Merge remote-tracking branch 'origin' into pg-ssl

Add knex SSL configuration support
remove await and add void
2025-04-17 19:37:38 +00:00 · 2024-02-03 15:16:47 -08:00 · 2024-02-03 15:16:43 -08:00 · 2024-02-03 12:53:42 -05:00 · 2024-02-02 12:43:43 -05:00 · 2024-02-02 12:07:57 -05:00
15 changed files with 69 additions and 20 deletions
--- a/.github/values.yaml
+++ b/.github/values.yaml
@ -19,14 +19,14 @@ infisical:
  ## @param backend.name Backend name
  ##
  name: infisical
-  replicaCount: 2
+  replicaCount: 3
  image:
-    repository: infisical/infisical
-    tag: "latest-postgres"
+    repository: infisical/staging_infisical
+    tag: "latest"
    pullPolicy: IfNotPresent

  deploymentAnnotations:
-    secrets.infisical.com/auto-reload: "true"
+    secrets.infisical.com/auto-reload: "false"

  kubeSecretRef: "infisical-gamma-secrets"

--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -13,6 +13,7 @@
        "@casl/ability": "^6.5.0",
        "@fastify/cookie": "^9.2.0",
        "@fastify/cors": "^8.4.1",
+        "@fastify/etag": "^5.1.0",
        "@fastify/formbody": "^7.4.0",
        "@fastify/helmet": "^11.1.1",
        "@fastify/passport": "^2.4.0",
@ -1671,6 +1672,14 @@
      "resolved": "https://registry.npmjs.org/@fastify/error/-/error-3.4.1.tgz",
      "integrity": "sha512-wWSvph+29GR783IhmvdwWnN4bUxTD01Vm5Xad4i7i1VuAOItLvbPAb69sb0IQ2N57yprvhNIwAP5B6xfKTmjmQ=="
    },
+    "node_modules/@fastify/etag": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@fastify/etag/-/etag-5.1.0.tgz",
+      "integrity": "sha512-j/huE8baxgF22idzY35a579b6uP+9ykE9Jt02xY4ZApELNr2KGZmQOKTQsZS94TfKMLfPHwkoM8FfZRq8OZDXg==",
+      "dependencies": {
+        "fastify-plugin": "^4.0.0"
+      }
+    },
    "node_modules/@fastify/fast-json-stringify-compiler": {
      "version": "4.3.0",
      "resolved": "https://registry.npmjs.org/@fastify/fast-json-stringify-compiler/-/fast-json-stringify-compiler-4.3.0.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@ -67,6 +67,7 @@
    "@casl/ability": "^6.5.0",
    "@fastify/cookie": "^9.2.0",
    "@fastify/cors": "^8.4.1",
+    "@fastify/etag": "^5.1.0",
    "@fastify/formbody": "^7.4.0",
    "@fastify/helmet": "^11.1.1",
    "@fastify/passport": "^2.4.0",
--- a/backend/src/db/instance.ts
+++ b/backend/src/db/instance.ts
@ -1,11 +1,23 @@
 import knex from "knex";

 export type TDbClient = ReturnType<typeof initDbConnection>;
-export const initDbConnection = (dbConnectionUri: string) => {
+export const initDbConnection = ({
+  dbConnectionUri,
+  dbRootCert
+}: {
+  dbConnectionUri: string;
+  dbRootCert?: string;
+}) => {
  const db = knex({
    client: "pg",
-    connection: dbConnectionUri
+    connection: {
+      connectionString: dbConnectionUri,
+      ssl: dbRootCert ? {
+        rejectUnauthorized: true,
+        ca: Buffer.from(dbRootCert, 'base64').toString('ascii')
+      } : false
+    }
  });

