// No need for renewal
return { entityId: username };
};
({ entityId: username });
return {
validateProviderInputs,
validateConnection,

4
backend/src/ee/services/dynamic-secret/providers/sap-hana.ts
View File

@ -20,9 +20,7 @@ const generatePassword = (size = 48) => {
return customAlphabet(charset, 48)(size);
};
const generateUsername = () => {
return alphaNumericNanoId(32);
};
const generateUsername = () => alphaNumericNanoId(32);
export const SapHanaProvider = (): TDynamicProviderFns => {
const validateProviderInputs = async (inputs: unknown) => {

5
backend/src/ee/services/dynamic-secret/providers/snowflake.ts
View File

@ -16,10 +16,7 @@ const generatePassword = (size = 48) => {
return customAlphabet(charset, 48)(size);
};
const generateUsername = () => {
return `infisical_${alphaNumericNanoId(32)}`; // username must start with alpha character, hence prefix
};
const generateUsername = () => `infisical_${alphaNumericNanoId(32)}`; // username must start with alpha character, hence prefix
const getDaysToExpiry = (expiryDate: Date) => {
const start = new Date().getTime();
const end = new Date(expiryDate).getTime();

14
backend/src/ee/services/dynamic-secret/providers/totp.ts
View File

@ -12,9 +12,7 @@ export const TotpProvider = (): TDynamicProviderFns => {
return providerInputs;
};
const validateConnection = async () => {
return true;
};
const validateConnection = async () => true;
const create = async (inputs: unknown) => {
const providerInputs = await validateProviderInputs(inputs);
@ -70,16 +68,12 @@ export const TotpProvider = (): TDynamicProviderFns => {
};
};
const revoke = async (_inputs: unknown, entityId: string) => {
return { entityId };
};
const revoke = async (_inputs: unknown, entityId: string) => ({ entityId });
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const renew = async (_inputs: unknown, entityId: string) => {
const renew = async (_inputs: unknown, entityId: string) =>
// No renewal necessary
return { entityId };
};
({ entityId });
return {
validateProviderInputs,
validateConnection,

8
backend/src/ee/services/group/group-fns.ts
View File

@ -249,9 +249,7 @@ export const addUsersToGroupByUserIds = async ({
if (outerTx) {
return processAddition(outerTx);
}
return userDAL.transaction(async (tx) => {
return processAddition(tx);
});
return userDAL.transaction(async (tx) => processAddition(tx));
};
/**
@ -383,9 +381,7 @@ export const removeUsersFromGroupByUserIds = async ({
if (outerTx) {
return processRemoval(outerTx);
}
return userDAL.transaction(async (tx) => {
return processRemoval(tx);
});
return userDAL.transaction(async (tx) => processRemoval(tx));
};
/**

10
backend/src/ee/services/ldap-config/ldap-fns.ts
View File

@ -20,8 +20,8 @@ export const isValidLdapFilter = (filter: string) => {
* @param ldapConfig - The LDAP configuration to test
* @returns {Boolean} isConnected - Whether or not the connection was successful
*/
export const testLDAPConfig = async (ldapConfig: TLDAPConfig): Promise<boolean> => {
return new Promise((resolve) => {
export const testLDAPConfig = async (ldapConfig: TLDAPConfig): Promise<boolean> =>
new Promise((resolve) => {
const ldapClient = ldapjs.createClient({
url: ldapConfig.url,
bindDN: ldapConfig.bindDN,
@ -53,7 +53,6 @@ export const testLDAPConfig = async (ldapConfig: TLDAPConfig): Promise<boolean>
}
});
});
};
/**
* Search for groups in the LDAP server
@ -66,8 +65,8 @@ export const searchGroups = async (
ldapConfig: TLDAPConfig,
filter: string,
base: string
): Promise<{ dn: string; cn: string }[]> => {
return new Promise((resolve, reject) => {
): Promise<{ dn: string; cn: string }[]> =>
new Promise((resolve, reject) => {
const ldapClient = ldapjs.createClient({
url: ldapConfig.url,
bindDN: ldapConfig.bindDN,
@ -115,4 +114,3 @@ export const searchGroups = async (
}
);
});
};

22
backend/src/ee/services/ldap-config/ldap-group-map-dal.ts
View File

@ -21,18 +21,16 @@ export const ldapGroupMapDALFactory = (db: TDbClient) => {
db.ref("slug").withSchema(TableName.Groups).as("groupSlug")
);
return docs.map((doc) => {
return {
id: doc.id,
ldapConfigId: doc.ldapConfigId,
ldapGroupCN: doc.ldapGroupCN,
group: {
id: doc.groupId,
name: doc.groupName,
slug: doc.groupSlug
}
};
});
return docs.map((doc) => ({
id: doc.id,
ldapConfigId: doc.ldapConfigId,
ldapGroupCN: doc.ldapGroupCN,
group: {
id: doc.groupId,
name: doc.groupName,
slug: doc.groupSlug
}
}));
} catch (error) {
throw new DatabaseError({ error, name: "findGroupMaps" });
}

64
backend/src/ee/services/license/__mocks__/license-fns.ts
View File

@ -1,35 +1,33 @@
export const getDefaultOnPremFeatures = () => {
return {
_id: null,
slug: null,
tier: -1,
workspaceLimit: null,
workspacesUsed: 0,
memberLimit: null,
membersUsed: 0,
identityLimit: null,
identitiesUsed: 0,
environmentLimit: null,
environmentsUsed: 0,
secretVersioning: true,
pitRecovery: false,
ipAllowlisting: true,
rbac: false,
customRateLimits: false,
customAlerts: false,
auditLogs: false,
auditLogsRetentionDays: 0,
samlSSO: false,
scim: false,
ldap: false,
groups: false,
status: null,
trial_end: null,
has_used_trial: true,
secretApproval: true,
secretRotation: true,
caCrl: false
};
};
export const getDefaultOnPremFeatures = () => ({
_id: null,
slug: null,
tier: -1,
workspaceLimit: null,
workspacesUsed: 0,
memberLimit: null,
membersUsed: 0,
identityLimit: null,
identitiesUsed: 0,
environmentLimit: null,
environmentsUsed: 0,
secretVersioning: true,
pitRecovery: false,
ipAllowlisting: true,
rbac: false,
customRateLimits: false,
customAlerts: false,
auditLogs: false,
auditLogsRetentionDays: 0,
samlSSO: false,
scim: false,
ldap: false,
groups: false,
status: null,
trial_end: null,
has_used_trial: true,
secretApproval: true,
secretRotation: true,
caCrl: false
});
export const setupLicenseRequestWithStore = () => {};

9
backend/src/ee/services/rate-limit/rate-limit-service.ts
View File

@ -18,9 +18,7 @@ let rateLimitMaxConfiguration: RateLimitConfiguration = {
Object.freeze(rateLimitMaxConfiguration);
export const getRateLimiterConfig = () => {
return rateLimitMaxConfiguration;
};
export const getRateLimiterConfig = () => rateLimitMaxConfiguration;
type TRateLimitServiceFactoryDep = {
rateLimitDAL: TRateLimitDALFactory;
@ -51,9 +49,8 @@ export const rateLimitServiceFactory = ({ rateLimitDAL, licenseService }: TRateL
}
};
const updateRateLimit = async (updates: TRateLimitUpdateDTO): Promise<TRateLimit> => {
return rateLimitDAL.updateById(DEFAULT_RATE_LIMIT_CONFIG_ID, updates);
};
const updateRateLimit = async (updates: TRateLimitUpdateDTO): Promise<TRateLimit> =>
rateLimitDAL.updateById(DEFAULT_RATE_LIMIT_CONFIG_ID, updates);
const syncRateLimitConfiguration = async () => {
try {

