Compare commits

...

1865 Commits

Author SHA1 Message Date
vmatsiiako
3f3c15d715 Merge pull request #1713 from Infisical/integrations-update
Integration improvements
2024-04-21 18:00:59 -07:00
Tuan Dang
ca453df9e9 Minor updates to integration update PR 2024-04-21 17:36:54 -07:00
Vladyslav Matsiiako
c959fa6fdd add initial sync options to terraform cloud integration 2024-04-20 21:40:07 -07:00
Vladyslav Matsiiako
d11ded9abc allow specifying of aws kms key 2024-04-20 18:40:56 -07:00
Vladyslav Matsiiako
714a3186a9 allowed creating of multiple tags 2024-04-19 17:46:33 -07:00
vmatsiiako
20d1572220 Update user-identities.mdx 2024-04-19 16:47:22 -07:00
vmatsiiako
21290d8e6c Update user-identities.mdx 2024-04-19 16:44:57 -07:00
Maidul Islam
a087deb1eb Update envars.mdx 2024-04-18 22:03:14 -04:00
Maidul Islam
7ce283e891 Merge pull request #1710 from Infisical/daniel/dashboard
Chore: Documentation
2024-04-18 21:19:52 -04:00
Daniel Hougaard
52cf38449b Chore: Documentation 2024-04-19 03:08:55 +02:00
BlackMagiq
8d6f76698a Merge pull request #1709 from Infisical/docs-auth
Add security/description to project endpoint schemas for API reference
2024-04-18 17:11:08 -07:00
Tuan Dang
71cc84c9a5 Add security/description to project endpoint schemas 2024-04-18 17:06:35 -07:00
BlackMagiq
5d95d7f31d Merge pull request #1708 from Infisical/vercel-pagination
Add pagination to getAppsVercel
2024-04-18 16:24:23 -07:00
Tuan Dang
2f15e0e767 Add pagination to getAppsVercel 2024-04-18 16:20:51 -07:00
Daniel Hougaard
6e1b29025b Fix: Invite project member 2024-04-19 00:33:51 +02:00
Daniel Hougaard
fcc18996d3 Merge pull request #1706 from Infisical/daniel/fix-breaking-change-check
Fix: API Breaking Change Check
2024-04-18 23:39:50 +02:00
Daniel Hougaard
bcaafcb49f Update dynamic-secret-lease-router.ts 2024-04-18 23:38:48 +02:00
Daniel Hougaard
b4558981c1 Fix: Check EE routes for changes too 2024-04-18 23:35:27 +02:00
Daniel Hougaard
64099908eb Trigger test 2024-04-18 23:32:23 +02:00
Daniel Hougaard
98e0c1b4ca Update package-lock.json 2024-04-18 23:30:17 +02:00
vmatsiiako
4d1a41e24e Merge pull request #1699 from Infisical/imported-secret-icon
Feat: Tags for AWS integrations
2024-04-18 14:26:33 -07:00
vmatsiiako
43f676b078 Merge pull request #1704 from Infisical/daniel/remove-api-key-auth-docs
Feat: Remove API Key auth docs
2024-04-18 14:19:38 -07:00
Maidul Islam
130ec68288 Merge pull request #1697 from akhilmhdh/docs/dynamic-secret
docs: updated dynamic secret mysql doc and improved explanation for renew and revoke
2024-04-18 17:17:57 -04:00
Maidul Islam
c4d5c1a454 polish dynamic secrets docs 2024-04-18 17:16:15 -04:00
Maidul Islam
e2a447dd05 fix image paths 2024-04-18 16:26:59 -04:00
Maidul Islam
2522cc1ede Merge pull request #1696 from akhilmhdh/dynamic-secret/oracle
feat: dynamic secret for oracle
2024-04-18 16:05:53 -04:00
Maidul Islam
56876a77e4 correct comments phrase 2024-04-18 16:03:11 -04:00
Maidul Islam
0111ee9efb Merge pull request #1700 from akhilmhdh/feat/cli-template
feat(cli): added template feature to cli export command
2024-04-18 15:46:33 -04:00
Maidul Islam
581ffc613c add go lang add/minus functions and give better example 2024-04-18 15:45:20 -04:00
Daniel Hougaard
03848b30a2 Feat: Remove API key auth documentation 2024-04-18 20:51:31 +02:00
Daniel Hougaard
5537b00a26 Fix: Remove security field from schema due to api key-only auth 2024-04-18 20:51:18 +02:00
Daniel Hougaard
d71d59e399 Feat: Remove API key documentation 2024-04-18 20:50:52 +02:00
Daniel Hougaard
8f8553760a Feat: Remove API key auth documentation 2024-04-18 20:49:12 +02:00
Daniel Hougaard
708c2af979 Fix: Remove documentation for API-key only endpoints 2024-04-18 20:48:38 +02:00
Akhil Mohan
afa1e7e139 docs: added oracle dynamic secret documentation 2024-04-18 13:29:38 +05:30
Akhil Mohan
2aea73861b feat(cli): added template feature to cli export command 2024-04-18 13:09:09 +05:30
Akhil Mohan
2002db2007 feat: updated oracle sql username generation to uppercase 2024-04-18 11:36:27 +05:30
Vladyslav Matsiiako
26148b633b added tags for aws integrations 2024-04-17 21:34:54 -07:00
Maidul Islam
4b463c6fde Merge pull request #1698 from Infisical/imported-secret-icon
fixed import icon in the overview dashboard
2024-04-17 15:05:14 -04:00
Vladyslav Matsiiako
e6823c520e fixed import icon in the overview dashboard 2024-04-17 12:50:14 -06:00
Akhil Mohan
ab83e61068 feat: updated statements for oracle and adjusted the username and password generator for oracle 2024-04-17 23:09:58 +05:30
Maidul Islam
e973a62753 Merge pull request #1684 from akhilmhdh/chore/drop-role-field
chore: rolling migration removed role and roleId field from project membership and identity project membership
2024-04-17 11:41:59 -04:00
Akhil Mohan
08420cc38d docs: updated dynamic secret mysql doc and improved explanation for renew and revoke 2024-04-17 19:49:30 +05:30
vmatsiiako
94fa294455 Update email-password.mdx 2024-04-17 08:13:05 -06:00
vmatsiiako
be63e538d7 Update email-password.mdx 2024-04-17 08:11:49 -06:00
Akhil Mohan
62aa23a059 feat: dynamic secret for oracle 2024-04-17 18:59:25 +05:30
Maidul Islam
02e423f52c remove old deployment options 2024-04-17 01:16:47 -04:00
Maidul Islam
3cb226908b Merge pull request #1693 from Infisical/on-premise-architecure
on prem architecture
2024-04-17 00:56:59 -04:00
Maidul Islam
ba37b1c083 on prem reference 2024-04-17 00:55:37 -04:00
Maidul Islam
d23b39abba Merge pull request #1692 from Infisical/daniel/cli-fix
Hotfix: CLI run command null pointer reference crash
2024-04-16 14:33:24 -04:00
Daniel Hougaard
de92ba157a Update run.go 2024-04-16 20:30:03 +02:00
Maidul Islam
dadea751e3 Merge pull request #1685 from Infisical/snyk-fix-f3ea1a09d48832703f1fbc7b1eb0a4a3
[Snyk] Security upgrade mysql2 from 3.9.1 to 3.9.4
2024-04-16 13:44:26 -04:00
Maidul Islam
0ff0357a7c Merge pull request #1630 from Infisical/daniel/cli-ua-support
Feat: Machine Identity support for CLI commands
2024-04-16 13:28:00 -04:00
Maidul Islam
85f257b4db add tip to only print token 2024-04-16 13:24:39 -04:00
Maidul Islam
18d7a14e3f add silent flag 2024-04-16 13:21:05 -04:00
vmatsiiako
ff4d932631 Update aws-amplify.mdx 2024-04-16 10:27:09 -06:00
Maidul Islam
519f0025c0 Update aws-amplify.mdx 2024-04-16 11:31:18 -04:00
Maidul Islam
d8d6d7dc1b Merge pull request #1687 from akhilmhdh/docs/aws-amplify-integration
docs: added aws amplify integration documentation
2024-04-16 11:21:38 -04:00
Daniel Hougaard
a975fbd8a4 Fix: Moved comments 2024-04-16 10:16:23 +02:00
Daniel Hougaard
3a6ec3717b Fix: Use constant identifiers 2024-04-16 10:15:07 +02:00
Daniel Hougaard
a4a961996b Fix: Formatting and plain token output 2024-04-16 10:14:41 +02:00
Akhil Mohan
5b4777c1a5 docs: updated cli build command and image on env console 2024-04-16 12:06:09 +05:30
Maidul Islam
2f526850d6 edits to aws amplify docs 2024-04-16 01:20:52 -04:00
Maidul Islam
4f5d31d06f edit aws amplify docs 2024-04-16 00:56:39 -04:00
Maidul Islam
a8264b17e4 Merge pull request #1689 from akhilmhdh/dynamic-secret/mysql
Dynamic secret mysql support
2024-04-15 15:51:17 -04:00
Maidul Islam
cb66733e6d remove password expire 2024-04-15 15:47:56 -04:00
Akhil Mohan
40a0691ccb feat(ui): added mysql dynamic secret 2024-04-15 19:35:29 +05:30
Akhil Mohan
6410d51033 feat(server): added mysql dynamic secret server logic 2024-04-15 19:34:47 +05:30
Akhil Mohan
bc30ba9ad1 docs: added aws amplify integration documentation 2024-04-15 14:59:44 +05:30
Maidul Islam
a0259712df Update aws-ecs.mdx 2024-04-15 03:36:12 -04:00
Maidul Islam
1132d07dea Merge pull request #1686 from Infisical/aws-reference-guide-ecs
AWS ECS reference architecture
2024-04-15 03:24:26 -04:00
Maidul Islam
1f0b1964b9 ecs reference architecture 2024-04-15 03:23:58 -04:00
snyk-bot
690e72b44c fix: backend/package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MYSQL2-6591085
2024-04-14 23:08:40 +00:00
Akhil Mohan
e2967f5e61 chore: added volume mount to migration docker dev image 2024-04-15 02:24:14 +05:30
Akhil Mohan
97afc4ff51 feat: added back username field in response for project users 2024-04-15 02:23:36 +05:30
Akhil Mohan
c47a91715f chore: rolling migration removed role and roleId field from project membership and identity project membership 2024-04-15 02:16:11 +05:30
Maidul Islam
fbc7b34786 Merge pull request #1683 from akhilmhdh/fix/audit-log-latency
fix: resolved slow audit log list
2024-04-14 11:54:11 -04:00
Akhil Mohan
9e6641c058 fix: resolved slow audit log list 2024-04-14 18:38:42 +05:30
Maidul Islam
d035403af1 Update kubernetes.mdx 2024-04-12 14:07:31 -04:00
Tuan Dang
1af0d958dd Update migration order for group 2024-04-12 10:50:06 -07:00
Maidul Islam
66a51658d7 Merge pull request #1682 from Infisical/k8s-owner-policy
add docs for owner policy
2024-04-12 12:52:09 -04:00
Maidul Islam
28dc3a4b1c add docs for owner policy 2024-04-12 12:49:45 -04:00
BlackMagiq
b27cadb651 Merge pull request #1638 from Infisical/groups
User Groups
2024-04-12 08:28:10 -07:00
Maidul Islam
3dca82ad2f Merge pull request #1680 from Infisical/daniel/recursive-max-depth
Fix: Hard limit on recursive secret fetching
2024-04-12 10:38:38 -04:00
Maidul Islam
1c90df9dd4 add log for secrets depth breakout 2024-04-12 10:34:59 -04:00
Maidul Islam
e15c9e72c6 allow inetgrations list fetch via UA 2024-04-12 10:06:16 -04:00
Daniel Hougaard
71575b1d2e Fix: Secret interpolation not working as intended for fetching secrets by name 2024-04-12 14:05:43 +02:00
Daniel Hougaard
51f164c399 Chore: Add debug logs 2024-04-12 13:42:42 +02:00
Daniel Hougaard
702cd0d403 Update secret-fns.ts 2024-04-12 13:31:48 +02:00
Daniel Hougaard
75267987fc Fix: Add recursive search max depth (20) 2024-04-12 13:28:03 +02:00
Daniel Hougaard
d734a3f6f4 Fix: Add hard recursion limit to documentation 2024-04-12 13:15:42 +02:00
vmatsiiako
cbb749e34a Update list-project-integrations.mdx 2024-04-11 23:52:25 -04:00
Tuan Dang
4535c1069a Fix merge conflicts 2024-04-11 20:46:14 -07:00
Tuan Dang
747acfe070 Resolve PR review issues 2024-04-11 20:44:38 -07:00
Tuan Dang
fa1b236f26 Disallow adding groups to E2EE projects 2024-04-11 19:52:10 -07:00
Tuan Dang
c98ef0eca8 Add pagination for user assignment modal 2024-04-11 19:33:19 -07:00
Maidul Islam
9f23106c6c Update list-project-integrations.mdx 2024-04-11 20:49:31 -04:00
Maidul Islam
1e7744b498 Merge pull request #1679 from Infisical/list-project-integrations-api
Expose List integratiosn API
2024-04-11 20:20:22 -04:00
Daniel Hougaard
44c736facd Fix: Updated descriptions 2024-04-12 02:15:23 +02:00
Daniel Hougaard
51928ddb47 Fix: OpenAPI doc descriptions structure 2024-04-12 02:15:11 +02:00
Daniel Hougaard
c7cded4af6 Merge pull request #1678 from Infisical/daniel/workspace-endpoint-fix
FIx: Fetching workspaces with no environments
2024-04-12 01:54:06 +02:00
Daniel Hougaard
8b56e20b42 Fix: Removed icon 2024-04-12 01:49:59 +02:00
Daniel Hougaard
39c2c37cc0 Remove log 2024-04-12 01:49:28 +02:00
Daniel Hougaard
3131ae7dae Feat: Disable integration creation when no environments are present on project 2024-04-12 01:46:19 +02:00
Daniel Hougaard
5315a67d74 Feat: Disable integration creation when no environments are present on project 2024-04-12 01:46:11 +02:00
Maidul Islam
79de7f9f5b expose list integrations api 2024-04-11 19:41:55 -04:00
Daniel Hougaard
71ffed026d FIx: Fetching workspaces with no environments 2024-04-12 00:52:22 +02:00
Vladyslav Matsiiako
ee98b15e2b fix typo 2024-04-11 17:43:13 -05:00
Maidul Islam
945d81ad4b update aws SES docs 2024-04-11 16:28:02 -04:00
Tuan Dang
ff8354605c Patch getProjectPermission 2024-04-11 13:00:50 -07:00
Tuan Dang
09b63eee90 Merge remote-tracking branch 'origin' into groups 2024-04-11 11:42:01 -07:00
Maidul Islam
d175256bb4 Merge pull request #1677 from Infisical/integration-auth-del-update
Integration Auth deletion upon Integration deletion
2024-04-11 14:30:31 -04:00
Tuan Dang
ee0c79d018 Delete integration auth upon integration deletion if no other integrations share the same auth 2024-04-11 11:25:28 -07:00
Maidul Islam
d5d7564550 Merge pull request #1643 from akhilmhdh/feat/import-sync-secret
fix(server): added sync secret for imports and added check for avoid cyclic import
2024-04-11 10:16:30 -04:00
Maidul Islam
0db682c5f0 remove depth from exceed message 2024-04-11 10:11:05 -04:00
Tuan Dang
a01a995585 Add comments to explain new getIntegrationSecrets 2024-04-11 10:11:05 -04:00
Tuan Dang
2ac785493a Add comments to explain new getIntegrationSecrets 2024-04-10 21:52:33 -07:00
Tuan Dang
85489a81ff Add resync on integration import creation/deletion and update forward/backward recursive logic for syncing dependent imports 2024-04-10 21:18:26 -07:00
Maidul Islam
7116c85f2c remove note 2024-04-09 20:51:19 -04:00
Maidul Islam
31e4da0dd3 Merge pull request #1672 from JunedKhan101/main
docs: fixed another broken link
2024-04-09 09:47:07 -07:00
Tuan Dang
f255d891ae Merge remote-tracking branch 'origin' into feat/import-sync-secret 2024-04-09 08:40:10 -07:00
Juned Khan
4774469244 docs: fixed another broken link 2024-04-09 14:05:45 +05:30
Maidul Islam
e143a31e79 Merge pull request #1670 from JunedKhan101/main
docs:fixed broken link
2024-04-08 17:45:51 -07:00
Daniel Hougaard
0baea4c5fd Draft 2024-04-08 15:18:15 -07:00
Maidul Islam
f6cc20b08b remove link from docs 2024-04-08 12:00:11 -07:00
Maidul Islam
90e125454e remove docs for e2ee 2024-04-08 11:58:48 -07:00
Maidul Islam
fbdf3dc9ce Merge pull request #1647 from akhilmhdh/doc/integration-api-guide
docs: added guide to setup integration with api
2024-04-08 11:56:19 -07:00
Maidul Islam
f333c905d9 revise generic integration docs 2024-04-08 11:55:38 -07:00
Maidul Islam
71e60df39a Merge pull request #1659 from agilesyndrome/fix_universalAuth_operatorinstall
fix: Run make kubectl-install
2024-04-08 10:18:00 -07:00
Maidul Islam
8b4d050d05 updated original value in replace script 2024-04-08 10:15:09 -07:00
Maidul Islam
3b4bb591a3 set default for NEXT_PUBLIC_SAML_ORG_SLUG 2024-04-08 09:25:37 -07:00
Maidul Islam
54f1a4416b add default value 2024-04-08 09:06:42 -07:00
Maidul Islam
47e3f1b510 Merge pull request #1661 from Infisical/saml-auto-redirect
add automatic SAML redirect
2024-04-08 08:22:04 -07:00
Juned Khan
5810b76027 docs:fixed broken link 2024-04-08 16:55:11 +05:30
Daniel Hougaard
246e6c64d1 Merge pull request #1668 from JunedKhan101/main
removed extra whitespace from error message
2024-04-07 16:05:31 -07:00
Juned Khan
4e836c5dca removed extra whitespace from error message 2024-04-07 17:41:39 +05:30
Maidul Islam
63a289c3be add saml org clug to standalone 2024-04-06 11:58:50 -07:00
Maidul Islam
0a52bbd55d add render once to use effect 2024-04-06 11:40:13 -07:00
Maidul Islam
593bdf74b8 patch notice 2024-04-06 10:57:08 -07:00
Maidul Islam
1f3742e619 update april_2024_db_update_closed 2024-04-06 10:39:21 -07:00
Maidul Islam
d6e5ac2133 maintenance postponed 2024-04-06 10:01:13 -07:00
Vladyslav Matsiiako
fea48518a3 removed new tag from identities 2024-04-05 19:01:54 -07:00
vmatsiiako
dde24d4c71 Merge pull request #1663 from Infisical/daniel/cli-improvements
Feat: CLI Improvements
2024-04-05 18:42:18 -07:00
Vladyslav Matsiiako
94d509eb01 fixed search bar with folders 2024-04-05 18:37:12 -07:00
Daniel Hougaard
8f1e662688 Feat: Added include imports to export command 2024-04-05 17:30:30 -07:00
Daniel Hougaard
dcbbb67f03 Feat: Added secret interpolation to get secret by name command 2024-04-05 17:30:19 -07:00
Vladyslav Matsiiako
055fd34c33 added baked env var 2024-04-05 17:25:25 -07:00
Tuan Dang
dc0d3b860e Continue making progress on SCIM groups 2024-04-05 17:20:17 -07:00
Daniel Hougaard
c0fb3c905e Docs: UA Auth Docs 2024-04-05 17:10:38 -07:00
Daniel Hougaard
18b0766d96 Update folders.go 2024-04-05 15:47:18 -07:00
Daniel Hougaard
b423696630 Feat: UA CLI Support 2024-04-05 15:22:48 -07:00
Daniel Hougaard
bf60489fde Feat: Added UA support to export command 2024-04-05 15:20:03 -07:00
Daniel Hougaard
85ea6d2585 Fix: Cleanup 2024-04-05 15:19:52 -07:00
Daniel Hougaard
a97737ab90 Feat: Folder support for Machine Identities 2024-04-05 15:19:44 -07:00
Daniel Hougaard
3793858f0a Feat: Export support for Machine Identities 2024-04-05 15:18:09 -07:00
Daniel Hougaard
66c48fbff8 Update model.go 2024-04-05 15:16:12 -07:00
Daniel Hougaard
b6b040375b Feat: UA CLI Support 2024-04-05 15:13:47 -07:00
Daniel Hougaard
9ad5e082e2 Feat: UA CLI support 2024-04-05 15:13:47 -07:00
Daniel Hougaard
f1805811aa Feat: Added token renew command 2024-04-05 15:13:47 -07:00
Daniel Hougaard
b135258cce Feat: Added UA support to secret commands 2024-04-05 15:13:47 -07:00
Daniel Hougaard
a651de53d1 Feat: Added UA support to run command 2024-04-05 15:13:00 -07:00
Daniel Hougaard
7d0a535f46 Feat: Added UA login support (defaults to 'user') 2024-04-05 15:12:32 -07:00
Daniel Hougaard
c4e3dd84e3 Feat: Added UA support to folder command 2024-04-05 15:12:32 -07:00
Daniel Hougaard
9193f13970 Feat: Added UA support to export command 2024-04-05 15:12:32 -07:00
Daniel Hougaard
016f22c295 Fix: Cleanup 2024-04-05 15:12:32 -07:00
Daniel Hougaard
4d7182c9b1 Fix: Removed unused struct and included secret type on secret response 2024-04-05 15:12:32 -07:00
Daniel Hougaard
6ea7b04efa Feat: Folder support for Machine Identities 2024-04-05 15:12:32 -07:00
Daniel Hougaard
3981d61853 Feat: Support for Machine Identities auth 2024-04-05 15:12:32 -07:00
Daniel Hougaard
3d391b4e2d Feat: Secrets cmd support for Machine Identities 2024-04-05 15:12:32 -07:00
Daniel Hougaard
4123177133 Feat: Run cmd support for Machine Identities 2024-04-05 15:09:38 -07:00
Daniel Hougaard
4d61188d0f Feat: Folder support for Machine Identities 2024-04-05 15:08:52 -07:00
Daniel Hougaard
fa33f35fcd Feat: Export support for Machine Identities 2024-04-05 15:08:52 -07:00
Daniel Hougaard
13629223fb Chore: Moved universalAuthLogin function to utils 2024-04-05 15:08:52 -07:00
Vladyslav Matsiiako
74fefa9879 add automatic SAML redirect 2024-04-05 14:39:31 -07:00
Vladyslav Matsiiako
ff2c8d017f add automatic SAML redirect 2024-04-05 14:29:50 -07:00
Daniel Hougaard
ba1f8f4564 Merge pull request #1660 from Infisical/fix/delete-role-error
Fix: Error handling when deleting roles that are assigned to identities or users
2024-04-05 11:15:25 -07:00
Daniel Hougaard
e26df005c2 Fix: Typo 2024-04-05 11:11:32 -07:00
Daniel Hougaard
aca9b47f82 Fix: Typo 2024-04-05 11:11:26 -07:00
Daniel Hougaard
a16ce8899b Fix: Check for identities and project users who has the selected role before deleting 2024-04-05 11:11:15 -07:00
Daniel Hougaard
b61511d100 Update index.ts 2024-04-05 11:10:54 -07:00
Tuan Dang
f8ea421a0e Add group deletion and (name) update support for SCIM integration 2024-04-05 10:13:47 -07:00
Vladyslav Matsiiako
a945bdfc4c update docs style 2024-04-05 10:07:42 -07:00
Tuan Dang
f7b8345da4 Fix merge conflicts 2024-04-05 09:04:30 -07:00
Drew Easley
f6d7ec52c2 fix: Run make kubectl-install 2024-04-05 08:10:38 -04:00
Daniel Hougaard
3f6999b2e3 Merge pull request #1657 from Infisical/rate-limit
Add new rate limits for API
2024-04-04 19:53:31 -07:00
Maidul Islam
9128461409 Merge pull request #1658 from Infisical/daniel/delete-duplicate-org-memberships-migration
Feat: Delete duplicate memberships migration
2024-04-04 19:19:39 -07:00
Daniel Hougaard
893235c40f Update 20240405000045_org-memberships-unique-constraint.ts 2024-04-04 18:43:32 -07:00
Tuan Dang
d3cdaa8449 Add new rate limits 2024-04-04 18:12:23 -07:00
BlackMagiq
e0f655ae30 Merge pull request #1656 from Infisical/fix/duplicate-org-memberships
Fix: Duplicate organization memberships
2024-04-04 17:10:55 -07:00
Daniel Hougaard
93aeca3a38 Fix: Add unique constraint on orgId and userId 2024-04-04 17:04:23 -07:00
Daniel Hougaard
1edebdf8a5 Fix: Improve create migration script 2024-04-04 17:04:06 -07:00
BlackMagiq
1017707642 Merge pull request #1655 from Infisical/project-limit
Remove plan cache upon create/delete project
2024-04-04 13:21:32 -07:00
Tuan Dang
5639306303 Remove plan cache upon create/delete project 2024-04-04 13:17:46 -07:00
Tuan Dang
b3a9661755 Merge main 2024-04-04 12:24:28 -07:00
BlackMagiq
72f50ec399 Merge pull request #1654 from Infisical/fix-additional-privilege-slug
Move default slug init for users/identities out of fastify schema
2024-04-04 12:22:31 -07:00
Tuan Dang
effc7a3627 Move default slug init for users/identities out of fastify schema 2024-04-04 12:18:10 -07:00
Tuan Dang
175ce865aa Move group migration to top 2024-04-04 12:06:10 -07:00
Tuan Dang
51f220ba2c Fix getProjectMembership to work with additional privileges 2024-04-04 11:20:39 -07:00
Tuan Dang
51819e57d1 Address merge conflicts 2024-04-04 10:01:19 -07:00
Maidul Islam
510c91cef1 Update infisical-agent.mdx 2024-04-04 09:34:31 -07:00
Vladyslav Matsiiako
9be5d89fcf added docs images 2024-04-03 22:55:47 -07:00
Vladyslav Matsiiako
94f4497903 update access request docs 2024-04-03 22:51:48 -07:00
Tuan Dang
e1d9f779b2 Remove role and roleId from group project membership 2024-04-03 20:30:14 -07:00
BlackMagiq
b5af5646ee Merge pull request #1653 from Infisical/pentest
Add separate rate limit to invite user to org
2024-04-03 18:48:24 -07:00
Tuan Dang
1554618167 Add separate rate limit to invite user 2024-04-03 18:46:29 -07:00
Maidul Islam
5fbfcdda30 Merge pull request #1651 from Infisical/daniel/cli-secrets-get-fix
Fix: CLI get secrets by name
2024-04-03 10:43:42 -07:00
Daniel Hougaard
cdbb3b9c47 Update secrets.go 2024-04-03 10:36:25 -07:00
Vladyslav Matsiiako
0042a95b21 update docs image 2024-04-03 09:08:53 -07:00
BlackMagiq
53233e05d4 Merge pull request #1648 from Infisical/keycloak
Add documentation + option for Keycloak SAML (self-hosted)
2024-04-02 16:42:41 -07:00
Tuan Dang
4f15f9c8d3 Add support for keycloak saml on self-hosted infisical 2024-04-02 16:35:37 -07:00
Maidul Islam
97223fabe6 Merge pull request #1617 from Infisical/daniel/improve-create-project
Feat: Recursively get all secrets from all folders in specified path
2024-04-02 13:50:16 -07:00
Maidul Islam
04b312cbe4 Merge pull request #1646 from akhilmhdh/fix/disable-role-button
fix(ui): resolved multi role modal button hiding clickable
2024-04-02 13:06:57 -07:00
Akhil Mohan
40bb9668fe docs: added guide to setup integration with api 2024-04-03 01:12:30 +05:30
Maidul Islam
97e5069cf5 Merge pull request #1645 from akhilmhdh/chore/specific-privilege-api-doc
docs: added api reference for specific privilege identity
2024-04-02 12:03:48 -07:00
Akhil Mohan
93146fcd96 fix(ui): resolved multi role modal button hiding clickable 2024-04-03 00:12:34 +05:30
Akhil Mohan
87d98de4c1 docs: added api reference for specific privilege identity 2024-04-02 23:54:51 +05:30
Maidul Islam
26f647b948 Merge pull request #1644 from akhilmhdh/chore/aws-ssm-api
AWS SSM integration api documentation
2024-04-02 09:22:50 -07:00
Maidul Islam
80b3cdd128 add examples to integration auth docs 2024-04-02 09:21:32 -07:00
Maidul Islam
8dd85a0d65 Update requirements.mdx 2024-04-02 07:07:36 -07:00
Akhil Mohan
17995d301a feat(doc): added integration and integration auth to api reference doc 2024-04-02 16:30:53 +05:30
Akhil Mohan
094b48a2b1 feat(server): updated integration and integration auth with description 2024-04-02 16:29:41 +05:30
Akhil Mohan
abd62867eb fix(server): resolved failing test in import 2024-04-02 13:55:26 +05:30
Akhil Mohan
179573a269 fix(server): added sync secret for imports and added check for avoiding cyclic import 2024-04-02 13:20:48 +05:30
Tuan Dang
457edef5fe Merge remote-tracking branch 'origin/groups' into groups 2024-04-01 11:34:30 -07:00
Tuan Dang
f0b84d5bc9 Begin add push groups SCIM 2024-04-01 11:30:25 -07:00
Maidul Islam
7b8bfe38f0 Merge pull request #1574 from akhilmhdh/feat/additional-privilege
feat: additional privilege for users and identity
2024-04-01 11:09:05 -07:00
Akhil Mohan
9903f7c4a0 feat: fixed wrong permission type in bulk api op 2024-04-01 23:34:25 +05:30
Akhil Mohan
42cd98d4d9 feat: changed update patch function to privilegeDetails for identity privilege 2024-04-01 23:13:08 +05:30
vmatsiiako
4b203e9ad3 Update postgresql.mdx 2024-04-01 10:26:25 -07:00
Daniel Hougaard
36bf1b2abc Fix: Renamed deep parameter to recursive 2024-04-01 10:10:49 -07:00
Daniel Hougaard
42fb732955 Fix: Renamed deep parameter to recursive 2024-04-01 10:10:34 -07:00
Daniel Hougaard
da2dcb347a Fix: Restructured recursive path functions as suggested by Akhil 2024-04-01 09:58:13 -07:00
Daniel Hougaard
b9482966cf Fix: Replaced merge with extend as proposed by Akhil 2024-04-01 09:52:49 -07:00
Vladyslav Matsiiako
1e4b4591ed fix images in docs 2024-04-01 09:15:04 -07:00
Akhil Mohan
9fddcea3db fix(ui): sending group users without orgid 2024-04-01 17:15:57 +05:30
Vladyslav Matsiiako
4a325d6d96 fix image links 2024-04-01 00:08:20 -07:00
Vladyslav Matsiiako
5e20573110 fix docs eyebrow 2024-03-31 23:44:35 -07:00
Vladyslav Matsiiako
f623c8159d documentation revamp 2024-03-31 23:37:57 -07:00
Maidul Islam
4323407da7 Update introduction.mdx 2024-03-30 08:43:10 -04:00
Daniel Hougaard
4c496d5e3d Update secret-service.ts 2024-03-30 08:40:43 +01:00
Tuan Dang
0c2e566184 Add docs for groups 2024-03-29 17:49:20 -07:00
Vladyslav Matsiiako
d68dc4c3e0 add type=password to integration api keys 2024-03-29 16:50:18 -07:00
Vladyslav Matsiiako
e64c579dfd update aws sm docs 2024-03-29 16:39:51 -07:00
Akhil Mohan
d0c0d5835c feat: splitted privilege create route into two for permanent and temp to get params shape in api doc 2024-03-30 01:31:17 +05:30
Akhil Mohan
af2dcdd0c7 feat: updated api description and changed slug to privilege slug 2024-03-29 23:51:26 +05:30
vmatsiiako
6c628a7265 Update aws-secret-manager.mdx 2024-03-29 10:49:10 -07:00
Akhil Mohan
00f2d40803 feat(ui): changed back to relative time distance with tooltip of detailed time 2024-03-29 22:36:46 +05:30
Vladyslav Matsiiako
0a66cbe729 updated docs 2024-03-29 00:10:29 -07:00
Vladyslav Matsiiako
7fec7c9bf5 update docs 2024-03-28 23:11:16 -07:00
Tuan Dang
38adc83f2b Rename group fns and add upgrade plan modal to project level groups tab 2024-03-28 20:54:25 -07:00
Tuan Dang
f2e5f1bb10 Fix lint issues 2024-03-28 20:22:58 -07:00
Vladyslav Matsiiako
d1afec4f9a inject secrets from secret imports into integrations 2024-03-28 20:13:46 -07:00
Tuan Dang
9460eafd91 Add API specs to groups endpoints, convert projectId groups endpoints to be slug-based 2024-03-28 18:21:12 -07:00
Vladyslav Matsiiako
31ad6b0c86 update style 2024-03-28 18:17:59 -07:00
Tuan Dang
8afecac7d8 Rely on actorOrgId for group orgId refs 2024-03-28 17:00:33 -07:00
Tuan Dang
bf13b81c0f Fix type issues 2024-03-28 12:55:18 -07:00
Tuan Dang
c753a91958 run linter 2024-03-28 12:44:44 -07:00
Tuan Dang
695a4a34b5 Fix merge conflicts 2024-03-28 12:41:34 -07:00
Tuan Dang
372f71f2b0 Add/remove bulk users to projects upon add/remove users to/from groups 2024-03-28 12:18:44 -07:00
Akhil Mohan
e46256f45b feat: added description for all api endpoints 2024-03-28 19:55:12 +05:30
Akhil Mohan
64e868a151 feat(ui): updated ui with identity privilege hooks and new role form 2024-03-28 19:55:12 +05:30
Akhil Mohan
c8cbcaf10c feat(server): added identity privilege route changes with project slug 2024-03-28 19:55:12 +05:30
Akhil Mohan
51716336c2 feat(ui): updated ui with new role form for users 2024-03-28 19:55:12 +05:30
Akhil Mohan
6b51c7269a feat(server): removed name and description and fixed api for user privileges 2024-03-28 19:55:12 +05:30
Akhil Mohan
f551a4158d feat: resolved upstream rebase conflict 2024-03-28 19:55:12 +05:30
Vladyslav Matsiiako
e850b82fb3 improved admin dashboard UI 2024-03-28 19:55:12 +05:30
Akhil Mohan
8f85f292db feat: improved slug with a default generator for ui and server 2024-03-28 19:55:12 +05:30
Akhil Mohan
5f84de039f feat(ui): finished ui for identity additional privilege 2024-03-28 19:55:12 +05:30
Akhil Mohan
8529fac098 feat(server): completed identity additional privilege 2024-03-28 19:55:12 +05:30
Akhil Mohan
81cf19cb4a feat(ui): completed ui for user additional privilege 2024-03-28 19:54:00 +05:30
Akhil Mohan
edbe1c8eae feat(ui): hook for new user additional privilege 2024-03-28 19:54:00 +05:30
Akhil Mohan
a5039494cd feat(server): completed routes for user additional privilege 2024-03-28 19:54:00 +05:30
Akhil Mohan
a908471e66 feat(server): completed user additional privilege services 2024-03-28 19:54:00 +05:30
Akhil Mohan
84204c3c37 feat(server): added new user additional migration and schemas 2024-03-28 19:54:00 +05:30
Vladyslav Matsiiako
4931e8579c fix image link 2024-03-27 23:13:07 -07:00
Maidul Islam
20dc243fd9 Merge pull request #1634 from Infisical/maintenanceMode
add maintenance mode
2024-03-27 21:23:51 -04:00
Maidul Islam
785a1389d9 add maintenance mode 2024-03-27 21:19:21 -04:00
Maidul Islam
5a3fc3568a fix typo for maintenance 2024-03-27 18:55:27 -04:00
Maidul Islam
497601e398 Update overview.mdx 2024-03-27 15:59:04 -04:00
Tuan Dang
0da6262ead Complete logic for user provisioning/deprovisioning to projects with groups 2024-03-27 10:53:51 -07:00
Maidul Islam
8db019d2fe update dynamic secret doc 2024-03-27 13:53:41 -04:00
Maidul Islam
07d1d91110 Merge pull request #1631 from akhilmhdh/fix/dyn-superuser-remove
fix(server): resolved failing to use dynamic secret due to superuser
2024-03-27 11:19:51 -04:00
Maidul Islam
bb506fff9f remove assign statement 2024-03-27 11:11:10 -04:00
Akhil Mohan
7a561bcbdf feat(server): moved dynamic secret to ee 2024-03-27 15:00:16 +05:30
Akhil Mohan
8784f80fc1 fix(ui): updated error message on create dynamic secret 2024-03-27 14:25:56 +05:30
Akhil Mohan
0793e70c26 fix(server): resolved failing to use dynamic secret due to superuser 2024-03-27 14:25:39 +05:30
Vladyslav Matsiiako
99f8799ff4 Merge branch 'main' of https://github.com/Infisical/infisical 2024-03-26 22:55:57 -07:00
Vladyslav Matsiiako
3f05c8b7ae updated dynamic secrets docs 2024-03-26 22:55:47 -07:00
Maidul Islam
6bd624a0f6 fix dynamic secret config edit 2024-03-26 22:33:55 -04:00
Vladyslav Matsiiako
4a11096ea8 update dynamic secrets docs 2024-03-26 18:58:02 -07:00
Vladyslav Matsiiako
1589eb8e03 fix link typo 2024-03-26 18:56:14 -07:00
Vladyslav Matsiiako
b370d6e415 fix link typos 2024-03-26 18:37:00 -07:00
Vladyslav Matsiiako
65937d6a17 update docs and fix typos 2024-03-26 18:26:18 -07:00
Maidul Islam
d20bc1b38a turn paywall on dynamic secret 2024-03-26 17:53:47 -04:00
Maidul Islam
882ad8729c Merge pull request #1629 from Infisical/dynamic-1
allow viewer to generate and list dynamic secret
2024-03-26 17:51:26 -04:00
Maidul Islam
0fdf5032f9 allow viewer to create and list dynamic secret 2024-03-26 17:50:06 -04:00
Maidul Islam
75d9463ceb Merge pull request #1628 from Infisical/maintenanceApril2024
add maintenance notice
2024-03-26 15:41:40 -04:00
Maidul Islam
e258b84796 move to weekend 2024-03-26 15:37:24 -04:00
Maidul Islam
1ab6b21b25 add maintenance notice for april 2024-03-26 15:22:55 -04:00
Maidul Islam
775037539e update docs to include HA for infisical cloud 2024-03-26 14:48:41 -04:00
Daniel Hougaard
4f05e4ce93 Fix test case 2024-03-26 19:41:48 +01:00
Daniel Hougaard
2e8680c5d4 Update secret-service.ts 2024-03-26 19:36:18 +01:00
Daniel Hougaard
e5136c9ef5 Feat: Recursively get all secrets 2024-03-26 19:36:18 +01:00
Daniel Hougaard
812fe5cf31 Feat: Recursively get all secrets 2024-03-26 19:36:18 +01:00
Daniel Hougaard
50082e192c Feat: Recursively get all secrets, findByFolderIds DLA 2024-03-26 19:35:45 +01:00
Daniel Hougaard
1e1b5d655e Fix: Refactored secret fetching to be more performant 2024-03-26 19:35:45 +01:00
Daniel Hougaard
3befd90723 Fix: Refactor to in-memory approach 2024-03-26 19:35:45 +01:00
Daniel Hougaard
88549f4030 Feat: Deep search support 2024-03-26 19:35:45 +01:00
Daniel Hougaard
46a638cc63 FIx: Rename parameter from recursive to deep 2024-03-26 19:35:45 +01:00
Daniel Hougaard
566f7e4c61 Feat: Recursively get all secrets from inside path 2024-03-26 19:35:45 +01:00
Daniel Hougaard
9ff3210ed6 Feat: Recursively get all secrets from inside path 2024-03-26 19:35:12 +01:00
Daniel Hougaard
f91a6683c2 Fix: Rename parameter 2024-03-26 19:35:12 +01:00
Daniel Hougaard
c29cb667d7 Feat: Recursively get secrets from all nested secret paths 2024-03-26 19:35:12 +01:00
Maidul Islam
7c623562e1 Merge pull request #1627 from akhilmhdh/feat/dyn-sec-overview
feat: added dynamic secret to overview page
2024-03-26 14:14:02 -04:00
Akhil Mohan
aef8d79101 feat: added dynamic secret to overview page 2024-03-26 23:40:41 +05:30
Maidul Islam
d735ec71b8 Merge pull request #1626 from jacobwgillespie/optimize-docker-builds
chore(ci): optimize Depot build workflows
2024-03-26 12:36:15 -04:00
Jacob Gillespie
84651d473b chore(ci): optimize Depot build workflows 2024-03-26 16:22:07 +00:00
Daniel Hougaard
9501386882 Merge pull request #1625 from Infisical/daniel/missing-changes
Fix: Minor naming changes
2024-03-26 17:11:03 +01:00
Daniel Hougaard
d11f958443 Requested changes 2024-03-26 17:07:25 +01:00
Maidul Islam
087a4bb7d2 Merge pull request #1624 from akhilmhdh/feat/ui-notification-errors
New toast notification for ui
2024-03-26 11:41:10 -04:00
Maidul Islam
750210e6c3 update doc item title 2024-03-26 11:22:11 -04:00
Maidul Islam
90cf4e9137 update license docs 2024-03-26 11:21:40 -04:00
Maidul Islam
17bb2e8a7d set dynamic secret to true 2024-03-26 10:26:22 -04:00
Akhil Mohan
b912cd585c feat(ui): resolved dynamic secret merge conflict 2024-03-26 19:45:52 +05:30
Akhil Mohan
282434de8e feat(ui): changed to a better toast for ui and a global error handler for all server error messages 2024-03-26 19:37:13 +05:30
Maidul Islam
1f939a5e58 Merge pull request #1611 from akhilmhdh/feat/pg-dynamic-secret
Dynamic secret #Postgres
2024-03-26 09:57:31 -04:00
Maidul Islam
ac0f5369de inject license server and fix wording 2024-03-26 09:53:43 -04:00
Maidul Islam
6eba64c975 fix merge 2024-03-26 09:41:32 -04:00
Maidul Islam
12515c1866 Merge branch 'main' into feat/pg-dynamic-secret 2024-03-26 09:30:30 -04:00
Akhil Mohan
c882da2e1a feat: added license check for dynamic secret 2024-03-26 14:35:19 +05:30
Akhil Mohan
8a7774f9ac feat(ui): updated api changes made 2024-03-26 14:10:25 +05:30
Akhil Mohan
a7d2ec80c6 feat(server): updated dynamic secret names from feedback, added describe and fixed login not working 2024-03-26 13:18:31 +05:30
Maidul Islam
494543ec53 Delete .github/workflows/build-staging-and-deploy.yml 2024-03-26 00:01:39 -04:00
Maidul Islam
b7b875b6a7 add prod creds to pipeline 2024-03-25 21:23:53 -04:00
Maidul Islam
3ddd06a3d1 Revert "Update build-staging-and-deploy-aws.yml"
This reverts commit a1a8364cd1.
2024-03-25 21:16:33 -04:00
Maidul Islam
a1a8364cd1 Update build-staging-and-deploy-aws.yml 2024-03-25 21:12:50 -04:00
Daniel Hougaard
3e51fcb546 Merge pull request #1623 from Infisical/daniel/secret-tags-docs
Feat: Standalone tag attaching & detaching
2024-03-26 01:14:00 +01:00
Daniel Hougaard
c52a16cc47 Update constants.ts 2024-03-25 21:56:53 +01:00
Daniel Hougaard
f91c77baa3 Docs: Attach / Detach tags 2024-03-25 21:53:39 +01:00
Daniel Hougaard
e7c2f6f88c Docs: Expose tags endpoints 2024-03-25 21:48:54 +01:00
Daniel Hougaard
f7c2d38aef Feat: (Standalone) Attach / Detach tags from secrets 2024-03-25 21:48:14 +01:00
Daniel Hougaard
cfb497dd58 Feat: Get secret tags by secret ID 2024-03-25 21:47:23 +01:00
Daniel Hougaard
f7122c21fd Fix: Allow query function to be called with undefined orgId, and handle it as an error 2024-03-25 21:43:08 +01:00
Daniel Hougaard
b23deca8e4 Feat: Attach/Detach tags to secret 2024-03-25 21:42:32 +01:00
Daniel Hougaard
b606990dfb Update secret-tag-router.ts 2024-03-25 21:41:12 +01:00
Daniel Hougaard
2240277243 Feat: Standalone tags documentation 2024-03-25 21:40:45 +01:00
Maidul Islam
c8c5caba62 Update Chart.yaml 2024-03-25 13:48:17 -04:00
Maidul Islam
f408a6f60c Update values.yaml 2024-03-25 13:48:01 -04:00
Maidul Islam
391ed0ed74 Update build-staging-and-deploy-aws.yml 2024-03-25 11:15:39 -04:00
Daniel Hougaard
aef40212d2 Merge pull request #1528 from rhythmbhiwani/cli-fix-update-vars
Fixed CLI issue of updating variables using `infisical secrets set`
2024-03-25 15:30:47 +01:00
Akhil Mohan
5aa7cd46c1 Merge pull request #1594 from Salman2301/feat-cloudflare-secret-path
feat: add support for secret path for cloudflare page
2024-03-25 11:37:00 +05:30
Maidul Islam
6c0b916ad8 set version to short commit sha 2024-03-25 01:54:53 -04:00
Akhil Mohan
d7bc80308d Merge pull request #1566 from Salman2301/fix-typo-input
fix class name typo
2024-03-25 11:14:55 +05:30
Akhil Mohan
b7c7b242e8 Merge pull request #1578 from Salman2301/fix-select-key-nav
fix: add highlighted style for select component
2024-03-25 11:13:48 +05:30
Vladyslav Matsiiako
b592f4cb6d update ui 2024-03-24 22:00:30 -07:00
Akhil Mohan
cd0e1a87cf feat(server): resolved lint issue 2024-03-25 01:06:43 +05:30
Akhil Mohan
b5d7699b8d feat(ui): made changes from feedback and force delete feature 2024-03-25 00:50:26 +05:30
Akhil Mohan
69297bc16e feat(server): added limit to leases creation and support for force delete when external system fails to comply 2024-03-25 00:49:48 +05:30
Maidul Islam
37827367ed Merge pull request #1622 from Infisical/daniel/mi-project-creation-bug
Fix: Creating projects with Machine Identities that aren't org admins
2024-03-24 14:46:23 -04:00
Maidul Islam
403b1ce993 Merge pull request #1620 from Infisical/daniel/e2ee-button
Feat: Deprecate E2EE mode switching
2024-03-24 14:33:44 -04:00
Daniel Hougaard
c3c0006a25 Update project-service.ts 2024-03-24 17:15:10 +01:00
Maidul Islam
2241908d0a fix lining for gha 2024-03-24 00:52:21 -04:00
Maidul Islam
59b822510c update job names gha 2024-03-24 00:50:40 -04:00
Maidul Islam
d1408aff35 update pipeline 2024-03-24 00:49:47 -04:00
Maidul Islam
c67084f08d combine migration job with deploy 2024-03-24 00:47:46 -04:00
Maidul Islam
a280e002ed add prod deploy 2024-03-24 00:35:10 -04:00
Maidul Islam
76c4a8660f Merge pull request #1621 from redcubie/patch-1
Move DB_CONNECTION_URI to make sure DB credentials are initialized
2024-03-23 12:59:27 -04:00
redcubie
8c54dd611e Move DB_CONNECTION_URI to make sure DB credentials are initialized 2024-03-23 18:49:15 +02:00
Akhil Mohan
98ea2c1828 feat(agent): removed 5s polling algorithm to a simple one 2024-03-23 21:10:42 +05:30
Maidul Islam
5c75f526e7 Update build-staging-and-deploy-aws.yml 2024-03-22 17:18:45 -04:00
Maidul Islam
113e777b25 add wait for ecs 2024-03-22 16:16:22 -04:00
Maidul Islam
2a93449ffe add needs[] for gamm deploy gha 2024-03-22 14:56:38 -04:00
Maidul Islam
1ef1c042da add back other build steps 2024-03-22 14:55:55 -04:00
Daniel Hougaard
b64672a921 Update E2EESection.tsx 2024-03-22 19:33:53 +01:00
Daniel Hougaard
227e013502 Feat: Deprecate E2EE mode switching 2024-03-22 19:31:41 +01:00
Akhil Mohan
88f7e4255e feat(agent): added dynamic secret change based re-trigger 2024-03-22 23:59:08 +05:30
Maidul Islam
44ca8c315e remove all stages except deploy in gha 2024-03-22 14:12:13 -04:00
Daniel Hougaard
7766a7f4dd Merge pull request #1619 from Infisical/daniel/mi-ux-fix
Update IdentityModal.tsx
2024-03-22 18:56:07 +01:00
Daniel Hougaard
3cb150a749 Update IdentityModal.tsx 2024-03-22 18:27:57 +01:00
Maidul Islam
9e9ce261c8 give gha permission to update git token 2024-03-22 12:59:51 -04:00
Maidul Islam
fab7167850 update oidc audience 2024-03-22 12:54:27 -04:00
Akhil Mohan
c7de9aab4e Merge pull request #1618 from Infisical/gha-aws-pipeline
deploy to ecs using OIDC with aws
2024-03-22 22:13:09 +05:30
Maidul Islam
3560346f85 update step name 2024-03-22 12:42:32 -04:00
Maidul Islam
f0bf2f8dd0 seperate aws rds uri 2024-03-22 12:38:10 -04:00
Maidul Islam
2a6216b8fc deploy to ecs using OIDC with aws 2024-03-22 12:29:07 -04:00
Akhil Mohan
a07d055347 feat(agent): added agent template support to pull dynamic secret 2024-03-22 19:29:24 +05:30
Akhil Mohan
c05230f667 Merge pull request #1616 from Infisical/wait-for-job-helm
Update Chart.yaml
2024-03-22 19:03:32 +05:30
Maidul Islam
d68055a264 Update Chart.yaml
Update to multi arch and rootless
2024-03-22 09:28:44 -04:00
Akhil Mohan
e3e62430ba feat: changed the whole api from projectid to slug 2024-03-22 14:18:12 +05:30
Maidul Islam
dc6056b564 Merge pull request #1614 from francodalmau/fix-environment-popups-cancel-action
Fix add and update environment popups cancel button
2024-03-21 21:28:28 -04:00
franco_dalmau
94f0811661 Fix add and update environment popups cancel button 2024-03-21 20:09:57 -03:00
Maidul Islam
7b84ae6173 Update Chart.yaml 2024-03-21 15:08:38 -04:00
Maidul Islam
5710a304f8 Merge pull request #1533 from Infisical/daniel/k8-operator-machine-identities
Feat: K8 Operator Machine Identity Support
2024-03-21 15:01:50 -04:00
Daniel Hougaard
91e3bbba34 Fix: Requested changes 2024-03-21 19:58:10 +01:00
Daniel Hougaard
02112ede07 Fix: Requested changes 2024-03-21 19:53:21 +01:00
Daniel Hougaard
08cfbf64e4 Fix: Error handing 2024-03-21 19:37:12 +01:00
Daniel Hougaard
18da522b45 Chore: Helm charts 2024-03-21 18:35:00 +01:00
Daniel Hougaard
8cf68fbd9c Generated 2024-03-21 17:12:42 +01:00
Daniel Hougaard
d6b82dfaa4 Fix: Rebase sample conflicts 2024-03-21 17:09:41 +01:00
Daniel Hougaard
7bd4eed328 Chore: Generate K8 helm charts 2024-03-21 17:08:01 +01:00
Daniel Hougaard
0341c32da0 Fix: Change credentials -> credentialsRef 2024-03-21 17:08:01 +01:00
Daniel Hougaard
caea055281 Feat: Improve K8 docs 2024-03-21 17:08:01 +01:00
Daniel Hougaard
c08c78de8d Feat: Rename universalAuthMachineIdentity to universalAuth 2024-03-21 17:08:01 +01:00
Daniel Hougaard
3765a14246 Fix: Generate new types 2024-03-21 17:08:01 +01:00
Daniel Hougaard
c5a11e839b Feat: Deprecate Service Accounts 2024-03-21 17:08:01 +01:00
Daniel Hougaard
93bd3d8270 Docs: Simplified docs more 2024-03-21 17:07:56 +01:00
Daniel Hougaard
b9601dd418 Update kubernetes.mdx 2024-03-21 17:07:56 +01:00
Daniel Hougaard
ae3bc04b07 Docs 2024-03-21 17:07:31 +01:00
Daniel Hougaard
11edefa66f Feat: Added project slug support 2024-03-21 17:07:31 +01:00
Daniel Hougaard
f71459ede0 Slugs 2024-03-21 17:07:31 +01:00
Daniel Hougaard
33324a5a3c Type generation 2024-03-21 17:07:31 +01:00
Daniel Hougaard
5c6781a705 Update machine-identity-token.go 2024-03-21 17:07:31 +01:00
Daniel Hougaard
71e31518d7 Feat: Add machine identity token handler 2024-03-21 17:07:31 +01:00
Daniel Hougaard
f6f6db2898 Fix: Moved update attributes type to models 2024-03-21 17:07:31 +01:00
Daniel Hougaard
55780b65d3 Feat: Machine Identity support (token refreshing logic) 2024-03-21 17:07:31 +01:00
Daniel Hougaard
83bbf9599d Feat: Machine Identity support 2024-03-21 17:07:31 +01:00
Daniel Hougaard
f8f2b2574d Feat: Machine Identity support (types) 2024-03-21 17:07:31 +01:00
Daniel Hougaard
318d12addd Feat: Machine Identity support 2024-03-21 17:07:31 +01:00
Daniel Hougaard
872a28d02a Feat: Machine Identity support for K8 2024-03-21 17:06:49 +01:00
Daniel Hougaard
6f53a5631c Fix: Double prints 2024-03-21 17:06:49 +01:00
Daniel Hougaard
ff2098408d Update sample.yaml 2024-03-21 17:06:48 +01:00
Daniel Hougaard
9e85d9bbf0 Example 2024-03-21 17:05:46 +01:00
Daniel Hougaard
0f3a48bb32 Generated 2024-03-21 17:05:46 +01:00
Daniel Hougaard
f869def8ea Added new types 2024-03-21 17:05:46 +01:00
Maidul Islam
378bc57a88 Merge pull request #1480 from akhilmhdh/docs/rotation-doc-update
docs: improved secret rotation documentation with better understanding
2024-03-21 11:17:19 -04:00
Maidul Islam
242179598b fix types, rephrase, and revise rotation docs 2024-03-21 11:03:41 -04:00
Akhil Mohan
70fe80414d feat(server): added some more validation and feedback for deletion etc 2024-03-21 20:23:44 +05:30
Akhil Mohan
e201e80a06 feat(ui): completed ui for dynamic secret 2024-03-21 20:23:44 +05:30
Akhil Mohan
177cd385cc feat(ui): added dynamic secret and lease api hook 2024-03-21 20:22:30 +05:30
Akhil Mohan
ab48c3b4fe feat(server): completed integration of dynamic server routes 2024-03-21 20:22:30 +05:30
Akhil Mohan
69f36d1df6 feat(server): service for dynamic secret lease and queue service for revocation 2024-03-21 20:22:30 +05:30
Akhil Mohan
11c7b5c674 feat(server): service for dynamic secret config 2024-03-21 20:22:30 +05:30
Akhil Mohan
ee29577e6d feat(server): added dynamic secret database schema 2024-03-21 20:22:30 +05:30
Maidul Islam
e3e049b66c Update build-staging-and-deploy.yml 2024-03-20 22:14:46 -04:00
Maidul Islam
878e4a79e7 Merge pull request #1606 from Infisical/daniel/ui-imported-folders-fix
Fix: UI indicator for imports
2024-03-20 22:08:50 -04:00
Daniel Hougaard
609ce8e5cc Fix: Improved UI import indicators 2024-03-21 03:06:14 +01:00
Maidul Islam
04c1ea9b11 Update build-staging-and-deploy.yml 2024-03-20 18:03:49 -04:00
Tuan Dang
8ffbaa2f6c Minor group validation changes 2024-03-20 14:59:42 -07:00
Tuan Dang
796d5e3540 Complete preliminary list, update, create group in project 2024-03-20 14:47:12 -07:00
Maidul Islam
3baca73e53 add seperate step for ecr build 2024-03-20 16:25:54 -04:00
Daniel Hougaard
36adf6863b Fix: UI secret import indicator 2024-03-20 21:09:54 +01:00
Daniel Hougaard
6363e7d30a Update index.ts 2024-03-20 20:26:28 +01:00
Daniel Hougaard
f9621fad8e Fix: Remove duplicate type 2024-03-20 20:26:00 +01:00
Daniel Hougaard
90be28b87a Feat: Import indicator 2024-03-20 20:25:48 +01:00
Daniel Hougaard
671adee4d7 Feat: Indicator for wether or not secrets are imported 2024-03-20 20:24:06 +01:00
Daniel Hougaard
c9cb90c98e Feat: Add center property to tooltip 2024-03-20 20:23:21 +01:00
Akhil Mohan
9f691df395 Merge pull request #1607 from Infisical/fix-secrets-by-name
set imports=true for get secret by name
2024-03-20 23:50:15 +05:30
Maidul Islam
d702a61586 set imports=true for get secret by name 2024-03-20 14:06:16 -04:00
Maidul Islam
1c16f406a7 remove debug 2024-03-20 13:06:29 -04:00
Maidul Islam
90f739caa6 correct repo name env 2024-03-20 13:05:59 -04:00
Maidul Islam
ede8b6f286 add .env context for ecr tag 2024-03-20 13:00:06 -04:00
Maidul Islam
232c547d75 correct ecr image tag 2024-03-20 11:54:33 -04:00
Maidul Islam
fe08bbb691 push to ecr 2024-03-20 11:46:47 -04:00
Maidul Islam
2bd06ecde4 login into ecr 2024-03-20 11:31:39 -04:00
Daniel Hougaard
08b79d65ea Fix: Remove unused lint disable 2024-03-20 14:55:02 +01:00
Daniel Hougaard
4e1733ba6c Fix: More reverting 2024-03-20 14:44:40 +01:00
Daniel Hougaard
a4e495ea1c Fix: Restructured frontend 2024-03-20 14:42:34 +01:00
Daniel Hougaard
a750d68363 Fix: Reverted backend changes 2024-03-20 14:40:24 +01:00
Daniel Hougaard
d7161a353d Fix: Better variable naming 2024-03-20 13:15:51 +01:00
Daniel Hougaard
12c414817f Fix: Remove debugging logs 2024-03-20 13:14:18 +01:00
Daniel Hougaard
e5e494d0ee Fix: Also display imported folder indicator for nested folders 2024-03-20 13:13:50 +01:00
Daniel Hougaard
5a21b85e9e Fix: Removed overlap from other working branch 2024-03-20 13:13:19 +01:00
Daniel Hougaard
348fdf6429 Feat: Visualize imported folders in overview page (include imported folders in response) 2024-03-20 12:56:11 +01:00
Daniel Hougaard
88e609cb66 Feat: New types for imported folders 2024-03-20 12:55:40 +01:00
Daniel Hougaard
78058d691a Enhancement: Add disabled prop to Tooltip component 2024-03-20 12:55:08 +01:00
Daniel Hougaard
1d465a50c3 Feat: Visualize imported folders in overview page 2024-03-20 12:54:44 +01:00
Maidul Islam
ffc7249c7c update diagram 2024-03-19 23:44:12 -04:00
Maidul Islam
90bcf23097 Update README.md 2024-03-19 23:36:07 -04:00
Tuan Dang
686b88fc97 Complete basic pre-cleaned group member assignment/unassignment 2024-03-19 18:23:52 -07:00
Maidul Islam
5fa4d9029d Merge pull request #1577 from Salman2301/fix-notification-z-index
fix: notification error behind detail sidebar
2024-03-19 18:56:14 -04:00
Maidul Islam
7160cf58ee Merge branch 'main' into fix-notification-z-index 2024-03-19 18:50:58 -04:00
Maidul Islam
6b2d757e39 remove outdated healthcheck 2024-03-19 17:21:46 -04:00
Daniel Hougaard
c075fcceca Merge pull request #1591 from Infisical/daniel/prettier-fix
Chore: Prettier formatting
2024-03-19 21:23:11 +01:00
Maidul Islam
e25f5dd65f Merge pull request #1605 from Infisical/creation-policy-k8s
add managed secret creation policy
2024-03-19 15:23:16 -04:00
Maidul Islam
3eef023c30 add managed secret creation policy 2024-03-19 14:58:17 -04:00
Tuan Dang
2a134b9dc2 Weave roles into groups 2024-03-19 11:34:28 -07:00
Tuan Dang
d8d63ecaec Merge remote-tracking branch 'origin' into groups 2024-03-19 10:25:03 -07:00
Tuan Dang
e63deb0860 Patch org role slug validation 2024-03-19 10:23:00 -07:00
Tuan Dang
efc186ae6c Finish basic CRUD groups 2024-03-19 10:20:51 -07:00
Maidul Islam
02b2851990 Merge pull request #1601 from Infisical/fix/db-host
fix(server): updated secret rotation to pick on db host in validation
2024-03-19 10:03:12 -04:00
Akhil Mohan
cb828200e1 fix(server): updated secret rotation to pick on db host in validation 2024-03-19 13:56:21 +00:00
Akhil Mohan
77d068ae2c Merge pull request #1599 from Infisical/daniel/improve-create-project
Fix: Remove required org slug from create project route
2024-03-19 18:31:16 +05:30
Daniel Hougaard
8702af671d Fix: Typings error 2024-03-19 13:45:57 +01:00
Daniel Hougaard
31c0fd96ea Update UserInfoStep.tsx 2024-03-19 13:39:34 +01:00
Daniel Hougaard
2c539697df Feat: Remove orgSlug from create project endpoint 2024-03-19 13:39:24 +01:00
Daniel Hougaard
ae97b74933 Feat: Improve create project, remove organization slug from frontend 2024-03-19 13:38:58 +01:00
Akhil Mohan
3e6af2dae5 Merge pull request #1597 from Infisical/daniel/api-endpoint-fix
Fix: Mintlify interactive API docs defaulting to localhost server
2024-03-19 16:32:49 +05:30
Daniel Hougaard
3c91e1127f Fix: Mintlify docs defaulting to localhost endpoint 2024-03-19 11:58:01 +01:00
vmatsiiako
0e31a9146a Update ee.mdx 2024-03-18 22:10:09 -07:00
Salman
d2a93eb1d2 feat: add support for secret path for cloudflare page 2024-03-18 21:31:21 +05:30
Daniel Hougaard
fa1b28b33f Update .eslintrc.js 2024-03-18 16:07:49 +01:00
Daniel Hougaard
415cf31b2d Fix: Lint bug (Cannot read properties of undefined (reading 'getTokens')) 2024-03-18 16:01:14 +01:00
Daniel Hougaard
9002e6cb33 Fix: Format entire frontend properly 2024-03-18 16:00:03 +01:00
Daniel Hougaard
1ede551c3e Fix: Format entire frontend properly 2024-03-18 15:59:47 +01:00
Daniel Hougaard
b7b43858f6 Fix: Format entire frontend properly 2024-03-18 15:55:01 +01:00
Akhil Mohan
c91789e6d0 Merge pull request #1590 from Infisical/daniel/ts-comments
Fix: Github warnings / Lint warnings
2024-03-18 20:19:26 +05:30
Daniel Hougaard
db0ba4be10 Fix: Github warnings / Lint warnings 2024-03-18 15:47:03 +01:00
Akhil Mohan
f73c807aa0 Merge pull request #1589 from Infisical/daniel/ui-improvements
Fix: Select organization UX & project card enhancements
2024-03-18 20:14:39 +05:30
Daniel Hougaard
d1dacd81aa Chore: UX improvements to project cards 2024-03-18 15:36:59 +01:00
Daniel Hougaard
e8b635ce37 Fix: Code cleanup & truncate organization names 2024-03-18 15:36:01 +01:00
Daniel Hougaard
1d3e03e308 Merge pull request #1583 from Infisical/daniel/saml-cli-fix
Fix: SAML CLI login
2024-03-18 10:44:48 +01:00
Daniel Hougaard
88e2eff7eb Fix: SAML CLI login 2024-03-18 10:37:49 +01:00
Maidul Islam
cd192ee228 Update sdks.mdx 2024-03-17 15:04:14 -04:00
Maidul Islam
1e657968f6 Merge pull request #1449 from Infisical/daniel/slug-projects
(Feat): V2 slugified project routes
2024-03-17 13:54:20 -04:00
Daniel Hougaard
b8ba51512c Fix: Rebase errors 2024-03-17 18:51:19 +01:00
Daniel Hougaard
1ac8ddbd92 Fix: Rebase errors 2024-03-17 18:49:30 +01:00
Daniel Hougaard
a257743fa5 Update secret-approval-request-service.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
b5a7240375 Fix: Select org when using init 2024-03-17 18:49:30 +01:00
Maidul Islam
5c2a108c52 add small helpful comment 2024-03-17 18:49:30 +01:00
Daniel Hougaard
b78d8d28ed Feat: CLI support for scoped JWT tokens 2024-03-17 18:49:30 +01:00
Daniel Hougaard
9c9ade52db Feat: Scoped JWT to organization, Add authMethod to services 2024-03-17 18:49:30 +01:00
Daniel Hougaard
4d229ec745 Fix: Email signup and switching organization 2024-03-17 18:49:30 +01:00
Daniel Hougaard
605dad29ca Fix: Rebase error 2024-03-17 18:49:30 +01:00
Daniel Hougaard
bebdad8159 parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345579 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345572 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345563 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345551 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345540 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345533 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345529 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345522 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345503 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345496 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345489 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345357 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345061 +0100