  return db;
-};
+};
--- a/backend/src/ee/services/audit-log/audit-log-dal.ts
+++ b/backend/src/ee/services/audit-log/audit-log-dal.ts
@ -38,7 +38,8 @@ export const auditLogDALFactory = (db: TDbClient) => {
          })
        )
        .limit(limit)
-        .offset(offset);
+        .offset(offset)
+        .orderBy("createdAt", "desc");
      if (startDate) {
        void sqlQuery.where("createdAt", ">=", startDate);
      }
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@ -15,7 +15,8 @@ const envSchema = z
    PORT: z.coerce.number().default(4000),
    REDIS_URL: zpStr(z.string()),
    HOST: zpStr(z.string().default("localhost")),
-    DB_CONNECTION_URI: zpStr(z.string().describe("Postgres database conntection string")),
+    DB_CONNECTION_URI: zpStr(z.string().describe("Postgres database connection string")),
+    DB_ROOT_CERT: zpStr(z.string().describe("Postgres database base64-encoded CA cert").optional()),
    NODE_ENV: z.enum(["development", "test", "production"]).default("production"),
    SALT_ROUNDS: z.coerce.number().default(10),
    // TODO(akhilmhdh): will be changed to one
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@ -12,7 +12,11 @@ dotenv.config();
 const run = async () => {
  const logger = await initLogger();
  const appCfg = initEnvConfig(logger);
-  const db = initDbConnection(appCfg.DB_CONNECTION_URI);
+  const db = initDbConnection({
+    dbConnectionUri: appCfg.DB_CONNECTION_URI,
+    dbRootCert: appCfg.DB_ROOT_CERT
+  });
+  
  const smtp = smtpServiceFactory(formatSmtpConfig());
  const queue = queueServiceFactory(appCfg.REDIS_URL);

--- a/backend/src/server/app.ts
+++ b/backend/src/server/app.ts
@ -5,6 +5,7 @@ import type { FastifyCookieOptions } from "@fastify/cookie";
 import cookie from "@fastify/cookie";
 import type { FastifyCorsOptions } from "@fastify/cors";
 import cors from "@fastify/cors";
+import fastifyEtag from "@fastify/etag";
 import fastifyFormBody from "@fastify/formbody";
 import helmet from "@fastify/helmet";
 import type { FastifyRateLimitOptions } from "@fastify/rate-limit";
@ -50,6 +51,8 @@ export const main = async ({ db, smtp, logger, queue }: TMain) => {
      secret: appCfg.COOKIE_SECRET_SIGN_KEY
    });

+    await server.register(fastifyEtag);
+
    await server.register<FastifyCorsOptions>(cors, {
      credentials: true,
      origin: appCfg.SITE_URL || true
--- a/backend/src/server/routes/v3/signup-router.ts
+++ b/backend/src/server/routes/v3/signup-router.ts
@ -108,7 +108,7 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
        }
      });

-      await res.setCookie("jid", refreshToken, {
+      void res.setCookie("jid", refreshToken, {
        httpOnly: true,
        path: "/",
        sameSite: "strict",
@ -159,7 +159,7 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
        userAgent
      });

-      await res.setCookie("jid", refreshToken, {
+      void res.setCookie("jid", refreshToken, {
        httpOnly: true,
        path: "/",
        sameSite: "strict",
--- a/backend/src/services/secret-import/secret-import-fns.ts
+++ b/backend/src/services/secret-import/secret-import-fns.ts
@ -25,10 +25,15 @@ export const fnSecretsFromImports = async ({
  if (!folderIds.length) {
    return [];
  }
-  const importedSecrets = await secretDAL.find({
-    $in: { folderId: folderIds },
-    type: SecretType.Shared
-  });
+  const importedSecrets = await secretDAL.find(
+    {
+      $in: { folderId: folderIds },
+      type: SecretType.Shared
+    },
+    {
+      sort: [["id", "asc"]]
+    }
+  );

  const importedSecsGroupByFolderId = groupBy(importedSecrets, (i) => i.folderId);
  return allowedImports.map(({ importPath, importEnv }, i) => ({
--- a/backend/src/services/secret-tag/secret-tag-service.ts
+++ b/backend/src/services/secret-tag/secret-tag-service.ts
@ -47,7 +47,7 @@ export const secretTagServiceFactory = ({ secretTagDAL, permissionService }: TSe
    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId);
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Tags);

-    const tags = await secretTagDAL.find({ projectId });
+    const tags = await secretTagDAL.find({ projectId }, { sort: [["createdAt", "asc"]] });
    return tags;
  };