32
backend/src/ee/services/scim/scim-fns.ts
View File

@ -8,15 +8,13 @@ export const buildScimUserList = ({
scimUsers: TScimUser[];
startIndex: number;
limit: number;
}): TListScimUsers => {
return {
Resources: scimUsers,
itemsPerPage: limit,
schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
startIndex,
totalResults: scimUsers.length
};
};
}): TListScimUsers => ({
Resources: scimUsers,
itemsPerPage: limit,
schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
startIndex,
totalResults: scimUsers.length
});
export const parseScimFilter = (filterToParse: string | undefined) => {
if (!filterToParse) return {};
@ -95,15 +93,13 @@ export const buildScimGroupList = ({
scimGroups: TScimGroup[];
startIndex: number;
limit: number;
}): TListScimGroups => {
return {
Resources: scimGroups,
itemsPerPage: limit,
schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
startIndex,
totalResults: scimGroups.length
};
};
}): TListScimGroups => ({
Resources: scimGroups,
itemsPerPage: limit,
schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
startIndex,
totalResults: scimGroups.length
});
export const buildScimGroup = ({
groupId,

134
backend/src/ee/services/secret-replication/secret-replication-service.ts
View File

@ -440,18 +440,16 @@ export const secretReplicationServiceFactory = ({
secretTagDAL,
resourceMetadataDAL,
secretVersionTagDAL: secretVersionV2TagBridgeDAL,
inputSecrets: locallyCreatedSecrets.map((doc) => {
return {
type: doc.type,
metadata: doc.metadata,
key: doc.key,
encryptedValue: doc.encryptedValue,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
secretMetadata: doc.secretMetadata,
references: doc.secretValue ? getAllSecretReferences(doc.secretValue).nestedReferences : []
};
})
inputSecrets: locallyCreatedSecrets.map((doc) => ({
type: doc.type,
metadata: doc.metadata,
key: doc.key,
encryptedValue: doc.encryptedValue,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
secretMetadata: doc.secretMetadata,
references: doc.secretValue ? getAllSecretReferences(doc.secretValue).nestedReferences : []
}))
});
}
if (locallyUpdatedSecrets.length) {
@ -464,24 +462,22 @@ export const secretReplicationServiceFactory = ({
resourceMetadataDAL,
secretTagDAL,
secretVersionTagDAL: secretVersionV2TagBridgeDAL,
inputSecrets: locallyUpdatedSecrets.map((doc) => {
return {
filter: {
folderId: destinationReplicationFolderId,
id: destinationLocalSecretsGroupedByKey[doc.key][0].id
},
data: {
type: doc.type,
metadata: doc.metadata,
key: doc.key,
encryptedValue: doc.encryptedValue as Buffer,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
secretMetadata: doc.secretMetadata,
references: doc.secretValue ? getAllSecretReferences(doc.secretValue).nestedReferences : []
}
};
})
inputSecrets: locallyUpdatedSecrets.map((doc) => ({
filter: {
folderId: destinationReplicationFolderId,
id: destinationLocalSecretsGroupedByKey[doc.key][0].id
},
data: {
type: doc.type,
metadata: doc.metadata,
key: doc.key,
encryptedValue: doc.encryptedValue as Buffer,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
secretMetadata: doc.secretMetadata,
references: doc.secretValue ? getAllSecretReferences(doc.secretValue).nestedReferences : []
}
}))
});
}
if (locallyDeletedSecrets.length) {
@ -711,8 +707,41 @@ export const secretReplicationServiceFactory = ({
tx,
secretTagDAL,
secretVersionTagDAL,
inputSecrets: locallyCreatedSecrets.map((doc) => {
return {
inputSecrets: locallyCreatedSecrets.map((doc) => ({
keyEncoding: doc.keyEncoding,
algorithm: doc.algorithm,
type: doc.type,
metadata: doc.metadata,
secretKeyIV: doc.secretKeyIV,
secretKeyTag: doc.secretKeyTag,
secretKeyCiphertext: doc.secretKeyCiphertext,
secretValueIV: doc.secretValueIV,
secretValueTag: doc.secretValueTag,
secretValueCiphertext: doc.secretValueCiphertext,
secretBlindIndex: doc.secretBlindIndex,
secretCommentIV: doc.secretCommentIV,
secretCommentTag: doc.secretCommentTag,
secretCommentCiphertext: doc.secretCommentCiphertext,
skipMultilineEncoding: doc.skipMultilineEncoding,
references: getAllSecretReferences(doc.secretValue).nestedReferences
}))
});
}
if (locallyUpdatedSecrets.length) {
await fnSecretBulkUpdate({
projectId,
folderId: destinationReplicationFolderId,
secretVersionDAL,
secretDAL,
tx,
secretTagDAL,
secretVersionTagDAL,
inputSecrets: locallyUpdatedSecrets.map((doc) => ({
filter: {
folderId: destinationReplicationFolderId,
id: destinationLocalSecretsGroupedByBlindIndex[doc.secretBlindIndex as string][0].id
},
data: {
keyEncoding: doc.keyEncoding,
algorithm: doc.algorithm,
type: doc.type,
@ -729,45 +758,8 @@ export const secretReplicationServiceFactory = ({
secretCommentCiphertext: doc.secretCommentCiphertext,
skipMultilineEncoding: doc.skipMultilineEncoding,
references: getAllSecretReferences(doc.secretValue).nestedReferences
};
})
});
}
if (locallyUpdatedSecrets.length) {
await fnSecretBulkUpdate({
projectId,
folderId: destinationReplicationFolderId,
secretVersionDAL,
secretDAL,
tx,
secretTagDAL,
secretVersionTagDAL,
inputSecrets: locallyUpdatedSecrets.map((doc) => {
return {
filter: {
folderId: destinationReplicationFolderId,
id: destinationLocalSecretsGroupedByBlindIndex[doc.secretBlindIndex as string][0].id
},
data: {
keyEncoding: doc.keyEncoding,
algorithm: doc.algorithm,
type: doc.type,
metadata: doc.metadata,
secretKeyIV: doc.secretKeyIV,
secretKeyTag: doc.secretKeyTag,
secretKeyCiphertext: doc.secretKeyCiphertext,
secretValueIV: doc.secretValueIV,
secretValueTag: doc.secretValueTag,
secretValueCiphertext: doc.secretValueCiphertext,
secretBlindIndex: doc.secretBlindIndex,
secretCommentIV: doc.secretCommentIV,
secretCommentTag: doc.secretCommentTag,
secretCommentCiphertext: doc.secretCommentCiphertext,
skipMultilineEncoding: doc.skipMultilineEncoding,
references: getAllSecretReferences(doc.secretValue).nestedReferences
}
};
})
}
}))
});
}
if (locallyDeletedSecrets.length) {