parent 10a292bca563efbe5972d7ffc33ee4b96a868e42
author Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1709970985 +0100
committer Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> 1710345029 +0100

Feat: Org Scoped JWT Tokens

Add link button

Fix: Avoid invalidating all queries on logout to prevent UI glitch

Update _app.tsx

Feat: Scoped JWT to organization, add authMethod to request

Feat: Scoped JWT to organization, Add authMethod to services

Feat: Scoped JWT to organization, require organization on all requests by default on JWT requests

Update index.ts

Feat: Scoped JWT to organization

Chore: Move SAML org check to permission service

Feat: Scoped JWT to organization, actorAuthMethod to create project DTO

Fix: Invalidate after selecting organization

Chore: Optional 'invalidate' option for create org hook

Fix: Creating dummy workspaces

Fix: Select org after creation

Feat: Org Scoped JWT's, remove inline service

Fix: ActorType unresolved

Fix: Better type checking

Feat: Org scoped JWT's

Fix: Add missing actor org ID

Fix: Add missing actor org ID

Fix: Return access token

Update auth-type.ts

Fix: Add actor org ID

Chore: Remove unused code

Fix: Add missing actor org ID to permission check

Fix: Add missing actor auth method to permission checks

Fix: Include actor org id

Chore: Remove redundant lint comment

Fix: Add missing actorOrgId to service handlers

Fix: Rebase fixes

Fix: Rebase LDAP fixes

Chore: Export Cli login interface

Update queries.tsx

Feat: Org scoped JWT's CLI support

Update inject-permission.ts

Fix: MFA

Remove log

Fix: Admin signup, select organization

Improvement: Use select organization hook

Update permission-service.ts

Fix: Make API keys compatible with old endpoints

Update inject-permission.ts

Chore: Better error messages

Update index.ts

Fix: Signup not redirecting to backup PDF page due to error

Select org on signup

Type improvements

Chore: Removed code that spans out of scope

Fix: Better types

Chore: Move comment

Chore: Change order

Fix: Code readability

Fix: Code readability

Update auth-token-service.ts

Chore: Remove old comments

Fix: Cleanup

Chore: Minor code cleanup

Fix: Add auth method and organization ID to test JWT

Fix: Get org ID in getOrgIdentityPermission DAL operation
2024-03-17 18:49:30 +01:00
Daniel Hougaard
b547309ae4 Fix: Get org ID in getOrgIdentityPermission DAL operation 2024-03-17 18:49:30 +01:00
Daniel Hougaard
d1ebdbcc03 Fix: Add auth method and organization ID to test JWT 2024-03-17 18:49:30 +01:00
Daniel Hougaard
c94caa6fb5 Chore: Minor code cleanup 2024-03-17 18:49:30 +01:00
Daniel Hougaard
f53fa46c51 Fix: Cleanup 2024-03-17 18:49:30 +01:00
Daniel Hougaard
c42d407cda Chore: Remove old comments 2024-03-17 18:49:30 +01:00
Daniel Hougaard
80b4bc18ec Update auth-token-service.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
1dbf80d4e6 Fix: Code readability 2024-03-17 18:49:30 +01:00
Daniel Hougaard
700a072ec5 Fix: Code readability 2024-03-17 18:49:30 +01:00
Daniel Hougaard
8f42914df5 Chore: Change order 2024-03-17 18:49:30 +01:00
Daniel Hougaard
831da10073 Chore: Move comment 2024-03-17 18:49:30 +01:00
Daniel Hougaard
6904cd3bda Fix: Better types 2024-03-17 18:49:30 +01:00
Daniel Hougaard
52fd09b87b Chore: Removed code that spans out of scope 2024-03-17 18:49:30 +01:00
Daniel Hougaard
0081bbdf9e Type improvements 2024-03-17 18:49:30 +01:00
Daniel Hougaard
c9e5f2bb75 Select org on signup 2024-03-17 18:49:30 +01:00
Daniel Hougaard
73cc97cf17 Fix: Signup not redirecting to backup PDF page due to error 2024-03-17 18:49:30 +01:00
Daniel Hougaard
0c1d37cc75 Update index.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
60fbd8ac44 Chore: Better error messages 2024-03-17 18:49:30 +01:00
Daniel Hougaard
36efa6ba63 Update inject-permission.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
961a73f712 Fix: Re-add API key support 2024-03-17 18:49:30 +01:00
Daniel Hougaard
6e2f3800d4 Fix: Make API keys compatible with old endpoints 2024-03-17 18:49:30 +01:00
Daniel Hougaard
258c9e45d4 Update permission-service.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
8573263379 Update permission-service.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
9a724db6ab Improvement: Use select organization hook 2024-03-17 18:49:30 +01:00
Daniel Hougaard
60a37e784b Fix: member invites, select org 2024-03-17 18:49:30 +01:00
Daniel Hougaard
14c60bd075 Fix: Admin signup, select organization 2024-03-17 18:49:30 +01:00
Daniel Hougaard
de715c03ad Fix: Org scoped JWT's, MFA support 2024-03-17 18:49:30 +01:00
Daniel Hougaard
ddb1d5a1ab Remove log 2024-03-17 18:49:30 +01:00
Daniel Hougaard
41323f205d Fix: MFA 2024-03-17 18:49:30 +01:00
Daniel Hougaard
771498b817 Update inject-permission.ts 2024-03-17 18:49:30 +01:00
Daniel Hougaard
22b2fb4c98 Feat: Org scoped JWT's CLI support 2024-03-17 18:49:30 +01:00
Daniel Hougaard
9bbba92768 Feat: Org scoped JWT's CLI support 2024-03-17 18:49:30 +01:00
Daniel Hougaard
46eea972f7 Feat: Org scoped JWT's CLI support 2024-03-17 18:49:30 +01:00
Daniel Hougaard
9eb2a74bdf Feat: Org scoped JWT's, CLI support 2024-03-17 18:49:30 +01:00
Daniel Hougaard
b80579fdef Update queries.tsx 2024-03-17 18:49:30 +01:00
Daniel Hougaard
214894c88b Chore: Export Cli login interface 2024-03-17 18:49:29 +01:00
Daniel Hougaard
8ff37e3ec9 Fix: Rebase LDAP fixes 2024-03-17 18:49:29 +01:00
Daniel Hougaard
926f719967 Fix: Rebase fixes 2024-03-17 18:49:29 +01:00
Daniel Hougaard
c3a56f469a Fix: Better type checking 2024-03-17 18:49:29 +01:00
Daniel Hougaard
2bd9914373 Fix: Add missing actorOrgId to service handlers 2024-03-17 18:49:29 +01:00
Daniel Hougaard
354bac486a Fix: Don't allow org select screen when token already has an organization ID 2024-03-17 18:49:29 +01:00
Daniel Hougaard
ba22a7fca6 Chore: Remove redundant lint comment 2024-03-17 18:49:29 +01:00
Daniel Hougaard
4aef8ab8ee Fix: Include actor org id 2024-03-17 18:49:29 +01:00
Daniel Hougaard
e89503f00f Fix: Add missing actor auth method to permission checks 2024-03-17 18:49:29 +01:00
Daniel Hougaard
f5f20fbdca Fix: Add missing actor org ID to permission check 2024-03-17 18:49:29 +01:00
Daniel Hougaard
4d4887059a Chore: Remove unused code 2024-03-17 18:49:29 +01:00
Daniel Hougaard
c11c5ec85e Fix: Add actor org ID 2024-03-17 18:49:29 +01:00
Daniel Hougaard
f0e3c9a4b2 Update auth-type.ts 2024-03-17 18:49:29 +01:00
Daniel Hougaard
eace4f1bdc Fix: Return access token 2024-03-17 18:49:29 +01:00
Daniel Hougaard
0bd3f32c6e Fix: Add missing actor org ID 2024-03-17 18:49:29 +01:00
Daniel Hougaard
ad0504e957 Fix: Add missing actor org ID 2024-03-17 18:49:29 +01:00
Daniel Hougaard
1e20d780ec Feat: Org scoped JWT's 2024-03-17 18:49:29 +01:00
Daniel Hougaard
7e2685d604 Fix: Better type checking 2024-03-17 18:49:29 +01:00
Daniel Hougaard
92fd2d080d Fix: ActorType unresolved 2024-03-17 18:49:29 +01:00
Daniel Hougaard
6d60413593 Feat: Org Scoped JWT's, service handler 2024-03-17 18:49:29 +01:00
Daniel Hougaard
f59a75d790 Feat: Org Scoped JWT's, remove inline service 2024-03-17 18:49:29 +01:00
Daniel Hougaard
835c36d161 Fix: Select org after creation 2024-03-17 18:49:29 +01:00
Daniel Hougaard
e4dba6d5c8 Fix: Formatting and support for selecting org (line 109-122) 2024-03-17 18:49:29 +01:00
Daniel Hougaard
b9986be387 Fix: Creating dummy workspaces 2024-03-17 18:49:29 +01:00
Daniel Hougaard
5f5d62a285 Fix: Selecting SAML enforced organization 2024-03-17 18:49:29 +01:00
Daniel Hougaard
667fa7a9e3 Chore: Optional 'invalidate' option for create org hook 2024-03-17 18:49:29 +01:00
Daniel Hougaard
27dcb06083 Fix: Invalidate after selecting organization 2024-03-17 18:49:29 +01:00
Daniel Hougaard
9b1a15331a Fix: Creating dummy workspaces 2024-03-17 18:49:29 +01:00
Daniel Hougaard
65776b7ab9 Feat: Scoped JWT to organization, actorAuthMethod to create project DTO 2024-03-17 18:49:29 +01:00
Daniel Hougaard
a9c1f278a1 Feat: Scoped JWT to organization, add actorAuthMethod to DTO's 2024-03-17 18:49:29 +01:00
Daniel Hougaard
900facdb36 Feat: Scoped JWT to organization, add actorAuthMethod to services 2024-03-17 18:49:29 +01:00
Daniel Hougaard
fe638ce2c1 Feat: Scoped JWT to organization, add actorAuthMethod to services 2024-03-17 18:49:29 +01:00
Daniel Hougaard
750a43c978 Feat: Scoped JWT to organization 2024-03-17 18:48:10 +01:00
Daniel Hougaard
08b5975f26 Chore: Move SAML org check to permission service 2024-03-17 18:48:10 +01:00
Daniel Hougaard
885d1fbd7f Feat: Scoped JWT to organization 2024-03-17 18:48:10 +01:00
Daniel Hougaard
bb2413d659 Update index.ts 2024-03-17 18:48:10 +01:00
Daniel Hougaard
dac5529b6c Feat: Scoped JWT to organization, require organization on all requests by default on JWT requests 2024-03-17 18:48:10 +01:00
Daniel Hougaard
bd92e35729 Feat: Scoped JWT to organization, add actorAuthMethod to Permission types 2024-03-17 18:48:10 +01:00
Daniel Hougaard
5b7562a76d Feat: Scoped JWT to organization, Add actorAuthMethod to DTO 2024-03-17 18:48:10 +01:00
Daniel Hougaard
edbf459d04 Feat: Scoped JWT to organization 2024-03-17 18:48:10 +01:00
Daniel Hougaard
560274bde8 Feat: Scoped JWT to organization, Add authMethod to services 2024-03-17 18:48:10 +01:00
Daniel Hougaard
7df614a018 Feat: Scoped JWT to organization, SAML helper functions 2024-03-17 18:48:10 +01:00
Daniel Hougaard
47287be5bf Feat: Scoped JWT to organization, add authMethod to request 2024-03-17 18:48:10 +01:00
Daniel Hougaard
6e96f2338c Feat: Scoped JWT to organization, include authMethod on all service calls 2024-03-17 18:48:10 +01:00
Daniel Hougaard
7fd6b63b5d Feat: Navigate to select org 2024-03-17 18:48:10 +01:00
Daniel Hougaard
995777d76f Formatting and navigating to select org 2024-03-17 18:48:10 +01:00
Daniel Hougaard
2a6032a8cf Navigate to select org instead of dashboard 2024-03-17 18:48:10 +01:00
Daniel Hougaard
ec4d1dd1b2 Update _app.tsx 2024-03-17 18:48:10 +01:00
Daniel Hougaard
143de12d67 Feat: Select organization on login 2024-03-17 18:48:10 +01:00
Daniel Hougaard
52cf937826 Fix: Avoid invalidating all queries on logout to prevent UI glitch 2024-03-17 18:48:10 +01:00
Daniel Hougaard
dbd7561037 Add link button 2024-03-17 18:48:10 +01:00
Daniel Hougaard
d287c3e152 Feat: Org Scoped JWT Tokens 2024-03-17 18:48:10 +01:00
Daniel Hougaard
8fc081973d Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
c42bbbea8b Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
29b2b12ec7 Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
4f80234afa Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
a1fa0c652d Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
8327f41b8e Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
c2bfeb89e8 Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
4a0668e92e Feat: Org Scoped JWT Tokens 2024-03-17 18:48:09 +01:00
Daniel Hougaard
716e705c2a Fix: Removed legacy create project code 2024-03-17 18:48:09 +01:00
Daniel Hougaard
f860fd3abe Update project-types.ts 2024-03-17 18:48:09 +01:00
Daniel Hougaard
30e7fe8a45 Fix: Rebase errors 2024-03-17 18:48:09 +01:00
Daniel Hougaard
307b89e799 Update inject-identity.ts 2024-03-17 18:48:09 +01:00
Daniel Hougaard
dbf498b44a Fix: Remove orgId from service token 2024-03-17 18:48:09 +01:00
Daniel Hougaard
5eb3258311 Fix: Remove org ID from JWT 2024-03-17 18:48:09 +01:00
Daniel Hougaard
bd3cbb3c7b feat: fix project query by slug (now accepts an org ID) 2024-03-17 18:48:09 +01:00
Daniel Hougaard
96abbd9f80 feat: standardize org ID's on auth requests 2024-03-17 18:48:09 +01:00
Daniel Hougaard
92441e018f Slug projects and filter type 2024-03-17 18:48:09 +01:00
Daniel Hougaard
a9bba02f44 Draft 2024-03-17 18:48:09 +01:00
Daniel Hougaard
aaca3ac229 Fix: Change org ID to org slug 2024-03-17 18:48:09 +01:00
Daniel Hougaard
f0383dd55c Fix: Change org ID to org slug 2024-03-17 18:48:09 +01:00
Daniel Hougaard
a766329de5 Fix: Non-existant variable being passed to Posthog 2024-03-17 18:48:09 +01:00
Daniel Hougaard
c0b0c0754b Feat: List secrets by project slug 2024-03-17 18:48:09 +01:00
Daniel Hougaard
34618041ca Update inject-identity.ts 2024-03-17 18:48:09 +01:00
Daniel Hougaard
f36a056c62 Update inject-identity.ts 2024-03-17 18:48:09 +01:00
Daniel Hougaard
e7b11eac2b Fix: Remove orgId from service token 2024-03-17 18:48:09 +01:00
Daniel Hougaard
0f14fab915 Update index.ts 2024-03-17 18:48:09 +01:00
Daniel Hougaard
12a6fba645 Feat: Create project via org slug instead of org ID 2024-03-17 18:48:09 +01:00
Maidul Islam
ce057f44ac nit: update error message 2024-03-17 18:48:09 +01:00
Daniel Hougaard
2032063c24 Fix: Remove org ID from JWT 2024-03-17 18:48:09 +01:00
Daniel Hougaard
bbceb37d06 feat: fix project query by slug (now accepts an org ID) 2024-03-17 18:48:09 +01:00
Daniel Hougaard
e917b744f4 feat: standardize org ID's on auth requests 2024-03-17 18:48:09 +01:00
Daniel Hougaard
7438c114dd Remove API key auth mode 2024-03-17 18:48:09 +01:00
Daniel Hougaard
8e3fc044ca Slug projects and filter type 2024-03-17 18:48:09 +01:00
Daniel Hougaard
9473de2212 Draft 2024-03-17 18:48:09 +01:00
BlackMagiq
744c510a51 Merge pull request #1580 from Infisical/render-integration-auto-deploy
Render integration auto-redeployment capability on secret sync
2024-03-16 16:56:54 -07:00
Tuan Dang
f845749a4d Complete render integration auto-redeploy feature 2024-03-16 16:08:59 -07:00
Salman
203e00216f fix: add highlighted style for select component 2024-03-16 17:53:48 +05:30
BlackMagiq
56fc5a2a8c Merge pull request #1398 from Salman2301/feat-github-integration
Github Integrations
2024-03-15 20:44:09 -07:00
Tuan Dang
7edebbabaa Update docs for github integration 2024-03-15 20:38:02 -07:00
Tuan Dang
0e698e9355 Clean GitHub integration 2024-03-15 20:25:04 -07:00
Salman
ee215bccfa fix: notification error behind detail sidebar 2024-03-16 08:34:21 +05:30
Salman
00b99e7255 fix: remove purple banner screenshot 2024-03-16 08:14:29 +05:30
Salman
2b7784718d fix: disabled repo env until repo selected 2024-03-16 08:01:28 +05:30
Tuan Dang
5f99e58674 Update github integration org/envs support 2024-03-15 18:45:55 -07:00
Tuan Dang
f77942c702 Fix merge conflicts 2024-03-15 13:07:29 -07:00
vmatsiiako
2d3fddd0e9 Merge pull request #1570 from Infisical/daniel/api-endpoint-docs
Feat: Documentation improvements
2024-03-14 16:34:00 -07:00
Daniel Hougaard
519b92d592 Update mint.json 2024-03-14 19:05:34 +01:00
BlackMagiq
c3d5e882f8 Merge pull request #1571 from Infisical/aws-ps-integration
Remove recursive behavior in AWS PS integration
2024-03-14 10:36:16 -07:00
Tuan Dang
4c354eb3ea Remove recursive behavior in AWS PS integration 2024-03-14 10:32:05 -07:00
Daniel Hougaard
97eff2b480 Fix: Moved categories and renamed Libs -> SDKs 2024-03-14 18:04:27 +01:00
Tuan Dang
c621592807 Add .pem loader to tsup 2024-03-14 09:31:58 -07:00
BlackMagiq
bd400a6196 Merge pull request #1569 from Infisical/render-integration
Add pagination to getAppsRender
2024-03-14 09:30:42 -07:00
Tuan Dang
a93c2d9236 Add pagination to getAppsRender 2024-03-14 09:24:04 -07:00
Daniel Hougaard
11dfeda501 Fix: No nested groups 2024-03-14 17:13:18 +01:00
Daniel Hougaard
70bd64d54b Fix: Shorter sidebar titles 2024-03-14 17:09:45 +01:00
Daniel Hougaard
0c88a5466c Feat: Documentation improvements 2024-03-14 17:09:37 +01:00
Daniel Hougaard
36266b30d5 Fix: Shorter sidebar title 2024-03-14 17:09:21 +01:00
Daniel Hougaard
288577b455 Fix: OpenAPI specification URL 2024-03-14 15:41:32 +01:00
Daniel Hougaard
5194be14fd Update mint.json 2024-03-14 15:40:53 +01:00
Daniel Hougaard
bab8f95fde Feat: Added descriptions to all public API endpoints 2024-03-14 15:40:38 +01:00
Daniel Hougaard
b4f372f883 Fix: Delete folder docs page not rendering 2024-03-14 15:40:08 +01:00
Daniel Hougaard
b13365ecf5 Feat: Written API explanations 2024-03-14 15:39:29 +01:00
BlackMagiq
bb6e09a895 Merge pull request #1568 from Infisical/license-docs
Add simple docs for Infisical EE
2024-03-13 18:07:46 -07:00
Tuan Dang
715b193a8e Add simple docs for Infisical EE 2024-03-13 18:05:13 -07:00
BlackMagiq
57be493da8 Merge pull request #1567 from Infisical/offline-license
Add EE license support for air-gapped / offline environments
2024-03-13 17:25:35 -07:00
Tuan Dang
cc731fe031 Add EE license support for air-gapped / offline environments 2024-03-13 17:18:55 -07:00
Salman
7a3a6663f1 fix class name typo 2024-03-14 03:37:54 +05:30
Daniel Hougaard
70618420d7 Merge pull request #1565 from Infisical/daniel/deprecate-service-tokens-and-api-keys
Feat: Deprecate API keys
2024-03-13 17:58:05 +01:00
Daniel Hougaard
7feb7ef9c6 Fix: Change title 2024-03-13 17:52:24 +01:00
Daniel Hougaard
ab1b9fb164 Feat: Deprecate API keys 2024-03-13 17:46:48 +01:00
Daniel Hougaard
8c028889a6 Chore: Remove unused frontend V2 API key code 2024-03-13 17:45:19 +01:00
Akhil Mohan
7dc366baf0 Merge pull request #1562 from rhythmbhiwani/fix-typo
Fix typo on Copy button tooltip
2024-03-13 16:28:42 +05:30
Akhil Mohan
2124d2669f Merge pull request #1564 from myapos/bugfix_1563_remove_member
fix issue on removing member from project
2024-03-13 16:24:18 +05:30
myapos
af83fbea14 fix issue on removing member from project 2024-03-13 12:32:11 +02:00
Rhythm Bhiwani
9657b64ab2 Fix typo on Copy button tooltip 2024-03-13 15:54:42 +05:30
Maidul Islam
90b55a94e1 Merge pull request #1561 from Infisical/pg-new-connection
add individual pg connection properties
2024-03-13 00:43:45 -04:00
Maidul Islam
d83d249f29 add individual pg connection properties 2024-03-13 00:40:37 -04:00
BlackMagiq
151787c60a Merge pull request #1560 from Infisical/toggle-invite-org
Update UI for Org Settings Page
2024-03-12 16:26:39 -07:00
Tuan Dang
ce443b114c Fix merge conflicts 2024-03-12 16:20:17 -07:00
Tuan Dang
2ca03abec2 Update org settings > general tab ui 2024-03-12 16:18:17 -07:00
Maidul Islam
c8bb690736 Merge pull request #1539 from akhilmhdh/feat/secret-rotation-aws-iam
Secret rotation for AWS IAM User
2024-03-12 15:36:49 -04:00
Tuan Dang
6efbdaef9c Update docs for AWS IAM rotation strategy 2024-03-12 12:06:42 -07:00
Maidul Islam
7e90493cce Merge pull request #1557 from akhilmhdh/feat/temp-roles
feat(server): removed stream in project multi role migration
2024-03-12 13:37:09 -04:00
Akhil Mohan
1330c0455a feat(server): removed stream in project multi role migration 2024-03-12 23:06:06 +05:30
Maidul Islam
407248c616 Merge pull request #1552 from akhilmhdh/feat/temp-roles
feat: multiple project role and temporary role support
2024-03-12 12:57:00 -04:00
Tuan Dang
a6d7d32156 Draft revamp org auth tab 2024-03-12 09:37:28 -07:00
Akhil Mohan
0f0e2b360c feat(server): rebased migration files and resolved commits 2024-03-12 21:57:45 +05:30
Akhil Mohan
47906c4dd4 feat(server): removed role and roleid field dropping from project membership table for rolling forward migration 2024-03-12 21:50:39 +05:30
Maidul Islam
fc57884035 renamed from temp access to timed access 2024-03-12 21:49:33 +05:30
Akhil Mohan
4152b3a524 feat: minor bug fixes and text changes 2024-03-12 21:49:33 +05:30
Akhil Mohan
f1f18e81cd feat(ui): added identity multi project role and temporary in ui 2024-03-12 21:49:33 +05:30
Akhil Mohan
929f91a738 feat(server): multi role with temporary support for identity 2024-03-12 21:49:33 +05:30
Akhil Mohan
fa41b8bb47 feat(ui): completed ui user multi role with temporary access 2024-03-12 21:49:33 +05:30
Akhil Mohan
edbb7e2b1e feat(server): completed user multi role with temporary access 2024-03-12 21:39:37 +05:30
Maidul Islam
1d53e0f21b Merge pull request #1548 from rhythmbhiwani/overview-page-enchanced
Overview Page Bug Fixes and Enhancement
2024-03-12 11:58:42 -04:00
Rhythm Bhiwani
a232450f20 Resolved Comments 2024-03-12 21:21:29 +05:30
Akhil Mohan
6f65f2a63d Merge pull request #1379 from Grraahaam/doc/cli-history
doc(cli): HISTIGNORE recommendation
2024-03-12 19:03:46 +05:30
Akhil Mohan
9545960e6f Merge pull request #1555 from Infisical/daniel/cli-expand-secrets-fix
Fix: CLI user authentication
2024-03-12 15:32:00 +05:30
Daniel Hougaard
cfa42017b1 Fix: CLI expanding secrets 2024-03-12 10:55:36 +01:00
Daniel Hougaard
1b74fdb232 Fix: CLI expanding secrets 2024-03-12 10:55:30 +01:00
Daniel Hougaard
ad1cae6aac Merge pull request #1483 from Salman2301/fix-org-long-name
fix: truncate too long proj or org name
2024-03-12 10:22:06 +01:00
Rhythm Bhiwani
e5d4328e2a Merge branch 'heads/main' into overview-page-enchanced 2024-03-12 11:11:20 +05:30
vmatsiiako
635948c4f4 Update overview.mdx 2024-03-11 19:19:04 -07:00
vmatsiiako
d6231d4649 Update overview.mdx 2024-03-11 19:16:57 -07:00
BlackMagiq
041535bb47 Merge pull request #1475 from Infisical/ldap
Add support for LDAP authentication + Aliases
2024-03-11 17:21:58 -07:00
Salman
3f0c4f0ca9 fix: lowercase and remove truncate for button 2024-03-12 03:42:38 +05:30
Tuan Dang
5c8b886d7b Merge remote-tracking branch 'origin' into ldap 2024-03-11 14:20:45 -07:00
Tuan Dang
51a5bf8181 Update LDAP migration to latest 2024-03-11 14:20:32 -07:00
Daniel Hougaard
822d0692db Merge pull request #1549 from rhythmbhiwani/fix-secret-page-with-no-env
Redirecting to overview page if environment doesn't exists in secrets main page
2024-03-11 11:32:45 +01:00
Rhythm Bhiwani
e527d99654 Remove console.log 2024-03-11 15:42:18 +05:30
Daniel Hougaard
628c641580 Merge pull request #1550 from Infisical/daniel/cli-hotfix
Fix: CLI Service Tokens
2024-03-11 10:04:32 +01:00
Daniel Hougaard
40ccab6576 Fix: Failing to get service token 2024-03-11 09:05:56 +01:00
Daniel Hougaard
9cc3e58561 Fix: Failing to get service token 2024-03-11 09:05:54 +01:00
Daniel Hougaard
1f3fded404 Fix: Failing to get service token 2024-03-11 09:05:52 +01:00
Daniel Hougaard
74b5e8cbeb Fix: Failing to get service token 2024-03-11 09:05:47 +01:00
Daniel Hougaard
522a03c2ad Fix: Helper function for getting service token 2024-03-11 09:05:33 +01:00
Rhythm Bhiwani
624fb3d46a Fixed issue when visible environments not updating on project change 2024-03-11 10:04:47 +05:30
Rhythm Bhiwani
8a27b1b5e6 Fixed overflow of environment name in SecretOverviewTableRow 2024-03-11 09:43:00 +05:30
Rhythm Bhiwani
56bf82e4f6 Redirecting to overview page if environment doesn't exists in secrets main page 2024-03-11 06:52:37 +05:30
Rhythm Bhiwani
972b80e790 updated message if search results not found 2024-03-11 06:11:26 +05:30
Rhythm Bhiwani
6cc0d79d8a Fixed environment filter button height
Polished the interface more
2024-03-11 06:01:31 +05:30
Tuan Dang
163ccd6cdb Update username migration file 2024-03-10 15:03:43 -07:00
Tuan Dang
06f3a6d262 Make LDAP config fields not nullable 2024-03-10 14:44:18 -07:00
Tuan Dang
b641bbf229 Update test user username back to email-based 2024-03-10 12:47:26 -07:00
Tuan Dang
feb7563eab Merge remote-tracking branch 'origin' into ldap 2024-03-10 12:31:06 -07:00
Tuan Dang
7594929042 Separate ldap boot/parent wrapper logic, move ldap services into docker compose profile, update ldap form logic to use zod 2024-03-10 12:28:50 -07:00
BlackMagiq
f1b7653a52 Merge pull request #1419 from Infisical/integration-update-heroku
Integration update heroku
2024-03-09 19:15:00 -08:00
Maidul Islam
0cb6d052e0 Update values.yaml 2024-03-09 20:31:11 -05:00
Maidul Islam
ceb135fc94 Merge pull request #1508 from Infisical/snyk-upgrade-ba8f3acf185100a451cbbadcbe68f789
[Snyk] Upgrade posthog-js from 1.105.4 to 1.105.6
2024-03-09 11:05:45 -05:00
Maidul Islam
b75289f074 Merge branch 'main' into snyk-upgrade-ba8f3acf185100a451cbbadcbe68f789 2024-03-09 11:05:36 -05:00
Maidul Islam
de86705e64 Merge pull request #1515 from rhythmbhiwani/feature-rename-secret-accross-envs
Feature: Rename secret from overview page, accross all environments
2024-03-09 11:02:22 -05:00
Akhil Mohan
f9b6f78e8d fix(server): resolved broken required validation in aws iam template 2024-03-09 18:26:16 +05:30
Akhil Mohan
2852a495c8 docs: aws iam secret rotation 2024-03-09 18:24:22 +05:30
Akhil Mohan
6ca56143d9 Merge pull request #1545 from rhythmbhiwani/docs-typo-fixed-cli
Fixed typo in `secrets get` docs
2024-03-09 17:32:45 +05:30
Rhythm Bhiwani
ef0e652557 Fixed typo in secrets get docs 2024-03-09 15:23:25 +05:30
Tuan Dang
89e109e404 Iron out naming / text, update docs for Heroku integration 2024-03-08 18:12:52 -08:00
Maidul Islam
48062d9680 Merge pull request #1542 from akhilmhdh/fix/create-folder-cli
feat(server): added back delete by folder name in api
2024-03-08 17:46:14 -05:00
BlackMagiq
d11fda3be5 Merge pull request #1544 from Infisical/railway-integration
Update Railway integration get services query, make services optional
2024-03-08 14:25:14 -08:00
Maidul Islam
0df5f845fb Update docker-swarm-with-agent.mdx 2024-03-08 17:07:11 -05:00
Tuan Dang
ca59488b62 Update Railway integration get services query, make services optional 2024-03-08 11:46:51 -08:00
Maidul Islam
3a05ae4b27 Merge pull request #1543 from Infisical/docker-swarm-docs
docs: docker swarm with infisical agent
2024-03-08 14:42:56 -05:00
Maidul Islam
dd009182e8 docs: docker swarm with infisical agent 2024-03-08 14:42:02 -05:00
Tuan Dang
8ac7a29893 Draft refactor core secrets fn into reusable factories 2024-03-08 09:06:03 -08:00
Maidul Islam
8a17cd3f5d Merge pull request #1532 from rhythmbhiwani/get-only-value-from-cli
Feature to get only value of specific secret in `secrets get` command
2024-03-08 10:54:10 -05:00
Maidul Islam
99fe43f459 rename --value to --raw-value + polish docs 2024-03-08 10:53:11 -05:00
Akhil Mohan
2e3b10ccfc feat(server): added back delete by folder name in api 2024-03-08 17:45:14 +05:30
Maidul Islam
79196b0081 Update secret-reference.mdx 2024-03-08 00:19:10 -05:00
Maidul Islam
b76ff28414 Update secret-reference.mdx 2024-03-08 00:16:48 -05:00
Maidul Islam
2894cf791a Merge pull request #1538 from Infisical/daniel/agent-template-func
Feat: Agent secret referencing support
2024-03-08 00:04:29 -05:00
Daniel Hougaard
c040b0ca9a Fix: Include Workspace ID in request when expanding secrets with MI's 2024-03-08 06:02:44 +01:00
Daniel Hougaard
15f60aa7dd Fix: Add WorkspaceID field to env variable struct 2024-03-08 06:02:29 +01:00
Daniel Hougaard
6f68d304ea Fix: Get Service Token from env vars earlier 2024-03-08 06:02:15 +01:00
Tuan Dang
0b98feea50 Make sync behavior apply on first sync only, finish MVP create/update bidirectional sync for Heroku 2024-03-07 18:06:56 -08:00
Tuan Dang
43d40d7475 MVP preliminary idea for initial sync behavior 2024-03-07 15:25:53 -08:00
Maidul Islam
309a106f13 patch create folder on cli 2024-03-07 17:02:35 -05:00
Maidul Islam
74d73590a1 add docker manifest to go releaser 2024-03-07 15:38:01 -05:00
Maidul Islam
b42b5614c9 add buildx to workflow 2024-03-07 15:21:16 -05:00
Maidul Islam
72b89cb989 try buildx to support multi arch 2024-03-07 15:14:14 -05:00
Akhil Mohan
8c491668dc docs: updated images of inputs in secret rotation 2024-03-07 23:17:32 +05:30
Akhil Mohan
6305300b12 feat(ui): image for aws iam secret rotation 2024-03-07 14:51:14 +05:30
Akhil Mohan
b4ae1e8f3b feat(server): added aws iam secret rotation function 2024-03-07 14:50:42 +05:30
Daniel Hougaard
36d8b22598 Feat: Agent secret referencing support 2024-03-07 07:03:16 +01:00
Daniel Hougaard
201dcd971c Feat: Agent secret referencing support 2024-03-07 06:49:57 +01:00
Daniel Hougaard
ab90745312 Feat: Agent secret referencing support (Auth input) 2024-03-07 06:49:28 +01:00
Daniel Hougaard
622106045e Feat: Agent secret referencing support (update ExpandSecrets input) 2024-03-07 06:48:52 +01:00
Daniel Hougaard
e64302b789 Feat: Agent secret referencing support (update ExpandSecrets input) 2024-03-07 06:48:48 +01:00
Daniel Hougaard
901a7fc294 Feat: Agent secret referencing support (update ExpandSecrets input) 2024-03-07 06:48:43 +01:00
Daniel Hougaard
359694dd47 Chore: Cleanup 2024-03-07 06:48:08 +01:00
Daniel Hougaard
57489a7578 Merge pull request #1537 from Infisical/daniel/copy-project-slug
Feat: Copy project slug button
2024-03-07 02:27:24 +01:00
Daniel Hougaard
a4205a8662 Cleanup 🧼 2024-03-07 02:22:52 +01:00
Daniel Hougaard
dbf177d667 Feat: Add copy project slug button 2024-03-07 02:20:01 +01:00
Daniel Hougaard
f078aec54c Feat: Add copy project slug button 2024-03-07 02:19:54 +01:00
Daniel Hougaard
5dfe62e306 Feat: Copy project slug button 2024-03-07 02:01:31 +01:00
Daniel Hougaard
b89925c61c Feat: Copy project slug button 2024-03-07 02:01:23 +01:00
Tuan Dang
440a58a49b Fix merge conflicts 2024-03-06 15:48:32 -08:00
Maidul Islam
6d0bea6d5f Update .goreleaser.yaml to support arm 2024-03-06 18:42:27 -05:00
Daniel Hougaard
10a40c8ab2 Merge pull request #1535 from Infisical/daniel/better-upgrade-errors
Fix: Edge case causing project upgrade to fail
2024-03-07 00:07:05 +01:00
Maidul Islam
b910ceacfc create secret on overview typo 2024-03-06 17:50:31 -05:00
Maidul Islam
cb66386e13 Merge pull request #1536 from Infisical/daniel/fix-project-memberships
Fix: Remove project keys & memberships when organization membership is deleted
2024-03-06 17:38:49 -05:00
Daniel Hougaard
889df3dcb1 Update project-queue.ts 2024-03-06 23:20:23 +01:00
Daniel Hougaard
ae53f03f71 Fix: Remove project memberships & project keys when org membership is deleted (DAL) 2024-03-06 23:15:13 +01:00
Daniel Hougaard
7ae024724d Fix: Remove project memberships & project keys when org membership is deleted (Service) 2024-03-06 23:15:02 +01:00
Daniel Hougaard
0b2bc1d345 Fix: Remove project memberships & project keys when org membership is deleted 2024-03-06 23:14:52 +01:00
Daniel Hougaard
da5eca3e68 Fix: Seeding not working 2024-03-06 23:13:22 +01:00
Daniel Hougaard
3375d3ff85 Update project-queue.ts 2024-03-06 23:09:25 +01:00
Tuan Dang
35a5c9a67f Fix lint issue 2024-03-06 13:28:29 -08:00
Tuan Dang
7d495cfea5 Correct frontend email to username in AppLayout 2024-03-06 13:14:50 -08:00
Tuan Dang
2eca9d8200 Check again email traces 2024-03-06 12:40:27 -08:00
Tuan Dang
4d707eee8a Fix frontend type issues 2024-03-06 12:17:18 -08:00
Tuan Dang
76bd85efa7 Add user aliases concept and weave LDAP into it 2024-03-06 12:06:40 -08:00
Maidul Islam
d140e4f3c9 update bulk add message 2024-03-06 14:12:21 -05:00
Maidul Islam
80623c03f4 Merge pull request #1534 from akhilmhdh/fix/aws-global-cfg-integration
fix(server): removed global aws cred config in secret integration
2024-03-06 13:44:36 -05:00
Akhil Mohan
ed6c6e8d1e fix(server): removed global aws cred config in secret integration 2024-03-06 23:21:06 +05:30
Maidul Islam
7e044ad9ff Merge pull request #1518 from rhythmbhiwani/add-secrets-from-overview-page
Added Feature to Create Secrets and Folders in all envs from overview page
2024-03-06 10:26:34 -05:00
Daniel Hougaard
8f2b54514c Merge pull request #1517 from rhythmbhiwani/fix-rename-bug
Stop ability to rename a secret to empty name from frontend
2024-03-06 05:09:59 +01:00
Daniel Hougaard
5f5f46eddf Update secret-service.ts 2024-03-06 05:05:55 +01:00
Maidul Islam
3174896d37 update change log script 2024-03-05 14:22:53 -05:00
Maidul Islam
919e184305 update change log 2024-03-05 14:18:41 -05:00
Maidul Islam
c7d08745fc fetch tags manaully 2024-03-05 14:15:32 -05:00
Maidul Islam
d6d780a7b4 Update generate-release-changelog.yml 2024-03-05 14:13:11 -05:00
Maidul Islam
03e965ec5a add workflow dispatch option 2024-03-05 14:09:25 -05:00
Maidul Islam
cd0df2d617 update change log script 2024-03-05 14:06:09 -05:00
Maidul Islam
e72e6dd6ee Merge pull request #1526 from akhilmhdh/feat/migration-error-env
chore: made db connection uri in example to get value from POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD
2024-03-05 12:00:06 -05:00
Tuan Dang
327c5e2429 Update migration file to latest, remove git markers 2024-03-05 08:59:58 -08:00
Tuan Dang
f29dd6effa Fix merge conflicts 2024-03-05 08:54:24 -08:00
Maidul Islam
7987a1ea2b Merge pull request #1521 from rhythmbhiwani/show-org-name-in-init
Show organization name in `infisical init` command
2024-03-05 11:49:55 -05:00
Maidul Islam
e6036175c1 remove query param 2024-03-05 11:48:28 -05:00
Maidul Islam
171a70ddc1 remove slack webhook from change log script 2024-03-05 11:09:44 -05:00
Maidul Islam
a845f4ee5c update on gha for change long 2024-03-05 11:06:34 -05:00
Maidul Islam
71cd4425b4 Merge pull request #1530 from akhilmhdh/feat/changelog-generator
chore: added gpt based changelog generator
2024-03-05 11:02:41 -05:00
Akhil Mohan
deb22bf8ad chore: gave write permission to changelog generator action 2024-03-05 21:11:44 +05:30
Rhythm Bhiwani
8e25631fb0 Updated the docs 2024-03-05 16:14:20 +05:30
Rhythm Bhiwani
0912903e0d Added --value flag to secrets get command to return only value 2024-03-05 16:04:21 +05:30
Akhil Mohan
c873e2cba8 docs: updated secret rotation doc with images 2024-03-05 15:42:53 +05:30
Maidul Islam
1bc045a7fa update overview sendgrid 2024-03-05 15:42:53 +05:30
Akhil Mohan
533de93199 docs: improved secret rotation documentation with better understanding 2024-03-05 15:42:53 +05:30
Akhil Mohan
1b1a95ab78 chore: added gpt based changelog generator 2024-03-05 12:42:39 +05:30
Rhythm Bhiwani
cf4f26ab90 changed INFISICAL_TOKEN_NAME to INFISICAL_DEFAULT_URL in error messages 2024-03-05 03:46:52 +05:30
Rhythm Bhiwani
84249f535b Changed message for asking org 2024-03-05 03:46:10 +05:30
Rhythm Bhiwani
115b4664bf Fixed CLI issue of updating variables using infisical secrets set 2024-03-05 03:43:06 +05:30
Rhythm Bhiwani
c7bbe82f4a Reverted backend api changes
In CLI, now first asking org, then projects
2024-03-05 03:08:13 +05:30
Maidul Islam
d8d2741868 Merge pull request #1527 from Infisical/daniel/fix-learn-more
Fix: Learn more button
2024-03-04 11:19:58 -05:00
Daniel Hougaard
f45074a2dd Fix: Learn more button 2024-03-04 17:16:59 +01:00
Akhil Mohan
564b6b8ef6 chore: made db connection uri in example to get value from POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD 2024-03-04 14:50:32 +05:30
Akhil Mohan
fafd963a8a feat(ui): updated create secret form in overview to better ux 2024-03-04 14:32:53 +05:30
Akhil Mohan
9e38076d45 Merge pull request #1520 from rhythmbhiwani/remove-nested-anchor-tags
Changed <a> to <div> to avoid nested <a>
2024-03-04 11:58:32 +05:30
Maidul Islam
d3a6da187b add execute + polling interval 2024-03-03 23:59:40 -05:00
Rhythm Bhiwani
7a90fa472d Changed span to div 2024-03-03 15:05:04 +05:30
Rhythm Bhiwani
756c1e5098 Added populateOrgName param in /v1/workspace api which adds orgName and displayName in result
Updated the CLI to use this new paramter to display organization name with project name with support for backward compatibility keeping original behaviour for older apis
2024-03-03 12:12:25 +05:30
vmatsiiako
0dd34eae60 Update components.mdx 2024-03-02 13:39:15 -08:00
Maidul Islam
846e2f21cc Merge pull request #1519 from Grraahaam/fix/typo
chore(doc): fix typo
2024-03-02 16:36:26 -05:00
Rhythm Bhiwani
d8860e1ce3 Disabled submit button when renaming all keys if key name is empty 2024-03-03 02:49:35 +05:30
Rhythm Bhiwani
68296c1b99 Disabled submit button if secret name is empty 2024-03-03 01:37:49 +05:30
Rhythm Bhiwani
2192985291 Show organization name in infisical init command, to differentiate between projects of same name 2024-03-02 23:16:11 +05:30
Rhythm Bhiwani
16acace648 Change <a> to <span> to avoid nested <a> 2024-03-02 20:00:47 +05:30
Rhythm Bhiwani
e3e4a98cd6 changed share of red in error message 2024-03-02 19:46:04 +05:30
Rhythm Bhiwani
4afb20ad0d Added proper error message when secret name is empty while renaming 2024-03-02 19:44:20 +05:30
Grraahaam
60134cf8ac chore(doc): fix typo 2024-03-02 14:24:37 +01:00
Rhythm Bhiwani
22d5f97793 Added Feature to Create Secrets and Folders in all envs from overview page 2024-03-02 11:14:56 +05:30
Rhythm Bhiwani
3fa529dcb0 Added error message if name is empty 2024-03-02 09:30:03 +05:30
Rhythm Bhiwani
d12c4b7580 Stop ability to rename a secret to empty name from frontend 2024-03-02 09:21:46 +05:30
Tuan Dang
5feb942d79 Add API-level length restrictions to name and slug for organizations and projects 2024-03-01 19:04:42 -08:00
Rhythm Bhiwani
b6f3cf512e spacing made consistent 2024-03-02 06:57:36 +05:30
Rhythm Bhiwani
4dbee7df06 Added notification on success and failure renaming secret 2024-03-02 06:45:52 +05:30
Rhythm Bhiwani
323c412f5e Added Option to Rename Secrets from overview page in all environments 2024-03-02 06:41:32 +05:30
BlackMagiq
ae2706542c Merge pull request #1514 from Infisical/google-saml
Add support and docs for Google SAML
2024-03-01 17:00:35 -08:00
Tuan Dang
d5861493bf Add support and docs for Google SAML 2024-03-01 16:56:37 -08:00
Maidul Islam
53044f3d39 reduce ttl 2024-03-01 15:06:36 -05:00
Maidul Islam
93268f5767 increase license server ttl 2024-03-01 13:06:00 -05:00
Maidul Islam
318dedb987 Merge pull request #1513 from akhilmhdh/fix/delay-audit-log
feat(server): moved back audit log to queue now with keystore license
2024-03-01 12:36:22 -05:00
Akhil Mohan
291edf71aa feat(server): moved back audit log to queue now with keystore license 2024-03-01 23:01:18 +05:30
Maidul Islam
342665783e Merge pull request #1512 from akhilmhdh/fix/delay-audit-log
feat(server): changed license service to use redis cache keystore
2024-03-01 11:53:58 -05:00
Akhil Mohan
6a7241d7d1 feat(server): uninstalled node-cache 2024-03-01 22:20:25 +05:30
Akhil Mohan
51fb680f9c feat(server): changed license service to use redis cache keystore 2024-03-01 22:16:08 +05:30
Daniel Hougaard
0710c9a84a Merge pull request #1509 from rhythmbhiwani/fix-etag-hash-mistype
Fixed mistype from Hash to Etag to fix the cli issue
2024-03-01 17:31:09 +01:00
Maidul Islam
e46bce1520 Update requirements.mdx 2024-03-01 10:55:19 -05:00
Maidul Islam
3919393d33 Merge pull request #1510 from akhilmhdh/fix/audit-log-queue
fix(server): auditlog won't push if retention period is zero
2024-03-01 10:27:49 -05:00
Akhil Mohan
c8b7c37aee fix(server): identity login audit log fixed 2024-03-01 20:10:27 +05:30
Maidul Islam
2641fccce5 add etag field 2024-03-01 09:05:44 -05:00
Akhil Mohan
213f2ed29b fix(server): auditlog won't push if retention period is zero 2024-03-01 19:24:29 +05:30
Rhythm Bhiwani
4dcd000dd1 Fixed mistype from Hash to Etag to fix the cli issue 2024-03-01 17:43:47 +05:30
snyk-bot
c2fe6eb90c fix: upgrade posthog-js from 1.105.4 to 1.105.6
Snyk has created this PR to upgrade posthog-js from 1.105.4 to 1.105.6.

See this package in npm:
https://www.npmjs.com/package/posthog-js

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-03-01 09:12:34 +00:00
Maidul Islam
f64cb10282 Merge pull request #1505 from Infisical/daniel/agent-improvements
Feat: Agent exec and custom polling interval
2024-03-01 02:13:13 -05:00
Maidul Islam
a0ea2627ed change hash to etag 2024-03-01 02:11:50 -05:00
Maidul Islam
5c40b538af remove ExecuteCommandWithTimeout 2024-03-01 02:11:27 -05:00
Maidul Islam
8dd94a4e10 move ExecuteCommandWithTimeout to agent file 2024-03-01 02:11:03 -05:00
Maidul Islam
041c4a20a0 example config 2024-03-01 02:10:26 -05:00
Daniel Hougaard
4a2a5f42a8 Renamed to exec to execute, and cleanup 🧼 2024-03-01 07:26:31 +01:00
Daniel Hougaard
9fcdf17a04 Update agent.go 2024-03-01 07:17:27 +01:00
Daniel Hougaard
97ac8cb45a Update agent.go 2024-03-01 07:02:26 +01:00
Daniel Hougaard
e952659415 Update agent.go 2024-03-01 07:02:04 +01:00
Daniel Hougaard
1f3f061a06 Fix: Agent output 2024-03-01 06:46:09 +01:00
Daniel Hougaard
5096ce3bdc Feat: Agent improvements 2024-03-01 06:41:17 +01:00
BlackMagiq
621683f787 Merge pull request #1504 from Infisical/changelog
Update changelog to include updates for Feb
2024-02-29 19:19:37 -08:00
Tuan Dang
f63850e9e9 Add February updates to changelog 2024-02-29 19:17:58 -08:00
Maidul Islam
4ee0a2ec6c update mongo to postgres pin 2024-02-29 18:03:04 -05:00
Maidul Islam
9569d3971a update helm secrets def in docs 2024-02-29 18:01:57 -05:00
Maidul Islam
443b8f747b Update kubernetes-helm.mdx 2024-02-29 17:54:53 -05:00
Maidul Islam
803393c385 Update 20240226094411_instance-id.ts 2024-02-29 17:47:24 -05:00
Maidul Islam
8e95189fd2 Merge pull request #1500 from Infisical/snyk-upgrade-f77609d160bda3cea5e59890389a6fda
[Snyk] Upgrade posthog-node from 3.6.0 to 3.6.2
2024-02-29 17:40:32 -05:00
Maidul Islam
c5f38b6ade Merge pull request #1503 from Infisical/patch-super-user-migration
update admin config to  default uuid if it doesn't exist
2024-02-29 17:11:15 -05:00
Maidul Islam
30a1c5ac86 only add admin config if it doesn't exist 2024-02-29 17:01:03 -05:00
snyk-bot
bbad2ba047 fix: upgrade posthog-node from 3.6.0 to 3.6.2
Snyk has created this PR to upgrade posthog-node from 3.6.0 to 3.6.2.

See this package in npm:
https://www.npmjs.com/package/posthog-node

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-29 21:47:31 +00:00
Maidul Islam
1445df7015 Merge pull request #1498 from Infisical/patch-super-user-migration
patch super user migration
2024-02-29 16:35:56 -05:00
Maidul Islam
ae4a2089d5 ignore whole file 2024-02-29 16:30:58 -05:00
Maidul Islam
0b924b6e45 add ignore type script 2024-02-29 16:28:36 -05:00
Maidul Islam
1fcac4cadf ignore multi line eslint 2024-02-29 16:15:52 -05:00
Maidul Islam
155e315347 skip verify 2024-02-29 16:00:28 -05:00
Maidul Islam
3dce03180f patch super user migration 2024-02-29 15:35:54 -05:00
Maidul Islam
4748b546c2 Merge pull request #1497 from Infisical/add-cert-to-knex-command
Add postgres cert to migration knex command
2024-02-29 15:05:55 -05:00
Maidul Islam
96887cdbfa add cert support to knex migration 2024-02-29 14:37:01 -05:00
Maidul Islam
553b56e57e fix make down command from Makefile 2024-02-29 14:18:33 -05:00
Maidul Islam
a33f542647 Merge pull request #1493 from akhilmhdh/fix/dup-sec-del
fix(server): duplicate secret deletion made possible
2024-02-29 14:16:44 -05:00
Maidul Islam
06b03fc450 update fnSecretBlindIndexCheck function comment 2024-02-29 14:01:32 -05:00
Maidul Islam
031a834ab1 Merge pull request #1495 from Salman2301/feat-cloud-worker-path
feat: add support for secret path for cloud worker
2024-02-29 12:24:44 -05:00
Akhil Mohan
89e942fea3 Merge pull request #1496 from Infisical/tag-migration-guide
update mongo to postgres doc
2024-02-29 22:28:43 +05:30
Maidul Islam
3c0908a788 update mongo to postgres doc 2024-02-29 11:56:48 -05:00
Salman
14e42b7ff2 feat: add support for secret path for cloud worker 2024-02-29 21:40:19 +05:30
Maidul Islam
9476594978 Merge pull request #1494 from akhilmhdh/fix/migration-admin-bug
fix(pg-migrator): added uuid 0000 for admin config
2024-02-29 10:57:26 -05:00
Maidul Islam
02be9ebd5e Merge pull request #1492 from akhilmhdh/fix/create-tag 2024-02-29 09:03:18 -05:00
Akhil Mohan
eb29d1dc28 fix(pg-migrator): added uuid 0000 for admin config 2024-02-29 15:38:45 +05:30
Akhil Mohan
21d5c44ea1 fix(server): duplicate secret deletion made possible 2024-02-29 14:58:45 +05:30
Akhil Mohan
114a4b1412 fix(server): resolved broken create tag scoped to project 2024-02-29 13:02:09 +05:30
Daniel Hougaard
fb8c4bd415 Feat: Agent improvements 2024-02-29 07:12:30 +01:00
Daniel Hougaard
48bf41ac8c Update cli.go 2024-02-29 07:12:18 +01:00
Daniel Hougaard
1ad916a784 Feat: Agent improvements, Secrets state manager 2024-02-29 07:12:10 +01:00
Daniel Hougaard
c91456838e Update model.go 2024-02-29 07:12:01 +01:00
Daniel Hougaard
79efe64504 Feat: Agent improvements, get ETag from secrets request 2024-02-29 07:11:56 +01:00
Maidul Islam
cde8cef8b0 Merge pull request #1490 from 24601/patch-1
fix(helm-charts): standalone chart rbac fix for jobs
2024-02-28 22:41:27 -05:00
Maidul Islam
7207997cea update chart version 2024-02-28 22:40:15 -05:00
Basit Mustafa
aaabfb7870 fix(helm-charts): standalone chart rbac fix for jobs 2024-02-28 19:31:16 -07:00
Maidul Islam
40cb5c4394 Merge pull request #1326 from quinton11/feat/cli-export-with-tag-slugs
feat: cli export allow filtering with tags
2024-02-28 18:32:22 -05:00
vmatsiiako
60b73879df Update postgres.mdx 2024-02-28 14:40:04 -08:00
Maidul Islam
4339ef4737 Merge pull request #1485 from Infisical/snyk-upgrade-14579311c8ea1dfb5d579851318fccc5
[Snyk] Upgrade posthog-js from 1.104.4 to 1.105.4
2024-02-28 16:59:28 -05:00
Maidul Islam
d98669700d Merge pull request #1487 from nhedger/docs/docker
docs: improve docker page
2024-02-28 16:59:18 -05:00
Maidul Islam
162f339149 Merge pull request #1489 from Infisical/snyk-upgrade-978758f53696a9f0d6b71883b9614b0a
[Snyk] Upgrade aws-sdk from 2.1549.0 to 2.1553.0
2024-02-28 16:48:35 -05:00
Maidul Islam
d3eb0c4cc9 Merge pull request #1488 from Kiskadee-dev/patch-1
fix postgresql volume path on docker-compose.prod.yml
2024-02-28 16:35:15 -05:00
snyk-bot
4b4295f53d fix: upgrade aws-sdk from 2.1549.0 to 2.1553.0
Snyk has created this PR to upgrade aws-sdk from 2.1549.0 to 2.1553.0.

See this package in npm:
https://www.npmjs.com/package/aws-sdk

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-28 21:11:42 +00:00
Matheus Victor
6c4d193b12 Update docker-compose.prod.yml
/data/db doesn't seems to exist, would never persist data otherwise
2024-02-28 16:27:16 -03:00
Nicolas Hedger
d08d412f54 improve more 2024-02-28 20:21:43 +01:00
Nicolas Hedger
bb4810470f docs: rewording 2024-02-28 20:20:39 +01:00
Maidul Islam
24e9c0a39f Merge pull request #1486 from nhedger/docs/secrets
docs: fix typo
2024-02-28 14:07:00 -05:00
Nicolas Hedger
3161d0ee67 docs: fix typo 2024-02-28 20:01:57 +01:00
snyk-bot
8a7e18dc7c fix: upgrade posthog-js from 1.104.4 to 1.105.4
Snyk has created this PR to upgrade posthog-js from 1.104.4 to 1.105.4.