--- a/backend/src/services/secret/secret-dal.ts
+++ b/backend/src/services/secret/secret-dal.ts
@ -86,7 +86,8 @@ export const secretDALFactory = (db: TDbClient) => {
        .select(db.ref("id").withSchema(TableName.SecretTag).as("tagId"))
        .select(db.ref("color").withSchema(TableName.SecretTag).as("tagColor"))
        .select(db.ref("slug").withSchema(TableName.SecretTag).as("tagSlug"))
-        .select(db.ref("name").withSchema(TableName.SecretTag).as("tagName"));
+        .select(db.ref("name").withSchema(TableName.SecretTag).as("tagName"))
+        .orderBy("id", "asc");
      const data = sqlNestRelationships({
        data: secs,
        key: "id",
--- a/backend/src/services/service-token/service-token-service.ts
+++ b/backend/src/services/service-token/service-token-service.ts
@ -117,7 +117,7 @@ export const serviceTokenServiceFactory = ({
    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId);
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.ServiceTokens);

-    const tokens = await serviceTokenDAL.find({ projectId });
+    const tokens = await serviceTokenDAL.find({ projectId }, { sort: [["createdAt", "desc"]] });
    return tokens;
  };

--- a/backend/src/services/webhook/webhook-dal.ts
+++ b/backend/src/services/webhook/webhook-dal.ts
@ -80,7 +80,8 @@ export const webhookDALFactory = (db: TDbClient) => {
        .select(db.ref("slug").withSchema(TableName.Environment).as("envSlug"))
        .select(db.ref("id").withSchema(TableName.Environment).as("envId"))
        .select(db.ref("projectId").withSchema(TableName.Environment))
-        .select(selectAllTableCols(TableName.Webhook));
+        .select(selectAllTableCols(TableName.Webhook))
+        .orderBy(`${TableName.Webhook}.createdAt`, "asc");

      return webhooks.map(({ envId, envSlug, envName, ...el }) => ({
        ...el,
--- a/docker-compose.pg.yml
+++ b/docker-compose.pg.yml
@ -34,6 +34,17 @@ services:
    volumes:
      - redis_data:/data

+  redis-commander:
+    container_name: infisical-dev-redis-commander
+    image: rediscommander/redis-commander
+    restart: always
+    depends_on:
+      - redis
+    environment:
+      - REDIS_HOSTS=local:redis:6379
+    ports:
+      - "8085:8081"
+
  db-test:
    profiles: ["test"]
    image: postgres:14-alpine
Author	SHA1	Message	Date
Tuan Dang	4e3827780f	Merge remote-tracking branch 'origin' into pg-ssl	2024-02-03 15:16:47 -08:00
Tuan Dang	644cdf5a67	Add knex SSL configuration support	2024-02-03 15:16:43 -08:00
Maidul Islam	ac0780266b	remove await and add void	2024-02-03 12:53:42 -05:00
Maidul Islam	7a253ddcc7	update sort from createdAt to id	2024-02-02 12:43:43 -05:00
Maidul Islam	b65677a708	Merge pull request #1363 from akhilmhdh/feat/audit-log-desc feat: enabled order by desc for audit log and added sort for couple of get queries	2024-02-02 12:07:57 -05:00
Maidul Islam	c1eb97ee53	revert port change	2024-02-02 11:51:27 -05:00
Akhil Mohan	937e48dbc5	feat: enabled order by desc for audit log and added sort for couple of get queries	2024-02-02 20:56:42 +05:30
Maidul Islam	72d46efba5	sort get secrets response for etags	2024-02-02 01:25:19 -05:00
Maidul Islam	b6eb08167f	Update values.yaml	2024-02-01 22:45:54 -05:00
Maidul Islam	582472e4cc	Update gamma values.yaml	2024-02-01 22:34:09 -05:00
Maidul Islam	3b3b76548b	add etag	2024-02-01 20:49:07 -05:00
Maidul Islam	f8416ad891	add redis commander for local dev	2024-02-01 15:45:38 -05:00
Akhil Mohan	31e49672d5	Merge pull request #1359 from Infisical/daniel/fix-list-workspaces-id (Fix): Add ID to list workspaces endpoint	2024-02-01 13:21:06 +05:30