4
backend/src/ee/services/ssh/ssh-certificate-authority-service.ts
View File

@ -296,7 +296,7 @@ export const sshCertificateAuthorityServiceFactory = ({
// set [keyId] depending on if [allowCustomKeyIds] is true or false
const keyId = sshCertificateTemplate.allowCustomKeyIds
? requestedKeyId ?? `${actor}-${actorId}`
? (requestedKeyId ?? `${actor}-${actorId}`)
: `${actor}-${actorId}`;
const sshCaSecret = await sshCertificateAuthoritySecretDAL.findOne({ sshCaId: sshCertificateTemplate.sshCaId });
@ -418,7 +418,7 @@ export const sshCertificateAuthorityServiceFactory = ({
// set [keyId] depending on if [allowCustomKeyIds] is true or false
const keyId = sshCertificateTemplate.allowCustomKeyIds
? requestedKeyId ?? `${actor}-${actorId}`
? (requestedKeyId ?? `${actor}-${actorId}`)
: `${actor}-${actorId}`;
const sshCaSecret = await sshCertificateAuthoritySecretDAL.findOne({ sshCaId: sshCertificateTemplate.sshCaId });

11
backend/src/keystore/memory.ts
View File

@ -25,14 +25,11 @@ export const inMemoryKeyStore = (): TKeyStoreFactory => {
}
return null;
},
incrementBy: async () => {
return 1;
},
acquireLock: () => {
return Promise.resolve({
incrementBy: async () => 1,
acquireLock: () =>
Promise.resolve({
release: () => {}
}) as Promise<Lock>;
},
}) as Promise<Lock>,
waitTillReady: async () => {}
};
};

4
backend/src/lib/base64/index.ts
View File

@ -23,6 +23,4 @@ export const isBase64 = (
return new RegExp(`^${regex}$`, "gi").test(v);
};
export const getBase64SizeInBytes = (base64String: string) => {
return Buffer.from(base64String, "base64").length;
};
export const getBase64SizeInBytes = (base64String: string) => Buffer.from(base64String, "base64").length;

9
backend/src/lib/casl/boundary.ts
View File

@ -19,11 +19,10 @@ type TPermissionConditionShape = {
const getPermissionSetID = (action: string, subject: string) => `${action}:${subject}`;
const invertTheOperation = (shouldInvert: boolean, operation: boolean) => (shouldInvert ? !operation : operation);
const formatConditionOperator = (condition: TPermissionConditionShape | string) => {
return (
typeof condition === "string" ? { [PermissionConditionOperators.$EQ]: condition } : condition
) as TPermissionConditionShape;
};
const formatConditionOperator = (condition: TPermissionConditionShape | string) =>
(typeof condition === "string"
? { [PermissionConditionOperators.$EQ]: condition }
: condition) as TPermissionConditionShape;
const isOperatorsASubset = (parentSet: TPermissionConditionShape, subset: TPermissionConditionShape) => {
// we compute each operator against each other in left hand side and right hand side

32
backend/src/lib/config/env.ts
View File

@ -291,20 +291,18 @@ export const initEnvConfig = (logger?: CustomLogger) => {
return envCfg;
};
export const formatSmtpConfig = () => {
return {
host: envCfg.SMTP_HOST,
port: envCfg.SMTP_PORT,
auth:
envCfg.SMTP_USERNAME && envCfg.SMTP_PASSWORD
? { user: envCfg.SMTP_USERNAME, pass: envCfg.SMTP_PASSWORD }
: undefined,
secure: envCfg.SMTP_PORT === 465,
from: `"${envCfg.SMTP_FROM_NAME}" <${envCfg.SMTP_FROM_ADDRESS}>`,
ignoreTLS: envCfg.SMTP_IGNORE_TLS,
requireTLS: envCfg.SMTP_REQUIRE_TLS,
tls: {
rejectUnauthorized: envCfg.SMTP_TLS_REJECT_UNAUTHORIZED
}
};
};
export const formatSmtpConfig = () => ({
host: envCfg.SMTP_HOST,
port: envCfg.SMTP_PORT,
auth:
envCfg.SMTP_USERNAME && envCfg.SMTP_PASSWORD
? { user: envCfg.SMTP_USERNAME, pass: envCfg.SMTP_PASSWORD }
: undefined,
secure: envCfg.SMTP_PORT === 465,
from: `"${envCfg.SMTP_FROM_NAME}" <${envCfg.SMTP_FROM_ADDRESS}>`,
ignoreTLS: envCfg.SMTP_IGNORE_TLS,
requireTLS: envCfg.SMTP_REQUIRE_TLS,
tls: {
rejectUnauthorized: envCfg.SMTP_TLS_REJECT_UNAUTHORIZED
}
});

8
backend/src/lib/crypto/cipher/cipher.ts
View File

@ -2,13 +2,9 @@ import crypto from "crypto";
import { SymmetricEncryption, TSymmetricEncryptionFns } from "./types";
const getIvLength = () => {
return 12;
};
const getIvLength = () => 12;
const getTagLength = () => {
return 16;
};
const getTagLength = () => 16;
export const symmetricCipherService = (type: SymmetricEncryption): TSymmetricEncryptionFns => {
const IV_LENGTH = getIvLength();

5
backend/src/lib/fn/array.ts
View File

@ -61,15 +61,14 @@ export const objectify = <T, Key extends string | number | symbol, Value = T>(
array: readonly T[],
getKey: (item: T) => Key,
getValue: (item: T) => Value = (item) => item as unknown as Value
): Record<Key, Value> => {
return array.reduce(
): Record<Key, Value> =>
array.reduce(
(acc, item) => {
acc[getKey(item)] = getValue(item);
return acc;
},
{} as Record<Key, Value>
);
};
/**
* Chunks an array into smaller arrays of the given size.

5
backend/src/lib/fn/undefined.ts
View File

@ -1,3 +1,2 @@
export const executeIfDefined = <T, R>(func: (input: T) => R, input: T | undefined): R | undefined => {
return input === undefined ? undefined : func(input);
};
export const executeIfDefined = <T, R>(func: (input: T) => R, input: T | undefined): R | undefined =>
input === undefined ? undefined : func(input);

4
backend/src/lib/ip/index.ts
View File

@ -103,9 +103,7 @@ export const isValidIpOrCidr = (ip: string): boolean => {
return false;
};
export const isValidIp = (ip: string) => {
return net.isIPv4(ip) || net.isIPv6(ip);
};
export const isValidIp = (ip: string) => net.isIPv4(ip) || net.isIPv6(ip);
export const isValidHostname = (name: string) => {
const hostnameRegex = /^(?!:\/\/)(\*\.)?([a-zA-Z0-9-_]{1,63}\.?)+(?!:\/\/)([a-zA-Z]{2,63})$/;