See this package in npm:
https://www.npmjs.com/package/posthog-js

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-28 18:49:06 +00:00
Maidul Islam
0497c3b49e Merge pull request #1484 from akhilmhdh/feat/i18n-removal
feat(ui): secret blind index banner in secret main page and removed i18n to keep only english for now
2024-02-28 11:09:35 -05:00
Salman
db9f21be87 fix: add input max length for org and project name 2024-02-28 15:59:23 +05:30
Akhil Mohan
e6a89fb9d0 feat(ui): secret blind index banner in secret main page and removed i18n translations for now by keeping en as only option 2024-02-28 14:47:50 +05:30
Salman
449617d271 fix: truncate too long proj or org name 2024-02-28 14:38:13 +05:30
Maidul Islam
d9828db2ec update gamma helm values 2024-02-27 18:51:36 -05:00
Maidul Islam
f11efc9e3f Merge pull request #1461 from Infisical/snyk-upgrade-430437d73f24d5cfbeaa8f5f8f1fa7dc
[Snyk] Upgrade posthog-js from 1.103.0 to 1.104.4
2024-02-27 18:43:09 -05:00
Maidul Islam
32bad10c0e Merge branch 'main' into snyk-upgrade-430437d73f24d5cfbeaa8f5f8f1fa7dc 2024-02-27 18:43:03 -05:00
Maidul Islam
41064920f7 Merge pull request #1465 from Infisical/snyk-upgrade-29c4ba3e253755510159e658916d2c3f
[Snyk] Upgrade @fastify/cookie from 9.2.0 to 9.3.1
2024-02-27 18:41:33 -05:00
Maidul Islam
8d8e23add2 Merge pull request #1471 from akhilmhdh/feat/telemetry-aggregation
Telemetry stats event for self hosted instance on midnight
2024-02-27 18:36:29 -05:00
Maidul Islam
a2a959cc32 disable telemetry for local dev by default 2024-02-27 18:26:15 -05:00
Maidul Islam
d6cde48181 set posthog flush to zero and fix typos 2024-02-27 18:23:24 -05:00
Maidul Islam
23966c12e2 Merge pull request #1482 from Infisical/daniel/fix-invite-all-members
Fix: Invite all members to project when there are no members to invite
2024-02-27 17:38:52 -05:00
Daniel Hougaard
2a233ea43c Fix: Inviting all members when there's only 1 user in the organization 2024-02-27 23:15:40 +01:00
Maidul Islam
fe497d87c0 add INFISICAL_CLOUD env back from old backend 2024-02-27 16:38:18 -05:00
Tuan Dang
3641875b24 Update LDAP permissioning, styling of org auth section 2024-02-27 11:36:35 -08:00
Maidul Islam
0c3060e1c6 Merge pull request #1477 from Infisical/daniel/upgrade-transparency
Chore: Project upgrade notice
2024-02-27 13:47:36 -05:00
Maidul Islam
5d64398e58 add more clarity to e2ee notice 2024-02-27 13:45:31 -05:00
Daniel Hougaard
2f6f713c98 Better phrasing 2024-02-27 19:19:17 +01:00
Maidul Islam
4f47d43801 Merge pull request #1479 from Infisical/snyk-fix-46ae40ea09c96f3a158e662824e76ed8
[Snyk] Security upgrade bullmq from 5.1.6 to 5.3.3
2024-02-27 12:17:35 -05:00
snyk-bot
6cf9a83c16 fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
2024-02-27 08:51:09 +00:00
vmatsiiako
c3adc8b188 Update overview.mdx 2024-02-26 22:31:07 -08:00
Maidul Islam
a723c456aa Update Chart.yaml 2024-02-27 01:26:47 -05:00
Maidul Islam
c455ef7ced Update values.yaml 2024-02-27 01:26:28 -05:00
Maidul Islam
f9d0680dc3 Update Chart.yaml 2024-02-27 01:24:06 -05:00
Maidul Islam
7a4e8b8c32 Update values.yaml 2024-02-27 01:23:35 -05:00
Maidul Islam
8e83b0f2dd npm install backend 2024-02-27 01:13:00 -05:00
Maidul Islam
59c6837071 Update faq.mdx 2024-02-27 00:48:32 -05:00
Maidul Islam
d4d23e06a8 Merge pull request #1478 from Infisical/mongo-to-postgres-guide
Mongo to postgres guide
2024-02-27 00:43:58 -05:00
Maidul Islam
9d202e8501 add additional discussion 2024-02-27 00:43:36 -05:00
Maidul Islam
1f9f15136e mongo to postgres guide 2024-02-27 00:35:41 -05:00
Daniel Hougaard
5d71b02f8d Fix: Add learn more to both alerts 2024-02-27 06:01:22 +01:00
Daniel Hougaard
9d2a0f1d54 Chore: Add notice link 2024-02-27 05:55:11 +01:00
Daniel Hougaard
0f4da61aaa Docs: Upgrade notice 2024-02-27 05:54:56 +01:00
BlackMagiq
26abb7d89f Merge pull request #1476 from Infisical/ldap-docs
Update docs for LDAP
2024-02-26 20:48:21 -08:00
Tuan Dang
892a25edfe Update docs for LDAP 2024-02-26 20:47:20 -08:00
Tuan Dang
a04a9a1bd3 Fix frontend lint issues 2024-02-26 20:21:09 -08:00
Tuan Dang
04d729df92 Update seed username 2024-02-26 20:05:40 -08:00
Tuan Dang
5ca1b1d77e Fix type/lint issues 2024-02-26 20:01:44 -08:00
Tuan Dang
2d9526ad8d Fix type/lint issues 2024-02-26 20:01:30 -08:00
Tuan Dang
768cc64af6 Fix merge conflicts 2024-02-26 18:28:13 -08:00
Tuan Dang
a28431bfe7 Finish preliminary LDAP 2024-02-26 17:42:32 -08:00
Tuan Dang
91068229bf Minor LDAP patches, docs for JumpCloud LDAP 2024-02-26 17:04:01 -08:00
Maidul Islam
082a533cfa Update Chart.yaml 2024-02-26 17:19:48 -05:00
Maidul Islam
d71a8a35e5 increase resource limits more 2024-02-26 17:19:38 -05:00
Maidul Islam
59585dfea9 Merge pull request #1474 from Infisical/daniel/failed-decryption-log
Fix: Add detailed decryption error logging
2024-02-26 16:49:52 -05:00
Daniel Hougaard
514304eed0 Fix: Add detailed decryption error logging 2024-02-26 22:19:54 +01:00
Maidul Islam
a0fc9e534c Update Chart.yaml 2024-02-26 16:10:02 -05:00
Maidul Islam
73323c0343 update resource limits 2024-02-26 16:09:21 -05:00
BlackMagiq
98cd71d421 Merge pull request #1473 from Infisical/ldap-docs
Add docs for LDAP
2024-02-26 10:51:48 -08:00
Tuan Dang
ae6157dd78 Add docs for LDAP 2024-02-26 10:49:30 -08:00
Tuan Dang
9ba4b939a4 Add orgId to reuse login1/login2 logic for LDAP 2nd step login 2024-02-26 10:41:44 -08:00
Maidul Islam
4bf7e8bbd1 add ingress back to helm 2024-02-26 13:01:57 -05:00
Akhil Mohan
6891d309da Merge pull request #1467 from Trugamr/fix/1422-verify-email-loading
fix(signup): set send verification email button loading state
2024-02-26 19:56:51 +05:30
Akhil Mohan
3b9ceff21c refactor(server): updated all telemetry send events to await as changed to async 2024-02-26 19:52:38 +05:30
Akhil Mohan
d64d935d7d feat(server): added telemetry queue for self hosted to upload instance stats to posthog on midnight 2024-02-26 19:52:38 +05:30
Akhil Mohan
8aaed739d5 feat(server): resolved a possible race condition on replication on frest first boot up and fixed making values optional on create rows for generate schema 2024-02-26 19:52:38 +05:30
Akhil Mohan
7d8b399102 feat(server): added keystore and made server cfg fetch from keystore to avoid db calls 2024-02-26 19:52:38 +05:30
Maidul Islam
1cccbca0c5 Merge pull request #1466 from Trugamr/fix/contributing-guide-link
Fix broken contributing guide link
2024-02-26 08:54:53 -05:00
Akhil Mohan
2c2e1f5d2e Merge pull request #1470 from Infisical/scroll-rotation-fix
fix scrolling issue in rotation modal
2024-02-26 13:43:48 +05:30
Vladyslav Matsiiako
6946f3901c fix scrolling issue in rotation modal 2024-02-26 00:03:41 -08:00
Tuan Dang
1c088b3a58 Merge remote-tracking branch 'origin' into ldap 2024-02-25 18:24:28 -08:00
Tuan Dang
a33c50b75a Adjust SCIM and SAML impl to use username / nameID, patch LDAP edge-cases 2024-02-25 18:16:26 -08:00
Maidul Islam
82a7010e29 Update envars.mdx 2024-02-25 14:47:04 -05:00
Maidul Islam
a1e763fa28 Update kubernetes-helm.mdx 2024-02-25 14:42:10 -05:00
Maidul Islam
0992117173 add pull policy to docker compose 2024-02-25 14:12:19 -05:00
Maidul Islam
9419884a26 Merge pull request #1468 from radhakrisri/main
Wait for db service to be healthy before kicking off db-migration and backend services
2024-02-25 14:10:44 -05:00
Radha Krishna. S
850f3a347c Wait for db service to be healthy before kicking off db-migration and backend services 2024-02-25 12:33:42 -06:00
Trugamr
4c9101d18d fix(signup): set send verification email button loading state
Set loading state for button based on send verification email mutation state

fix #1422
2024-02-25 14:58:08 +05:30
Shivam Dua
06e8e90ad5 Fix broken contributing guide link 2024-02-25 13:52:40 +05:30
Tuan Dang
8c31566e17 Update various SSO / SAML auth methods to support username 2024-02-24 22:17:51 -08:00
snyk-bot
1594165768 fix: upgrade @fastify/cookie from 9.2.0 to 9.3.1
Snyk has created this PR to upgrade @fastify/cookie from 9.2.0 to 9.3.1.

See this package in npm:
https://www.npmjs.com/package/@fastify/cookie

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-25 03:14:18 +00:00
snyk-bot
29d91d83ab fix: upgrade posthog-js from 1.103.0 to 1.104.4
Snyk has created this PR to upgrade posthog-js from 1.103.0 to 1.104.4.

See this package in npm:
https://www.npmjs.com/package/posthog-js

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-24 04:51:43 +00:00
Maidul Islam
fdd79c0568 Update kubernetes-helm.mdx 2024-02-23 21:41:48 -05:00
Maidul Islam
4ef8abdb00 Merge pull request #1460 from Infisical/postgres-helm
Add helm chart with postgres + many other docs changes
2024-02-23 21:25:12 -05:00
Maidul Islam
46f0fb7a41 add helm with postgres + docs 2024-02-23 21:20:58 -05:00
Tuan Dang
bfee74ff4e Add username field to users 2024-02-23 17:30:49 -08:00
Tuan Dang
97a7b66c6c Fix merge conflicts 2024-02-23 10:40:27 -08:00
Maidul Islam
2142f5736c Merge pull request #1454 from Infisical/snyk-upgrade-adb30694539efb19ffe3e73890bb6b8e
[Snyk] Upgrade aws-sdk from 2.1545.0 to 2.1549.0
2024-02-23 13:39:50 -05:00
Maidul Islam
ce764d70ad Merge branch 'main' into snyk-upgrade-adb30694539efb19ffe3e73890bb6b8e 2024-02-23 13:39:43 -05:00
Maidul Islam
c2d0ddb2fc Merge pull request #1455 from Infisical/snyk-upgrade-d2de299aecc7f7e0bc3f4806027b63db
[Snyk] Upgrade @aws-sdk/client-secrets-manager from 3.502.0 to 3.504.0
2024-02-23 13:38:39 -05:00
Maidul Islam
7ba9588509 Merge pull request #1456 from Infisical/snyk-upgrade-321e83ad66200d3a9986ba215332d07e
[Snyk] Upgrade axios from 1.6.4 to 1.6.7
2024-02-23 13:38:24 -05:00
Maidul Islam
cddb09e031 Merge pull request #1457 from Infisical/snyk-upgrade-ef9af10ff1fb4ccb502ef71e8db6e32a
[Snyk] Upgrade dotenv from 16.3.1 to 16.4.1
2024-02-23 13:38:13 -05:00
Maidul Islam
046dc83638 Merge pull request #1458 from Infisical/snyk-upgrade-79bce0f7942398d32958cc208d2bf3d9
[Snyk] Upgrade @fastify/cors from 8.4.1 to 8.5.0
2024-02-23 13:38:00 -05:00
Tuan Dang
639c78358f Add docs for LDAP 2024-02-23 10:33:48 -08:00
Tuan Dang
5053069bfc Finish frame for LDAP auth 2024-02-23 10:00:30 -08:00
snyk-bot
320074ef6c fix: upgrade @fastify/cors from 8.4.1 to 8.5.0
Snyk has created this PR to upgrade @fastify/cors from 8.4.1 to 8.5.0.

See this package in npm:
https://www.npmjs.com/package/@fastify/cors

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-23 17:54:12 +00:00
snyk-bot
e780ee6573 fix: upgrade dotenv from 16.3.1 to 16.4.1
Snyk has created this PR to upgrade dotenv from 16.3.1 to 16.4.1.

See this package in npm:
https://www.npmjs.com/package/dotenv

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-23 17:54:08 +00:00
snyk-bot
a5a881c382 fix: upgrade axios from 1.6.4 to 1.6.7
Snyk has created this PR to upgrade axios from 1.6.4 to 1.6.7.

See this package in npm:
https://www.npmjs.com/package/axios

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-23 17:54:04 +00:00
snyk-bot
200d4a5af6 fix: upgrade @aws-sdk/client-secrets-manager from 3.502.0 to 3.504.0
Snyk has created this PR to upgrade @aws-sdk/client-secrets-manager from 3.502.0 to 3.504.0.

See this package in npm:
https://www.npmjs.com/package/@aws-sdk/client-secrets-manager

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-23 17:54:00 +00:00
snyk-bot
07318ec54b fix: upgrade aws-sdk from 2.1545.0 to 2.1549.0
Snyk has created this PR to upgrade aws-sdk from 2.1545.0 to 2.1549.0.

See this package in npm:
https://www.npmjs.com/package/aws-sdk

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-23 17:53:57 +00:00
Maidul Islam
92d237a714 Merge pull request #1452 from Infisical/snyk-fix-619f8d103918c8185c0381a3771a208f
[Snyk] Security upgrade sanitize-html from 2.11.0 to 2.12.1
2024-02-23 09:49:03 -05:00
Maidul Islam
6ef988fa86 Merge pull request #1444 from akhilmhdh/feat/telemetry-new-fields
feat(telemetry): added new telemetry events
2024-02-23 09:48:42 -05:00
snyk-bot
70822d0d98 fix: frontend/package.json & frontend/package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
2024-02-23 11:28:36 +00:00
Akhil Mohan
e91499b301 feat(telemetry): updated telemetry distinct id to use service token from secrets one 2024-02-23 13:22:53 +05:30
Akhil Mohan
92acb4d943 feat(telemetry): fixed typo in filename lib/telemetry and capitalized new posthog event names 2024-02-23 13:19:16 +05:30
Akhil Mohan
76daa20d69 feat(telemetry): added telemetry events for creation of integration,project,machine identity and user invitation to org 2024-02-23 13:19:16 +05:30
Maidul Islam
a231813f01 Merge pull request #1445 from Nithishvb/fix-uppercase-member-search 2024-02-23 01:02:01 -05:00
Maidul Islam
3eb2bdb191 Merge pull request #1447 from Infisical/daniel/show-upgrade-to-everyone
(style): Show upgrade alert to all users
2024-02-22 22:31:05 -05:00
Daniel Hougaard
cadf6e1157 Update UpgradeOverlay.tsx 2024-02-23 01:13:26 +01:00
Daniel Hougaard
ceb7fafc06 Update UpgradeProjectAlert.tsx 2024-02-23 01:12:22 +01:00
Daniel Hougaard
3063bb9982 Update UpgradeProjectAlert.tsx 2024-02-23 01:12:02 +01:00
Maidul Islam
3d82a43615 Merge pull request #1446 from Infisical/daniel/ghost-users-fixes
(Fix): Project upgrade
2024-02-22 17:20:44 -05:00
Daniel Hougaard
028541a18a Update project-membership-service.ts 2024-02-22 23:18:32 +01:00
Daniel Hougaard
66a631ff46 Update SecretOverviewPage.tsx 2024-02-22 23:16:21 +01:00
Daniel Hougaard
28adb8f0ac Re-add upgrade popup 2024-02-22 23:12:41 +01:00
Daniel Hougaard
5c988c2cd5 Docs 2024-02-22 23:07:07 +01:00
Daniel Hougaard
acf8a54abb Fix service tokens not working after upgrade 2024-02-22 23:06:55 +01:00
Daniel Hougaard
387094aa27 Allow deleting project members even on V1 projects 2024-02-22 23:06:24 +01:00
Maidul Islam
4251e95c15 Merge pull request #1435 from Salman2301/fix-typo-doc-port
docs(sdk): fix typo PORT
2024-02-22 16:26:23 -05:00
Maidul Islam
f4386c2d93 Merge pull request #1443 from akhilmhdh/fix/service-token-email-telemetry
fix(telemetry): added back email for telemetry when using service token
2024-02-22 16:23:00 -05:00
Maidul Islam
ff4b943854 fix admin signup phrasing 2024-02-22 16:04:12 -05:00
Maidul Islam
879a5ecfac Merge pull request #1389 from Salman2301/feat-admin-signup
Add admin invite only signup field
2024-02-22 15:39:06 -05:00
Maidul Islam
a831a7d848 small typos and update migration timestamp 2024-02-22 15:35:09 -05:00
Maidul Islam
3138784d1a Merge branch 'main' into feat-admin-signup 2024-02-22 15:13:28 -05:00
Maidul Islam
0b258e3918 make clear service token with null creator 2024-02-22 15:06:00 -05:00
Maidul Islam
d0545a01b9 Merge pull request #1436 from Infisical/snyk-upgrade-12de5d06bf0c091610dcb9c1c21ef687
[Snyk] Upgrade mysql2 from 3.6.5 to 3.9.1
2024-02-22 14:46:59 -05:00
Maidul Islam
d71398344f Merge pull request #1437 from Infisical/snyk-upgrade-28f9cfd389af9a9d16a7b1f08b87f2b4
[Snyk] Upgrade bullmq from 5.1.1 to 5.1.6
2024-02-22 14:46:46 -05:00
Maidul Islam
25e3cc047b Merge pull request #1438 from Infisical/snyk-upgrade-69ae80b8287feeb813ee50b31af31ab0
[Snyk] Upgrade zod-to-json-schema from 3.22.0 to 3.22.4
2024-02-22 14:46:36 -05:00
Maidul Islam
17149de567 Merge pull request #1439 from Infisical/snyk-upgrade-a58302f2598bcda51b89dcf7293bd0ad
[Snyk] Upgrade @fastify/swagger from 8.12.0 to 8.14.0
2024-02-22 14:46:23 -05:00
Maidul Islam
cca2fb7ff5 Merge pull request #1440 from Infisical/snyk-upgrade-d48144dd89e80fb18b02fe45b4dfd7c8
[Snyk] Upgrade fastify from 4.24.3 to 4.26.0
2024-02-22 14:46:12 -05:00
Nithish
f1f2d62993 fix: access member returns empty results when search using upper case letters. 2024-02-22 22:32:58 +05:30
Akhil Mohan
be49de5f34 fix(telemetry): added back email for telemetry when using service token 2024-02-22 17:09:33 +05:30
Maidul Islam
acfa89ba8b fix typo 2024-02-22 05:01:50 -05:00
Maidul Islam
389ec85554 Merge pull request #1442 from akhilmhdh/ci/frontend-ts-check
chore: added type and lint check for frontend ci/cd
2024-02-22 04:54:23 -05:00
Maidul Islam
2a6b0efe22 Merge pull request #1441 from Infisical/update-self-host-config-docker-compose
Update self host config docker compose
2024-02-22 04:45:59 -05:00
Maidul Islam
74d9a76f75 update self config/docker guide 2024-02-22 04:42:39 -05:00
Maidul Islam
9c67d43ebe remove upgrade popup 2024-02-22 03:27:41 -05:00
Akhil Mohan
d8f3531b50 chore: added type and lint check for frontend 2024-02-22 13:28:07 +05:30
snyk-bot
57be73c17e fix: upgrade fastify from 4.24.3 to 4.26.0
Snyk has created this PR to upgrade fastify from 4.24.3 to 4.26.0.

See this package in npm:
https://www.npmjs.com/package/fastify

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-22 07:47:03 +00:00
snyk-bot
a10129e750 fix: upgrade @fastify/swagger from 8.12.0 to 8.14.0
Snyk has created this PR to upgrade @fastify/swagger from 8.12.0 to 8.14.0.

See this package in npm:
https://www.npmjs.com/package/@fastify/swagger

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-22 07:46:59 +00:00
snyk-bot
adc10cf675 fix: upgrade zod-to-json-schema from 3.22.0 to 3.22.4
Snyk has created this PR to upgrade zod-to-json-schema from 3.22.0 to 3.22.4.

See this package in npm:
https://www.npmjs.com/package/zod-to-json-schema

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-22 07:46:55 +00:00
snyk-bot
49f7780e52 fix: upgrade bullmq from 5.1.1 to 5.1.6
Snyk has created this PR to upgrade bullmq from 5.1.1 to 5.1.6.

See this package in npm:
https://www.npmjs.com/package/bullmq

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-22 07:46:52 +00:00
snyk-bot
26482c6b0a fix: upgrade mysql2 from 3.6.5 to 3.9.1
Snyk has created this PR to upgrade mysql2 from 3.6.5 to 3.9.1.

See this package in npm:
https://www.npmjs.com/package/mysql2

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-22 07:46:48 +00:00
Maidul Islam
1cf9aaeb1b Merge pull request #1400 from Infisical/daniel/ghost-users-full
(Feat): Interacting with projects programmatically
2024-02-22 02:40:48 -05:00
Akhil Mohan
fed022ed09 feat: removed unused inviteSignup flag 2024-02-22 13:09:51 +05:30
Salman K.A.A
64fbe4161c docs(sdk): fix typo PORT 2024-02-22 12:27:04 +05:30
Daniel Hougaard
bbe769a961 Increase SV migrate to 1000 & add billing page to Gamma 2024-02-22 07:30:26 +01:00
Maidul Islam
45772f0108 add envs 2024-02-22 01:27:02 -05:00
Daniel Hougaard
31cc3ece0c Update srp.ts 2024-02-22 07:01:03 +01:00
Daniel Hougaard
52cfa1ba39 Update UpgradeOverlay.tsx 2024-02-22 06:29:27 +01:00
Maidul Islam
d9888f9dd1 envars update + docker standalone 2024-02-22 00:13:21 -05:00
Daniel Hougaard
4553c6bb37 Update scim-service.ts 2024-02-22 05:02:37 +01:00
Daniel Hougaard
554f0cfd00 Fix backend test 2024-02-22 05:00:40 +01:00
Daniel Hougaard
0a5112d302 Update run-backend-tests.yml 2024-02-22 05:00:40 +01:00
Daniel Hougaard
bdb0ed3e5e Removed redundantcies 2024-02-22 05:00:40 +01:00
Daniel Hougaard
7816d8593e Final changes 2024-02-22 05:00:40 +01:00
Daniel Hougaard
816c793ae3 Update index.tsx 2024-02-22 05:00:40 +01:00
Daniel Hougaard
9f0d09f8ed Update seed-data.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
2cbd2ee75f Update project-router.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
368974cf01 Moved 2024-02-22 05:00:40 +01:00
Daniel Hougaard
8be976a694 Get last 700 secret versions instead of 100 2024-02-22 05:00:40 +01:00
Daniel Hougaard
cab47d0b98 Update project-queue.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
aa81711824 Fixed integrations & bulk update issue 2024-02-22 05:00:40 +01:00
Daniel Hougaard
10fbb99a15 Refactor migration to work with conflict/merge update logic 2024-02-22 05:00:40 +01:00
Daniel Hougaard
4657985468 Update project-service.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
68ac1d285a Improved polling 2024-02-22 05:00:40 +01:00
Daniel Hougaard
fe7524fca1 Requested changes 2024-02-22 05:00:40 +01:00
Daniel Hougaard
bf9b47ad66 Requested changes 2024-02-22 05:00:40 +01:00
Daniel Hougaard
8e49825e16 Cleanup 2024-02-22 05:00:40 +01:00
Daniel Hougaard
27b4749205 More tests 2024-02-22 05:00:40 +01:00
Daniel Hougaard
5b1f07a661 Move migration to latest 2024-02-22 05:00:40 +01:00
Daniel Hougaard
50128bbac6 Test decrypt fix 2024-02-22 05:00:40 +01:00
Daniel Hougaard
debf80cfdc More 2024-02-22 05:00:40 +01:00
Daniel Hougaard
4ab47ca175 Fix for "random" crash on creation 2024-02-22 05:00:40 +01:00
Daniel Hougaard
021413fbd9 Update project-router.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
8a39276e04 Fix for commonJS 2024-02-22 05:00:40 +01:00
Daniel Hougaard
b5e64bc8b8 Update srp.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
faa842c3d2 Revert seed 2024-02-22 05:00:40 +01:00
Daniel Hougaard
28b24115b7 Move check to inside service 2024-02-22 05:00:40 +01:00
Daniel Hougaard
198dc05753 Allow getting bot, but not creating 2024-02-22 05:00:40 +01:00
Daniel Hougaard
178492e9bd Add logger to avoid crash 2024-02-22 05:00:40 +01:00
Daniel Hougaard
fb9cdb591c Error renaming 2024-02-22 05:00:40 +01:00
Daniel Hougaard
4c5100de6b Update project-key-service.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
b587e6a4a1 Update models.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
773756d731 Add transaction support 2024-02-22 05:00:40 +01:00
Daniel Hougaard
9efece1f01 Update models.ts 2024-02-22 05:00:40 +01:00
Daniel Hougaard
bb6e8b1a51 Finished migration 2024-02-22 05:00:40 +01:00
Daniel Hougaard
0f98fc94f0 Ghost user and migration finished! 2024-02-22 05:00:40 +01:00
Daniel Hougaard
7f1963f1ac Update index.ts 2024-02-22 05:00:39 +01:00
Daniel Hougaard
6064c393c6 Ghost 2024-02-22 05:00:39 +01:00
Daniel Hougaard
0cecf05a5b Fix project seed (seeds old projects that can be upgraded) 2024-02-22 05:00:39 +01:00
Daniel Hougaard
dc6497f9eb Update licence-fns.ts 2024-02-22 05:00:39 +01:00
Daniel Hougaard
e445970f36 More gohst user 2024-02-22 05:00:35 +01:00
Daniel Hougaard
c33741d588 Ghost user WIP 2024-02-22 05:00:26 +01:00
Daniel Hougaard
5dfc84190d Update bot-router.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
a1d11c0fcd Fixes 2024-02-22 05:00:26 +01:00
Daniel Hougaard
863bbd420c Added DAL methods 2024-02-22 05:00:26 +01:00
Daniel Hougaard
4b37b2afba Wired most of the frontend to support ghost users 2024-02-22 05:00:26 +01:00
Daniel Hougaard
a366dbb16d Ghost user! 2024-02-22 05:00:26 +01:00
Daniel Hougaard
423ad49490 Helper functions for adding workspace members on serverside 2024-02-22 05:00:26 +01:00
Daniel Hougaard
2a4bda481d Crypto stuff 2024-02-22 05:00:26 +01:00
Daniel Hougaard
5b550a97a1 TS erros 2024-02-22 05:00:26 +01:00
Daniel Hougaard
0fa0e4eb0f Ghost user migration 2024-02-22 05:00:26 +01:00
Daniel Hougaard
65e3f0ec95 Update 3-project.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
c20f6e51ae Update project-router.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
cee8ead78a Update org-dal.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
82fe0bb5c4 Update project-bot-service.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
0b7efa57be Proper update project endpoint 2024-02-22 05:00:26 +01:00
Daniel Hougaard
9c11226b71 Renaming 2024-02-22 05:00:26 +01:00
Daniel Hougaard
ae3606c9fb Optional slug on create project 2024-02-22 05:00:26 +01:00
Daniel Hougaard
a0e25b8ea2 Describe 2024-02-22 05:00:26 +01:00
Daniel Hougaard
0931a17af5 Convert check to a standalone DAL operation 2024-02-22 05:00:26 +01:00
Daniel Hougaard
c16bf2afdb Removed unused invite-signup endpoint (finally) 2024-02-22 05:00:26 +01:00
Daniel Hougaard
04b4e80dd1 Documentation 2024-02-22 05:00:26 +01:00
Daniel Hougaard
f178220c5a Documentation 2024-02-22 05:00:26 +01:00
Daniel Hougaard
ed353d3263 Extra 2024-02-22 05:00:26 +01:00
Daniel Hougaard
ec6ec8813e Moved 2024-02-22 05:00:26 +01:00
Daniel Hougaard
3ea529d525 Update srp.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
f35f10558b Get last 700 secret versions instead of 100 2024-02-22 05:00:26 +01:00
Daniel Hougaard
28287b8ed4 Update project-queue.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
0f3ec51d14 Update project-queue.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
75813deb81 Fixed integrations & bulk update issue 2024-02-22 05:00:26 +01:00
Maidul Islam
66e57d5d11 correct error log 2024-02-22 05:00:26 +01:00
Daniel Hougaard
fb2a213214 Refactor migration to work with conflict/merge update logic 2024-02-22 05:00:26 +01:00
Vladyslav Matsiiako
c0b11b8350 improve the styling of the project upgrade banner 2024-02-22 05:00:26 +01:00
Daniel Hougaard
bea24d9654 Remove rate limiter 2024-02-22 05:00:26 +01:00
Daniel Hougaard
a7bc62f8e4 Akhil requested changes 2024-02-22 05:00:26 +01:00
Daniel Hougaard
2ef7e8f58e Improved invite user to project (even though this function isn't actually used.) 2024-02-22 05:00:26 +01:00
Daniel Hougaard
41d3b9314e Throw before completion (FOR TESTING!) 2024-02-22 05:00:26 +01:00
Daniel Hougaard
1e9d49008b Update project-service.ts 2024-02-22 05:00:26 +01:00
Daniel Hougaard
49d07a6762 Fixed versioning bug 2024-02-22 05:00:26 +01:00
Daniel Hougaard
9ce71371a9 cx -> twMerge 2024-02-22 05:00:26 +01:00
Daniel Hougaard
c1c66da92b Improved polling 2024-02-22 05:00:26 +01:00
Daniel Hougaard
4121c1d573 Requested changes 2024-02-22 05:00:26 +01:00
Daniel Hougaard
108f3cf117 Requested changes 2024-02-22 05:00:26 +01:00
Daniel Hougaard
a6e263eded Requested changes 2024-02-22 05:00:26 +01:00
Daniel Hougaard
419916ee0c Block secret mutations during upgrade 2024-02-22 05:00:25 +01:00
Daniel Hougaard
f7e6a96a02 Cleanup 2024-02-22 05:00:25 +01:00
Daniel Hougaard
b0356ba941 More tests 2024-02-22 05:00:25 +01:00
Daniel Hougaard
7ea5323a37 Update project-queue.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
23e198d891 Update UpgradeProjectAlert.tsx 2024-02-22 05:00:25 +01:00
Daniel Hougaard
9f9849ccfd Move migration to latest 2024-02-22 05:00:25 +01:00
Daniel Hougaard
0c53eb8e22 Test decrypt fix 2024-02-22 05:00:25 +01:00
Daniel Hougaard
9b62937db2 More 2024-02-22 05:00:25 +01:00
Daniel Hougaard
ebb8d632c4 Fix for "random" crash on creation 2024-02-22 05:00:25 +01:00
Daniel Hougaard
43aae87fb0 Update project-router.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
3415514fde Update project-router.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
c0e0ddde76 Update project-router.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
39ae66a84f Update project-router.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
e8ec5b8b49 Update check-api-for-breaking-changes.yml 2024-02-22 05:00:25 +01:00
Daniel Hougaard
592271de3b Fix for commonJS 2024-02-22 05:00:25 +01:00
Daniel Hougaard
5680b984cf Update srp.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
f378d6cc2b Update srp.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
04c12d9a75 Revert seed 2024-02-22 05:00:25 +01:00
Daniel Hougaard
31b5f779fb Frontend bot logic 2024-02-22 05:00:25 +01:00
Daniel Hougaard
bb92cef764 Fix dummy signup project to support V2 2024-02-22 05:00:25 +01:00
Daniel Hougaard
6090f86b74 Move check to inside service 2024-02-22 05:00:25 +01:00
Daniel Hougaard
8c3569a047 Check if project is v2 before allowing a bot to be created 2024-02-22 05:00:25 +01:00
Daniel Hougaard
6fa11fe637 Allow getting bot, but not creating 2024-02-22 05:00:25 +01:00
Daniel Hougaard
9287eb7031 Increase random size 2024-02-22 05:00:25 +01:00
Daniel Hougaard
e54b261c0f Add new routes 2024-02-22 05:00:25 +01:00
Daniel Hougaard
60747b10b6 Error renaming 2024-02-22 05:00:25 +01:00
Daniel Hougaard
bf278355c4 Delete membership by email 2024-02-22 05:00:25 +01:00
Daniel Hougaard
d3d429db37 Delete membership by email 2024-02-22 05:00:25 +01:00
Daniel Hougaard
f2dcc83a56 New doc routes 2024-02-22 05:00:25 +01:00
Daniel Hougaard
26576b6bcd Update project-membership-types.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
4cca82c3c8 New service for deleting memberships by email 2024-02-22 05:00:25 +01:00
Daniel Hougaard
1b82a157cc Find membership by email 2024-02-22 05:00:25 +01:00
Daniel Hougaard
5409cffe33 Update project-key-service.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
45327f10b1 Update project-bot-service.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
37645ba126 Update project-router.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
858b49d766 Add delete memberships by email 2024-02-22 05:00:25 +01:00
Daniel Hougaard
a3a1a0007d Add auth methods 2024-02-22 05:00:25 +01:00
Daniel Hougaard
075f457bd1 Update models.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
5156971d75 Add feature flag for showing upgrade project modal 2024-02-22 05:00:25 +01:00
Daniel Hougaard
8f3de3cc90 Small UI fixes on approvals page (color and capitalization and spelling) 2024-02-22 05:00:25 +01:00
Daniel Hougaard
69cba4e6c7 Make alert only visible to admins and add reloading on completion 2024-02-22 05:00:25 +01:00
Daniel Hougaard
6dcab6646c Make it impossible to log in with the ghost user 2024-02-22 05:00:25 +01:00
Daniel Hougaard
8e13eb6077 Update project-service.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
819a9b8d27 Finish upgrade queue 2024-02-22 05:00:25 +01:00
Daniel Hougaard
ec3cf0208c Add transaction support 2024-02-22 05:00:25 +01:00
Daniel Hougaard
4aa5822ae2 Don't show ghost users 2024-02-22 05:00:25 +01:00
Daniel Hougaard
5364480ca2 Update models.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
4802a36473 Finished migration 2024-02-22 05:00:25 +01:00
Daniel Hougaard
8333250b0b Ghost user and migration finished! 2024-02-22 05:00:25 +01:00
Daniel Hougaard
0cfab8ab6b Update index.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
8fd99855bd Ghost 2024-02-22 05:00:25 +01:00
Daniel Hougaard
f2c36c58f9 Fix project seed (seeds old projects that can be upgraded) 2024-02-22 05:00:25 +01:00
Daniel Hougaard
f47fdfe386 Update licence-fns.ts 2024-02-22 05:00:25 +01:00
Daniel Hougaard
8a11eebab8 Typo 2024-02-22 05:00:14 +01:00
Daniel Hougaard
3b1fc4b156 More gohst user 2024-02-22 05:00:14 +01:00
Daniel Hougaard
84cab17f5c Ghost user WIP 2024-02-22 04:59:11 +01:00
Daniel Hougaard
db773864d5 Update project-router.ts 2024-02-22 04:59:11 +01:00
Daniel Hougaard
b9840ceba9 Add project role 2024-02-22 04:59:11 +01:00
Daniel Hougaard
729ec7866a Update bot-router.ts 2024-02-22 04:59:11 +01:00
Daniel Hougaard
a7140941ee Fixes 2024-02-22 04:59:11 +01:00
Daniel Hougaard
34d1bbc2ed Added SRP helpers to serverside 2024-02-22 04:59:11 +01:00
Daniel Hougaard
3ad0382cb0 Added DAL methods 2024-02-22 04:59:11 +01:00
Daniel Hougaard
ccc409e9cd Wired most of the frontend to support ghost users 2024-02-22 04:59:11 +01:00
Daniel Hougaard
fe21ba0e54 Ghost user! 2024-02-22 04:59:11 +01:00
Daniel Hougaard
80a802386c Helper functions for adding workspace members on serverside 2024-02-22 04:59:11 +01:00
Daniel Hougaard
aec0e86182 Crypto stuff 2024-02-22 04:59:11 +01:00
Daniel Hougaard
8e3cddc1ea TS erros 2024-02-22 04:59:11 +01:00
Daniel Hougaard
3612e5834c Ghost user migration 2024-02-22 04:59:11 +01:00
Daniel Hougaard
031a2416a9 Schemas (mostly linting) 2024-02-22 04:59:11 +01:00
BlackMagiq
2eb9592b1a Merge pull request #1424 from Infisical/scim
SCIM Provisioning
2024-02-21 17:10:30 -08:00
Tuan Dang
bbd9fa4a56 Correct SCIM Token TTL ms 2024-02-21 17:00:59 -08:00
Tuan Dang
318ad25c11 Merge remote-tracking branch 'origin' into scim 2024-02-21 12:46:37 -08:00
Tuan Dang
c372eb7d20 Update SCIM docs, disable user management in Infisical if SAML is enforced 2024-02-21 11:20:42 -08:00
Maidul Islam
68a99a0b32 Merge pull request #1414 from Infisical/snyk-upgrade-5f0df547c23dd0ff111f6ca3860ac3c2
[Snyk] Upgrade sharp from 0.32.6 to 0.33.2
2024-02-21 12:10:41 -05:00
Maidul Islam
7512231e20 Merge branch 'main' into snyk-upgrade-5f0df547c23dd0ff111f6ca3860ac3c2 2024-02-21 12:10:35 -05:00
Maidul Islam
f0e580d68b Merge pull request #1428 from Infisical/snyk-upgrade-19fed8b881f49aaf8794932ec4cd1934
[Snyk] Upgrade @aws-sdk/client-secrets-manager from 3.485.0 to 3.502.0
2024-02-21 12:09:59 -05:00
Maidul Islam
116015d3cf Merge pull request #1415 from Infisical/snyk-upgrade-f0a7e4b81df465ae80db9e59002f75cc
[Snyk] Upgrade posthog-js from 1.100.0 to 1.103.0
2024-02-21 12:09:39 -05:00
Maidul Islam
308ff50197 Merge branch 'main' into snyk-upgrade-f0a7e4b81df465ae80db9e59002f75cc 2024-02-21 12:06:28 -05:00
Maidul Islam
9df5cbbe85 Merge pull request #1416 from Infisical/snyk-upgrade-785ded2802fbc87ba8e754f66e326fb6
[Snyk] Upgrade cookies from 0.8.0 to 0.9.1
2024-02-21 12:03:38 -05:00
Maidul Islam
a714a64bc2 Merge branch 'main' into snyk-upgrade-785ded2802fbc87ba8e754f66e326fb6 2024-02-21 12:00:34 -05:00
Maidul Islam
ea18d99793 Merge pull request #1429 from akhilmhdh/fix/admin-fail-redirect
fix(admin): resolved undefined on redirect after admin signup
2024-02-21 11:54:40 -05:00
Akhil Mohan
7c098529f7 fix(admin): resolved undefined on redirect after admin signup 2024-02-21 14:09:28 +05:30
snyk-bot
e20c623e91 fix: upgrade @aws-sdk/client-secrets-manager from 3.485.0 to 3.502.0
Snyk has created this PR to upgrade @aws-sdk/client-secrets-manager from 3.485.0 to 3.502.0.

See this package in npm:
https://www.npmjs.com/package/@aws-sdk/client-secrets-manager

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-20 17:51:48 +00:00
Akhil Mohan
3260932741 fix: resovled be test failing as reusable job 2024-02-20 22:39:14 +05:30
Maidul Islam
f0e73474b7 add check out before integ tests run 2024-02-20 11:49:11 -05:00
Maidul Islam
7db829b0b5 Merge pull request #1408 from akhilmhdh/feat/integration-test-secret-ops
Integration test for secret ops
2024-02-20 11:40:26 -05:00
Maidul Islam
ccaa9fd96e add more test cases 2024-02-20 11:35:52 -05:00
Maidul Islam
b4db06c763 return empty string for decrypt fuction 2024-02-20 11:35:06 -05:00
Maidul Islam
3ebd2fdc6d Merge pull request #1426 from akhilmhdh/fix/identity-auth-identity-ops
feat: made identity crud with identity auth mode and api key for user me
2024-02-20 11:05:26 -05:00
Akhil Mohan
8d06a6c969 feat: made identity crud with identity auth mode and api key for user me 2024-02-20 21:08:34 +05:30
Akhil Mohan
2996efe9d5 feat: made secrets ops test to have both identity and jwt token based and test for identity 2024-02-20 20:58:10 +05:30
vmatsiiako
43879f6813 Update scanning-overview.mdx 2024-02-19 17:05:36 -08:00
Tuan Dang
72d4490ee7 Fix lint/type issues 2024-02-19 15:04:42 -08:00
Salman
6b92a5f4db Update delete key set to org name for github org integration 2024-02-20 04:28:59 +05:30
Tuan Dang
2336a7265b Merge remote-tracking branch 'origin' into scim 2024-02-19 14:41:46 -08:00
Maidul Islam
d428fd055b update test envs 2024-02-19 16:52:59 -05:00
Maidul Islam
e4b89371f0 add env slug to make expect more strict 2024-02-19 16:08:21 -05:00
Tuan Dang
6f9b30b46e Minor UX adjustments to SCIM 2024-02-19 12:25:25 -08:00
Maidul Islam
35d589a15f add more secret test cases 2024-02-19 15:04:49 -05:00
Maidul Islam
8d77f2d8f3 Merge pull request #1420 from Infisical/snyk-upgrade-5b2dd8f68969929536cb2ba586aae1b7
[Snyk] Upgrade aws-sdk from 2.1532.0 to 2.1545.0
2024-02-19 13:55:11 -05:00
Akhil Mohan
7070a69711 feat: made e2ee api test indepdent or stateless 2024-02-19 20:56:29 +05:30
Salman
81e961e8bc Update remove group field for github integration section 2024-02-19 17:47:23 +05:30
Salman
6a7a6ce942 Update github integrations docs based on diff scope 2024-02-19 11:39:08 +05:30
Tuan Dang
7a65f8c837 Complete preliminary SCIM fns, add permissioning to SCIM, add docs for SCIM 2024-02-18 18:50:23 -08:00
Akhil Mohan
678306b350 feat: some name changes for better understanding on testing 2024-02-18 22:51:10 +05:30
Akhil Mohan
8864c811fe feat: updated to reuse and run integration api test before release 2024-02-18 22:47:24 +05:30
snyk-bot
79206efcd0 fix: upgrade aws-sdk from 2.1532.0 to 2.1545.0
Snyk has created this PR to upgrade aws-sdk from 2.1532.0 to 2.1545.0.