20
backend/src/lib/logger/logger.ts
View File

@ -132,24 +132,20 @@ export const initLogger = () => {
const wrapLogger = (originalLogger: Logger): CustomLogger => {
// eslint-disable-next-line no-param-reassign, @typescript-eslint/no-explicit-any
originalLogger.info = (obj: unknown, msg?: string, ...args: any[]) => {
return originalLogger.child({ reqId: extractReqId() }).info(obj, msg, ...args);
};
originalLogger.info = (obj: unknown, msg?: string, ...args: any[]) =>
originalLogger.child({ reqId: extractReqId() }).info(obj, msg, ...args);
// eslint-disable-next-line no-param-reassign, @typescript-eslint/no-explicit-any
originalLogger.error = (obj: unknown, msg?: string, ...args: any[]) => {
return originalLogger.child({ reqId: extractReqId() }).error(obj, msg, ...args);
};
originalLogger.error = (obj: unknown, msg?: string, ...args: any[]) =>
originalLogger.child({ reqId: extractReqId() }).error(obj, msg, ...args);
// eslint-disable-next-line no-param-reassign, @typescript-eslint/no-explicit-any
originalLogger.warn = (obj: unknown, msg?: string, ...args: any[]) => {
return originalLogger.child({ reqId: extractReqId() }).warn(obj, msg, ...args);
};
originalLogger.warn = (obj: unknown, msg?: string, ...args: any[]) =>
originalLogger.child({ reqId: extractReqId() }).warn(obj, msg, ...args);
// eslint-disable-next-line no-param-reassign, @typescript-eslint/no-explicit-any
originalLogger.debug = (obj: unknown, msg?: string, ...args: any[]) => {
return originalLogger.child({ reqId: extractReqId() }).debug(obj, msg, ...args);
};
originalLogger.debug = (obj: unknown, msg?: string, ...args: any[]) =>
originalLogger.child({ reqId: extractReqId() }).debug(obj, msg, ...args);
return originalLogger;
};

4
backend/src/server/config/rateLimiter.ts
View File

@ -67,9 +67,7 @@ export const mfaRateLimit: RateLimitOptions = {
timeWindow: 60 * 1000,
hook: "preValidation",
max: (req) => req.rateLimits.mfaRateLimit,
keyGenerator: (req) => {
return req.headers.authorization?.split(" ")[1] || req.realIp;
}
keyGenerator: (req) => req.headers.authorization?.split(" ")[1] || req.realIp
};
// Public endpoints to avoid brute force attacks

5
backend/src/server/lib/schemas.ts
View File

@ -7,8 +7,8 @@ interface SlugSchemaInputs {
field?: string;
}
export const slugSchema = ({ min = 1, max = 32, field = "Slug" }: SlugSchemaInputs = {}) => {
return z
export const slugSchema = ({ min = 1, max = 32, field = "Slug" }: SlugSchemaInputs = {}) =>
z
.string()
.trim()
.min(min, {
@ -20,4 +20,3 @@ export const slugSchema = ({ min = 1, max = 32, field = "Slug" }: SlugSchemaInpu
.refine((v) => slugify(v, { lowercase: true }) === v, {
message: `${field} field can only contain lowercase letters, numbers, and hyphens`
});
};

7
backend/src/server/routes/v1/certificate-authority-router.ts
View File

@ -50,12 +50,11 @@ export const registerCaRouter = async (server: FastifyZodProvider) => {
.describe(CERTIFICATE_AUTHORITIES.CREATE.requireTemplateForIssuance)
})
.refine(
(data) => {
(data) =>
// Check that at least one of the specified fields is non-empty
return [data.commonName, data.organization, data.ou, data.country, data.province, data.locality].some(
[data.commonName, data.organization, data.ou, data.country, data.province, data.locality].some(
(field) => field !== ""
);
},
),
{
message:
"At least one of the fields commonName, organization, ou, country, province, or locality must be non-empty",

7
backend/src/server/routes/v1/invite-org-router.ts
View File

@ -95,16 +95,15 @@ export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
}
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.org.resendOrgMemberInvitation({
handler: async (req) =>
server.services.org.resendOrgMemberInvitation({
orgId: req.permission.orgId,
actor: req.permission.type,
actorId: req.permission.id,
actorAuthMethod: req.permission.authMethod,
actorOrgId: req.permission.orgId,
membershipId: req.body.membershipId
});
}
})
});
server.route({

9
backend/src/server/routes/v1/slack-router.ts
View File

@ -328,12 +328,9 @@ export const registerSlackRouter = async (server: FastifyZodProvider) => {
const installer = await server.services.slack.getSlackInstaller();
return installer.handleCallback(req.raw, res.raw, {
failureAsync: async () => {
return res.redirect(appCfg.SITE_URL as string);
},
successAsync: async () => {
return res.redirect(`${appCfg.SITE_URL}/organization/settings?selectedTab=workflow-integrations`);
}
failureAsync: async () => res.redirect(appCfg.SITE_URL as string),
successAsync: async () =>
res.redirect(`${appCfg.SITE_URL}/organization/settings?selectedTab=workflow-integrations`)
});
}
});

5
backend/src/server/routes/v1/user-engagement-router.ts
View File

@ -20,8 +20,7 @@ export const registerUserEngagementRouter = async (server: FastifyZodProvider) =
}
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.userEngagement.createUserWish(req.permission.id, req.permission.orgId, req.body.text);
}
handler: async (req) =>
server.services.userEngagement.createUserWish(req.permission.id, req.permission.orgId, req.body.text)
});
};

48
backend/src/server/routes/v1/user-router.ts
View File

@ -108,9 +108,7 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
}
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.user.getUserProjectFavorites(req.permission.id, req.query.orgId);
}
handler: async (req) => server.services.user.getUserProjectFavorites(req.permission.id, req.query.orgId)
});
server.route({
@ -126,13 +124,8 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
})
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.user.updateUserProjectFavorites(
req.permission.id,
req.body.orgId,
req.body.projectFavorites
);
}
handler: async (req) =>
server.services.user.updateUserProjectFavorites(req.permission.id, req.body.orgId, req.body.projectFavorites)
});
server.route({
@ -185,11 +178,10 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
}
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.totp.getUserTotpConfig({
handler: async (req) =>
server.services.totp.getUserTotpConfig({
userId: req.permission.id
});
}
})
});
server.route({
@ -199,11 +191,10 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
rateLimit: writeLimit
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.totp.deleteUserTotpConfig({
handler: async (req) =>
server.services.totp.deleteUserTotpConfig({
userId: req.permission.id
});
}
})
});
server.route({
@ -223,11 +214,10 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
onRequest: verifyAuth([AuthMode.JWT], {
requireOrg: false
}),
handler: async (req) => {
return server.services.totp.registerUserTotp({
handler: async (req) =>
server.services.totp.registerUserTotp({
userId: req.permission.id
});
}
})
});
server.route({
@ -247,12 +237,11 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
onRequest: verifyAuth([AuthMode.JWT], {
requireOrg: false
}),
handler: async (req) => {
return server.services.totp.verifyUserTotpConfig({
handler: async (req) =>
server.services.totp.verifyUserTotpConfig({
userId: req.permission.id,
totp: req.body.totp
});
}
})
});
server.route({
@ -262,10 +251,9 @@ export const registerUserRouter = async (server: FastifyZodProvider) => {
rateLimit: writeLimit
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
return server.services.totp.createUserTotpRecoveryCodes({
handler: async (req) =>
server.services.totp.createUserTotpRecoveryCodes({
userId: req.permission.id
});
}
})
});
};