See this package in npm:
https://www.npmjs.com/package/aws-sdk

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-18 06:17:23 +00:00
Vladyslav Matsiiako
b1d049c677 added ability to hide environments in the overview screen 2024-02-17 21:49:17 -08:00
Vladyslav Matsiiako
9012012503 added basic heroku pipeline integration 2024-02-17 21:04:26 -08:00
Maidul Islam
06d30fc10f Merge pull request #1417 from Infisical/snyk-upgrade-7fe9aedc3b5777266707225885372828
[Snyk] Upgrade zustand from 4.4.7 to 4.5.0
2024-02-17 16:56:29 -05:00
Maidul Islam
abd28d9269 remove comment 2024-02-17 12:14:37 -05:00
Maidul Islam
c6c64b5499 trigger workflow 2024-02-17 12:12:12 -05:00
Maidul Islam
5481b84a94 patch package json 2024-02-17 16:34:27 +00:00
Maidul Islam
ab878e00c9 Merge pull request #1418 from akhilmhdh/fix/import-sec-500
fix: resolved secret import secrets failing when folder has empty secrets
2024-02-17 11:11:58 -05:00
Akhil Mohan
6773996d40 fix: resolved secret import secrets failing when folder has empty secrets 2024-02-17 20:45:01 +05:30
Vladyslav Matsiiako
a8678c14e8 updated heroku integration style 2024-02-16 22:58:56 -08:00
snyk-bot
2e20b38bce fix: upgrade zustand from 4.4.7 to 4.5.0
Snyk has created this PR to upgrade zustand from 4.4.7 to 4.5.0.

See this package in npm:
https://www.npmjs.com/package/zustand

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-17 04:00:15 +00:00
snyk-bot
bccbedfc31 fix: upgrade cookies from 0.8.0 to 0.9.1
Snyk has created this PR to upgrade cookies from 0.8.0 to 0.9.1.

See this package in npm:
https://www.npmjs.com/package/cookies

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-17 04:00:12 +00:00
snyk-bot
0ab811194d fix: upgrade posthog-js from 1.100.0 to 1.103.0
Snyk has created this PR to upgrade posthog-js from 1.100.0 to 1.103.0.

See this package in npm:
https://www.npmjs.com/package/posthog-js

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-17 04:00:08 +00:00
snyk-bot
7b54109168 fix: upgrade sharp from 0.32.6 to 0.33.2
Snyk has created this PR to upgrade sharp from 0.32.6 to 0.33.2.

See this package in npm:
https://www.npmjs.com/package/sharp

See this project in Snyk:
https://app.snyk.io/org/maidul98/project/53d4ecb6-6cc1-4918-aa73-bf9cae4ffd13?utm_source=github&utm_medium=referral&page=upgrade-pr
2024-02-17 04:00:04 +00:00
Maidul Islam
2d088a865f Merge pull request #1412 from ruflair/patch-1
Update docker.mdx
2024-02-16 13:17:28 -05:00
Lukas Ruflair
0a8ec6b9da Update docker.mdx
Fix typo in docker.mdx
2024-02-16 10:13:29 -08:00
Maidul Islam
01b29c3917 Merge pull request #1336 from Infisical/snyk-fix-71fbba54e9eda81c90db390106760c64
[Snyk] Fix for 4 vulnerabilities
2024-02-16 12:15:16 -05:00
Maidul Islam
5439ddeadf Merge branch 'main' into snyk-fix-71fbba54e9eda81c90db390106760c64 2024-02-16 12:12:48 -05:00
Maidul Islam
9d17d5277b Merge pull request #1403 from Infisical/daniel/improve-reminders
(Fix): Improve reminders
2024-02-16 12:00:09 -05:00
Maidul Islam
c70fc7826a Merge pull request #1361 from Infisical/snyk-fix-4a9e6187125617ed814113514828d4f5
[Snyk] Security upgrade nodemailer from 6.9.7 to 6.9.9
2024-02-16 11:59:43 -05:00
Maidul Islam
9ed2bb38c3 Merge branch 'main' into snyk-fix-4a9e6187125617ed814113514828d4f5 2024-02-16 11:59:31 -05:00
Maidul Islam
f458cf0d40 Merge pull request #1123 from jinsley8/fix-webhook-settings-ui
fix(frontend): Remove max-width to match other views
2024-02-16 11:40:25 -05:00
Maidul Islam
ce3dc86f78 add troubleshoot for ansible 2024-02-16 10:37:34 -05:00
Maidul Islam
d1927cb9cf Merge pull request #1299 from ORCID/docs/ansible-workaround
docs: cover ansible forking error
2024-02-16 10:36:37 -05:00
Maidul Islam
e80426f72e update signup complete route 2024-02-16 09:15:52 -05:00
Akhil Mohan
97d2a15d3e feat: updated admin dashboard to use zod and ts enum 2024-02-16 13:41:18 +05:30
Salman
1695412278 Update integration-sync-secret for org and env 2024-02-16 04:46:41 +05:30
Salman
b4fa07334d Update use repo id to avoid ambiguous repo name 2024-02-16 02:53:39 +05:30
Salman
29c244c635 Update repo name display owner/repo instead just the repo 2024-02-16 02:13:16 +05:30
Maidul Islam
f8a8ea2118 update interval text 2024-02-15 14:50:42 -05:00
Salman
b80a5989a8 Fix reset env on repo change 2024-02-16 00:58:10 +05:30
Maidul Islam
f5cd68168b Merge pull request #1409 from Infisical/docker-compose-selfhost-docs
Docker compose docs with postgres
2024-02-15 12:58:06 -05:00
Maidul Islam
1a0a9a7402 docker compose docs with postgres 2024-02-15 12:54:22 -05:00
Daniel Hougaard
b74ce14d80 Update SecretItem.tsx 2024-02-15 18:52:25 +01:00
Akhil Mohan
afdc5e8531 Merge pull request #1406 from abdulhakkeempa/bug-fix-model-close-on-cancel
(Fix): Create API Modal closes on Cancel button
2024-02-15 22:39:21 +05:30
Akhil Mohan
b84579b866 feat(e2e): changed to root .env.test and added .env.test.example 2024-02-15 21:06:18 +05:30
Akhil Mohan
4f3cf046fa feat(e2e): fixed post clean up error on gh be integration action 2024-02-15 20:43:40 +05:30
Akhil Mohan
c71af00146 feat(e2e): added enc key on gh action for be test file 2024-02-15 20:38:44 +05:30
Akhil Mohan
793440feb6 feat(e2e): made rebased changes 2024-02-15 20:30:12 +05:30
Akhil Mohan
b24d748462 feat(e2e): added gh action for execution of integration tests on PR and release 2024-02-15 20:25:39 +05:30
Akhil Mohan
4c49119ac5 feat(e2e): added identity token secret access integration tests 2024-02-15 20:25:39 +05:30
Akhil Mohan
90f09c7a78 feat(e2e): added service token integration tests 2024-02-15 20:25:39 +05:30
Akhil Mohan
00876f788c feat(e2e): added secrets integration tests 2024-02-15 20:25:39 +05:30
Akhil Mohan
f09c48d79b feat(e2e): fixed seed file issue and added more seeding 2024-02-15 20:25:39 +05:30
Salman
dc696f8932 Update integration section for github repo, org and env 2024-02-15 15:59:18 +05:30
abdulhakkeempa
57daeb71e6 Merge remote-tracking branch 'origin/main' into bug-fix-model-close-on-cancel 2024-02-15 10:47:50 +05:30
abdulhakkeempa
98b5f713a5 Fix: Cancel button working on Create API in Personal Settings 2024-02-15 10:09:45 +05:30
Salman
c8f0796952 Update github integrations ui for organization and environment 2024-02-15 09:41:57 +05:30
Daniel Hougaard
120d7e42bf Added secret reminder updating, and viewing existing values 2024-02-15 01:14:19 +01:00
Daniel Hougaard
c2bd259c12 Added secret reminders to sidebar (and formatting) 2024-02-15 01:14:05 +01:00
Daniel Hougaard
242d770098 Improved UX when trying to find reminder value 2024-02-15 01:12:48 +01:00
Maidul Islam
1855fc769d Update check-api-for-breaking-changes.yml 2024-02-14 15:42:45 -05:00
Maidul Islam
217fef65e8 update breaking change workflow to dev.yml 2024-02-14 15:37:21 -05:00
Tuan Dang
e15ed4cc58 Merge remote-tracking branch 'origin' into scim 2024-02-14 12:30:38 -08:00
Maidul Islam
8a0fd62785 update docker compose name 2024-02-14 15:19:47 -05:00
BlackMagiq
c69601c14e Merge pull request #1402 from Infisical/identity-access-token-ttl
Patch identity access token + client secret TTL
2024-02-14 12:19:45 -08:00
Tuan Dang
faf6323a58 Patch identity ttl conversion 2024-02-14 12:09:56 -08:00
Salman
9282dd08d9 Merge remote-tracking branch 'origin/main' into feat-github-integration 2024-02-15 00:00:05 +05:30
Salman
a1cc118514 Merge remote-tracking branch 'origin/main' into feat-admin-signup 2024-02-14 23:46:25 +05:30
Tuan Dang
c73ee49425 Pass Okta SCIM 2.0 SPEC Test 2024-02-14 09:22:23 -08:00
Salman
ee69bccb6e Update disabled sign up routes 2024-02-14 14:18:44 +05:30
Salman
0ff3ddb0c8 Update generate schema run 2024-02-14 07:52:46 +05:30
Maidul Islam
b82d1b6a5d update docker compose on readme 2024-02-13 19:50:58 -05:00
Maidul Islam
3dcda44c50 Merge pull request #1385 from akhilmhdh/feat/init-container
feat: changed docker compose to use init container pattern for running migration
2024-02-13 19:46:39 -05:00
Maidul Islam
f320b08ca8 rename docker compose and bring back make up-dev 2024-02-13 19:44:42 -05:00
Maidul Islam
df6e5674cf patch breaking change ci 2024-02-13 19:10:28 -05:00
Maidul Islam
6bac143a8e test without pg connection 2024-02-13 19:06:47 -05:00
Maidul Islam
38b93e499f logs on health check 2024-02-13 18:58:13 -05:00
Maidul Islam
a521538010 show all logs 2024-02-13 18:47:12 -05:00
Maidul Islam
8cc2553452 test workflow no db connection 2024-02-13 18:43:43 -05:00
Maidul Islam
b1cb9de001 correct -d mode 2024-02-13 18:39:28 -05:00
Maidul Islam
036256b350 add back -d mode 2024-02-13 18:37:04 -05:00
Maidul Islam
d3a06b82e6 update health check 2024-02-13 18:34:15 -05:00
Maidul Islam
87436cfb57 Update check-api-for-breaking-changes.yml 2024-02-13 18:04:49 -05:00
Salman
df459d456a Update github form ui add scope and init org api 2024-02-14 04:21:50 +05:30
Vladyslav Matsiiako
5c58a4d1a3 added signup event and restyled admin flow 2024-02-13 13:15:54 -08:00
Maidul Islam
03a91b2c59 Merge pull request #1387 from akhilmhdh/chore/doc-openapi
chore: changed mintlify to directly get from prod openapi
2024-02-13 00:42:47 -05:00
Maidul Islam
751361bd54 add new propety to api 2024-02-13 00:38:59 -05:00
Maidul Islam
b4b88daf36 Revert "test breaking change"
This reverts commit 6546740bd9.
2024-02-13 00:37:49 -05:00
Maidul Islam
6546740bd9 test breaking change 2024-02-13 00:34:31 -05:00
Maidul Islam
b32558c66f add . 2024-02-13 00:29:49 -05:00
Maidul Islam
effd30857e fix typo 2024-02-12 22:45:35 -05:00
Maidul Islam
60998c8944 Merge pull request #1369 from akhilmhdh/chore/feature-x-guide
feat: added guides for new backend development
2024-02-12 22:35:16 -05:00
Maidul Islam
3c4d9fd4a9 delete docs in backend 2024-02-12 22:34:36 -05:00
Maidul Islam
ad70c783e8 add backend guide to contributor 2024-02-12 22:33:55 -05:00
Maidul Islam
7347362738 rephrase new feature development guide 2024-02-12 21:49:15 -05:00
Salman
c8cfb43316 Update github integration refactored to react-hook-form 2024-02-13 05:42:29 +05:30
vmatsiiako
4b7f2e808b Update overview.mdx 2024-02-12 15:06:56 -08:00
Maidul Islam
57f9d13189 Merge pull request #1397 from Infisical/infisical-jenkins
Rewrite Infisical Jenkins docs
2024-02-12 18:02:11 -05:00
Maidul Islam
bd2e8ac922 rewrite jenkins docs 2024-02-12 18:01:20 -05:00
Tuan Dang
79694750af Remove signup disable check for SAML 2024-02-12 11:43:55 -08:00
BlackMagiq
03db367a4e Merge pull request #1396 from Infisical/azure-saml
Add disableRequestedAuthnContext for azure saml
2024-02-12 10:40:19 -08:00
Tuan Dang
b0fb848a92 Add disableRequestedAuthnContext for azure saml 2024-02-12 10:35:38 -08:00
Tuan Dang
3a7b697549 Make progress on SCIM 2024-02-12 09:18:33 -08:00
Akhil Mohan
4fdfcd50dc feat: changed check-api-breaking with oasdiff 2024-02-12 22:32:02 +05:30
Akhil Mohan
db205b855a feat: removed mongo comments from compose file 2024-02-12 14:52:19 +05:30
Akhil Mohan
e707f0d235 feat: added description and security over api written in docs 2024-02-12 14:19:49 +05:30
Maidul Islam
27f4225c44 Merge pull request #1391 from Infisical/ecs-docs
ECS docs with agent
2024-02-11 19:17:01 -05:00
Maidul Islam
28a9d8e739 complete ecs dcs 2024-02-11 19:14:14 -05:00
Salman
0fb87ab05f Update move to react hook form, rename allowedSignUpDomain 2024-02-12 04:09:46 +05:30
Salman
2ef8781378 Update support multiple domain and error handling 2024-02-11 10:55:36 +05:30
Salman
3f96f0a8fb Fix dropdown not working on page transition 2024-02-11 00:40:17 +05:30
Salman
da377f6fda Update error handling and refactor 2024-02-10 23:00:16 +05:30
Salman
5cf1ec2400 Add restrict signup based on domain 2024-02-10 10:44:39 +05:30
Maidul Islam
a1321e4749 aws ecs with agent docs 2024-02-09 22:31:29 -05:00
Salman
6c1489a87b Add admin invite only signup field 2024-02-10 03:26:56 +05:30
BlackMagiq
d4db01bbde Merge pull request #1388 from Infisical/azure-ad
Correct spInitiated spelling in Azure SAML
2024-02-09 12:31:41 -08:00
Tuan Dang
39634b8aae Correct spInitiated spelling in Azure SAML 2024-02-09 12:17:29 -08:00
Tuan Dang
4815ff13ee Update SAML SSO docs to include enforce SAML SSO toggle 2024-02-09 10:36:23 -08:00
Maidul Islam
fb503756d9 Merge pull request #1372 from Infisical/org-based-auth
Org-Level Auth Enforcement for SAML Orgs and Enhancements for SAML SSO
2024-02-09 13:15:08 -05:00
Tuan Dang
069b0cd6fb Fix lint issue, add backend permission check for SAML SSO enforcement toggle 2024-02-09 10:02:12 -08:00
Tuan Dang
ed23bd40d2 Redirect to SAML portal upon enforcing SAML SSO 2024-02-09 09:50:20 -08:00
Tuan Dang
82181f078a Patch login with SAML when config is inactive 2024-02-09 09:35:51 -08:00
Akhil Mohan
48a97fb39d chore: changed mintlify to directly get from prod openapi 2024-02-09 22:53:27 +05:30
Maidul Islam
eeaee4409c revert swap 2024-02-09 12:08:11 -05:00
Tuan Dang
a9a5e92358 Empty 2024-02-09 09:02:22 -08:00
Maidul Islam
8d457bb0bf swap src des 2024-02-09 12:01:21 -05:00
Tuan Dang
5878a221f8 Run lint fix 2024-02-09 08:44:30 -08:00
Tuan Dang
fdbf59cd78 Redirect users to SAML portal on change org to SAML org 2024-02-09 08:31:19 -08:00
Akhil Mohan
d8ea26feb7 feat: changed docker compose to use init container pattern for migration 2024-02-09 13:12:25 +05:30
Tuan Dang
2cc2a91812 Change update slug fallback to undefined 2024-02-08 17:47:58 -08:00
Maidul Islam
92828b5295 add slug index 2024-02-08 20:47:33 -05:00
Maidul Islam
50c0fae557 continue ecs docs 2024-02-08 20:29:38 -05:00
Tuan Dang
4e2f2281f9 Update orgScope to orgId naming for org-level auth ref, rewire user invite saml block to org authEnforce field 2024-02-08 17:29:21 -08:00
Tuan Dang
d5064fe75a Start SCIM functionality 2024-02-08 15:54:20 -08:00
Akhil Mohan
70e083bae0 feat: open api-diff added detach mode 2024-02-08 22:20:01 +05:30
Akhil Mohan
6a943e275a Updated open-api diff gh action host docker ip 2024-02-08 22:05:35 +05:30
Maidul Islam
526dc6141b remove -d mode on docker compose 2024-02-08 11:04:26 -05:00
Maidul Islam
dcab9dcdda update docker compose up 2024-02-08 10:50:25 -05:00
Maidul Islam
1b0591def8 fix gha breaking change 2024-02-07 16:17:12 -05:00
Maidul Islam
4b4305bddc Merge pull request #1375 from akhilmhdh/feat/api-diff
feat: github workflow for api diff check, ts check and lint check on PR
2024-02-07 15:26:04 -05:00
Tuan Dang
22d89d791c Patch new org creation condition on SAML account signup, enable users to toggle auth methods regardless of what org they are in 2024-02-07 12:13:09 -08:00
Maidul Islam
fcaff76afa rename git hub action 2024-02-07 14:34:02 -05:00
Maidul Islam
ae9eb20189 set license server url default 2024-02-07 13:51:55 -05:00
Maidul Islam
3905d16a7c fix license server axios typo 2024-02-07 13:48:09 -05:00
Maidul Islam
ecafdb0d01 patch check for version 2024-02-07 13:11:53 -05:00
Tuan Dang
3f8ce42682 Merge remote-tracking branch 'origin' into org-based-auth 2024-02-07 09:49:13 -08:00
Tuan Dang
3ecfb3f9d2 Show usage and billing tab on cloud only 2024-02-07 09:45:42 -08:00
Tuan Dang
9011394c34 Add validation to org slug 2024-02-07 09:39:06 -08:00
Akhil Mohan
c0096ca64c Merge pull request #1378 from Infisical/patch-service-token-fetch
patch get secret by name
2024-02-07 23:00:20 +05:30
Maidul Islam
8bc952388c add log 2024-02-07 12:23:48 -05:00
Maidul Islam
eef29cd2d4 patch get secret by name 2024-02-07 12:11:58 -05:00
Akhil Mohan
6ef873f3a0 Merge pull request #1377 from Infisical/allow-name-initial-org
add initial org rename
2024-02-07 20:51:30 +05:30
Maidul Islam
fe99c12c0d add initial org rename 2024-02-07 10:18:41 -05:00
Akhil Mohan
8313245ae1 feat: github workflow for api diff check, ts check and lint check on PR 2024-02-07 15:13:08 +05:30
Akhil Mohan
332b0e2cc3 Merge pull request #1374 from Infisical/admin-ui-fix
fix admin dashboard styling
2024-02-07 12:18:09 +05:30
Vladyslav Matsiiako
8bc9a5fed6 fix admin dashboard styling 2024-02-06 22:45:58 -08:00
Maidul Islam
55e75bbbef Merge pull request #1373 from akhilmhdh/feat/patch-server-cfg-init
feat: fixed server cfg stale in replication
2024-02-07 01:09:42 -05:00
Akhil Mohan
61ff732ec0 feat: fixed server cfg stale in replication 2024-02-07 11:36:13 +05:30
Maidul Islam
609b224ca9 patch init sign up 2024-02-07 00:33:39 -05:00
Maidul Islam
c23e16105b debug: remove object freeze 2024-02-06 21:08:52 -05:00
Maidul Islam
c10f4ece51 test 2024-02-06 21:08:52 -05:00
Tuan Dang
fc7015de83 Add lockout-preventative step in saml config setup, add update org slug section in org settings, revise navigate to org flow to account for org-level auth enforced orgs 2024-02-06 15:51:24 -08:00
vmatsiiako
bcdb1b11bc Update role-based-access-controls.mdx 2024-02-06 13:36:08 -08:00
vmatsiiako
01d850f7e8 Update role-based-access-controls.mdx 2024-02-06 13:35:39 -08:00
Maidul Islam
2d1b60a520 Merge pull request #1362 from akhilmhdh/fix/tsup-cp-template
feat: enabled tsup code splitting and esm directory import, removed manual copy of files
2024-02-06 12:22:59 -05:00
Maidul Islam
8de2302d98 update comment 2024-02-06 12:22:04 -05:00
Maidul Islam
0529b50ad7 Merge pull request #1371 from akhilmhdh/fix/sort-order-ws-env
fix: resolved sort order for environment going unpredictable
2024-02-06 11:41:57 -05:00
Akhil Mohan
c74fe0ca73 fix: resolved sort order for environment going unpredictable 2024-02-06 16:40:31 +05:30
vmatsiiako
d5f8526a84 Update README.md 2024-02-05 17:31:44 -08:00
Tuan Dang
c1aa5c840c Add org-scoped auth to project-level endpoints 2024-02-05 14:48:02 -08:00
Maidul Islam
782ae7a41d Update values.yaml 2024-02-05 13:41:02 -05:00
Maidul Islam
d355956daf Merge pull request #1365 from Infisical/pg-ssl
Add Knex SSL configuration support
2024-02-05 12:36:49 -05:00
Akhil Mohan
dc146d0883 feat: fixed spelling errors 2024-02-05 22:28:40 +05:30
Akhil Mohan
24dd79b566 feat: added guides for new backend development 2024-02-05 16:31:03 +05:30
Tuan Dang
410476ecb5 Merge remote-tracking branch 'origin' into org-based-auth 2024-02-04 15:03:43 -08:00
Tuan Dang
f1c41be7d4 Resolve merge conflicts 2024-02-04 15:02:43 -08:00
Tuan Dang
f138973ac7 Add org-scoped auth to org-level endpoints, add migration file for org enableAuth field 2024-02-04 14:44:08 -08:00
Maidul Islam
5b9c0438a2 Merge pull request #1367 from Infisical/fix-ph-events
remove certain python sdk events
2024-02-04 16:24:38 -05:00
Maidul Islam
11399d73dc fix eslint errors 2024-02-04 16:24:01 -05:00
Grraahaam
541fa10964 doc: HISTIGNORE recommendation 2024-02-04 21:18:10 +01:00
Vladyslav Matsiiako
38ed39c2f8 remove certain python sdk events 2024-02-04 09:37:56 -08:00
Tuan Dang
4e3827780f Merge remote-tracking branch 'origin' into pg-ssl 2024-02-03 15:16:47 -08:00
Tuan Dang
644cdf5a67 Add knex SSL configuration support 2024-02-03 15:16:43 -08:00
Maidul Islam
0d6ea0d69e Update values.yaml 2024-02-03 14:37:24 -05:00
Maidul Islam
237979a1c6 Merge pull request #1364 from Infisical/fix-ph-events
fix posthog events
2024-02-03 14:26:34 -05:00
Maidul Islam
4a566cf83f remove existent authData 2024-02-03 14:24:28 -05:00
Vladyslav Matsiiako
654b8ab5ca fix posthog events 2024-02-03 11:09:49 -08:00
Maidul Islam
ac0780266b remove await and add void 2024-02-03 12:53:42 -05:00
Maidul Islam
7a253ddcc7 update sort from createdAt to id 2024-02-02 12:43:43 -05:00
Maidul Islam
b65677a708 Merge pull request #1363 from akhilmhdh/feat/audit-log-desc
feat: enabled order by desc for audit log and added sort for couple of get queries
2024-02-02 12:07:57 -05:00
Maidul Islam
c1eb97ee53 revert port change 2024-02-02 11:51:27 -05:00
Akhil Mohan
937e48dbc5 feat: enabled order by desc for audit log and added sort for couple of get queries 2024-02-02 20:56:42 +05:30
Akhil Mohan
b3d4787e21 feat: enabled tsup code splitting and esm directory import, removed manual copy of files 2024-02-02 16:22:08 +05:30
Maidul Islam
72d46efba5 sort get secrets response for etags 2024-02-02 01:25:19 -05:00
Maidul Islam
b6eb08167f Update values.yaml 2024-02-01 22:45:54 -05:00
Maidul Islam
582472e4cc Update gamma values.yaml 2024-02-01 22:34:09 -05:00
Maidul Islam
3b3b76548b add etag 2024-02-01 20:49:07 -05:00
Maidul Islam
f8416ad891 add redis commander for local dev 2024-02-01 15:45:38 -05:00
snyk-bot
00650df501 fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-6219989
2024-02-01 20:01:54 +00:00
Akhil Mohan
31e49672d5 Merge pull request #1359 from Infisical/daniel/fix-list-workspaces-id
(Fix): Add ID to list workspaces endpoint
2024-02-01 13:21:06 +05:30
Daniel Hougaard
9248bdf463 Update organization-router.ts 2024-02-01 11:47:33 +04:00
Maidul Islam
87c061ae9b Merge pull request #1357 from Infisical/danie/fix-list-workspaces
(Fix): List workspaces organization ID
2024-02-01 01:21:11 -05:00
Daniel Hougaard
e9fa631c8f Update project-dal.ts 2024-02-01 10:14:17 +04:00
Maidul Islam
44f087991c ECS documentation 2024-01-31 23:53:41 -05:00
vmatsiiako
cff15b64c4 Merge pull request #1355 from Grraahaam/doc/pr-template-broken-links
fix: update broken contribution links
2024-01-31 18:58:24 -08:00
vmatsiiako
136f5a6052 Merge pull request #1318 from rpmccarter/main
remove deprecated basePath setting
2024-01-31 18:56:11 -08:00
Maidul Islam
59f662f8a8 remove write to file for now 2024-01-31 14:08:52 -05:00
Maidul Islam
b68b3840d4 Merge pull request #1349 from Salman2301/feat-cp-proj-id
feat: add copy project id button
2024-01-31 13:54:58 -05:00
Maidul Islam
06dd55888e fix spelling and update logs path 2024-01-31 13:49:25 -05:00
Maidul Islam
7711994018 Merge pull request #1356 from akhilmhdh/feat/audit-log-and-log
feat: added audit log prune, resolved env update and pino file transport
2024-01-31 13:11:35 -05:00
Maidul Islam
cb27cfdd84 update log format to make it easier to query for in cloud watch 2024-01-31 13:02:09 -05:00
Akhil Mohan
4b3e4f6a1e feat: removed custom repeat strat to utc based cron 2024-01-31 22:51:04 +05:30
Akhil Mohan
560f8d4a9b feat: added audit log prune, resolved env update and pino file transport on prod 2024-01-31 22:07:49 +05:30
Grraahaam
7e8f9ec9e4 fix: update broken contribution links 2024-01-30 23:19:21 +01:00
Maidul Islam
7bf1f4708a Merge pull request #1353 from akhilmhdh/feat/new-backend-lint
feat: fixed eslint and resolved all eslint issues
2024-01-30 13:57:52 -05:00
Akhil Mohan
bcbb49ed1b feat: changed line length to 120 2024-01-30 22:40:10 +05:30
Akhil Mohan
5855cc660a feat: fixed eslint and resolved all eslint issues 2024-01-30 22:30:42 +05:30
Akhil Mohan
7c4dd5000f Merge pull request #1354 from Infisical/daniel/readd-workspaces-endpoint
(Feat): Re-add missing V2 workspaces endpoint
2024-01-30 21:26:33 +05:30
Maidul Islam
c9ca59dedf patch rippling sso 2024-01-30 10:17:53 -05:00
Daniel Hougaard
d12f775202 Update project-dal.ts 2024-01-30 18:31:22 +04:00
Daniel Hougaard
5a4ed1dbe6 Update project-dal.ts 2024-01-30 18:31:05 +04:00
Daniel Hougaard
cae0c9afdb findAllWorkspaces operation 2024-01-30 18:17:52 +04:00
BlackMagiq
102af389e3 Merge pull request #1352 from Infisical/license-server-conn
Add customer portal redirect and patch free trial endpoint
2024-01-30 21:17:05 +07:00
Tuan Dang
a2ef7482ea Correct startOrgTrial spelling 2024-01-30 21:14:22 +07:00
Daniel Hougaard
e38dd9e275 Find projects by identity 2024-01-30 18:13:20 +04:00
Daniel Hougaard
b73987d2c2 DTO 2024-01-30 18:12:37 +04:00
Daniel Hougaard
f180b5ed6a Route 2024-01-30 18:11:32 +04:00
Daniel Hougaard
2feca7ef2e Add project DAL 2024-01-30 18:11:21 +04:00
Tuan Dang
40768631e0 PAdd customer portal redirect, patch free trial endpoint 2024-01-30 17:46:52 +07:00
Maidul Islam
3cbda8e785 delete mongo backend folder 2024-01-29 21:55:31 -05:00
Maidul Islam
aa1e17dae5 update staging cluster name 2024-01-29 21:44:29 -05:00
Maidul Islam
90a2ca7cc8 staging deploy patch 2024-01-29 21:29:58 -05:00
Maidul Islam
cd83141617 update gamma deploy workflow 2024-01-29 21:16:01 -05:00
Maidul Islam
e231b74616 Update values.yaml 2024-01-29 21:03:09 -05:00
Maidul Islam
d18cf10fc4 Update values.yaml 2024-01-29 21:02:19 -05:00
Salman
6fe3a8bd67 fix: postgresql migration from _id to id 2024-01-30 04:09:05 +05:30
Maidul Islam
6de3059724 delete & rename git workflows 2024-01-29 16:41:20 -05:00
Salman
6c6fae3793 feat: add copy project id 2024-01-30 02:04:16 +05:30
Akhil Mohan
e6a7c5cb6c Merge pull request #1346 from akhilmhdh/fix/multi-line-fixed
fix: resolved encoding issue in multi line input
2024-01-29 18:41:55 +05:30
Maidul Islam
af4ac90617 Merge pull request #1347 from Infisical/daniel/even-more-pg-endpoint-fixes
(Fix): More Old Python SDK fixes
2024-01-29 07:58:19 -05:00
Daniel Hougaard
e78b14c6ec Update service-token-router.ts 2024-01-29 16:55:37 +04:00
Daniel Hougaard
8ade2f3758 Some more fixes for python structure 2024-01-29 16:55:36 +04:00
Akhil Mohan
571e3c4961 fix: resolved encoding issue in multi line input 2024-01-29 18:22:09 +05:30
Maidul Islam
5aeb8f6b03 Merge pull request #1345 from Infisical/daniel/more-pg-endpoint-fixes
(Fix): Old Python SDK versions
2024-01-29 07:10:29 -05:00
Daniel Hougaard
3702d411ca Added formatting 2024-01-29 16:05:18 +04:00
Daniel Hougaard
3eba4815c8 Add __v and __id 2024-01-29 16:04:52 +04:00
Maidul Islam
9563c09951 Merge pull request #1343 from Infisical/daniel/pg-endpoint-fixes
(Postgres Fix): Secret endpoints return data
2024-01-29 06:23:55 -05:00
Daniel Hougaard
62eacc712d Update service-token-service.ts 2024-01-29 15:21:53 +04:00
Daniel Hougaard
0d9ec7cd76 Update service-token-router.ts 2024-01-29 15:19:45 +04:00
Daniel Hougaard
36a4bf73a6 Types 2024-01-29 15:10:55 +04:00
Daniel Hougaard
fc8bd0470f Update service-token-service.ts 2024-01-29 14:40:51 +04:00
Daniel Hougaard
d5165e5086 Update secret-router.ts 2024-01-29 14:40:51 +04:00
Daniel Hougaard
f335101369 Add user 2024-01-29 14:40:51 +04:00
Daniel Hougaard
fbfe797547 Update sanitizedSchemas.ts 2024-01-29 14:40:51 +04:00
Daniel Hougaard
abd3652910 Add user DAL 2024-01-29 14:40:51 +04:00
Daniel Hougaard
2a3f136b68 Schemas 2024-01-29 14:40:51 +04:00
Maidul Islam
5239836e0f set source map to inline 2024-01-29 05:28:14 -05:00
Tuan Dang
d62e1c3703 Bump Cloudflare IP priority 2024-01-29 16:51:38 +07:00
BlackMagiq
9bba9ee9b1 Merge pull request #1342 from Infisical/patch-integration-path-sync
Remove async from isSamePath check in integration sync
2024-01-29 16:42:25 +07:00
Tuan Dang
74ac75b878 Remove async from isSamePath check in integration sync 2024-01-29 16:37:31 +07:00
Maidul Islam
8478fea52a Merge pull request #1341 from akhilmhdh/feat/add-cloudwatch
feat: added cloudwatch support and removed parsed secret blindindex
2024-01-29 04:25:42 -05:00
Akhil Mohan
703ff2c12b feat: added cloudwatch support and removed parsed secret blindindex nullable 2024-01-29 14:52:20 +05:30
BlackMagiq
6b4aee2a44 Merge pull request #1340 from Infisical/vercel-issue
Patch Vercel integration for team accounts
2024-01-29 09:25:18 +07:00
Tuan Dang
5593464287 Patch Vercel integration missing teamId not being passed in from frontend 2024-01-29 09:20:39 +07:00
Maidul Islam
7d556cb09b Merge pull request #1308 from Tchoupinax/patch-1
Update the path where managing service tokens
2024-01-28 17:00:33 -05:00
Maidul Islam
dcb6f5891f add license service timeout 2024-01-28 15:32:37 -05:00
Maidul Islam
1254215b51 Merge pull request #1338 from akhilmhdh/feat/blind-index-fix
feat: changed blind index banner for everyone
2024-01-28 14:37:31 -05:00
Maidul Islam
a6ead9396c nit: small patch to request error status 2024-01-28 14:36:57 -05:00
Maidul Islam
d33ef9e4e1 jump cloud patch 2024-01-28 13:53:24 -05:00
Akhil Mohan
4e20735f98 feat: resolved trailing slash in secret paths 2024-01-29 00:21:42 +05:30
Akhil Mohan
f010a3a932 feat: changed blind index banner for everyone 2024-01-28 23:16:04 +05:30
Maidul Islam
bbf2634e73 prepend sso with site url 2024-01-27 20:20:02 -05:00
Maidul Islam
1980f802fa update rate limits 2024-01-27 19:05:17 -05:00
Maidul Islam
6ecd289e6c update rate limits 2024-01-27 18:38:57 -05:00
Maidul Islam
b8a6f5dc54 add email templates and disposable_emails.text to build 2024-01-27 18:15:12 -05:00
Maidul Islam
dedbc4fd60 remove unused imports 2024-01-27 17:11:40 -05:00
Maidul Islam
d14099990f remove notice 2024-01-27 17:04:53 -05:00
Maidul Islam
3f5ab2a09e remove console.log 2024-01-27 17:04:02 -05:00
Maidul Islam
a191f437e9 patch blind index route 2024-01-27 17:03:16 -05:00
Maidul Islam
1a375ec45b patch import * 2024-01-27 12:35:53 -05:00
Maidul Islam
81f3a6a7a8 add loca host to docker prod 2024-01-27 12:27:15 -05:00
Maidul Islam
dc8b64708a add debug logs 2024-01-27 11:20:17 -05:00
Maidul Islam
dd3790c995 patch git workflow 2024-01-27 10:31:30 -05:00
Maidul Islam
a91b6ebc03 new workflow for releasing standalone 2024-01-27 10:28:49 -05:00
snyk-bot
6ff5fb69d4 fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-6124857
- https://snyk.io/vuln/SNYK-JS-AXIOS-6144788
- https://snyk.io/vuln/SNYK-JS-FASTIFYSWAGGERUI-6157561
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
2024-01-27 15:06:50 +00:00
Maidul Islam
e68d1d06a8 Merge pull request #1334 from akhilmhdh/feat/patch-pg-v2
feat: changed backend-pg to backend
2024-01-27 10:06:34 -05:00
Akhil Mohan
8f754d659a feat: resolved tiny bug secret blind indexing 2024-01-27 20:23:19 +05:30
Maidul Islam
bef28fea2d Update release-standalone-docker-img.yml 2024-01-27 09:42:20 -05:00
Maidul Islam
28f15de8df Update build-docker-image-to-prod.yml 2024-01-27 09:40:59 -05:00
Akhil Mohan
66d258f02b feat: changed backend-pg to backend 2024-01-27 19:14:33 +05:30
Maidul Islam
d13eafcef7 Merge pull request #1332 from akhilmhdh/feat/infisical-pg
Hello world from PG
2024-01-27 02:26:05 -05:00
Maidul Islam
6db47499de add index for blind index 2024-01-27 12:40:37 +05:30
Maidul Islam
1cefb036e0 ignore dup user and make email unique 2024-01-27 12:40:37 +05:30
Maidul Islam
af77ad8b2f update rate limits 2024-01-27 12:40:37 +05:30
Maidul Islam
dd0f9f5216 patch secret apporval request secrets 2024-01-27 12:40:37 +05:30
Maidul Islam
29df6f067e remove unnecessary concole 2024-01-27 12:40:37 +05:30
Maidul Islam
4dc9a3692e add mongo to docker compose 2024-01-27 12:40:37 +05:30
Maidul Islam
49bb2121b9 update helm values 2024-01-27 12:40:37 +05:30
Maidul Islam
07679d9318 add postgres helm chart 2024-01-27 12:40:37 +05:30
Maidul Islam
fb271726fe make emails not unique for now 2024-01-27 12:40:37 +05:30
Maidul Islam
f9e7d4ddd2 make MI access token have string id 2024-01-27 12:40:37 +05:30
Maidul Islam
442c454932 make email unique 2024-01-27 12:40:37 +05:30
Maidul Islam
8b22ee1fac coerce strings to number responses 2024-01-27 12:40:37 +05:30
Maidul Islam
8a10dc8983 make before and after more clear in roll back 2024-01-27 12:40:37 +05:30
Maidul Islam
d57920706a patch bug validateAccessTokenExp bug 2024-01-27 12:40:37 +05:30
Maidul Islam
425611b409 remove uuid from snapshot project response 2024-01-27 12:40:37 +05:30
Maidul Islam
b20489982d delete unneeded file 2024-01-27 12:40:37 +05:30
Maidul Islam
4b569ee4b4 make access token non uui 2024-01-27 12:40:37 +05:30
Akhil Mohan
af9661b221 feat(infisical-pg): minor bug fixes in frontend and pg migrator secret approval req 2024-01-27 12:40:37 +05:30
Akhil Mohan
53f16f01b8 feat(infisical-pg): fixed audit log to estimate doc count and resolve cors issue 2024-01-27 12:40:37 +05:30
Maidul Islam
f519d1cffc remove async from validateAccessTokenExp 2024-01-27 12:40:37 +05:30
Akhil Mohan
b8b28d2710 feat(infisical-pg): resolved linting issues 2024-01-27 12:40:37 +05:30
Akhil Mohan
deab700716 feat(infisical-pg): made api key backward compat 2024-01-27 12:40:37 +05:30
Akhil Mohan
4d184003a8 feat(infisical-pg): made identity ua client sec backward compat 2024-01-27 12:40:37 +05:30
Maidul Islam
9849312317 remove console 2024-01-27 12:40:37 +05:30
Akhil Mohan
79454a6aea feat(infisical-pg): fixed org bot gone missing 2024-01-27 12:40:37 +05:30
Akhil Mohan
8e0fb9fe9b feat(infisical-pg): wrapped saml get option in try catch 2024-01-27 12:40:37 +05:30
Maidul Islam
a729114376 remove prefix from redis 2024-01-27 12:40:37 +05:30
Maidul Islam
0c20cb0f91 JWT_AUTH_SECRET => AUTH_SECRET 2024-01-27 12:40:37 +05:30
Maidul Islam
d1597ed8da find by id of ormify patch 2024-01-27 12:40:37 +05:30
Maidul Islam
6cee8dc7e5 uni auth remove auth type 2024-01-27 12:40:37 +05:30
Maidul Islam
13040439c3 coerce big int from string to number from sql 2024-01-27 12:40:37 +05:30
Maidul Islam
9a4f294749 add prefix to queue 2024-01-27 12:40:37 +05:30
Maidul Islam
2436a572f0 revert to only arm build 2024-01-27 12:40:37 +05:30
Maidul Islam
7cd21e3a93 remove timeout and signal from license requester 2024-01-27 12:40:37 +05:30
Maidul Islam
e28416b50b patch service token migration backwards with mongo 2024-01-27 12:40:37 +05:30
Akhil Mohan
9677836b76 feat(infisical-pg): added telemtry service 2024-01-27 12:40:37 +05:30
Maidul Islam
ca858f8e13 rename ci 2024-01-27 12:40:37 +05:30
Maidul Islam
c2beff493f add linux/amd64,linux/arm64 for standone release 2024-01-27 12:40:37 +05:30
Maidul Islam
34fafd815c set postgres ci to only linux/arm64 2024-01-27 12:40:37 +05:30
Maidul Islam
c05ebbb864 set SmtpHost.Sendgrid secure=true 2024-01-27 12:40:37 +05:30
Maidul Islam
372f2be2f3 increase license server request time out 2024-01-27 12:40:37 +05:30
Maidul Islam
23e621f557 increase license request timeout 2024-01-27 12:40:36 +05:30
Maidul Islam
464b80140f add 443 port to docker 2024-01-27 12:40:36 +05:30
Maidul Islam
01cd496afe update status api 2024-01-27 12:40:36 +05:30
Maidul Islam
6094940a8b add success message 2024-01-27 12:40:36 +05:30
Maidul Islam
30b959babb JWT_AUTH_SECRET => AUTH_SECRET 2024-01-27 12:40:36 +05:30
Maidul Islam
cec14efe86 add logs to license server 2024-01-27 12:40:36 +05:30
Maidul Islam
b3f090d87e only amd 2024-01-27 12:40:36 +05:30
Maidul Islam
1deb6827cf add STANDALONE_MODE to docker file 2024-01-27 12:40:36 +05:30
Maidul Islam
24dbf11962 add back arm 2024-01-27 12:40:36 +05:30
Maidul Islam
20fb3906aa only amd 2024-01-27 12:40:36 +05:30
Maidul Islam
e7e2ca0f45 update postgress workflow 2024-01-27 12:40:36 +05:30
Maidul Islam
caabf2c952 patch bot keys 2024-01-27 12:40:36 +05:30
Maidul Islam
35eade0206 update to alpine node 20 2024-01-27 12:40:36 +05:30
Maidul Islam
6d1b79430d lower node alpine 2024-01-27 12:40:36 +05:30
Maidul Islam
7864524944 remove QEMU 2024-01-27 12:40:36 +05:30
Maidul Islam
adc90e91fe update build-push-actio version 2024-01-27 12:40:36 +05:30
Maidul Islam
db7db0cc04 remove version 2024-01-27 12:40:36 +05:30
Maidul Islam
aa4d9ad267 Revert "update npm time out"
This reverts commit 38a7b1acf1a445ea62dcad5b60e9624733976b78.
2024-01-27 12:40:36 +05:30
Maidul Islam
27fd857120 update npm time out 2024-01-27 12:40:36 +05:30
Maidul Islam
205e46571a remove depot 2024-01-27 12:40:36 +05:30
Maidul Islam
70a6a7cfa1 create CI for standalone image 2024-01-27 12:40:36 +05:30
Maidul Islam
558315c24b set secret blind index count to Number 2024-01-27 12:40:36 +05:30
Maidul Islam
a2bd808196 rename project roles message 2024-01-27 12:40:36 +05:30
Maidul Islam
cfb0d4ee96 add no access to org service role 2024-01-27 12:40:36 +05:30
Maidul Islam
15fc4fd609 set cascade in trusted ip for project id 2024-01-27 12:40:36 +05:30
Maidul Islam
83bff9ae14 make protectedKey protectedKeyIV protectedKeyTag nullable 2024-01-27 12:40:36 +05:30
Maidul Islam
86ba6355cf more patches to migrator 2024-01-27 12:40:36 +05:30
Akhil Mohan
6b427adfe0 feat(infisical-pg): added v3 secret blind index enable feature 2024-01-27 12:40:36 +05:30
Akhil Mohan
01f711ad19 feat(infisical-pg): completed audit log migrator 2024-01-27 12:39:54 +05:30
Akhil Mohan
fa572f7ee0 feat(infisical-pg): completed standalone and docker node version 2024-01-27 12:39:54 +05:30
Maidul Islam
249edf98e9 remove notNullable from various tables 2024-01-27 12:39:54 +05:30
Maidul Islam
753a4daf69 remove authType from mi access token 2024-01-27 12:39:54 +05:30
Maidul Islam
b9320ed9bd comment out corrupt seed files 2024-01-27 12:39:54 +05:30
Maidul Islam
8eace5528f point migrations to pg backend folder 2024-01-27 12:39:54 +05:30
Daniel Hougaard
9407c16e83 Update queue-service.ts 2024-01-27 12:39:54 +05:30
Daniel Hougaard
dcdcc40a4a Update smtp-service.ts 2024-01-27 12:39:54 +05:30
Daniel Hougaard
edd78eaeba Refactor 2024-01-27 12:39:54 +05:30
Daniel Hougaard
c21ea6fb75 Cleanup 2024-01-27 12:39:54 +05:30
Daniel Hougaard
a60dbe523b Refactor to secret queue 2024-01-27 12:39:54 +05:30
Daniel Hougaard
bb9a6b4272 Update index.ts 2024-01-27 12:39:54 +05:30
Daniel Hougaard
eaca1b694a Log 2024-01-27 12:39:54 +05:30
Daniel Hougaard
0afb44af29 Handle deletion 2024-01-27 12:39:54 +05:30
Daniel Hougaard
3b39e38c89 Secret reminder types 2024-01-27 12:39:54 +05:30
Daniel Hougaard
4189d1028d Optional secret reminder typing 2024-01-27 12:39:54 +05:30
Daniel Hougaard
f227824fb8 Added secret reminders email 2024-01-27 12:39:54 +05:30
Daniel Hougaard
49d6918297 Update secret-service.ts 2024-01-27 12:39:54 +05:30
Daniel Hougaard
00212f1c72 Secret reminder queue factory 2024-01-27 12:39:54 +05:30
Daniel Hougaard
987f0c9081 Added secret reminder service 2024-01-27 12:39:54 +05:30
Daniel Hougaard
e4f00f74e9 Added new special query for getting org from project ID 2024-01-27 12:39:54 +05:30
Daniel Hougaard
ce580f417e Registered secret reminder service 2024-01-27 12:39:54 +05:30
Daniel Hougaard
c1662d6db5 Added secret reminder to queue service 2024-01-27 12:39:54 +05:30
Daniel Hougaard
2dae59c6be Update fastify.d.ts 2024-01-27 12:39:54 +05:30
Akhil Mohan
9bd764e535 feat(infisical-pg): updated pg migrator to new table name changes 2024-01-27 12:39:54 +05:30
Akhil Mohan
e4f32f092a feat(infisical-pg): completed test for secret folder and import 2024-01-27 12:39:54 +05:30
Maidul Islam
e02c082c7a more patches for migration script 2024-01-27 12:39:54 +05:30
Akhil Mohan
80b6c4ad94 feat(infisical-pg): completed tag support to all secret operations 2024-01-27 12:39:54 +05:30
Akhil Mohan
42eb01e1e2 feat(infisical-pg): completed support for tags in secret snapshot 2024-01-27 12:39:54 +05:30
Maidul Islam
b8157122e6 patches for dangling data 2024-01-27 12:39:54 +05:30
Akhil Mohan
4f66749430 feat(infisical-pg): added secret version tag 2024-01-27 12:39:54 +05:30
Maidul Islam
bfe5ee672b patches for migration 2024-01-27 12:39:54 +05:30
Akhil Mohan
32a1a0a9e5 feat(infisical-pg): removed short form names in secret approval to long form 2024-01-27 12:39:54 +05:30
Akhil Mohan
f7e1da65d5 feat(infisical-pg): added slug for org and project, resolved build error 2024-01-27 12:39:53 +05:30
Akhil Mohan
6bf9bc1d2c feat(infisical-pg): changed all dal to DAL as said by maidul 2024-01-27 12:38:23 +05:30
Akhil Mohan
59c747cf72 feat(infisical-pg): added rate limiter and bootstrap 2024-01-27 12:38:23 +05:30
Akhil Mohan
b04030a060 feat(infisical-pg): resolved missing integration auth api 2024-01-27 12:38:23 +05:30
Akhil Mohan
e8fd693da3 feat(infisical-pg): added single scope service token auto filling for get secret by name raw and version option for both get secret by name 2024-01-27 12:38:23 +05:30
Akhil Mohan
6c2803da93 feat(infisical-pg): crct permission for secret approval policy check 2024-01-27 12:38:23 +05:30
Akhil Mohan
4031f4a559 feat(infisical-pg): idempotent folder creation 2024-01-27 12:38:23 +05:30
Akhil Mohan
8ab89bc420 feat(infisical-pg): resolved import secret breaking cli backward compatiability 2024-01-27 12:38:23 +05:30
Akhil Mohan
e46e87d758 feat(infisical-pg): fixed secret deletion not getting triggered 2024-01-27 12:38:23 +05:30
Akhil Mohan
9c2ef15314 feat(infisical-pg): fixed missing secret path and commiter message in frontend 2024-01-27 12:38:23 +05:30
Maidul Islam
3213dafba9 add check to make sure user can only create service token for secrets they have access to 2024-01-27 12:38:23 +05:30
Maidul Islam
33c3c5ecc5 add permission check for target env/path for imports 2024-01-27 12:38:23 +05:30
Akhil Mohan
627c8711dc feat(infisical-pg): fixed v3 raw endpoint auto filling based on service token data single scoped 2024-01-27 12:38:23 +05:30
Akhil Mohan
8d3d4f222f feat(infisical-pg): fixed service token cli endpoint 2024-01-27 12:38:23 +05:30
Maidul Islam
65d3038414 set ignoreTrailingSlash to true in fastify 2024-01-27 12:38:23 +05:30
Akhil Mohan
6b7b888fb4 feat(infisical-pg): fixed service token return body 2024-01-27 12:38:23 +05:30
Akhil Mohan
bf059e0fe5 feat(infisical-pg): fixed secret rotation and secret approval limit offset 2024-01-27 12:38:23 +05:30
Daniel Hougaard
28fdf4ed4b Update service-token-router.ts 2024-01-27 12:38:23 +05:30
Tuan Dang
2606e42079 Correct Cloudflare Pages authorization page 2024-01-27 12:38:23 +05:30
Tuan Dang
b1285b401b Patch integration issues 2024-01-27 12:38:23 +05:30
Tuan Dang
3afafbb885 Add Makefile, pg-admin to docker compose 2024-01-27 12:38:23 +05:30
Maidul Islam
257547ff4d fix delete secret scans after git app uninstall 2024-01-27 12:38:23 +05:30
Maidul Islam
da4ae3c503 switch getSapOfFolder to check for secrets instead of approval 2024-01-27 12:38:23 +05:30
Maidul Islam
fb79e9e6fb update project add user text typo 2024-01-27 12:38:23 +05:30
Akhil Mohan
5373cb6afb feat(infisical-pg): added secret version api, fixed pass reset flow, smtp connection issue fixed 2024-01-27 12:38:23 +05:30
Daniel Hougaard
31c0bf6831 Fixed UI glitch 2024-01-27 12:38:23 +05:30
Daniel Hougaard
67618046c0 Fixed creating service tokens with no expiry 2024-01-27 12:38:23 +05:30
Maidul Islam
df642179ba fix typo 2024-01-27 12:38:23 +05:30
Daniel Hougaard
c7d0f2325c Fixed secret creation 2024-01-27 12:38:23 +05:30
Akhil Mohan
bb6d482ff9 feat(infisical-pg): added global error handler, try catch in oauth passport 2024-01-27 12:38:23 +05:30
Daniel Hougaard
4f619d7e48 Fixed signup for gitlab and github 2024-01-27 12:38:23 +05:30
Akhil Mohan
295c1e5d4a feat(infisical-pg): fixed ts issue on passport type change 2024-01-27 12:38:23 +05:30
Daniel Hougaard
0be3ad9517 Fixed eslint bug 2024-01-27 12:38:23 +05:30
Daniel Hougaard
606ed25104 Fixed GitHub auth registration issue 2024-01-27 12:38:23 +05:30
Akhil Mohan
c880a48749 feat(infisical-pg): fixed radix issue, bugs in oauth and tag cascade on 2024-01-27 12:38:23 +05:30
Akhil Mohan
92f7b45e01 feat(infisical-pg): fixed plan going undefined and resolved project missing on env delete 2024-01-27 12:38:23 +05:30
Akhil Mohan
5fe8bdc00b feat(infisical-pg): completed first version of pg migrator 2024-01-27 12:38:23 +05:30
Akhil Mohan
9f813d72f2 feat(infisical-pg): resolved multi integration auth and ip v6 support in ua 2024-01-27 12:38:23 +05:30
Akhil Mohan
d90fdac5ce feat(infisical-pg): fixed bugs in integrations and self hosted license failure 2024-01-27 12:38:23 +05:30
Akhil Mohan
87709dc86f feat(infisical-pg): first setup for postgres migration script 2024-01-27 12:38:23 +05:30
Akhil Mohan
deb8e74749 feat(infisical-pg): fixed some bugs on org invite missing auth method 2024-01-27 12:38:23 +05:30
Akhil Mohan
3519412639 feat: added secret raw endpoint and include imports 2024-01-27 12:38:23 +05:30
Akhil Mohan
0506389ada feat: added logged in based testing by injecting jwt token logic 2024-01-27 12:38:23 +05:30
Akhil Mohan
dd7c449483 feat: added login test and fixed super admin bug 2024-01-27 12:38:23 +05:30
Akhil Mohan
c7572a3374 feat: completed license server integration 2024-01-27 12:38:23 +05:30
Akhil Mohan
fe416556f2 feat: changed req.auth.userId to permission.id to satisfy type error 2024-01-27 12:38:23 +05:30
Akhil Mohan
20fb99f042 feat: added token based communications 2024-01-27 12:38:23 +05:30
Akhil Mohan
daa94db874 feat(infisical-pg): changed back to old infisical-radar url 2024-01-27 12:38:23 +05:30
Akhil Mohan
850e7bff98 feat(infisical-pg): completed secret scanner 2024-01-27 12:38:23 +05:30
Akhil Mohan
bfaf87c4c2 feat(infisical-pg): completed saml integration 2024-01-27 12:38:23 +05:30
Akhil Mohan
55f1392faf feat(infisical-pg): completed sync in secret approval 2024-01-27 12:38:23 +05:30
Akhil Mohan
0bf658e501 feat(infisical-pg): completed webhook and integration trigger queue 2024-01-27 12:38:23 +05:30
Akhil Mohan
aed94ff5bb feat(infisical-pg): resolved integration invalid cred error 2024-01-27 12:38:23 +05:30
Akhil Mohan
0d3f09d668 feat(infisical-pg): completed checklist run for dashboard 2024-01-27 12:38:23 +05:30
Akhil Mohan
16f0ac6d43 feat(infisical-pg): completed audit log moved ee routes to normal routing pattern 2024-01-27 12:38:23 +05:30
Akhil Mohan
6e6a1c87f2 feat(infisical-pg): completed secrets fetching from imports based on priority 2024-01-27 12:38:23 +05:30
Akhil Mohan
b5aa6c0000 feat(infisical-pg): completed secret rollback 2024-01-27 12:38:23 +05:30
Akhil Mohan
784cdb4201 feat(infisical-pg): completed secret rotation with queue service 2024-01-27 12:38:23 +05:30
Akhil Mohan
17e61bfc68 feat(infisical-pg): completed secret approval policy and services for approval requests 2024-01-27 12:38:23 +05:30
Akhil Mohan
a6a60b7bbb feat(infisical-pg): fixing minor compatiability issues with frontend and backend on identity 2024-01-27 12:38:23 +05:30
Akhil Mohan
d154f68a59 feat(infisical-pg: completed machine identity services 2024-01-27 12:38:23 +05:30
Akhil Mohan
f5159583ae feat(infisical-pg: completed webhook and service token 2024-01-27 12:38:23 +05:30
Akhil Mohan
771bec6d6d feat(infisical-pg): completed integration, integration auth and project bot api migration 2024-01-27 12:38:23 +05:30
Akhil Mohan
010963a80c feat(infisical-pg): completed nested folder support for secret,folder and import operations 2024-01-27 12:38:23 +05:30
Akhil Mohan
0e1191f2ea feat(infisical-pg): completed root folder level secret, secret import and folder 2024-01-27 12:38:23 +05:30
Akhil Mohan
8a6ab7f2f6 feat(infisical-pg): connected project api changes with frontend 2024-01-27 12:38:22 +05:30
Akhil Mohan
4f3582a98b feat(infisical-pg): added routes for workspaces and updated frontend 2024-01-27 12:38:22 +05:30
Akhil Mohan
498a90c484 feat(infisical-pg: linted after import order fix 2024-01-27 12:38:22 +05:30
Akhil Mohan
76e5d61da5 feat(infisical-pg: added services for project, project key and environment 2024-01-27 12:38:22 +05:30
Akhil Mohan
53bb3bc610 feat(infisical-pg): added database schema for project, its membership role and env 2024-01-27 12:38:22 +05:30
Akhil Mohan
1df7b88abf feat(infisical-pg): added e2e test setup 2024-01-27 12:38:22 +05:30
Akhil Mohan
3670b16657 feat(infisical-pg): new org role routes completed 2024-01-27 12:38:22 +05:30
Akhil Mohan
9a4b2f7d81 feat(infisical-pg): resolved type check issue and linted frontend 2024-01-27 12:38:22 +05:30
Akhil Mohan
fadb36edb8 feat(infisical-pg): removed _id with id for new backend 2024-01-27 12:38:22 +05:30
Akhil Mohan
fbe5a1adb0 feat(infisical-pg): added github,gitlab and google oauth 2024-01-27 12:38:22 +05:30
Akhil Mohan
d0695a8998 feat(infisical-pg): added a seed setup with test user creation and org creation 2024-01-27 12:38:22 +05:30
Akhil Mohan
a19e8ad016 feat(infisical-pg): updated names and simplified dal layer using ormify 2024-01-27 12:38:22 +05:30
Akhil Mohan
15b57de0ed feat(infisical-pg): test first milestone one flow 2024-01-27 12:38:22 +05:30
Akhil Mohan
aaba4a0895 feat(infisical-pg): changed frontend api types _id to normal id 2024-01-27 12:38:22 +05:30
Akhil Mohan
f3b37de3f3 feat(infisical-pg): auth injection completed and validation in password router 2024-01-27 12:38:22 +05:30
Akhil Mohan
fcfd6b3fb2 feat(infisical-pg): completed signup, login, password and backup key migration 2024-01-27 12:38:22 +05:30
Akhil Mohan
05205d1eff feat(infisical-pg): added all previous simple server middlewares, swagger support 2024-01-27 12:38:22 +05:30
Akhil Mohan
2243bcb3a4 feat: added dev and prod setup using esbuild 2024-01-27 12:38:22 +05:30
Maidul Islam
356e981401 Merge pull request #1313 from akhilmhdh/feat/migration-mode
feat(infisical-pg): added migration mode env and page
2024-01-27 00:58:58 -05:00
Maidul Islam
5b41fb0ff5 update text and patch notice 2024-01-27 00:21:57 -05:00
quinton
4057e2c6ab feat: cli export allow filtering with tags 2024-01-24 19:05:16 +00:00
Maidul Islam
8893aec213 patch saml sso for rippling 2024-01-23 01:11:29 -05:00
Daniel Hougaard
c4cb8f8008 Merge pull request #1319 from Infisical/daniel/better-sdk-docs
(Docs): Improve SDK docs
2024-01-23 08:53:28 +04:00
Daniel Hougaard
046557c97f Add .NET 2024-01-23 08:47:29 +04:00
Daniel Hougaard
a15ba28c18 Update node guide to reflect new SDK 2024-01-23 08:47:20 +04:00
Daniel Hougaard
8386f4dcbd Update python guide to reflect new SDK 2024-01-23 08:47:11 +04:00
Daniel Hougaard
ada0fd9c5b Add new item for fallbacks 2024-01-23 08:47:01 +04:00
Ronan McCarter
202efce10d remove deprecated basePath setting 2024-01-22 15:50:31 -08:00
Maidul Islam
6376c29e49 update maintenace notice 2024-01-19 17:28:35 -05:00
Vladyslav Matsiiako
402692614e updated maintenance page 2024-01-19 12:59:18 -08:00
Akhil Mohan
34de6d4e29 feat(infisical-pg): added migration mode env and page 2024-01-20 01:20:14 +05:30
vmatsiiako
829e906650 Merge pull request #1311 from Infisical/daniel/changelog-jan-2024
[JAN] Changelog points
2024-01-18 20:25:52 -05:00
Daniel Hougaard
b7cbb0f1a8 Update overview.mdx 2024-01-19 00:14:03 +04:00
Daniel Hougaard
a50ffbb59d Update overview.mdx 2024-01-19 00:13:57 +04:00
Tchoupinax
e18abc6e22 Update the path where managing service tokens
I did not find anymore where to manage token and reading the doc did not help me. I found the MR which changes the section of the link and so I update the doc according it
2024-01-17 22:15:07 +01:00
Daniel Hougaard
48eda0c684 Update overview.mdx 2024-01-15 15:55:37 +04:00
Maidul Islam
ed89413689 Merge pull request #1293 from Infisical/update-blog
Update blog notification
2024-01-12 13:52:11 -05:00
Maidul Islam
0c94f77a6d Merge pull request #1302 from akhilmhdh/feat/banner
feat: added main banner for migration
2024-01-12 10:48:21 -05:00
Vladyslav Matsiiako
e6068826f8 update migration notification 2024-01-11 23:34:46 -08:00
Maidul Islam
cfa0a2044e Merge pull request #1304 from Infisical/add-project-config-flag-for-workspace
add project-config-dir flag for run command
2024-01-11 17:21:03 -05:00
Maidul Islam
134b503c28 remove log 2024-01-11 17:19:39 -05:00
Maidul Islam
efcbf1aa88 add project-config-dir flag for run command 2024-01-11 16:39:02 -05:00
vmatsiiako
284c18db07 Merge pull request #1303 from Infisical/daniel/sdk-seo-improvements
(Docs): SDK SEO Improvements & links to packages/repos
2024-01-11 10:53:08 -08:00
Daniel Hougaard
1410a44610 SEO Improvements and links to packages/repos 2024-01-11 22:34:11 +04:00
Akhil Mohan
746ffb3840 feat: added main banner for migration 2024-01-11 23:09:57 +05:30
vmatsiiako
f9f12eafdf Update saml docs 2024-01-10 15:02:10 -08:00
Maidul Islam
11470a5a0e Merge pull request #1300 from Infisical/daniel/project-docs-secret-reminders
(Docs): Personal overrides and secret reminders awareness
2024-01-10 17:43:16 -05:00
Daniel Hougaard
9fe2190115 Update project.mdx 2024-01-11 02:40:37 +04:00
Giles Westwood
9fe2021d9f docs: cover ansible forking error 2024-01-10 22:33:38 +00:00
Maidul Islam
9e2bd31833 Merge pull request #1298 from Infisical/daniel/csharp-docs
(Docs): .NET SDK documentation & updates existing SDK docs
2024-01-10 16:28:40 -05:00
Daniel Hougaard
e88b0ad3c4 Update python.mdx 2024-01-11 01:25:10 +04:00
Daniel Hougaard
74644fd8bb Added cryptography docs and fixed formatting 2024-01-11 01:12:38 +04:00
Daniel Hougaard
2069ac1554 Added CSharp and removed unfinished SDK's 2024-01-11 01:12:26 +04:00
Daniel Hougaard
5a2516e0a7 Removed unsupported languages to remove clutter 2024-01-11 01:12:17 +04:00
Daniel Hougaard
b52bc3bed7 Added CSharp docs 2024-01-11 01:12:05 +04:00
Maidul Islam
4a153e5658 Merge pull request #1295 from akhilmhdh/fix/sec-interpolation-undefined
fix(secret-reference): fixed undefined if value not found
2024-01-10 09:59:09 -05:00
Akhil Mohan
7324822be5 fix(secret-reference): fixed undefined if value not found 2024-01-10 11:45:46 +05:30
Maidul Islam
766f301aea patch agent config by env 2024-01-09 14:30:29 -05:00
Vladyslav Matsiiako
8fbc930012 updated notification text 2024-01-08 13:51:40 -08:00
Vladyslav Matsiiako
0e5190a920 added the december update blog 2024-01-08 13:47:58 -08:00
Maidul Islam
b815e3eb56 Merge pull request #1291 from Infisical/daniel/fix-sdk-contribution-image
(Fix): Image in SDK contribution guide not loading
2024-01-08 14:56:27 -05:00
Daniel Hougaard
31231cfcca Update developing.mdx 2024-01-08 23:30:10 +04:00
Maidul Islam
ee772e4a77 allow reading universal auth creds from env in agent 2024-01-07 17:00:42 -05:00
Maidul Islam
7bc29c5981 Merge pull request #1285 from Infisical/query-by-secret-version
Add version query param to GET secret raw and regular endpoints
2024-01-07 16:07:49 -05:00
Maidul Islam
e9a89930da Merge pull request #1284 from Infisical/multi-integration-auth
Enable new integration auth credential for each new integration
2024-01-07 14:49:04 -05:00
BlackMagiq
b85499859c Merge pull request #1286 from Infisical/identities-ipv6
Add IPv6 consideration to default universal auth IP allowlist
2024-01-07 16:37:06 +01:00
Tuan Dang
7f17194c0f Add IPv6 consideration to default identities IP allowlist 2024-01-07 16:32:25 +01:00
Tuan Dang
1e1ad450d2 Add version query param to GET secret endpoint 2024-01-07 14:25:33 +01:00
Tuan Dang
5287b322d8 Enable new integration auth for each new integration 2024-01-07 12:49:59 +01:00
Maidul Islam
45d96be1ff added base64 support for config and templates 2024-01-06 23:43:04 -05:00
Maidul Islam
12840bfdbd add exit after auth setting 2024-01-06 17:17:21 -05:00
BlackMagiq
fef5369738 Merge pull request #1283 from Infisical/identity-apis
Update various identities items
2024-01-06 17:11:01 +01:00
Tuan Dang
c94b7d63f6 Update various identities items 2024-01-06 17:04:44 +01:00
BlackMagiq
485ddc5c50 Merge pull request #1282 from Infisical/patch-railway
Fix client-side railway integration issue
2024-01-06 16:14:16 +01:00
Tuan Dang
edd9c66e49 Remove commented print statements 2024-01-06 16:11:22 +01:00
Tuan Dang
0a3b85534b Fix client-side railway integration issue 2024-01-06 16:09:15 +01:00
Maidul Islam
ec2cc5162e Merge pull request #1279 from Infisical/daniel/sdk-contribution-guide
Contribution guide refactor & SDK contribution guide
2024-01-05 20:26:17 -05:00
Daniel Hougaard
7ce472957c Fixed quality 2024-01-06 04:04:09 +04:00
Daniel Hougaard
8529e0da3d Update developing.mdx 2024-01-06 03:41:31 +04:00
Daniel Hougaard
e5a5433f10 Update developing.mdx 2024-01-06 03:00:14 +04:00
Daniel Hougaard
ee6e518ff8 Update link to contribution guide 2024-01-06 02:58:26 +04:00
Daniel Hougaard
15a7222505 Update mint.json 2024-01-06 02:58:16 +04:00
Daniel Hougaard
25d482cc62 Create sdk-flow.png 2024-01-06 02:58:12 +04:00
Daniel Hougaard
785a2bec6a Added SDK guide 2024-01-06 02:58:08 +04:00
Daniel Hougaard
449466f326 Restructure 2024-01-06 02:58:02 +04:00
Daniel Hougaard
4131e9c3f1 Added getting started section 2024-01-06 02:57:53 +04:00
Daniel Hougaard
310595256f Restructured existing guide 2024-01-06 02:57:21 +04:00
Maidul Islam
1737880e58 Merge pull request #1251 from Infisical/snyk-fix-b96b562a611b0789d0a73c522a261f22
[Snyk] Security upgrade probot from 12.3.1 to 12.3.3
2024-01-05 11:20:43 -05:00
Maidul Islam
b72483f5f2 Merge pull request #1275 from Emiliaaah/fix-agent-secret-path
fix(cli): secret-path directive for agent
2024-01-05 10:39:39 -05:00
Daniel Hougaard
ee14bda706 Merge pull request #1272 from rlaisqls/error-message-typos
Fix error message typos
2024-01-05 18:18:20 +04:00
Emilia
e56463d52b fix(cli): secret-path directive for agent 2024-01-05 15:05:57 +01:00
Maidul Islam
ebd3d7c7c4 Merge pull request #1274 from Infisical/fix-vercel-preview-env
Fix: Vercel integration preview environment client side error
2024-01-04 10:18:25 -05:00
Daniel Hougaard
9ecbfe201b Update create.tsx 2024-01-04 17:42:31 +04:00
Maidul Islam
ba2a03897f update secret import create notif 2024-01-04 01:55:34 -05:00
Maidul Islam
304f14c0ed update service token create notif 2024-01-04 01:52:03 -05:00
Maidul Islam
51e5c25e16 update imports/service token crud 2024-01-04 00:55:03 -05:00
Maidul Islam
0f6490b1e7 move cli to bin folder 2024-01-03 20:17:34 -05:00
Maidul Islam
f894e48fcb remove unused import 2024-01-02 13:55:01 -05:00
Maidul Islam
37cfa22619 add back macos build 2024-01-02 13:47:15 -05:00
Maidul Islam
94557344b7 wrap cli into a docker image 2024-01-02 13:43:55 -05:00
Tuan Dang
d5063018eb Added identities, universal auth, agent to changelog 2024-01-02 10:05:43 +01:00
Maidul Islam
51d68505d3 Merge pull request #1268 from Infisical/posthog-revamp
removed posthog cli export events
2023-12-29 15:18:59 -05:00
rlaisqls
ade27ad072 Fix typos 2023-12-29 13:26:08 +09:00
Maidul Islam
683c512bce Merge pull request #1266 from Infisical/ui-improvements
ui and docs improvements
2023-12-25 14:33:47 -05:00
Vladyslav Matsiiako
43ff28b5fb added terraform useragent 2023-12-24 17:13:29 -08:00
Vladyslav Matsiiako
ce41855e84 added sdk useragent and channel 2023-12-24 16:58:48 -08:00
Vladyslav Matsiiako
d24461b17c removed posthog cli export events 2023-12-24 15:49:18 -08:00
Vladyslav Matsiiako
1797e56f9f fixed sdk guides 2023-12-24 13:30:59 -08:00
Daniel Hougaard
74f3ca5356 Merge pull request #1267 from Infisical/sdk/docs-update-2
Sdk/docs update 2
2023-12-24 21:57:52 +04:00
Daniel Hougaard
db27beaf0b Update overview.mdx 2023-12-24 21:54:57 +04:00
Daniel Hougaard
d6e55f51f2 Updated Python docs 2023-12-24 21:36:47 +04:00
Daniel Hougaard
e9b5996567 Updated node caching docs 2023-12-24 21:36:40 +04:00
Daniel Hougaard
094fe73917 Updated Java caching docs 2023-12-24 21:36:31 +04:00
Daniel Hougaard
dc3f85e92e Re-added an updated FAQ 2023-12-24 17:11:20 +04:00
Daniel Hougaard
c463256058 Updated Python docs 2023-12-24 17:11:08 +04:00
Daniel Hougaard
8df22302fd Updated Node docs 2023-12-24 17:11:03 +04:00
Daniel Hougaard
f37fa2bbf5 Updated Java docs 2023-12-24 17:10:54 +04:00
Vladyslav Matsiiako
597c9d6f2a fix docs sdk errors 2023-12-23 17:17:10 -08:00
Vladyslav Matsiiako
24d2eea930 ui and docs improvements 2023-12-23 16:06:00 -08:00
Maidul Islam
382cb910af tps 2023-12-23 17:31:34 -05:00
vmatsiiako
6725475575 Merge pull request #1264 from Infisical/sdk/docs-update
SDK documentation update
2023-12-23 09:30:35 -08:00
Daniel Hougaard
026864951b Updated links 2023-12-23 15:55:20 +04:00
Daniel Hougaard
287ed05ab7 Removed FAQ for now 2023-12-23 15:50:14 +04:00
Daniel Hougaard
37b036e614 Update overview.mdx 2023-12-23 15:49:03 +04:00
Daniel Hougaard
024914c168 Update python.mdx 2023-12-23 15:48:24 +04:00
Daniel Hougaard
19e8b6d37b Update node.mdx 2023-12-23 15:48:21 +04:00
Daniel Hougaard
b6d648f1f3 Added Java docs 2023-12-23 15:48:14 +04:00
Daniel Hougaard
a514a62a29 Fixed typos 2023-12-23 15:48:02 +04:00
Daniel Hougaard
2f24956651 Updated coming soon description 2023-12-23 15:47:16 +04:00
Daniel Hougaard
13d058025c Formatting and link changes 2023-12-23 15:29:24 +04:00
Daniel Hougaard
8ccaa7f29b Updated python docs 2023-12-23 15:29:17 +04:00
Daniel Hougaard
b83964051c Added required to required fields 2023-12-23 15:29:08 +04:00
Daniel Hougaard
0a2b078bdc Update node.mdx 2023-12-23 15:12:39 +04:00
Daniel Hougaard
40d16fa996 Updated Node.js docs 2023-12-23 15:10:30 +04:00
vmatsiiako
a3739cfe50 Update overview.mdx 2023-12-21 22:24:53 -08:00
vmatsiiako
a73623258e Update kubernetes-helm.mdx 2023-12-21 17:47:49 -08:00
BlackMagiq
6da39f41a6 Merge pull request #1263 from Infisical/restyle-self-hosting-docs
Restyle self-hosting docs for Docker / Docker Compose
2023-12-20 19:53:21 +07:00
Tuan Dang
69bbbfcfd8 Restyle self-hosting docs for Docker / Docker Compose 2023-12-20 19:52:17 +07:00
BlackMagiq
c9d58ec77d Merge pull request #1262 from Infisical/self-hosting-railway
Add self-hosting docs for Railway
2023-12-20 17:06:54 +07:00
Tuan Dang
cb364186d8 Add self-hosting docs for Railway 2023-12-20 17:05:28 +07:00
BlackMagiq
918afe05b6 Merge pull request #1261 from Infisical/self-hosting-aws-lightsail
Finish self-hosting docs for AWS Lightsail
2023-12-20 15:56:05 +07:00
Tuan Dang
e822820151 Finish self-hosting docs for AWS Lightsail 2023-12-20 15:42:02 +07:00
Maidul Islam
b5ac49eefe Merge pull request #1258 from akhilmhdh/feat/token-expire-null
fix: made expire optional on service token creation
2023-12-19 09:35:16 -05:00
BlackMagiq
b21d1a0ed2 Merge pull request #1259 from Infisical/self-hosting-azure-app-service
Add self-hosting docs for Azure App Service
2023-12-19 21:01:06 +07:00
Tuan Dang
70f1122362 Add self-hosting docs for Azure App Service 2023-12-19 20:57:08 +07:00
Akhil Mohan
ea03db8a2c fix: made expire optional on service token creation 2023-12-19 15:46:03 +05:30
BlackMagiq
38d9abca17 Merge pull request #1257 from Infisical/self-hosting-azure-container-instances
Add self-hosting docs for Azure Container Instances
2023-12-19 15:21:01 +07:00
Tuan Dang
5bed2580c3 Add self-hosting docs for Azure Container Instances 2023-12-19 15:19:24 +07:00
Maidul Islam
d0b899897b Merge pull request #1256 from Infisical/add-crd-owner
add crd owner
2023-12-18 19:26:26 -05:00
Maidul Islam
1861dc85de add crd owner 2023-12-18 19:25:23 -05:00
BlackMagiq
bc6bf33674 Merge pull request #1253 from Infisical/self-hosting-gcp-cloud-run
Add docs for deploying Infisical with GCP Cloud Run
2023-12-18 16:54:00 +07:00
Tuan Dang
44fd35baf5 Add docs for deploying Infisical with GCP Cloud Run 2023-12-18 16:52:28 +07:00
BlackMagiq
8ddfee4c36 Merge pull request #1252 from Infisical/self-hosting-flyio
Add self-hosting docs for Fly.io
2023-12-18 12:11:32 +07:00
Tuan Dang
4d0bff4377 Add self-hosting docs for Fly.io 2023-12-18 12:10:18 +07:00
snyk-bot
c7b2489d0b fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PROBOT-6129524
2023-12-17 14:48:29 +00:00
Maidul Islam
5941e8e836 Merge pull request #1248 from akhilmhdh/fix/secret-approval-patch
fix: secret approval loading failed for commiter on approval
2023-12-15 09:29:41 -05:00
Akhil Mohan
80e50d13ec fix: secret approval loading failed for commiter on approval 2023-12-15 18:10:54 +05:30
BlackMagiq
99c8dda4e1 Merge pull request #1247 from Infisical/sso-docs
Update SSO docs to use Mintlify steps
2023-12-15 13:58:31 +07:00
Tuan Dang
14c8e3fa3b Update SSO docs to use Mintlify steps 2023-12-15 13:54:28 +07:00
Jon Insley
fe2f2f972e fix(frontend): Remove max-width to match other views
This commit removes the max-width constraint on the WebhooksTab.tsx component, aligning it with the full-width layout consistency seen in other views. The previous max-width of 1024px resulted in unused space on larger screens.
2023-10-25 13:54:09 -04:00
2035 changed files with 117139 additions and 147488 deletions