12
backend/src/services/app-connection/app-connection-fns.ts
View File

@ -36,8 +36,8 @@ import {
validateAzureKeyVaultConnectionCredentials
} from "./azure-key-vault";
export const listAppConnectionOptions = () => {
return [
export const listAppConnectionOptions = () =>
[
getAwsConnectionListItem(),
getGitHubConnectionListItem(),
getGcpConnectionListItem(),
@ -45,7 +45,6 @@ export const listAppConnectionOptions = () => {
getAzureAppConfigurationConnectionListItem(),
getDatabricksConnectionListItem()
].sort((a, b) => a.name.localeCompare(b.name));
};
export const encryptAppConnectionCredentials = async ({
orgId,
@ -137,8 +136,8 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
export const decryptAppConnection = async (
appConnection: TAppConnections,
kmsService: TAppConnectionServiceFactoryDep["kmsService"]
) => {
return {
) =>
({
...appConnection,
credentials: await decryptAppConnectionCredentials({
encryptedCredentials: appConnection.encryptedCredentials,
@ -146,5 +145,4 @@ export const decryptAppConnection = async (
kmsService
}),
credentialsHash: generateHash(appConnection.encryptedCredentials)
} as TAppConnection;
};
}) as TAppConnection;

10
backend/src/services/app-connection/aws/aws-connection-service.ts
View File

@ -60,12 +60,10 @@ const listAwsKmsKeys = async (
return true;
});
const kmsKeys = validAliasEntries.map((aliasEntry) => {
return {
id: aliasEntry.TargetKeyId!,
alias: aliasEntry.AliasName!
};
});
const kmsKeys = validAliasEntries.map((aliasEntry) => ({
id: aliasEntry.TargetKeyId!,
alias: aliasEntry.AliasName!
}));
return kmsKeys;
};

12
backend/src/services/app-connection/databricks/databricks-connection-fns.ts
View File

@ -13,13 +13,11 @@ import {
TDatabricksConnectionConfig
} from "./databricks-connection-types";
export const getDatabricksConnectionListItem = () => {
return {
name: "Databricks" as const,
app: AppConnection.Databricks as const,
methods: Object.values(DatabricksConnectionMethod) as [DatabricksConnectionMethod.ServicePrincipal]
};
};
export const getDatabricksConnectionListItem = () => ({
name: "Databricks" as const,
app: AppConnection.Databricks as const,
methods: Object.values(DatabricksConnectionMethod) as [DatabricksConnectionMethod.ServicePrincipal]
});
const authorizeDatabricksConnection = async ({
clientId,

12
backend/src/services/app-connection/gcp/gcp-connection-fns.ts
View File

@ -17,13 +17,11 @@ import {
TGcpConnectionConfig
} from "./gcp-connection-types";
export const getGcpConnectionListItem = () => {
return {
name: "GCP" as const,
app: AppConnection.GCP as const,
methods: Object.values(GcpConnectionMethod) as [GcpConnectionMethod.ServiceAccountImpersonation]
};
};
export const getGcpConnectionListItem = () => ({
name: "GCP" as const,
app: AppConnection.GCP as const,
methods: Object.values(GcpConnectionMethod) as [GcpConnectionMethod.ServiceAccountImpersonation]
});
export const getGcpConnectionAuthToken = async (appConnection: TGcpConnectionConfig) => {
const appCfg = getConfig();

4
backend/src/services/auth/auth-login-service.ts
View File

@ -368,8 +368,8 @@ export const authLoginServiceFactory = ({
}
const shouldCheckMfa = selectedOrg.enforceMfa || user.isMfaEnabled;
const orgMfaMethod = selectedOrg.enforceMfa ? selectedOrg.selectedMfaMethod ?? MfaMethod.EMAIL : undefined;
const userMfaMethod = user.isMfaEnabled ? user.selectedMfaMethod ?? MfaMethod.EMAIL : undefined;
const orgMfaMethod = selectedOrg.enforceMfa ? (selectedOrg.selectedMfaMethod ?? MfaMethod.EMAIL) : undefined;
const userMfaMethod = user.isMfaEnabled ? (user.selectedMfaMethod ?? MfaMethod.EMAIL) : undefined;
const mfaMethod = orgMfaMethod ?? userMfaMethod;
if (shouldCheckMfa && (!decodedToken.isMfaVerified || decodedToken.mfaMethod !== mfaMethod)) {

16
backend/src/services/certificate-authority/certificate-authority-queue.ts
View File

@ -109,15 +109,13 @@ export const certificateAuthorityQueueFactory = ({
issuer: ca.dn,
thisUpdate: new Date(),
nextUpdate: new Date("2025/12/12"), // TODO: depends on configured rebuild interval
entries: revokedCerts.map((revokedCert) => {
return {
serialNumber: revokedCert.serialNumber,
revocationDate: new Date(revokedCert.revokedAt as Date),
reason: revokedCert.revocationReason as number,
invalidity: new Date("2022/01/01"),
issuer: ca.dn
};
}),
entries: revokedCerts.map((revokedCert) => ({
serialNumber: revokedCert.serialNumber,
revocationDate: new Date(revokedCert.revokedAt as Date),
reason: revokedCert.revocationReason as number,
invalidity: new Date("2022/01/01"),
issuer: ca.dn
})),
signingAlgorithm: alg,
signingKey: sk
});

6
backend/src/services/certificate-authority/certificate-authority-validators.ts
View File

@ -26,9 +26,9 @@ export const validateAltNamesField = z
(data) => {
if (data === "") return true;
// Split and validate each alt name
return data.split(", ").every((name) => {
return hostnameRegex.test(name) || z.string().email().safeParse(name).success || isValidIp(name);
});
return data
.split(", ")
.every((name) => hostnameRegex.test(name) || z.string().email().safeParse(name).success || isValidIp(name));
},
{
message: "Each alt name must be a valid hostname or email address"

5
backend/src/services/identity/identity-fns.ts
View File

@ -18,8 +18,8 @@ export const buildAuthMethods = ({
azureId?: string;
tokenId?: string;
jwtId?: string;
}) => {
return [
}) =>
[
...[uaId ? IdentityAuthMethod.UNIVERSAL_AUTH : null],
...[gcpId ? IdentityAuthMethod.GCP_AUTH : null],
...[awsId ? IdentityAuthMethod.AWS_AUTH : null],
@ -29,4 +29,3 @@ export const buildAuthMethods = ({
...[tokenId ? IdentityAuthMethod.TOKEN_AUTH : null],
...[jwtId ? IdentityAuthMethod.JWT_AUTH : null]
].filter((authMethod) => authMethod) as IdentityAuthMethod[];
};

10
backend/src/services/integration-auth/integration-auth-service.ts
View File

@ -1007,12 +1007,10 @@ export const integrationAuthServiceFactory = ({
return alias.TargetKeyId;
});
const keysWithAliases = keyAliases.map((alias) => {
return {
id: alias.TargetKeyId!,
alias: alias.AliasName!
};
});
const keysWithAliases = keyAliases.map((alias) => ({
id: alias.TargetKeyId!,
alias: alias.AliasName!
}));
return keysWithAliases;
};