View File

@@ -8,19 +8,17 @@ ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218
# THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION
AUTH_SECRET=5lrMXKKWCVocS/uerPsl7V+TX/aaUaI7iDkgl3tSmLE=
# MongoDB
# Backend will connect to the MongoDB instance at connection string MONGO_URL which can either be a ref
# to the MongoDB container instance or Mongo Cloud
# Postgres creds
POSTGRES_PASSWORD=infisical
POSTGRES_USER=infisical
POSTGRES_DB=infisical
# Required
MONGO_URL=mongodb://root:example@mongo:27017/?authSource=admin
DB_CONNECTION_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
# Redis
REDIS_URL=redis://redis:6379
# Optional credentials for MongoDB container instance and Mongo-Express
MONGO_USERNAME=root
MONGO_PASSWORD=example
# Website URL
# Required
SITE_URL=http://localhost:8080

1
.env.migration.example Normal file
View File

@@ -0,0 +1 @@
DB_CONNECTION_URI=

4
.env.test.example Normal file
View File

@@ -0,0 +1,4 @@
REDIS_URL=redis://localhost:6379
DB_CONNECTION_URI=postgres://infisical:infisical@localhost/infisical?sslmode=disable
AUTH_SECRET=4bnfe4e407b8921c104518903515b218
ENCRYPTION_KEY=4bnfe4e407b8921c104518903515b218

View File

@@ -1,6 +1,6 @@
# Description 📣
<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. Here's how we expect a pull request to be : https://infisical.com/docs/contributing/getting-started/pull-requests -->
## Type ✨
@@ -19,4 +19,6 @@
---
- [ ] I have read the [contributing guide](https://infisical.com/docs/contributing/overview), agreed and acknowledged the [code of conduct](https://infisical.com/docs/contributing/code-of-conduct). 📝
- [ ] I have read the [contributing guide](https://infisical.com/docs/contributing/getting-started/overview), agreed and acknowledged the [code of conduct](https://infisical.com/docs/contributing/getting-started/code-of-conduct). 📝
<!-- If you have any questions regarding contribution, here's the FAQ : https://infisical.com/docs/contributing/getting-started/faq -->

190
.github/resources/changelog-generator.py vendored Normal file
View File

@@ -0,0 +1,190 @@
# inspired by https://www.photoroom.com/inside-photoroom/how-we-automated-our-changelog-thanks-to-chatgpt
import os
import requests
import re
from openai import OpenAI
import subprocess
from datetime import datetime
import uuid
# Constants
REPO_OWNER = "infisical"
REPO_NAME = "infisical"
TOKEN = os.environ["GITHUB_TOKEN"]
SLACK_WEBHOOK_URL = os.environ["SLACK_WEBHOOK_URL"]
OPENAI_API_KEY = os.environ["OPENAI_API_KEY"]
SLACK_MSG_COLOR = "#36a64f"
headers = {
"Authorization": f"Bearer {TOKEN}",
"Accept": "application/vnd.github+json",
"X-GitHub-Api-Version": "2022-11-28",
}
def set_multiline_output(name, value):
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
delimiter = uuid.uuid1()
print(f'{name}<<{delimiter}', file=fh)
print(value, file=fh)
print(delimiter, file=fh)
def post_changelog_to_slack(changelog, tag):
slack_payload = {
"text": "Hey team, it's changelog time! :wave:",
"attachments": [
{
"color": SLACK_MSG_COLOR,
"title": f"🗓Infisical Changelog - {tag}",
"text": changelog,
}
],
}
response = requests.post(SLACK_WEBHOOK_URL, json=slack_payload)
if response.status_code != 200:
raise Exception("Failed to post changelog to Slack.")
def find_previous_release_tag(release_tag:str):
previous_tag = subprocess.check_output(["git", "describe", "--tags", "--abbrev=0", f"{release_tag}^"]).decode("utf-8").strip()
while not(previous_tag.startswith("infisical/")):
previous_tag = subprocess.check_output(["git", "describe", "--tags", "--abbrev=0", f"{previous_tag}^"]).decode("utf-8").strip()
return previous_tag
def get_tag_creation_date(tag_name):
url = f"https://api.github.com/repos/{REPO_OWNER}/{REPO_NAME}/git/refs/tags/{tag_name}"
response = requests.get(url, headers=headers)
response.raise_for_status()
commit_sha = response.json()['object']['sha']
commit_url = f"https://api.github.com/repos/{REPO_OWNER}/{REPO_NAME}/commits/{commit_sha}"
commit_response = requests.get(commit_url, headers=headers)
commit_response.raise_for_status()
creation_date = commit_response.json()['commit']['author']['date']
return datetime.strptime(creation_date, '%Y-%m-%dT%H:%M:%SZ')
def fetch_prs_between_tags(previous_tag_date:datetime, release_tag_date:datetime):
# Use GitHub API to fetch PRs merged between the commits
url = f"https://api.github.com/repos/{REPO_OWNER}/{REPO_NAME}/pulls?state=closed&merged=true"
response = requests.get(url, headers=headers)
if response.status_code != 200:
raise Exception("Error fetching PRs from GitHub API!")
prs = []
for pr in response.json():
# the idea is as tags happen recently we get last 100 closed PRs and then filter by tag creation date
if pr["merged_at"] and datetime.strptime(pr["merged_at"],'%Y-%m-%dT%H:%M:%SZ') < release_tag_date and datetime.strptime(pr["merged_at"],'%Y-%m-%dT%H:%M:%SZ') > previous_tag_date:
prs.append(pr)
return prs
def extract_commit_details_from_prs(prs):
commit_details = []
for pr in prs:
commit_message = pr["title"]
commit_url = pr["html_url"]
pr_number = pr["number"]
branch_name = pr["head"]["ref"]
issue_numbers = re.findall(r"(www-\d+|web-\d+)", branch_name)
# If no issue numbers are found, add the PR details without issue numbers and URLs
if not issue_numbers:
commit_details.append(
{
"message": commit_message,
"pr_number": pr_number,
"pr_url": commit_url,
"issue_number": None,
"issue_url": None,
}
)
continue
for issue in issue_numbers:
commit_details.append(
{
"message": commit_message,
"pr_number": pr_number,
"pr_url": commit_url,
"issue_number": issue,
}
)
return commit_details
# Function to generate changelog using OpenAI
def generate_changelog_with_openai(commit_details):
commit_messages = []
for details in commit_details:
base_message = f"{details['pr_url']} - {details['message']}"
# Add the issue URL if available
# if details["issue_url"]:
# base_message += f" (Linear Issue: {details['issue_url']})"
commit_messages.append(base_message)
commit_list = "\n".join(commit_messages)
prompt = """
Generate a changelog for Infisical, opensource secretops
The changelog should:
1. Be Informative: Using the provided list of GitHub commits, break them down into categories such as Features, Fixes & Improvements, and Technical Updates. Summarize each commit concisely, ensuring the key points are highlighted.
2. Have a Professional yet Friendly tone: The tone should be balanced, not too corporate or too informal.
3. Celebratory Introduction and Conclusion: Start the changelog with a celebratory note acknowledging the team's hard work and progress. End with a shoutout to the team and wishes for a pleasant weekend.
4. Formatting: you cannot use Markdown formatting, and you can only use emojis for the introductory paragraph or the conclusion paragraph, nowhere else.
5. Links: the syntax to create links is the following: `<http://www.example.com|This message is a link>`.
6. Linear Links: note that the Linear link is optional, include it only if provided.
7. Do not wrap your answer in a codeblock. Just output the text, nothing else
Here's a good example to follow, please try to match the formatting as closely as possible, only changing the content of the changelog and have some liberty with the introduction. Notice the importance of the formatting of a changelog item:
- <https://github.com/facebook/react/pull/27304/%7C#27304>: We optimize our ci to strip comments and minify production builds. (<https://linear.app/example/issue/WEB-1234/%7CWEB-1234>))
And here's an example of the full changelog:
*Features*
• <https://github.com/facebook/react/pull/27304/%7C#27304>: We optimize our ci to strip comments and minify production builds. (<https://linear.app/example/issue/WEB-1234/%7CWEB-1234>)
*Fixes & Improvements*
• <https://github.com/facebook/react/pull/27304/%7C#27304>: We optimize our ci to strip comments and minify production builds. (<https://linear.app/example/issue/WEB-1234/%7CWEB-1234>)
*Technical Updates*
• <https://github.com/facebook/react/pull/27304/%7C#27304>: We optimize our ci to strip comments and minify production builds. (<https://linear.app/example/issue/WEB-1234/%7CWEB-1234>)
Stay tuned for more exciting updates coming soon!
And here are the commits:
{}
""".format(
commit_list
)
client = OpenAI(api_key=OPENAI_API_KEY)
messages = [{"role": "user", "content": prompt}]
response = client.chat.completions.create(model="gpt-3.5-turbo", messages=messages)
if "error" in response.choices[0].message:
raise Exception("Error generating changelog with OpenAI!")
return response.choices[0].message.content.strip()
if __name__ == "__main__":
try:
# Get the latest and previous release tags
latest_tag = subprocess.check_output(["git", "describe", "--tags", "--abbrev=0"]).decode("utf-8").strip()
previous_tag = find_previous_release_tag(latest_tag)
latest_tag_date = get_tag_creation_date(latest_tag)
previous_tag_date = get_tag_creation_date(previous_tag)
prs = fetch_prs_between_tags(previous_tag_date,latest_tag_date)
pr_details = extract_commit_details_from_prs(prs)
# Generate changelog
changelog = generate_changelog_with_openai(pr_details)
post_changelog_to_slack(changelog,latest_tag)
# Print or post changelog to Slack
# set_multiline_output("changelog", changelog)
except Exception as e:
print(str(e))

82
.github/values.yaml vendored
View File

@@ -1,49 +1,57 @@
backend:
enabled: true
name: backend
podAnnotations: {}
deploymentAnnotations:
secrets.infisical.com/auto-reload: "true"
replicaCount: 2
## @section Common parameters
##
## @param nameOverride Override release name
##
nameOverride: ""
## @param fullnameOverride Override release fullname
##
fullnameOverride: ""
## @section Infisical backend parameters
## Documentation : https://infisical.com/docs/self-hosting/deployments/kubernetes
##
infisical:
autoDatabaseSchemaMigration: false
enabled: false
name: infisical
replicaCount: 3
image:
repository: infisical/staging_infisical
tag: "latest"
pullPolicy: Always
kubeSecretRef: managed-backend-secret
service:
annotations: {}
type: ClusterIP
nodePort: ""
resources:
limits:
memory: 300Mi
backendEnvironmentVariables: null
deploymentAnnotations:
secrets.infisical.com/auto-reload: "true"
## Mongo DB persistence
mongodb:
enabled: false
persistence:
enabled: false
## By default the backend will be connected to a Mongo instance within the cluster
## However, it is recommended to add a managed document DB connection string for production-use (DBaaS)
## Learn about connection string type here https://www.mongodb.com/docs/manual/reference/connection-string/
## e.g. "mongodb://<user>:<pass>@<host>:<port>/<database-name>"
mongodbConnection:
externalMongoDBConnectionString: ""
kubeSecretRef: "managed-secret"
ingress:
## @param ingress.enabled Enable ingress
##
enabled: true
# annotations:
# kubernetes.io/ingress.class: "nginx"
# cert-manager.io/issuer: letsencrypt-nginx
hostName: gamma.infisical.com ## <- Replace with your own domain
## @param ingress.ingressClassName Ingress class name
##
ingressClassName: nginx
## @param ingress.nginx.enabled Ingress controller
##
# nginx:
# enabled: true
## @param ingress.annotations Ingress annotations
##
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hostName: "gamma.infisical.com"
tls:
[]
# - secretName: letsencrypt-nginx
# hosts:
# - infisical.local
- secretName: letsencrypt-prod
hosts:
- gamma.infisical.com
mailhog:
postgresql:
enabled: false
redis:
enabled: false

View File

@@ -3,6 +3,7 @@ on:
push:
tags:
- "infisical/v*.*.*"
- "!infisical/v*.*.*-postgres"
jobs:
backend-image:
@@ -40,6 +41,7 @@ jobs:
load: true
context: backend
tags: infisical/infisical:test
platforms: linux/amd64,linux/arm64
- name: ⏻ Spawn backend container and dependencies
run: |
docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
@@ -91,6 +93,7 @@ jobs:
project: 64mmf0n610
context: frontend
tags: infisical/frontend:test
platforms: linux/amd64,linux/arm64
build-args: |
POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
NEXT_INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}

View File

@@ -0,0 +1,140 @@
name: Deployment pipeline
on: [workflow_dispatch]
permissions:
id-token: write
contents: read
jobs:
infisical-image:
name: Build backend image
runs-on: ubuntu-latest
steps:
- name: ☁️ Checkout source
uses: actions/checkout@v3
- name: 📦 Install dependencies to test all dependencies
run: npm ci --only-production
working-directory: backend
- name: Save commit hashes for tag
id: commit
uses: pr-mpt/actions-commit-hash@v2
- name: 🔧 Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: 🐋 Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Depot CLI
uses: depot/setup-action@v1
- name: 🏗️ Build backend and push to docker hub
uses: depot/build-push-action@v1
with:
project: 64mmf0n610
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
push: true
context: .
file: Dockerfile.standalone-infisical
tags: |
infisical/staging_infisical:${{ steps.commit.outputs.short }}
infisical/staging_infisical:latest
platforms: linux/amd64,linux/arm64
build-args: |
POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
INFISICAL_PLATFORM_VERSION=${{ steps.commit.outputs.short }}
gamma-deployment:
name: Deploy to gamma
runs-on: ubuntu-latest
needs: [infisical-image]
environment:
name: Gamma
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Node.js environment
uses: actions/setup-node@v2
with:
node-version: "20"
- name: Change directory to backend and install dependencies
env:
DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
run: |
cd backend
npm install
npm run migration:latest
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: us-east-1
role-to-assume: arn:aws:iam::905418227878:role/deploy-new-ecs-img
- name: Save commit hashes for tag
id: commit
uses: pr-mpt/actions-commit-hash@v2
- name: Download task definition
run: |
aws ecs describe-task-definition --task-definition infisical-prod-platform --query taskDefinition > task-definition.json
- name: Render Amazon ECS task definition
id: render-web-container
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: infisical-prod-platform
image: infisical/staging_infisical:${{ steps.commit.outputs.short }}
environment-variables: "LOG_LEVEL=info"
- name: Deploy to Amazon ECS service
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-web-container.outputs.task-definition }}
service: infisical-prod-platform
cluster: infisical-prod-platform
wait-for-service-stability: true
production-postgres-deployment:
name: Deploy to production
runs-on: ubuntu-latest
needs: [gamma-deployment]
environment:
name: Production
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Node.js environment
uses: actions/setup-node@v2
with:
node-version: "20"
- name: Change directory to backend and install dependencies
env:
DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
run: |
cd backend
npm install
npm run migration:latest
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: us-east-1
role-to-assume: arn:aws:iam::381492033652:role/gha-make-prod-deployment
- name: Save commit hashes for tag
id: commit
uses: pr-mpt/actions-commit-hash@v2
- name: Download task definition
run: |
aws ecs describe-task-definition --task-definition infisical-prod-platform --query taskDefinition > task-definition.json
- name: Render Amazon ECS task definition
id: render-web-container
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: infisical-prod-platform
image: infisical/staging_infisical:${{ steps.commit.outputs.short }}
environment-variables: "LOG_LEVEL=info"
- name: Deploy to Amazon ECS service
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-web-container.outputs.task-definition }}
service: infisical-prod-platform
cluster: infisical-prod-platform
wait-for-service-stability: true

View File

@@ -1,99 +0,0 @@
name: Build, Publish and Deploy to Gamma
on: [workflow_dispatch]
jobs:
infisical-image:
name: Build backend image
runs-on: ubuntu-latest
steps:
- name: ☁️ Checkout source
uses: actions/checkout@v3
- name: 📦 Install dependencies to test all dependencies
run: npm ci --only-production
working-directory: backend
# - name: 🧪 Run tests
# run: npm run test:ci
# working-directory: backend
- name: Save commit hashes for tag
id: commit
uses: pr-mpt/actions-commit-hash@v2
- name: 🔧 Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: 🐋 Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Depot CLI
uses: depot/setup-action@v1
- name: 📦 Build backend and export to Docker
uses: depot/build-push-action@v1
with:
project: 64mmf0n610
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
load: true
context: .
file: Dockerfile.standalone-infisical
tags: infisical/infisical:test
- name: ⏻ Spawn backend container and dependencies
run: |
docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
- name: 🧪 Test backend image
run: |
./.github/resources/healthcheck.sh infisical-backend-test
- name: ⏻ Shut down backend container and dependencies
run: |
docker compose -f .github/resources/docker-compose.be-test.yml down
- name: 🏗️ Build backend and push
uses: depot/build-push-action@v1
with:
project: 64mmf0n610
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
push: true
context: .
file: Dockerfile.standalone-infisical
tags: |
infisical/staging_infisical:${{ steps.commit.outputs.short }}
infisical/staging_infisical:latest
platforms: linux/amd64,linux/arm64
build-args: |
POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
gamma-deployment:
name: Deploy to gamma
runs-on: ubuntu-latest
needs: [infisical-image]
steps:
- name: ☁️ Checkout source
uses: actions/checkout@v3
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.10.0
- name: Install infisical helm chart
run: |
helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
helm repo update
- name: Install kubectl
uses: azure/setup-kubectl@v3
- name: Install doctl
uses: digitalocean/action-doctl@v2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Save DigitalOcean kubeconfig with short-lived credentials
run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 k8s-1-25-4-do-0-nyc1-1670645170179
- name: switch to gamma namespace
run: kubectl config set-context --current --namespace=gamma
- name: test kubectl
run: kubectl get ingress
- name: Download helm values to file and upgrade gamma deploy
run: |
wget https://raw.githubusercontent.com/Infisical/infisical/main/.github/values.yaml
helm upgrade infisical infisical-helm-charts/infisical --values values.yaml --wait --install
if [[ $(helm status infisical) == *"FAILED"* ]]; then
echo "Helm upgrade failed"
exit 1
else
echo "Helm upgrade was successful"
fi

View File

@@ -0,0 +1,76 @@
name: "Check API For Breaking Changes"
on:
pull_request:
types: [opened, synchronize]
paths:
- "backend/src/server/routes/**"
- "backend/src/ee/routes/**"
jobs:
check-be-api-changes:
name: Check API Changes
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout source
uses: actions/checkout@v3
# - name: Setup Node 20
# uses: actions/setup-node@v3
# with:
# node-version: "20"
# uncomment this when testing locally using nektos/act
- uses: KengoTODA/actions-setup-docker-compose@v1
if: ${{ env.ACT }}
name: Install `docker-compose` for local simulations
with:
version: "2.14.2"
- name: 📦Build the latest image
run: docker build --tag infisical-api .
working-directory: backend
- name: Start postgres and redis
run: touch .env && docker-compose -f docker-compose.dev.yml up -d db redis
- name: Start the server
run: |
echo "SECRET_SCANNING_GIT_APP_ID=793712" >> .env
echo "SECRET_SCANNING_PRIVATE_KEY=some-random" >> .env
echo "SECRET_SCANNING_WEBHOOK_SECRET=some-random" >> .env
docker run --name infisical-api -d -p 4000:4000 -e DB_CONNECTION_URI=$DB_CONNECTION_URI -e REDIS_URL=$REDIS_URL -e JWT_AUTH_SECRET=$JWT_AUTH_SECRET --env-file .env --entrypoint '/bin/sh' infisical-api -c "npm run migration:latest && ls && node dist/main.mjs"
env:
REDIS_URL: redis://172.17.0.1:6379
DB_CONNECTION_URI: postgres://infisical:infisical@172.17.0.1:5432/infisical?sslmode=disable
JWT_AUTH_SECRET: something-random
- uses: actions/setup-go@v5
with:
go-version: '1.21.5'
- name: Wait for container to be stable and check logs
run: |
SECONDS=0
HEALTHY=0
while [ $SECONDS -lt 60 ]; do
if docker ps | grep infisical-api | grep -q healthy; then
echo "Container is healthy."
HEALTHY=1
break
fi
echo "Waiting for container to be healthy... ($SECONDS seconds elapsed)"
docker logs infisical-api
sleep 2
SECONDS=$((SECONDS+2))
done
if [ $HEALTHY -ne 1 ]; then
echo "Container did not become healthy in time"
exit 1
fi
- name: Install openapi-diff
run: go install github.com/tufin/oasdiff@latest
- name: Running OpenAPI Spec diff action
run: oasdiff breaking https://app.infisical.com/api/docs/json http://localhost:4000/api/docs/json --fail-on ERR
- name: cleanup
run: |
docker-compose -f "docker-compose.dev.yml" down
docker stop infisical-api
docker remove infisical-api

View File

@@ -1,43 +0,0 @@
name: "Check Backend Pull Request"
on:
pull_request:
types: [opened, synchronize]
paths:
- "backend/**"
- "!backend/README.md"
- "!backend/.*"
- "backend/.eslintrc.js"
jobs:
check-be-pr:
name: Check
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: ☁️ Checkout source
uses: actions/checkout@v3
- name: 🔧 Setup Node 16
uses: actions/setup-node@v3
with:
node-version: "16"
cache: "npm"
cache-dependency-path: backend/package-lock.json
- name: 📦 Install dependencies
run: npm ci --only-production
working-directory: backend
# - name: 🧪 Run tests
# run: npm run test:ci
# working-directory: backend
# - name: 📁 Upload test results
# uses: actions/upload-artifact@v3
# if: always()
# with:
# name: be-test-results
# path: |
# ./backend/reports
# ./backend/coverage
- name: 🏗️ Run build
run: npm run build
working-directory: backend

View File

@@ -0,0 +1,35 @@
name: "Check Backend PR types and lint"
on:
pull_request:
types: [opened, synchronize]
paths:
- "backend/**"
- "!backend/README.md"
- "!backend/.*"
- "backend/.eslintrc.js"
jobs:
check-be-pr:
name: Check TS and Lint
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: ☁️ Checkout source
uses: actions/checkout@v3
- name: 🔧 Setup Node 20
uses: actions/setup-node@v3
with:
node-version: "20"
cache: "npm"
cache-dependency-path: backend/package-lock.json
- name: Install dependencies
run: npm install
working-directory: backend
- name: Run type check
run: npm run type:check
working-directory: backend
- name: Run lint check
run: npm run lint
working-directory: backend

View File

@@ -1,4 +1,4 @@
name: Check Frontend Pull Request
name: Check Frontend Type and Lint check
on:
pull_request:
@@ -10,8 +10,8 @@ on:
- "frontend/.eslintrc.js"
jobs:
check-fe-pr:
name: Check
check-fe-ts-lint:
name: Check Frontend Type and Lint check
runs-on: ubuntu-latest
timeout-minutes: 15
@@ -25,12 +25,11 @@ jobs:
cache: "npm"
cache-dependency-path: frontend/package-lock.json
- name: 📦 Install dependencies
run: npm ci --only-production --ignore-scripts
run: npm install
working-directory: frontend
# -
# name: 🧪 Run tests
# run: npm run test:ci
# working-directory: frontend
- name: 🏗️ Run build
run: npm run build
- name: 🏗️ Run Type check
run: npm run type:check
working-directory: frontend
- name: 🏗️ Run Link check
run: npm run lint:fix
working-directory: frontend

View File

@@ -0,0 +1,34 @@
name: Generate Changelog
permissions:
contents: write
on:
workflow_dispatch:
push:
tags:
- "infisical/v*.*.*-postgres"
jobs:
generate_changelog:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-tags: true
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12.0"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install requests openai
- name: Generate Changelog and Post to Slack
id: gen-changelog
run: python .github/resources/changelog-generator.py
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

View File

@@ -2,12 +2,17 @@ name: Release standalone docker image
on:
push:
tags:
- "infisical/v*.*.*"
- "infisical/v*.*.*-postgres"
jobs:
infisical-tests:
name: Run tests before deployment
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#overview
uses: ./.github/workflows/run-backend-tests.yml
infisical-standalone:
name: Build infisical standalone image
name: Build infisical standalone image postgres
runs-on: ubuntu-latest
needs: [infisical-tests]
steps:
- name: Extract version from tag
id: extract_version
@@ -19,27 +24,6 @@ jobs:
- name: 📦 Install dependencies to test all dependencies
run: npm ci --only-production
working-directory: backend
- uses: paulhatch/semantic-version@v5.0.2
id: version
with:
# The prefix to use to identify tags
tag_prefix: "infisical-standalone/v"
# A string which, if present in a git commit, indicates that a change represents a
# major (breaking) change, supports regular expressions wrapped with '/'
major_pattern: "(MAJOR)"
# Same as above except indicating a minor change, supports regular expressions wrapped with '/'
minor_pattern: "(MINOR)"
# A string to determine the format of the version output
version_format: "${major}.${minor}.${patch}-prerelease${increment}"
# Optional path to check for changes. If any changes are detected in the path the
# 'changed' output will true. Enter multiple paths separated by spaces.
change_path: "backend,frontend"
# Prevents pre-v1.0.0 version from automatically incrementing the major version.
# If enabled, when the major version is 0, major releases will be treated as minor and minor as patch. Note that the version_type output is unchanged.
enable_prerelease_mode: true
# - name: 🧪 Run tests
# run: npm run test:ci
# working-directory: backend
- name: version output
run: |
echo "Output Value: ${{ steps.version.outputs.major }}"
@@ -68,7 +52,7 @@ jobs:
push: true
context: .
tags: |
infisical/infisical:latest
infisical/infisical:latest-postgres
infisical/infisical:${{ steps.commit.outputs.short }}
infisical/infisical:${{ steps.extract_version.outputs.version }}
platforms: linux/amd64,linux/arm64

View File

@@ -23,6 +23,8 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: 🔧 Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- run: git fetch --force --tags
- run: echo "Ref name ${{github.ref_name}}"
- uses: actions/setup-go@v3

47
.github/workflows/run-backend-tests.yml vendored Normal file
View File

@@ -0,0 +1,47 @@
name: "Run backend tests"
on:
pull_request:
types: [opened, synchronize]
paths:
- "backend/**"
- "!backend/README.md"
- "!backend/.*"
- "backend/.eslintrc.js"
workflow_call:
jobs:
check-be-pr:
name: Run integration test
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: ☁️ Checkout source
uses: actions/checkout@v3
- uses: KengoTODA/actions-setup-docker-compose@v1
if: ${{ env.ACT }}
name: Install `docker-compose` for local simulations
with:
version: "2.14.2"
- name: 🔧 Setup Node 20
uses: actions/setup-node@v3
with:
node-version: "20"
cache: "npm"
cache-dependency-path: backend/package-lock.json
- name: Install dependencies
run: npm install
working-directory: backend
- name: Start postgres and redis
run: touch .env && docker-compose -f docker-compose.dev.yml up -d db redis
- name: Start integration test
run: npm run test:e2e
working-directory: backend
env:
REDIS_URL: redis://172.17.0.1:6379
DB_CONNECTION_URI: postgres://infisical:infisical@172.17.0.1:5432/infisical?sslmode=disable
AUTH_SECRET: something-random
ENCRYPTION_KEY: 4bnfe4e407b8921c104518903515b218
- name: cleanup
run: |
docker-compose -f "docker-compose.dev.yml" down

9
.gitignore vendored
View File

@@ -1,11 +1,12 @@
# backend
node_modules
.env
.env.test
.env.dev
.env.gamma
.env.prod
.env.infisical
.env.migration
*~
*.swp
*.swo
@@ -58,7 +59,11 @@ yarn-error.log*
# Infisical init
.infisical.json
.infisicalignore
# Editor specific
.vscode/*
frontend-build
frontend-build
*.tgz

View File

@@ -108,7 +108,7 @@ brews:
zsh_completion.install "completions/infisical.zsh" => "_infisical"
fish_completion.install "completions/infisical.fish"
man1.install "manpages/infisical.1.gz"
- name: 'infisical@{{.Version}}'
- name: "infisical@{{.Version}}"
tap:
owner: Infisical
name: homebrew-get-cli
@@ -186,12 +186,38 @@ aurs:
# man pages
install -Dm644 "./manpages/infisical.1.gz" "${pkgdir}/usr/share/man/man1/infisical.1.gz"
# dockers:
# - dockerfile: cli/docker/Dockerfile
# goos: linux
# goarch: amd64
# ids:
# - infisical
# image_templates:
# - "infisical/cli:{{ .Version }}"
# - "infisical/cli:latest"
dockers:
- dockerfile: docker/alpine
goos: linux
goarch: amd64
use: buildx
ids:
- all-other-builds
image_templates:
- "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64"
- "infisical/cli:latest-amd64"
build_flag_templates:
- "--pull"
- "--platform=linux/amd64"
- dockerfile: docker/alpine
goos: linux
goarch: amd64
use: buildx
ids:
- all-other-builds
image_templates:
- "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64"
- "infisical/cli:latest-arm64"
build_flag_templates:
- "--pull"
- "--platform=linux/arm64"
docker_manifests:
- name_template: "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
image_templates:
- "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64"
- "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64"
- name_template: "infisical/cli:latest"
image_templates:
- "infisical/cli:latest-amd64"
- "infisical/cli:latest-arm64"

View File

@@ -1 +1,5 @@
.github/resources/docker-compose.be-test.yml:generic-api-key:16
frontend/src/views/Project/MembersPage/components/IdentityTab/components/IdentityRoleForm/IdentityRbacSection.tsx:generic-api-key:206
frontend/src/views/Project/MembersPage/components/IdentityTab/components/IdentityRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:304
frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/MemberRbacSection.tsx:generic-api-key:206
frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:292

View File

@@ -2,6 +2,6 @@
Thanks for taking the time to contribute! 😃 🚀
Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/overview) for instructions on how to contribute.
Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/getting-started/overview) for instructions on how to contribute.
We also have some 🔥amazing🔥 merch for our contributors. Please reach out to tony@infisical.com for more info 👀

View File

@@ -1,8 +1,9 @@
ARG POSTHOG_HOST=https://app.posthog.com
ARG POSTHOG_API_KEY=posthog-api-key
ARG INTERCOM_ID=intercom-id
ARG SAML_ORG_SLUG=saml-org-slug-default
FROM node:16-alpine AS base
FROM node:20-alpine AS base
FROM base AS frontend-dependencies
@@ -35,6 +36,8 @@ ARG INTERCOM_ID
ENV NEXT_PUBLIC_INTERCOM_ID $INTERCOM_ID
ARG INFISICAL_PLATFORM_VERSION
ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION
ARG SAML_ORG_SLUG
ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG
# Build
RUN npm run build
@@ -73,6 +76,7 @@ RUN npm ci --only-production
COPY /backend .
COPY --chown=non-root-user:nodejs standalone-entrypoint.sh standalone-entrypoint.sh
RUN npm i -D tsconfig-paths
RUN npm run build
# Production stage
@@ -99,6 +103,9 @@ ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
ARG INTERCOM_ID=intercom-id
ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
ARG SAML_ORG_SLUG
ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG \
BAKED_NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG
WORKDIR /
@@ -106,23 +113,20 @@ COPY --from=backend-runner /app /backend
COPY --from=frontend-runner /app ./backend/frontend-build
ENV PORT 8080
ENV HOST=0.0.0.0
ENV HTTPS_ENABLED false
ENV NODE_ENV production
ENV STANDALONE_BUILD true
ENV STANDALONE_MODE true
WORKDIR /backend
ENV TELEMETRY_ENABLED true
HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \
CMD node healthcheck.js
EXPOSE 8080
EXPOSE 443
USER non-root-user
CMD ["./standalone-entrypoint.sh"]

View File

@@ -5,13 +5,13 @@ push:
docker-compose -f docker-compose.yml push
up-dev:
docker-compose -f docker-compose.dev.yml up --build
docker compose -f docker-compose.dev.yml up --build
i-dev:
infisical run -- docker-compose -f docker-compose.dev.yml up --build
up-dev-ldap:
docker compose -f docker-compose.dev.yml --profile ldap up --build
up-prod:
docker-compose -f docker-compose.yml up --build
docker-compose -f docker-compose.prod.yml up --build
down:
docker-compose down
docker compose -f docker-compose.dev.yml down

View File

@@ -10,7 +10,8 @@
<a href="https://infisical.com/">Infisical Cloud</a> |
<a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
<a href="https://infisical.com/docs/documentation/getting-started/introduction">Docs</a> |
<a href="https://www.infisical.com">Website</a>
<a href="https://www.infisical.com">Website</a> |
<a href="https://infisical.com/careers">Hiring (Remote/SF)</a>
</h4>
<p align="center">
@@ -33,7 +34,7 @@
<img src="https://img.shields.io/github/commit-activity/m/infisical/infisical" alt="git commit activity" />
</a>
<a href="https://cloudsmith.io/~infisical/repos/">
<img src="https://img.shields.io/badge/Downloads-2.58M-orange" alt="Cloudsmith downloads" />
<img src="https://img.shields.io/badge/Downloads-6.95M-orange" alt="Cloudsmith downloads" />
</a>
<a href="https://infisical.com/slack">
<img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
@@ -53,17 +54,19 @@ We're on a mission to make secret management more accessible to everyone, not ju
## Features
- **[User-friendly dashboard](https://infisical.com/docs/documentation/platform/project)** to manage secrets across projects and environments (e.g. development, production, etc.)
- **[Client SDKs](https://infisical.com/docs/sdks/overview)** to fetch secrets for your apps and infrastructure on demand
- **[Infisical CLI](https://infisical.com/docs/cli/overview)** to fetch and inject secrets into any framework in local development
- **[Native integrations](https://infisical.com/docs/integrations/overview)** with platforms like GitHub, Vercel, Netlify, and more
- [**Automatic Kubernetes deployment secret reloads**](https://infisical.com/docs/documentation/getting-started/kubernetes)
- **[Complete control over your data](https://infisical.com/docs/self-hosting/overview)** - host it yourself on any infrastructure
- **[Secret versioning](https://infisical.com/docs/documentation/platform/secret-versioning)** and **[Point-in-Time Recovery]()** to version every secret and project state
- **[Audit logs](https://infisical.com/docs/documentation/platform/audit-logs)** to record every action taken in a project
- **Role-based Access Controls** per environment
- [**Simple on-premise deployments** to AWS, Digital Ocean, and more](https://infisical.com/docs/self-hosting/overview)
- [**Secret Scanning and Leak Prevention**](https://infisical.com/docs/cli/scanning-overview)
- **[User-friendly dashboard](https://infisical.com/docs/documentation/platform/project)** to manage secrets across projects and environments (e.g. development, production, etc.).
- **[Client SDKs](https://infisical.com/docs/sdks/overview)** to fetch secrets for your apps and infrastructure on demand.
- **[Infisical CLI](https://infisical.com/docs/cli/overview)** to fetch and inject secrets into any framework in local development and CI/CD.
- **[Infisical API](https://infisical.com/docs/api-reference/overview/introduction)** to perform CRUD operation on secrets, users, projects, and any other resource in Infisical.
- **[Native integrations](https://infisical.com/docs/integrations/overview)** with platforms like [GitHub](https://infisical.com/docs/integrations/cicd/githubactions), [Vercel](https://infisical.com/docs/integrations/cloud/vercel), [AWS](https://infisical.com/docs/integrations/cloud/aws-secret-manager), and tools like [Terraform](https://infisical.com/docs/integrations/frameworks/terraform), [Ansible](https://infisical.com/docs/integrations/platforms/ansible), and more.
- **[Infisical Kubernetes operator](https://infisical.com/docs/documentation/getting-started/kubernetes)** to managed secrets in k8s, automatically reload deployments, and more.
- **[Infisical Agent](https://infisical.com/docs/infisical-agent/overview)** to inject secrets into your applications without modifying any code logic.
- **[Self-hosting and on-prem](https://infisical.com/docs/self-hosting/overview)** to get complete control over your data.
- **[Secret versioning](https://infisical.com/docs/documentation/platform/secret-versioning)** and **[Point-in-Time Recovery](https://infisical.com/docs/documentation/platform/pit-recovery)** to version every secret and project state.
- **[Audit logs](https://infisical.com/docs/documentation/platform/audit-logs)** to record every action taken in a project.
- **[Role-based Access Controls](https://infisical.com/docs/documentation/platform/role-based-access-controls)** to create permission sets on any resource in Infisica and assign those to user or machine identities.
- **[Simple on-premise deployments](https://infisical.com/docs/self-hosting/overview)** to AWS, Digital Ocean, and more.
- **[Secret Scanning and Leak Prevention](https://infisical.com/docs/cli/scanning-overview)** to prevent secrets from leaking to git.
And much more.
@@ -82,13 +85,13 @@ To set up and run Infisical locally, make sure you have Git and Docker installed
Linux/macOS:
```console
git clone https://github.com/Infisical/infisical && cd "$(basename $_ .git)" && cp .env.example .env && docker-compose -f docker-compose.yml up
git clone https://github.com/Infisical/infisical && cd "$(basename $_ .git)" && cp .env.example .env && docker-compose -f docker-compose.prod.yml up
```
Windows Command Prompt:
```console
git clone https://github.com/Infisical/infisical && cd infisical && copy .env.example .env && docker-compose -f docker-compose.yml up
git clone https://github.com/Infisical/infisical && cd infisical && copy .env.example .env && docker-compose -f docker-compose.prod.yml up
```
Create an account at `http://localhost:80`
@@ -115,9 +118,9 @@ Lean about Infisical's code scanning feature [here](https://infisical.com/docs/c
This repo available under the [MIT expat license](https://github.com/Infisical/infisical/blob/main/LICENSE), with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license.
If you are interested in managed Infisical Cloud of self-hosted Enterprise Offering, take a look at [our website](https://infisical.com/) or [book a meeting with us](https://cal.com/vmatsiiako/infisical-demo):
If you are interested in managed Infisical Cloud of self-hosted Enterprise Offering, take a look at [our website](https://infisical.com/) or [book a meeting with us](https://infisical.cal.com/vlad/infisical-demo):
<a href="https://cal.com/vmatsiiako/infisical-demo"><img alt="Schedule a meeting" src="https://cal.com/book-with-cal-dark.svg" /></a>
<a href="[https://infisical.cal.com/vlad/infisical-demo](https://infisical.cal.com/vlad/infisical-demo)"><img alt="Schedule a meeting" src="https://cal.com/book-with-cal-dark.svg" /></a>
## Security
@@ -129,7 +132,7 @@ Note that this security address should be used only for undisclosed vulnerabilit
## Contributing
Whether it's big or small, we love contributions. Check out our guide to see how to [get started](https://infisical.com/docs/contributing/overview).
Whether it's big or small, we love contributions. Check out our guide to see how to [get started](https://infisical.com/docs/contributing/getting-started).
Not sure where to get started? You can:

View File

@@ -1,2 +1,3 @@
node_modules
built
vitest-environment-infisical.ts
vitest.config.ts
vitest.e2e.config.ts

View File

@@ -1,41 +0,0 @@
{
"parser": "@typescript-eslint/parser",
"plugins": [
"@typescript-eslint",
"unused-imports"
],
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/eslint-recommended",
"plugin:@typescript-eslint/recommended"
],
"rules": {
"no-empty-function": "off",
"@typescript-eslint/no-empty-function": "off",
"no-console": 2,
"quotes": [
"error",
"double",
{
"avoidEscape": true
}
],
"comma-dangle": [
"error",
"only-multiline"
],
"@typescript-eslint/no-unused-vars": "off",
"unused-imports/no-unused-imports": "error",
"@typescript-eslint/no-extra-semi": "off", // added to be able to push
"unused-imports/no-unused-vars": [
"warn",
{
"vars": "all",
"varsIgnorePattern": "^_",
"args": "after-used",
"argsIgnorePattern": "^_"
}
],
"sort-imports": 1
}
}

74
backend/.eslintrc.js Normal file
View File

@@ -0,0 +1,74 @@
/* eslint-env node */
module.exports = {
env: {
es6: true,
node: true
},
extends: [
"eslint:recommended",
"plugin:@typescript-eslint/recommended",
"plugin:@typescript-eslint/recommended-type-checked",
"airbnb-base",
"airbnb-typescript/base",
"plugin:prettier/recommended",
"prettier"
],
plugins: ["@typescript-eslint", "simple-import-sort", "import"],
parser: "@typescript-eslint/parser",
parserOptions: {
project: true,
sourceType: "module",
tsconfigRootDir: __dirname
},
root: true,
overrides: [
{
files: ["./e2e-test/**/*", "./src/db/migrations/**/*"],
rules: {
"@typescript-eslint/no-unsafe-member-access": "off",
"@typescript-eslint/no-unsafe-assignment": "off",
"@typescript-eslint/no-unsafe-argument": "off",
"@typescript-eslint/no-unsafe-return": "off",
"@typescript-eslint/no-unsafe-call": "off"
}
}
],
rules: {
"@typescript-eslint/no-empty-function": "off",
"@typescript-eslint/no-unsafe-enum-comparison": "off",
"no-void": "off",
"consistent-return": "off", // my style
"import/order": "off", // for simple-import-order
"import/prefer-default-export": "off", // why
"no-restricted-syntax": "off",
// importing rules
"simple-import-sort/exports": "error",
"import/first": "error",
"import/newline-after-import": "error",
"import/no-duplicates": "error",
"simple-import-sort/imports": [
"warn",
{
groups: [
// Side effect imports.
["^\\u0000"],
// Node.js builtins prefixed with `node:`.
["^node:"],
// Packages.
// Things that start with a letter (or digit or underscore), or `@` followed by a letter.
["^@?\\w"],
["^@app"],
["@lib"],
["@server"],
// Absolute imports and other imports such as Vue-style `@/foo`.
// Anything not matched in another group.
["^"],
// Relative imports.
// Anything that starts with a dot.
["^\\."]
]
}
]
}
};

1
backend/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
dist

View File

@@ -1,6 +1,6 @@
{
"singleQuote": false,
"printWidth": 100,
"printWidth": 120,
"trailingComma": "none",
"tabWidth": 2,
"semi": true

View File

@@ -1,5 +1,5 @@
# Build stage
FROM node:16-alpine AS build
FROM node:20-alpine AS build
WORKDIR /app
@@ -10,7 +10,7 @@ COPY . .
RUN npm run build
# Production stage
FROM node:16-alpine
FROM node:20-alpine
WORKDIR /app
@@ -28,6 +28,8 @@ RUN apk add --no-cache bash curl && curl -1sLf \
HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \
CMD node healthcheck.js
ENV HOST=0.0.0.0
EXPOSE 4000
CMD ["node", "build/index.js"]
CMD ["npm", "start"]

18
backend/Dockerfile.dev Normal file
View File

@@ -0,0 +1,18 @@
FROM node:20-alpine
RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical=0.8.1 && apk add --no-cache git
WORKDIR /app
COPY package.json package.json
COPY package-lock.json package-lock.json
RUN npm install
COPY . .
ENV HOST=0.0.0.0
CMD ["npm", "run", "dev:docker"]

View File

@@ -0,0 +1,30 @@
import { TKeyStoreFactory } from "@app/keystore/keystore";
export const mockKeyStore = (): TKeyStoreFactory => {
const store: Record<string, string | number | Buffer> = {};
return {
setItem: async (key, value) => {
store[key] = value;
return "OK";
},
setItemWithExpiry: async (key, value) => {
store[key] = value;
return "OK";
},
deleteItem: async (key) => {
delete store[key];
return 1;
},
getItem: async (key) => {
const value = store[key];
if (typeof value === "string") {
return value;
}
return null;
},
incrementBy: async () => {
return 1;
}
};
};

View File

@@ -0,0 +1,26 @@
import { TQueueServiceFactory } from "@app/queue";
export const mockQueue = (): TQueueServiceFactory => {
const queues: Record<string, unknown> = {};
const workers: Record<string, unknown> = {};
const job: Record<string, unknown> = {};
const events: Record<string, unknown> = {};
return {
queue: async (name, jobData) => {
job[name] = jobData;
},
shutdown: async () => undefined,
stopRepeatableJob: async () => true,
start: (name, jobFn) => {
queues[name] = jobFn;
workers[name] = jobFn;
},
listen: (name, event) => {
events[name] = event;
},
clearQueue: async () => {},
stopJobById: async () => {},
stopRepeatableJobByJobId: async () => true
};
};

View File

@@ -0,0 +1,10 @@
import { TSmtpSendMail, TSmtpService } from "@app/services/smtp/smtp-service";
export const mockSmtpServer = (): TSmtpService => {
const storage: TSmtpSendMail[] = [];
return {
sendMail: async (data) => {
storage.push(data);
}
};
};

View File

@@ -0,0 +1,71 @@
import { OrgMembershipRole } from "@app/db/schemas";
import { seedData1 } from "@app/db/seed-data";
export const createIdentity = async (name: string, role: string) => {
const createIdentityRes = await testServer.inject({
method: "POST",
url: "/api/v1/identities",
body: {
name,
role,
organizationId: seedData1.organization.id
},
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(createIdentityRes.statusCode).toBe(200);
return createIdentityRes.json().identity;
};
export const deleteIdentity = async (id: string) => {
const deleteIdentityRes = await testServer.inject({
method: "DELETE",
url: `/api/v1/identities/${id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(deleteIdentityRes.statusCode).toBe(200);
return deleteIdentityRes.json().identity;
};
describe("Identity v1", async () => {
test("Create identity", async () => {
const newIdentity = await createIdentity("mac1", OrgMembershipRole.Admin);
expect(newIdentity.name).toBe("mac1");
expect(newIdentity.authMethod).toBeNull();
await deleteIdentity(newIdentity.id);
});
test("Update identity", async () => {
const newIdentity = await createIdentity("mac1", OrgMembershipRole.Admin);
expect(newIdentity.name).toBe("mac1");
expect(newIdentity.authMethod).toBeNull();
const updatedIdentity = await testServer.inject({
method: "PATCH",
url: `/api/v1/identities/${newIdentity.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
name: "updated-mac-1",
role: OrgMembershipRole.Member
}
});
expect(updatedIdentity.statusCode).toBe(200);
expect(updatedIdentity.json().identity.name).toBe("updated-mac-1");
await deleteIdentity(newIdentity.id);
});
test("Delete Identity", async () => {
const newIdentity = await createIdentity("mac1", OrgMembershipRole.Admin);
const deletedIdentity = await deleteIdentity(newIdentity.id);
expect(deletedIdentity.name).toBe("mac1");
});
});