22
backend/src/services/integration-auth/integration-sync-secret.ts
View File

@ -546,9 +546,9 @@ const syncSecretsAzureKeyVault = async ({
// disabled keys to skip sending updates to
const disabledAzureKeyVaultSecretKeys = getAzureKeyVaultSecrets
.filter(({ attributes }) => !attributes.enabled)
.map((getAzureKeyVaultSecret) => {
return getAzureKeyVaultSecret.id.substring(getAzureKeyVaultSecret.id.lastIndexOf("/") + 1);
});
.map((getAzureKeyVaultSecret) =>
getAzureKeyVaultSecret.id.substring(getAzureKeyVaultSecret.id.lastIndexOf("/") + 1)
);
let lastSlashIndex: number;
const res = (
@ -3865,8 +3865,8 @@ const syncSecretsCloudflareWorkers = async ({
}
await Promise.all(
deletedSecretKeys.map(async (secretKey) => {
return request.delete(
deletedSecretKeys.map(async (secretKey) =>
request.delete(
`${IntegrationUrls.CLOUDFLARE_WORKERS_API_URL}/client/v4/accounts/${accessId}/workers/scripts/${integration.app}/secrets/${secretKey}`,
{
headers: {
@ -3874,8 +3874,8 @@ const syncSecretsCloudflareWorkers = async ({
Accept: "application/json"
}
}
);
})
)
)
);
interface ConvertedSecret {
@ -3898,8 +3898,8 @@ const syncSecretsCloudflareWorkers = async ({
}));
await Promise.all(
data.map(async (secret) => {
return request.put(
data.map(async (secret) =>
request.put(
`${IntegrationUrls.CLOUDFLARE_WORKERS_API_URL}/client/v4/accounts/${accessId}/workers/scripts/${integration.app}/secrets`,
secret,
{
@ -3908,8 +3908,8 @@ const syncSecretsCloudflareWorkers = async ({
Accept: "application/json"
}
}
);
})
)
)
);
};

4
backend/src/services/kms/kms-service.ts
View File

@ -238,9 +238,7 @@ export const kmsServiceFactory = ({
const decryptWithRootKey = () => {
const cipher = symmetricCipherService(SymmetricEncryption.AES_GCM_256);
return (cipherTextBuffer: Buffer) => {
return cipher.decrypt(cipherTextBuffer, ROOT_ENCRYPTION_KEY);
};
return (cipherTextBuffer: Buffer) => cipher.decrypt(cipherTextBuffer, ROOT_ENCRYPTION_KEY);
};
const decryptWithKmsKey = async ({

4
backend/src/services/org-admin/org-admin-dal.ts
View File

@ -1,5 +1,3 @@
export type TOrgAdminDALFactory = ReturnType<typeof orgAdminDALFactory>;
export const orgAdminDALFactory = () => {
return {};
};
export const orgAdminDALFactory = () => ({});

8
backend/src/services/org/org-service.ts
View File

@ -1067,8 +1067,8 @@ export const orgServiceFactory = ({
await Promise.allSettled(
mailsForProjectInvitation
.filter((el) => Boolean(el.email.length))
.map(async (el) => {
return smtpService.sendMail({
.map(async (el) =>
smtpService.sendMail({
template: SmtpTemplates.WorkspaceInvite,
subjectLine: "Infisical project invitation",
recipients: el.email,
@ -1076,8 +1076,8 @@ export const orgServiceFactory = ({
workspaceName: el.projectName,
callback_url: `${appCfg.SITE_URL}/login`
}
});
})
})
)
);
if (!appCfg.isSmtpConfigured) {

4
backend/src/services/project-bot/project-bot-service.ts
View File

@ -27,9 +27,7 @@ export const projectBotServiceFactory = ({
}: TProjectBotServiceFactoryDep) => {
const getBotKeyFn = getBotKeyFnFactory(projectBotDAL, projectDAL);
const getBotKey = async (projectId: string, shouldGetBotKey?: boolean) => {
return getBotKeyFn(projectId, shouldGetBotKey);
};
const getBotKey = async (projectId: string, shouldGetBotKey?: boolean) => getBotKeyFn(projectId, shouldGetBotKey);
const findBotByProjectId = async ({
actorId,

5
backend/src/services/project-role/project-role-fns.ts
View File

@ -6,8 +6,8 @@ import {
projectViewerPermission
} from "@app/ee/services/permission/project-permission";
export const getPredefinedRoles = (projectId: string, roleFilter?: ProjectMembershipRole) => {
return [
export const getPredefinedRoles = (projectId: string, roleFilter?: ProjectMembershipRole) =>
[
{
id: "b11b49a9-09a9-4443-916a-4246f9ff2c69", // dummy userid
projectId,
@ -49,4 +49,3 @@ export const getPredefinedRoles = (projectId: string, roleFilter?: ProjectMember
updatedAt: new Date()
}
].filter(({ slug }) => !roleFilter || roleFilter.includes(slug));
};

10
backend/src/services/project/project-service.ts
View File

@ -527,12 +527,10 @@ export const projectServiceFactory = ({
const workspaceMappedToRoles = groupBy(customRoles, (role) => role.projectId);
const workspacesWithRoles = await Promise.all(
workspaces.map(async (workspace) => {
return {
...workspace,
roles: [...(workspaceMappedToRoles[workspace.id] || []), ...getPredefinedRoles(workspace.id)]
};
})
workspaces.map(async (workspace) => ({
...workspace,
roles: [...(workspaceMappedToRoles[workspace.id] || []), ...getPredefinedRoles(workspace.id)]
}))
);
return workspacesWithRoles;

6
backend/src/services/secret-sync/azure-key-vault/azure-key-vault-sync-fns.ts
View File

@ -43,9 +43,9 @@ export const azureKeyVaultSyncFactory = ({ kmsService, appConnectionDAL }: TAzur
// disabled keys to skip sending updates to
const disabledAzureKeyVaultSecretKeys = getAzureKeyVaultSecrets
.filter(({ attributes }) => !attributes.enabled)
.map((getAzureKeyVaultSecret) => {
return getAzureKeyVaultSecret.id.substring(getAzureKeyVaultSecret.id.lastIndexOf("/") + 1);
});
.map((getAzureKeyVaultSecret) =>
getAzureKeyVaultSecret.id.substring(getAzureKeyVaultSecret.id.lastIndexOf("/") + 1)
);
let lastSlashIndex: number;
const res = (

7
backend/src/services/secret-sync/secret-sync-fns.ts
View File

@ -35,9 +35,8 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
[SecretSync.Databricks]: DATABRICKS_SYNC_LIST_OPTION
};
export const listSecretSyncOptions = () => {
return Object.values(SECRET_SYNC_LIST_OPTIONS).sort((a, b) => a.name.localeCompare(b.name));
};
export const listSecretSyncOptions = () =>
Object.values(SECRET_SYNC_LIST_OPTIONS).sort((a, b) => a.name.localeCompare(b.name));
type TSyncSecretDeps = {
appConnectionDAL: Pick<TAppConnectionDALFactory, "findById" | "update" | "updateById">;
@ -218,7 +217,7 @@ export const parseSyncErrorMessage = (err: unknown): string => {
} else if (err instanceof AxiosError) {
errorMessage = err?.response?.data
? JSON.stringify(err?.response?.data)
: err?.message ?? "An unknown error occurred.";
: (err?.message ?? "An unknown error occurred.");
} else {
errorMessage = (err as Error)?.message || "An unknown error occurred.";
}

90
backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
View File

@ -2250,14 +2250,12 @@ export const secretV2BridgeServiceFactory = ({
{ tx }
);
const decryptedDestinationSecrets = destinationSecretsFromDB.map((secret) => {
return {
...secret,
value: secret.encryptedValue
? secretManagerDecryptor({ cipherTextBlob: secret.encryptedValue }).toString()
: undefined
};
});
const decryptedDestinationSecrets = destinationSecretsFromDB.map((secret) => ({
...secret,
value: secret.encryptedValue
? secretManagerDecryptor({ cipherTextBlob: secret.encryptedValue }).toString()
: undefined
}));
const destinationSecretsGroupedByKey = groupBy(decryptedDestinationSecrets, (i) => i.key);
@ -2367,20 +2365,18 @@ export const secretV2BridgeServiceFactory = ({
type: actor,
actorId
},
inputSecrets: locallyCreatedSecrets.map((doc) => {
return {
type: doc.type,
metadata: doc.metadata,
key: doc.key,
encryptedValue: doc.encryptedValue,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
reminderNote: doc.reminderNote,
reminderRepeatDays: doc.reminderRepeatDays,
secretMetadata: doc.secretMetadata,
references: doc.value ? getAllSecretReferences(doc.value).nestedReferences : []
};
})
inputSecrets: locallyCreatedSecrets.map((doc) => ({
type: doc.type,
metadata: doc.metadata,
key: doc.key,
encryptedValue: doc.encryptedValue,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
reminderNote: doc.reminderNote,
reminderRepeatDays: doc.reminderRepeatDays,
secretMetadata: doc.secretMetadata,
references: doc.value ? getAllSecretReferences(doc.value).nestedReferences : []
}))
});
}
if (locallyUpdatedSecrets.length) {
@ -2397,32 +2393,30 @@ export const secretV2BridgeServiceFactory = ({
type: actor,
actorId
},
inputSecrets: locallyUpdatedSecrets.map((doc) => {
return {
filter: {
folderId: destinationFolder.id,
id: destinationSecretsGroupedByKey[doc.key][0].id
},
data: {
metadata: doc.metadata,
key: doc.key,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
reminderNote: doc.reminderNote,
secretMetadata: doc.secretMetadata,
reminderRepeatDays: doc.reminderRepeatDays,
...(doc.encryptedValue
? {
encryptedValue: doc.encryptedValue,
references: doc.value ? getAllSecretReferences(doc.value).nestedReferences : []
}
: {
encryptedValue: undefined,
references: undefined
})
}
};
})
inputSecrets: locallyUpdatedSecrets.map((doc) => ({
filter: {
folderId: destinationFolder.id,
id: destinationSecretsGroupedByKey[doc.key][0].id
},
data: {
metadata: doc.metadata,
key: doc.key,
encryptedComment: doc.encryptedComment,
skipMultilineEncoding: doc.skipMultilineEncoding,
reminderNote: doc.reminderNote,
secretMetadata: doc.secretMetadata,
reminderRepeatDays: doc.reminderRepeatDays,
...(doc.encryptedValue
? {
encryptedValue: doc.encryptedValue,
references: doc.value ? getAllSecretReferences(doc.value).nestedReferences : []
}
: {
encryptedValue: undefined,
references: undefined
})
}
}))
});
}

26
backend/src/services/secret/secret-fns.ts
View File

@ -793,20 +793,18 @@ export const createManySecretsRawFnFactory = ({
message: `Secret already exist: ${secretsStoredInDB.map((el) => el.key).join(",")}`
});
const inputSecrets = secrets.map((secret) => {
return {
type: secret.type,
userId: secret.type === SecretType.Personal ? userId : null,
key: secret.secretName,
encryptedValue: secretManagerEncryptor({ plainText: Buffer.from(secret.secretValue) }).cipherTextBlob,
encryptedComent: secret.secretComment
? secretManagerEncryptor({ plainText: Buffer.from(secret.secretComment) }).cipherTextBlob
: null,
skipMultilineEncoding: secret.skipMultilineEncoding,
tags: secret.tags,
references: getAllSecretReferences(secret.secretValue).nestedReferences
};
});
const inputSecrets = secrets.map((secret) => ({
type: secret.type,
userId: secret.type === SecretType.Personal ? userId : null,
key: secret.secretName,
encryptedValue: secretManagerEncryptor({ plainText: Buffer.from(secret.secretValue) }).cipherTextBlob,
encryptedComent: secret.secretComment
? secretManagerEncryptor({ plainText: Buffer.from(secret.secretComment) }).cipherTextBlob
: null,
skipMultilineEncoding: secret.skipMultilineEncoding,
tags: secret.tags,
references: getAllSecretReferences(secret.secretValue).nestedReferences
}));
// get all tags
const tagIds = inputSecrets.flatMap(({ tags = [] }) => tags);

108
backend/src/services/secret/secret-service.ts
View File

@ -2936,23 +2936,21 @@ export const secretServiceFactory = ({
{ tx }
);
const decryptedDestinationSecrets = destinationSecretsFromDB.map((secret) => {
return {
...secret,
secretKey: decryptSymmetric128BitHexKeyUTF8({
ciphertext: secret.secretKeyCiphertext,
iv: secret.secretKeyIV,
tag: secret.secretKeyTag,
key: botKey
}),
secretValue: decryptSymmetric128BitHexKeyUTF8({
ciphertext: secret.secretValueCiphertext,
iv: secret.secretValueIV,
tag: secret.secretValueTag,
key: botKey
})
};
});
const decryptedDestinationSecrets = destinationSecretsFromDB.map((secret) => ({
...secret,
secretKey: decryptSymmetric128BitHexKeyUTF8({
ciphertext: secret.secretKeyCiphertext,
iv: secret.secretKeyIV,
tag: secret.secretKeyTag,
key: botKey
}),
secretValue: decryptSymmetric128BitHexKeyUTF8({
ciphertext: secret.secretValueCiphertext,
iv: secret.secretValueIV,
tag: secret.secretValueTag,
key: botKey
})
}));
const destinationSecretsGroupedByBlindIndex = groupBy(
decryptedDestinationSecrets.filter(({ secretBlindIndex }) => Boolean(secretBlindIndex)),
@ -3055,8 +3053,40 @@ export const secretServiceFactory = ({
tx,
secretTagDAL,
secretVersionTagDAL,
inputSecrets: locallyCreatedSecrets.map((doc) => {
return {
inputSecrets: locallyCreatedSecrets.map((doc) => ({
keyEncoding: doc.keyEncoding,
algorithm: doc.algorithm,
type: doc.type,
metadata: doc.metadata,
secretKeyIV: doc.secretKeyIV,
secretKeyTag: doc.secretKeyTag,
secretKeyCiphertext: doc.secretKeyCiphertext,
secretValueIV: doc.secretValueIV,
secretValueTag: doc.secretValueTag,
secretValueCiphertext: doc.secretValueCiphertext,
secretBlindIndex: doc.secretBlindIndex,
secretCommentIV: doc.secretCommentIV,
secretCommentTag: doc.secretCommentTag,
secretCommentCiphertext: doc.secretCommentCiphertext,
skipMultilineEncoding: doc.skipMultilineEncoding
}))
});
}
if (locallyUpdatedSecrets.length) {
await fnSecretBulkUpdate({
projectId: project.id,
folderId: destinationFolder.id,
secretVersionDAL,
secretDAL,
tx,
secretTagDAL,
secretVersionTagDAL,
inputSecrets: locallyUpdatedSecrets.map((doc) => ({
filter: {
folderId: destinationFolder.id,
id: destinationSecretsGroupedByBlindIndex[doc.secretBlindIndex as string][0].id
},
data: {
keyEncoding: doc.keyEncoding,
algorithm: doc.algorithm,
type: doc.type,
@ -3072,44 +3102,8 @@ export const secretServiceFactory = ({
secretCommentTag: doc.secretCommentTag,
secretCommentCiphertext: doc.secretCommentCiphertext,
skipMultilineEncoding: doc.skipMultilineEncoding
};
})
});
}
if (locallyUpdatedSecrets.length) {
await fnSecretBulkUpdate({
projectId: project.id,
folderId: destinationFolder.id,
secretVersionDAL,
secretDAL,
tx,
secretTagDAL,
secretVersionTagDAL,
inputSecrets: locallyUpdatedSecrets.map((doc) => {
return {
filter: {
folderId: destinationFolder.id,
id: destinationSecretsGroupedByBlindIndex[doc.secretBlindIndex as string][0].id
},
data: {
keyEncoding: doc.keyEncoding,
algorithm: doc.algorithm,
type: doc.type,
metadata: doc.metadata,
secretKeyIV: doc.secretKeyIV,
secretKeyTag: doc.secretKeyTag,
secretKeyCiphertext: doc.secretKeyCiphertext,
secretValueIV: doc.secretValueIV,
secretValueTag: doc.secretValueTag,
secretValueCiphertext: doc.secretValueCiphertext,
secretBlindIndex: doc.secretBlindIndex,
secretCommentIV: doc.secretCommentIV,
secretCommentTag: doc.secretCommentTag,
secretCommentCiphertext: doc.secretCommentCiphertext,
skipMultilineEncoding: doc.skipMultilineEncoding
}
};
})
}
}))
});
}

5
backend/src/services/slack/project-slack-config-dal.ts
View File

@ -9,8 +9,8 @@ export type TProjectSlackConfigDALFactory = ReturnType<typeof projectSlackConfig
export const projectSlackConfigDALFactory = (db: TDbClient) => {
const projectSlackConfigOrm = ormify(db, TableName.ProjectSlackConfigs);
const getIntegrationDetailsByProject = (projectId: string, tx?: Knex) => {
return (tx || db.replicaNode())(TableName.ProjectSlackConfigs)
const getIntegrationDetailsByProject = (projectId: string, tx?: Knex) =>
(tx || db.replicaNode())(TableName.ProjectSlackConfigs)
.join(
TableName.SlackIntegrations,
`${TableName.ProjectSlackConfigs}.slackIntegrationId`,
@ -19,7 +19,6 @@ export const projectSlackConfigDALFactory = (db: TDbClient) => {
.where("projectId", "=", projectId)
.select(selectAllTableCols(TableName.ProjectSlackConfigs), selectAllTableCols(TableName.SlackIntegrations))
.first();
};
return { ...projectSlackConfigOrm, getIntegrationDetailsByProject };
};

8
backend/src/services/slack/slack-service.ts
View File

@ -209,13 +209,9 @@ export const slackServiceFactory = ({
},
// for our use-case we don't need to implement this because this will only be used
// when listening for events from slack
fetchInstallation: () => {
return {} as never;
},
fetchInstallation: () => ({}) as never,
// for our use-case we don't need to implement this yet
deleteInstallation: () => {
return {} as never;
}
deleteInstallation: () => ({}) as never
}
});
};

6
backend/src/services/smtp/templates/secretRequestCompleted.handlebars
View File

@ -11,14 +11,14 @@
<h2>A secret has been shared with you</h2>
{{#if name}}
<p>Secret request name: {{name}}</p>
<p>Secret request name: {{name}}</p>
{{/if}}
{{#if respondentUsername}}
<p>Shared by: {{respondentUsername}}</p>
<p>Shared by: {{respondentUsername}}</p>
{{/if}}
<br />
<br/>
<br />
<p>
You can access the secret by clicking the link below.

4
backend/src/services/smtp/templates/secretSyncFailed.handlebars
View File

@ -22,10 +22,10 @@
<p><strong>Destination</strong>: {{syncDestination}}</p>
<p><strong>Project</strong>: {{projectName}}</p>
{{#if environment}}
<p><strong>Environment</strong>: {{environment}}</p>
<p><strong>Environment</strong>: {{environment}}</p>
{{/if}}
{{#if secretPath}}
<p><strong>Secret Path</strong>: {{secretPath}}</p>
<p><strong>Secret Path</strong>: {{secretPath}}</p>
{{/if}}
</div>

2
backend/src/services/smtp/templates/unlockAccount.handlebars
View File

@ -8,7 +8,7 @@
<body>
<h2>Unlock your Infisical account</h2>
<p>Your account has been temporarily locked due to multiple failed login attempts. </h2>
<p>Your account has been temporarily locked due to multiple failed login attempts.</p>
<a href="{{callback_url}}?token={{token}}">To unlock your account, follow the link here</a>
<p>If these attempts were not made by you, reset your password immediately.</p>

2
backend/src/services/smtp/templates/workspaceInvitation.handlebars
View File

@ -14,4 +14,4 @@
{{emailFooter}}
</body>
</html>
</html>

10
backend/src/services/super-admin/super-admin-service.ts
View File

@ -7,6 +7,7 @@ import { getConfig } from "@app/lib/config/env";
import { infisicalSymmetricEncypt } from "@app/lib/crypto/encryption";
import { getUserPrivateKey } from "@app/lib/crypto/srp";
import { BadRequestError, NotFoundError } from "@app/lib/errors";
import { TIdentityDALFactory } from "@app/services/identity/identity-dal";
import { TAuthLoginFactory } from "../auth/auth-login-service";
import { AuthMethod } from "../auth/auth-type";
@ -143,8 +144,8 @@ export const superAdminServiceFactory = ({
const canServerAdminAccessAfterApply =
data.enabledLoginMethods.some((loginMethod) =>
loginMethodToAuthMethod[loginMethod as LoginMethod].some(
(authMethod) => superAdminUser.authMethods?.includes(authMethod)
loginMethodToAuthMethod[loginMethod as LoginMethod].some((authMethod) =>
superAdminUser.authMethods?.includes(authMethod)
)
) ||
isUserSamlAccessEnabled ||
@ -271,15 +272,14 @@ export const superAdminServiceFactory = ({
return { token, user: userInfo, organization };
};
const getUsers = ({ offset, limit, searchTerm, adminsOnly }: TAdminGetUsersDTO) => {
return userDAL.getUsersByFilter({
const getUsers = ({ offset, limit, searchTerm, adminsOnly }: TAdminGetUsersDTO) =>
userDAL.getUsersByFilter({
limit,
offset,
searchTerm,
sortBy: "username",
adminsOnly
});
};
const deleteUser = async (userId: string) => {
const user = await userDAL.deleteById(userId);