View File

@@ -0,0 +1,46 @@
import jsrp from "jsrp";
import { seedData1 } from "@app/db/seed-data";
describe("Login V1 Router", async () => {
// eslint-disable-next-line
const client = new jsrp.client();
await new Promise((resolve) => {
client.init({ username: seedData1.email, password: seedData1.password }, () => resolve(null));
});
let clientProof: string;
test("Login first phase", async () => {
const res = await testServer.inject({
method: "POST",
url: "/api/v3/auth/login1",
body: {
email: "test@localhost.local",
clientPublicKey: client.getPublicKey()
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("serverPublicKey");
expect(payload).toHaveProperty("salt");
client.setSalt(payload.salt);
client.setServerPublicKey(payload.serverPublicKey);
clientProof = client.getProof(); // called M1
});
test("Login second phase", async () => {
const res = await testServer.inject({
method: "POST",
url: "/api/v3/auth/login2",
body: {
email: seedData1.email,
clientProof
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("mfaEnabled");
expect(payload).toHaveProperty("token");
expect(payload.mfaEnabled).toBeFalsy();
});
});

View File

@@ -0,0 +1,19 @@
import { seedData1 } from "@app/db/seed-data";
describe("Org V1 Router", async () => {
test("GET Org list", async () => {
const res = await testServer.inject({
method: "GET",
url: "/api/v1/organization",
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("organizations");
expect(payload).toEqual({
organizations: [expect.objectContaining({ name: seedData1.organization.name })]
});
});
});

View File

@@ -0,0 +1,132 @@
import { seedData1 } from "@app/db/seed-data";
import { DEFAULT_PROJECT_ENVS } from "@app/db/seeds/3-project";
const createProjectEnvironment = async (name: string, slug: string) => {
const res = await testServer.inject({
method: "POST",
url: `/api/v1/workspace/${seedData1.project.id}/environments`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
name,
slug
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("environment");
return payload.environment;
};
const deleteProjectEnvironment = async (envId: string) => {
const res = await testServer.inject({
method: "DELETE",
url: `/api/v1/workspace/${seedData1.project.id}/environments/${envId}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("environment");
return payload.environment;
};
describe("Project Environment Router", async () => {
test("Get default environments", async () => {
const res = await testServer.inject({
method: "GET",
url: `/api/v1/workspace/${seedData1.project.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("workspace");
// check for default environments
expect(payload).toEqual({
workspace: expect.objectContaining({
name: seedData1.project.name,
id: seedData1.project.id,
slug: seedData1.project.slug,
environments: expect.arrayContaining([
expect.objectContaining(DEFAULT_PROJECT_ENVS[0]),
expect.objectContaining(DEFAULT_PROJECT_ENVS[1]),
expect.objectContaining(DEFAULT_PROJECT_ENVS[2])
])
})
});
// ensure only two default environments exist
expect(payload.workspace.environments.length).toBe(3);
});
const mockProjectEnv = { name: "temp", slug: "temp" }; // id will be filled in create op
test("Create environment", async () => {
const newEnvironment = await createProjectEnvironment(mockProjectEnv.name, mockProjectEnv.slug);
expect(newEnvironment).toEqual(
expect.objectContaining({
id: expect.any(String),
name: mockProjectEnv.name,
slug: mockProjectEnv.slug,
projectId: seedData1.project.id,
position: DEFAULT_PROJECT_ENVS.length + 1,
createdAt: expect.any(String),
updatedAt: expect.any(String)
})
);
await deleteProjectEnvironment(newEnvironment.id);
});
test("Update environment", async () => {
const newEnvironment = await createProjectEnvironment(mockProjectEnv.name, mockProjectEnv.slug);
const updatedName = { name: "temp#2", slug: "temp2" };
const res = await testServer.inject({
method: "PATCH",
url: `/api/v1/workspace/${seedData1.project.id}/environments/${newEnvironment.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
name: updatedName.name,
slug: updatedName.slug,
position: 1
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("environment");
expect(payload.environment).toEqual(
expect.objectContaining({
id: newEnvironment.id,
name: updatedName.name,
slug: updatedName.slug,
projectId: seedData1.project.id,
position: 1,
createdAt: expect.any(String),
updatedAt: expect.any(String)
})
);
await deleteProjectEnvironment(newEnvironment.id);
});
test("Delete environment", async () => {
const newEnvironment = await createProjectEnvironment(mockProjectEnv.name, mockProjectEnv.slug);
const deletedProjectEnvironment = await deleteProjectEnvironment(newEnvironment.id);
expect(deletedProjectEnvironment).toEqual(
expect.objectContaining({
id: deletedProjectEnvironment.id,
name: mockProjectEnv.name,
slug: mockProjectEnv.slug,
position: 4,
createdAt: expect.any(String),
updatedAt: expect.any(String)
})
);
});
});

View File

@@ -0,0 +1,165 @@
import { seedData1 } from "@app/db/seed-data";
const createFolder = async (dto: { path: string; name: string }) => {
const res = await testServer.inject({
method: "POST",
url: `/api/v1/folders`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
name: dto.name,
path: dto.path
}
});
expect(res.statusCode).toBe(200);
return res.json().folder;
};
const deleteFolder = async (dto: { path: string; id: string }) => {
const res = await testServer.inject({
method: "DELETE",
url: `/api/v1/folders/${dto.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: dto.path
}
});
expect(res.statusCode).toBe(200);
return res.json().folder;
};
describe("Secret Folder Router", async () => {
test.each([
{ name: "folder1", path: "/" }, // one in root
{ name: "folder1", path: "/level1/level2" }, // then create a deep one creating intermediate ones
{ name: "folder2", path: "/" },
{ name: "folder1", path: "/level1/level2" } // this should not create folder return same thing
])("Create folder $name in $path", async ({ name, path }) => {
const createdFolder = await createFolder({ path, name });
// check for default environments
expect(createdFolder).toEqual(
expect.objectContaining({
name,
id: expect.any(String)
})
);
await deleteFolder({ path, id: createdFolder.id });
});
test.each([
{
path: "/",
expected: {
folders: [{ name: "folder1" }, { name: "level1" }, { name: "folder2" }],
length: 3
}
},
{ path: "/level1/level2", expected: { folders: [{ name: "folder1" }], length: 1 } }
])("Get folders $path", async ({ path, expected }) => {
const newFolders = await Promise.all(expected.folders.map(({ name }) => createFolder({ name, path })));
const res = await testServer.inject({
method: "GET",
url: `/api/v1/folders`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("folders");
expect(payload.folders.length >= expected.folders.length).toBeTruthy();
expect(payload).toEqual({
folders: expect.arrayContaining(expected.folders.map((el) => expect.objectContaining(el)))
});
await Promise.all(newFolders.map(({ id }) => deleteFolder({ path, id })));
});
test("Update a deep folder", async () => {
const newFolder = await createFolder({ name: "folder-updated", path: "/level1/level2" });
expect(newFolder).toEqual(
expect.objectContaining({
id: expect.any(String),
name: "folder-updated"
})
);
const resUpdatedFolders = await testServer.inject({
method: "GET",
url: `/api/v1/folders`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/level1/level2"
}
});
expect(resUpdatedFolders.statusCode).toBe(200);
const updatedFolderList = JSON.parse(resUpdatedFolders.payload);
expect(updatedFolderList).toHaveProperty("folders");
expect(updatedFolderList.folders[0].name).toEqual("folder-updated");
await deleteFolder({ path: "/level1/level2", id: newFolder.id });
});
test("Delete a deep folder", async () => {
const newFolder = await createFolder({ name: "folder-updated", path: "/level1/level2" });
const res = await testServer.inject({
method: "DELETE",
url: `/api/v1/folders/${newFolder.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/level1/level2"
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("folder");
expect(payload.folder).toEqual(
expect.objectContaining({
id: expect.any(String),
name: "folder-updated"
})
);
const resUpdatedFolders = await testServer.inject({
method: "GET",
url: `/api/v1/folders`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/level1/level2"
}
});
expect(resUpdatedFolders.statusCode).toBe(200);
const updatedFolderList = JSON.parse(resUpdatedFolders.payload);
expect(updatedFolderList).toHaveProperty("folders");
expect(updatedFolderList.folders.length).toEqual(0);
});
});

View File

@@ -0,0 +1,206 @@
import { seedData1 } from "@app/db/seed-data";
const createSecretImport = async (importPath: string, importEnv: string) => {
const res = await testServer.inject({
method: "POST",
url: `/api/v1/secret-imports`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/",
import: {
environment: importEnv,
path: importPath
}
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("secretImport");
return payload.secretImport;
};
const deleteSecretImport = async (id: string) => {
const res = await testServer.inject({
method: "DELETE",
url: `/api/v1/secret-imports/${id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/"
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("secretImport");
return payload.secretImport;
};
describe("Secret Import Router", async () => {
test.each([
{ importEnv: "prod", importPath: "/" }, // one in root
{ importEnv: "staging", importPath: "/" } // then create a deep one creating intermediate ones
])("Create secret import $importEnv with path $importPath", async ({ importPath, importEnv }) => {
// check for default environments
const payload = await createSecretImport(importPath, importEnv);
expect(payload).toEqual(
expect.objectContaining({
id: expect.any(String),
importPath: expect.any(String),
importEnv: expect.objectContaining({
name: expect.any(String),
slug: expect.any(String),
id: expect.any(String)
})
})
);
await deleteSecretImport(payload.id);
});
test("Get secret imports", async () => {
const createdImport1 = await createSecretImport("/", "prod");
const createdImport2 = await createSecretImport("/", "staging");
const res = await testServer.inject({
method: "GET",
url: `/api/v1/secret-imports`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/"
}
});
expect(res.statusCode).toBe(200);
const payload = JSON.parse(res.payload);
expect(payload).toHaveProperty("secretImports");
expect(payload.secretImports.length).toBe(2);
expect(payload.secretImports).toEqual(
expect.arrayContaining([
expect.objectContaining({
id: expect.any(String),
importPath: expect.any(String),
importEnv: expect.objectContaining({
name: expect.any(String),
slug: expect.any(String),
id: expect.any(String)
})
})
])
);
await deleteSecretImport(createdImport1.id);
await deleteSecretImport(createdImport2.id);
});
test("Update secret import position", async () => {
const prodImportDetails = { path: "/", envSlug: "prod" };
const stagingImportDetails = { path: "/", envSlug: "staging" };
const createdImport1 = await createSecretImport(prodImportDetails.path, prodImportDetails.envSlug);
const createdImport2 = await createSecretImport(stagingImportDetails.path, stagingImportDetails.envSlug);
const updateImportRes = await testServer.inject({
method: "PATCH",
url: `/api/v1/secret-imports/${createdImport1.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/",
import: {
position: 2
}
}
});
expect(updateImportRes.statusCode).toBe(200);
const payload = JSON.parse(updateImportRes.payload);
expect(payload).toHaveProperty("secretImport");
// check for default environments
expect(payload.secretImport).toEqual(
expect.objectContaining({
id: expect.any(String),
importPath: expect.any(String),
position: 2,
importEnv: expect.objectContaining({
name: expect.any(String),
slug: expect.stringMatching(prodImportDetails.envSlug),
id: expect.any(String)
})
})
);
const secretImportsListRes = await testServer.inject({
method: "GET",
url: `/api/v1/secret-imports`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/"
}
});
expect(secretImportsListRes.statusCode).toBe(200);
const secretImportList = JSON.parse(secretImportsListRes.payload);
expect(secretImportList).toHaveProperty("secretImports");
expect(secretImportList.secretImports[1].id).toEqual(createdImport1.id);
expect(secretImportList.secretImports[0].id).toEqual(createdImport2.id);
await deleteSecretImport(createdImport1.id);
await deleteSecretImport(createdImport2.id);
});
test("Delete secret import position", async () => {
const createdImport1 = await createSecretImport("/", "prod");
const createdImport2 = await createSecretImport("/", "staging");
const deletedImport = await deleteSecretImport(createdImport1.id);
// check for default environments
expect(deletedImport).toEqual(
expect.objectContaining({
id: expect.any(String),
importPath: expect.any(String),
importEnv: expect.objectContaining({
name: expect.any(String),
slug: expect.any(String),
id: expect.any(String)
})
})
);
const secretImportsListRes = await testServer.inject({
method: "GET",
url: `/api/v1/secret-imports`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/"
}
});
expect(secretImportsListRes.statusCode).toBe(200);
const secretImportList = JSON.parse(secretImportsListRes.payload);
expect(secretImportList).toHaveProperty("secretImports");
expect(secretImportList.secretImports.length).toEqual(1);
expect(secretImportList.secretImports[0].position).toEqual(1);
await deleteSecretImport(createdImport2.id);
});
});

View File

@@ -0,0 +1,9 @@
describe("Status V1 Router", async () => {
test("Simple check", async () => {
const res = await testServer.inject({
method: "GET",
url: "/api/status"
});
expect(res.statusCode).toBe(200);
});
});

View File

@@ -0,0 +1,579 @@
import crypto from "node:crypto";
import { SecretType, TSecrets } from "@app/db/schemas";
import { decryptSecret, encryptSecret, getUserPrivateKey, seedData1 } from "@app/db/seed-data";
import { decryptAsymmetric, decryptSymmetric128BitHexKeyUTF8, encryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
const createServiceToken = async (
scopes: { environment: string; secretPath: string }[],
permissions: ("read" | "write")[]
) => {
const projectKeyRes = await testServer.inject({
method: "GET",
url: `/api/v2/workspace/${seedData1.project.id}/encrypted-key`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
const projectKeyEnc = JSON.parse(projectKeyRes.payload);
const userInfoRes = await testServer.inject({
method: "GET",
url: "/api/v2/users/me",
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
const { user: userInfo } = JSON.parse(userInfoRes.payload);
const privateKey = await getUserPrivateKey(seedData1.password, userInfo);
const projectKey = decryptAsymmetric({
ciphertext: projectKeyEnc.encryptedKey,
nonce: projectKeyEnc.nonce,
publicKey: projectKeyEnc.sender.publicKey,
privateKey
});
const randomBytes = crypto.randomBytes(16).toString("hex");
const { ciphertext, iv, tag } = encryptSymmetric128BitHexKeyUTF8(projectKey, randomBytes);
const serviceTokenRes = await testServer.inject({
method: "POST",
url: "/api/v2/service-token",
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
name: "test-token",
workspaceId: seedData1.project.id,
scopes,
encryptedKey: ciphertext,
iv,
tag,
permissions,
expiresIn: null
}
});
expect(serviceTokenRes.statusCode).toBe(200);
const serviceTokenInfo = serviceTokenRes.json();
expect(serviceTokenInfo).toHaveProperty("serviceToken");
expect(serviceTokenInfo).toHaveProperty("serviceTokenData");
return `${serviceTokenInfo.serviceToken}.${randomBytes}`;
};
const deleteServiceToken = async () => {
const serviceTokenListRes = await testServer.inject({
method: "GET",
url: `/api/v1/workspace/${seedData1.project.id}/service-token-data`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(serviceTokenListRes.statusCode).toBe(200);
const serviceTokens = JSON.parse(serviceTokenListRes.payload).serviceTokenData as { name: string; id: string }[];
expect(serviceTokens.length).toBeGreaterThan(0);
const serviceTokenInfo = serviceTokens.find(({ name }) => name === "test-token");
expect(serviceTokenInfo).toBeDefined();
const deleteTokenRes = await testServer.inject({
method: "DELETE",
url: `/api/v2/service-token/${serviceTokenInfo?.id}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
}
});
expect(deleteTokenRes.statusCode).toBe(200);
};
const createSecret = async (dto: {
projectKey: string;
path: string;
key: string;
value: string;
comment: string;
type?: SecretType;
token: string;
}) => {
const createSecretReqBody = {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
type: dto.type || SecretType.Shared,
secretPath: dto.path,
...encryptSecret(dto.projectKey, dto.key, dto.value, dto.comment)
};
const createSecRes = await testServer.inject({
method: "POST",
url: `/api/v3/secrets/${dto.key}`,
headers: {
authorization: `Bearer ${dto.token}`
},
body: createSecretReqBody
});
expect(createSecRes.statusCode).toBe(200);
const createdSecretPayload = JSON.parse(createSecRes.payload);
expect(createdSecretPayload).toHaveProperty("secret");
return createdSecretPayload.secret;
};
const deleteSecret = async (dto: { path: string; key: string; token: string }) => {
const deleteSecRes = await testServer.inject({
method: "DELETE",
url: `/api/v3/secrets/${dto.key}`,
headers: {
authorization: `Bearer ${dto.token}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: dto.path
}
});
expect(deleteSecRes.statusCode).toBe(200);
const updatedSecretPayload = JSON.parse(deleteSecRes.payload);
expect(updatedSecretPayload).toHaveProperty("secret");
return updatedSecretPayload.secret;
};
describe("Service token secret ops", async () => {
let serviceToken = "";
let projectKey = "";
let folderId = "";
beforeAll(async () => {
serviceToken = await createServiceToken(
[{ secretPath: "/**", environment: seedData1.environment.slug }],
["read", "write"]
);
// this is ensure cli service token decryptiong working fine
const serviceTokenInfoRes = await testServer.inject({
method: "GET",
url: "/api/v2/service-token",
headers: {
authorization: `Bearer ${serviceToken}`
}
});
expect(serviceTokenInfoRes.statusCode).toBe(200);
const serviceTokenInfo = serviceTokenInfoRes.json();
const serviceTokenParts = serviceToken.split(".");
projectKey = decryptSymmetric128BitHexKeyUTF8({
key: serviceTokenParts[3],
tag: serviceTokenInfo.tag,
ciphertext: serviceTokenInfo.encryptedKey,
iv: serviceTokenInfo.iv
});
// create a deep folder
const folderCreate = await testServer.inject({
method: "POST",
url: `/api/v1/folders`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
name: "folder",
path: "/nested1/nested2"
}
});
expect(folderCreate.statusCode).toBe(200);
folderId = folderCreate.json().folder.id;
});
afterAll(async () => {
await deleteServiceToken();
// create a deep folder
const deleteFolder = await testServer.inject({
method: "DELETE",
url: `/api/v1/folders/${folderId}`,
headers: {
authorization: `Bearer ${jwtAuthToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
path: "/nested1/nested2"
}
});
expect(deleteFolder.statusCode).toBe(200);
});
const testSecrets = [
{
path: "/",
secret: {
key: "ST-SEC",
value: "something-secret",
comment: "some comment"
}
},
{
path: "/nested1/nested2/folder",
secret: {
key: "NESTED-ST-SEC",
value: "something-secret",
comment: "some comment"
}
}
];
const getSecrets = async (environment: string, secretPath = "/") => {
const res = await testServer.inject({
method: "GET",
url: `/api/v3/secrets`,
headers: {
authorization: `Bearer ${serviceToken}`
},
query: {
secretPath,
environment,
workspaceId: seedData1.project.id
}
});
const secrets: TSecrets[] = JSON.parse(res.payload).secrets || [];
return secrets.map((el) => ({ ...decryptSecret(projectKey, el), type: el.type }));
};
test.each(testSecrets)("Create secret in path $path", async ({ secret, path }) => {
const createdSecret = await createSecret({ projectKey, path, ...secret, token: serviceToken });
const decryptedSecret = decryptSecret(projectKey, createdSecret);
expect(decryptedSecret.key).toEqual(secret.key);
expect(decryptedSecret.value).toEqual(secret.value);
expect(decryptedSecret.comment).toEqual(secret.comment);
expect(decryptedSecret.version).toEqual(1);
const secrets = await getSecrets(seedData1.environment.slug, path);
expect(secrets).toEqual(
expect.arrayContaining([
expect.objectContaining({
key: secret.key,
value: secret.value,
type: SecretType.Shared
})
])
);
await deleteSecret({ path, key: secret.key, token: serviceToken });
});
test.each(testSecrets)("Get secret by name in path $path", async ({ secret, path }) => {
await createSecret({ projectKey, path, ...secret, token: serviceToken });
const getSecByNameRes = await testServer.inject({
method: "GET",
url: `/api/v3/secrets/${secret.key}`,
headers: {
authorization: `Bearer ${serviceToken}`
},
query: {
secretPath: path,
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug
}
});
expect(getSecByNameRes.statusCode).toBe(200);
const getSecretByNamePayload = JSON.parse(getSecByNameRes.payload);
expect(getSecretByNamePayload).toHaveProperty("secret");
const decryptedSecret = decryptSecret(projectKey, getSecretByNamePayload.secret);
expect(decryptedSecret.key).toEqual(secret.key);
expect(decryptedSecret.value).toEqual(secret.value);
expect(decryptedSecret.comment).toEqual(secret.comment);
await deleteSecret({ path, key: secret.key, token: serviceToken });
});
test.each(testSecrets)("Update secret in path $path", async ({ path, secret }) => {
await createSecret({ projectKey, path, ...secret, token: serviceToken });
const updateSecretReqBody = {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
type: SecretType.Shared,
secretPath: path,
...encryptSecret(projectKey, secret.key, "new-value", secret.comment)
};
const updateSecRes = await testServer.inject({
method: "PATCH",
url: `/api/v3/secrets/${secret.key}`,
headers: {
authorization: `Bearer ${serviceToken}`
},
body: updateSecretReqBody
});
expect(updateSecRes.statusCode).toBe(200);
const updatedSecretPayload = JSON.parse(updateSecRes.payload);
expect(updatedSecretPayload).toHaveProperty("secret");
const decryptedSecret = decryptSecret(projectKey, updatedSecretPayload.secret);
expect(decryptedSecret.key).toEqual(secret.key);
expect(decryptedSecret.value).toEqual("new-value");
expect(decryptedSecret.comment).toEqual(secret.comment);
// list secret should have updated value
const secrets = await getSecrets(seedData1.environment.slug, path);
expect(secrets).toEqual(
expect.arrayContaining([
expect.objectContaining({
key: secret.key,
value: "new-value",
type: SecretType.Shared
})
])
);
await deleteSecret({ path, key: secret.key, token: serviceToken });
});
test.each(testSecrets)("Delete secret in path $path", async ({ secret, path }) => {
await createSecret({ projectKey, path, ...secret, token: serviceToken });
const deletedSecret = await deleteSecret({ path, key: secret.key, token: serviceToken });
const decryptedSecret = decryptSecret(projectKey, deletedSecret);
expect(decryptedSecret.key).toEqual(secret.key);
// shared secret deletion should delete personal ones also
const secrets = await getSecrets(seedData1.environment.slug, path);
expect(secrets).toEqual(
expect.not.arrayContaining([
expect.objectContaining({
key: secret.key,
type: SecretType.Shared
})
])
);
});
test.each(testSecrets)("Bulk create secrets in path $path", async ({ secret, path }) => {
const createSharedSecRes = await testServer.inject({
method: "POST",
url: `/api/v3/secrets/batch`,
headers: {
authorization: `Bearer ${serviceToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: path,
secrets: Array.from(Array(5)).map((_e, i) => ({
secretName: `BULK-${secret.key}-${i + 1}`,
...encryptSecret(projectKey, `BULK-${secret.key}-${i + 1}`, secret.value, secret.comment)
}))
}
});
expect(createSharedSecRes.statusCode).toBe(200);
const createSharedSecPayload = JSON.parse(createSharedSecRes.payload);
expect(createSharedSecPayload).toHaveProperty("secrets");
// bulk ones should exist
const secrets = await getSecrets(seedData1.environment.slug, path);
expect(secrets).toEqual(
expect.arrayContaining(
Array.from(Array(5)).map((_e, i) =>
expect.objectContaining({
key: `BULK-${secret.key}-${i + 1}`,
type: SecretType.Shared
})
)
)
);
await Promise.all(
Array.from(Array(5)).map((_e, i) =>
deleteSecret({ path, token: serviceToken, key: `BULK-${secret.key}-${i + 1}` })
)
);
});
test.each(testSecrets)("Bulk create fail on existing secret in path $path", async ({ secret, path }) => {
await createSecret({ projectKey, ...secret, key: `BULK-${secret.key}-1`, path, token: serviceToken });
const createSharedSecRes = await testServer.inject({
method: "POST",
url: `/api/v3/secrets/batch`,
headers: {
authorization: `Bearer ${serviceToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: path,
secrets: Array.from(Array(5)).map((_e, i) => ({
secretName: `BULK-${secret.key}-${i + 1}`,
...encryptSecret(projectKey, `BULK-${secret.key}-${i + 1}`, secret.value, secret.comment)
}))
}
});
expect(createSharedSecRes.statusCode).toBe(400);
await deleteSecret({ path, key: `BULK-${secret.key}-1`, token: serviceToken });
});
test.each(testSecrets)("Bulk update secrets in path $path", async ({ secret, path }) => {
await Promise.all(
Array.from(Array(5)).map((_e, i) =>
createSecret({ projectKey, token: serviceToken, ...secret, key: `BULK-${secret.key}-${i + 1}`, path })
)
);
const updateSharedSecRes = await testServer.inject({
method: "PATCH",
url: `/api/v3/secrets/batch`,
headers: {
authorization: `Bearer ${serviceToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: path,
secrets: Array.from(Array(5)).map((_e, i) => ({
secretName: `BULK-${secret.key}-${i + 1}`,
...encryptSecret(projectKey, `BULK-${secret.key}-${i + 1}`, "update-value", secret.comment)
}))
}
});
expect(updateSharedSecRes.statusCode).toBe(200);
const updateSharedSecPayload = JSON.parse(updateSharedSecRes.payload);
expect(updateSharedSecPayload).toHaveProperty("secrets");
// bulk ones should exist
const secrets = await getSecrets(seedData1.environment.slug, path);
expect(secrets).toEqual(
expect.arrayContaining(
Array.from(Array(5)).map((_e, i) =>
expect.objectContaining({
key: `BULK-${secret.key}-${i + 1}`,
value: "update-value",
type: SecretType.Shared
})
)
)
);
await Promise.all(
Array.from(Array(5)).map((_e, i) =>
deleteSecret({ path, key: `BULK-${secret.key}-${i + 1}`, token: serviceToken })
)
);
});
test.each(testSecrets)("Bulk delete secrets in path $path", async ({ secret, path }) => {
await Promise.all(
Array.from(Array(5)).map((_e, i) =>
createSecret({ projectKey, token: serviceToken, ...secret, key: `BULK-${secret.key}-${i + 1}`, path })
)
);
const deletedSharedSecRes = await testServer.inject({
method: "DELETE",
url: `/api/v3/secrets/batch`,
headers: {
authorization: `Bearer ${serviceToken}`
},
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: path,
secrets: Array.from(Array(5)).map((_e, i) => ({
secretName: `BULK-${secret.key}-${i + 1}`
}))
}
});
expect(deletedSharedSecRes.statusCode).toBe(200);
const deletedSecretPayload = JSON.parse(deletedSharedSecRes.payload);
expect(deletedSecretPayload).toHaveProperty("secrets");
// bulk ones should exist
const secrets = await getSecrets(seedData1.environment.slug, path);
expect(secrets).toEqual(
expect.not.arrayContaining(
Array.from(Array(5)).map((_e, i) =>
expect.objectContaining({
key: `BULK-${secret.value}-${i + 1}`,
type: SecretType.Shared
})
)
)
);
});
});
describe("Service token fail cases", async () => {
test("Unauthorized secret path access", async () => {
const serviceToken = await createServiceToken(
[{ secretPath: "/", environment: seedData1.environment.slug }],
["read", "write"]
);
const fetchSecrets = await testServer.inject({
method: "GET",
url: "/api/v3/secrets",
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: "/nested/deep"
},
headers: {
authorization: `Bearer ${serviceToken}`
}
});
expect(fetchSecrets.statusCode).toBe(401);
expect(fetchSecrets.json().error).toBe("PermissionDenied");
await deleteServiceToken();
});
test("Unauthorized secret environment access", async () => {
const serviceToken = await createServiceToken(
[{ secretPath: "/", environment: seedData1.environment.slug }],
["read", "write"]
);
const fetchSecrets = await testServer.inject({
method: "GET",
url: "/api/v3/secrets",
query: {
workspaceId: seedData1.project.id,
environment: "prod",
secretPath: "/"
},
headers: {
authorization: `Bearer ${serviceToken}`
}
});
expect(fetchSecrets.statusCode).toBe(401);
expect(fetchSecrets.json().error).toBe("PermissionDenied");
await deleteServiceToken();
});
test("Unauthorized write operation", async () => {
const serviceToken = await createServiceToken(
[{ secretPath: "/", environment: seedData1.environment.slug }],
["read"]
);
const writeSecrets = await testServer.inject({
method: "POST",
url: `/api/v3/secrets/NEW`,
body: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
type: SecretType.Shared,
secretPath: "/",
// doesn't matter project key because this will fail before that due to read only access
...encryptSecret(crypto.randomBytes(16).toString("hex"), "NEW", "value", "")
},
headers: {
authorization: `Bearer ${serviceToken}`
}
});
expect(writeSecrets.statusCode).toBe(401);
expect(writeSecrets.json().error).toBe("PermissionDenied");
// but read access should still work fine
const fetchSecrets = await testServer.inject({
method: "GET",
url: "/api/v3/secrets",
query: {
workspaceId: seedData1.project.id,
environment: seedData1.environment.slug,
secretPath: "/"
},
headers: {
authorization: `Bearer ${serviceToken}`
}
});
expect(fetchSecrets.statusCode).toBe(200);
await deleteServiceToken();
});
});

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,82 @@
// eslint-disable-next-line
import "ts-node/register";
import dotenv from "dotenv";
import jwt from "jsonwebtoken";
import knex from "knex";
import path from "path";
import { seedData1 } from "@app/db/seed-data";
import { initEnvConfig } from "@app/lib/config/env";
import { initLogger } from "@app/lib/logger";
import { main } from "@app/server/app";
import { AuthMethod, AuthTokenType } from "@app/services/auth/auth-type";
import { mockQueue } from "./mocks/queue";
import { mockSmtpServer } from "./mocks/smtp";
import { mockKeyStore } from "./mocks/keystore";
dotenv.config({ path: path.join(__dirname, "../../.env.test"), debug: true });
export default {
name: "knex-env",
transformMode: "ssr",
async setup() {
const logger = await initLogger();
const cfg = initEnvConfig(logger);
const db = knex({
client: "pg",
connection: cfg.DB_CONNECTION_URI,
migrations: {
directory: path.join(__dirname, "../src/db/migrations"),
extension: "ts",
tableName: "infisical_migrations"
},
seeds: {
directory: path.join(__dirname, "../src/db/seeds"),
extension: "ts"
}
});
try {
await db.migrate.latest();
await db.seed.run();
const smtp = mockSmtpServer();
const queue = mockQueue();
const keyStore = mockKeyStore();
const server = await main({ db, smtp, logger, queue, keyStore });
// @ts-expect-error type
globalThis.testServer = server;
// @ts-expect-error type
globalThis.jwtAuthToken = jwt.sign(
{
authTokenType: AuthTokenType.ACCESS_TOKEN,
userId: seedData1.id,
tokenVersionId: seedData1.token.id,
authMethod: AuthMethod.EMAIL,
organizationId: seedData1.organization.id,
accessVersion: 1
},
cfg.AUTH_SECRET,
{ expiresIn: cfg.JWT_AUTH_LIFETIME }
);
} catch (error) {
console.log("[TEST] Error setting up environment", error);
await db.destroy();
throw error;
}
// custom setup
return {
async teardown() {
// @ts-expect-error type
await globalThis.testServer.close();
// @ts-expect-error type
delete globalThis.testServer;
// @ts-expect-error type
delete globalThis.jwtToken;
// called after all tests with this env have been run
await db.migrate.rollback({}, true);
await db.destroy();
}
};
}
};

View File

@@ -1,46 +0,0 @@
export {};
declare global {
namespace NodeJS {
interface ProcessEnv {
PORT: string;
ENCRYPTION_KEY: string;
SALT_ROUNDS: string;
JWT_AUTH_LIFETIME: string;
JWT_AUTH_SECRET: string;
JWT_REFRESH_LIFETIME: string;
JWT_REFRESH_SECRET: string;
JWT_SERVICE_SECRET: string;
JWT_SIGNUP_LIFETIME: string;
JWT_SIGNUP_SECRET: string;
MONGO_URL: string;
NODE_ENV: "development" | "staging" | "testing" | "production";
VERBOSE_ERROR_OUTPUT: string;
LOKI_HOST: string;
CLIENT_ID_HEROKU: string;
CLIENT_ID_VERCEL: string;
CLIENT_ID_NETLIFY: string;
CLIENT_ID_GITHUB: string;
CLIENT_ID_GITLAB: string;
CLIENT_SECRET_HEROKU: string;
CLIENT_SECRET_VERCEL: string;
CLIENT_SECRET_NETLIFY: string;
CLIENT_SECRET_GITHUB: string;
CLIENT_SECRET_GITLAB: string;
CLIENT_SLUG_VERCEL: string;
POSTHOG_HOST: string;
POSTHOG_PROJECT_API_KEY: string;
SENTRY_DSN: string;
SITE_URL: string;
SMTP_HOST: string;
SMTP_SECURE: string;
SMTP_PORT: string;
SMTP_USERNAME: string;
SMTP_PASSWORD: string;
SMTP_FROM_ADDRESS: string;
SMTP_FROM_NAME: string;
TELEMETRY_ENABLED: string;
LICENSE_KEY: string;
}
}
}

View File

@@ -1,24 +0,0 @@
const http = require('http');
const PORT = process.env.PORT || 4000;
const options = {
host: 'localhost',
port: PORT,
timeout: 2000,
path: '/healthcheck'
};
const healthCheck = http.request(options, (res) => {
console.log(`HEALTHCHECK STATUS: ${res.statusCode}`);
if (res.statusCode == 200) {
process.exit(0);
} else {
process.exit(1);
}
});
healthCheck.on('error', function (err) {
console.error(`HEALTH CHECK ERROR: ${err}`);
process.exit(1);
});
healthCheck.end();

Binary file not shown.

Before

Width:  |  Height:  |  Size: 493 KiB

View File

@@ -1,9 +0,0 @@
export default {
preset: "ts-jest",
testEnvironment: "node",
collectCoverageFrom: ["src/*.{js,ts}", "!**/node_modules/**"],
modulePaths: ["<rootDir>/src"],
testMatch: ["<rootDir>/tests/**/*.test.ts"],
setupFiles: ["<rootDir>/test-resources/env-vars.js"],
setupFilesAfterEnv: ["<rootDir>/tests/setupTests.ts"],
};

View File

@@ -1,6 +1,6 @@
{
"watch": ["src"],
"ext": ".ts,.js",
"ignore": [],
"exec": "ts-node ./src/index.ts"
}
"watch": ["src"],
"ext": ".ts,.js",
"ignore": [],
"exec": "tsx ./src/main.ts | pino-pretty --colorize --colorizeObjects --singleLine"
}

34489
backend/package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@@ -1,148 +1,133 @@
{
"name": "backend",
"version": "1.0.0",
"description": "",
"main": "./dist/main.mjs",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"dev": "tsx watch --clear-screen=false ./src/main.ts | pino-pretty --colorize --colorizeObjects --singleLine",
"dev:docker": "nodemon",
"build": "tsup",
"start": "node dist/main.mjs",
"type:check": "tsc --noEmit",
"lint:fix": "eslint --fix --ext js,ts ./src",
"lint": "eslint 'src/**/*.ts'",
"test:e2e": "vitest run -c vitest.e2e.config.ts",
"test:e2e-watch": "vitest -c vitest.e2e.config.ts",
"test:e2e-coverage": "vitest run --coverage -c vitest.e2e.config.ts",
"generate:component": "tsx ./scripts/create-backend-file.ts",
"generate:schema": "tsx ./scripts/generate-schema-types.ts",
"migration:new": "tsx ./scripts/create-migration.ts",
"migration:up": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:up",
"migration:down": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:down",
"migration:list": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:list",
"migration:latest": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:latest",
"migration:rollback": "knex --knexfile ./src/db/knexfile.ts migrate:rollback",
"seed:new": "tsx ./scripts/create-seed-file.ts",
"seed": "knex --knexfile ./src/db/knexfile.ts --client pg seed:run",
"db:reset": "npm run migration:rollback -- --all && npm run migration:latest"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"@types/bcrypt": "^5.0.2",
"@types/jmespath": "^0.15.2",
"@types/jsonwebtoken": "^9.0.5",
"@types/jsrp": "^0.2.6",
"@types/libsodium-wrappers": "^0.7.13",
"@types/lodash.isequal": "^4.5.8",
"@types/node": "^20.9.5",
"@types/nodemailer": "^6.4.14",
"@types/passport-github": "^1.1.12",
"@types/passport-google-oauth20": "^2.0.14",
"@types/pg": "^8.10.9",
"@types/picomatch": "^2.3.3",
"@types/prompt-sync": "^4.2.3",
"@types/resolve": "^1.20.6",
"@types/uuid": "^9.0.7",
"@typescript-eslint/eslint-plugin": "^6.20.0",
"@typescript-eslint/parser": "^6.20.0",
"eslint": "^8.56.0",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-airbnb-typescript": "^17.1.0",
"eslint-config-prettier": "^9.1.0",
"eslint-import-resolver-typescript": "^3.6.1",
"eslint-plugin-import": "^2.29.1",
"eslint-plugin-prettier": "^5.1.3",
"eslint-plugin-simple-import-sort": "^10.0.0",
"nodemon": "^3.0.2",
"pino-pretty": "^10.2.3",
"prompt-sync": "^4.2.0",
"rimraf": "^5.0.5",
"ts-node": "^10.9.1",
"tsc-alias": "^1.8.8",
"tsconfig-paths": "^4.2.0",
"tsup": "^8.0.1",
"tsx": "^4.4.0",
"typescript": "^5.3.2",
"vite-tsconfig-paths": "^4.2.2",
"vitest": "^1.2.2"
},
"dependencies": {
"@aws-sdk/client-secrets-manager": "^3.319.0",
"@aws-sdk/client-iam": "^3.525.0",
"@aws-sdk/client-secrets-manager": "^3.504.0",
"@casl/ability": "^6.5.0",
"@casl/mongoose": "^7.2.1",
"@godaddy/terminus": "^4.12.0",
"@fastify/cookie": "^9.3.1",
"@fastify/cors": "^8.5.0",
"@fastify/etag": "^5.1.0",
"@fastify/formbody": "^7.4.0",
"@fastify/helmet": "^11.1.1",
"@fastify/passport": "^2.4.0",
"@fastify/rate-limit": "^9.0.0",
"@fastify/session": "^10.7.0",
"@fastify/swagger": "^8.14.0",
"@fastify/swagger-ui": "^2.1.0",
"@node-saml/passport-saml": "^4.0.4",
"@octokit/rest": "^19.0.5",
"@sentry/node": "^7.77.0",
"@sentry/tracing": "^7.48.0",
"@octokit/rest": "^20.0.2",
"@octokit/webhooks-types": "^7.3.1",
"@serdnam/pino-cloudwatch-transport": "^1.0.4",
"@types/crypto-js": "^4.1.1",
"@types/libsodium-wrappers": "^0.7.10",
"@sindresorhus/slugify": "^2.2.1",
"@ucast/mongo2js": "^1.3.4",
"ajv": "^8.12.0",
"argon2": "^0.30.3",
"aws-sdk": "^2.1364.0",
"axios": "^1.6.0",
"axios-retry": "^3.4.0",
"bcrypt": "^5.1.0",
"bigint-conversion": "^2.4.0",
"cookie-parser": "^1.4.6",
"cors": "^2.8.5",
"crypto-js": "^4.2.0",
"dotenv": "^16.0.1",
"express": "^4.18.1",
"express-async-errors": "^3.1.1",
"express-rate-limit": "^6.7.0",
"express-validator": "^6.14.2",
"handlebars": "^4.7.7",
"helmet": "^5.1.1",
"infisical-node": "^1.2.1",
"argon2": "^0.31.2",
"aws-sdk": "^2.1553.0",
"axios": "^1.6.7",
"axios-retry": "^4.0.0",
"bcrypt": "^5.1.1",
"bullmq": "^5.3.3",
"dotenv": "^16.4.1",
"fastify": "^4.26.0",
"fastify-plugin": "^4.5.1",
"handlebars": "^4.7.8",
"ioredis": "^5.3.2",
"jmespath": "^0.16.0",
"js-yaml": "^4.1.0",
"jsonwebtoken": "^9.0.0",
"jsonwebtoken": "^9.0.2",
"jsrp": "^0.2.4",
"libsodium-wrappers": "^0.7.10",
"lodash": "^4.17.21",
"mongoose": "^7.4.1",
"mysql2": "^3.6.2",
"nanoid": "^3.3.6",
"node-cache": "^5.1.2",
"nodemailer": "^6.8.0",
"ora": "^5.4.1",
"passport": "^0.6.0",
"knex": "^3.0.1",
"libsodium-wrappers": "^0.7.13",
"lodash.isequal": "^4.5.0",
"ms": "^2.1.3",
"mysql2": "^3.9.4",
"nanoid": "^5.0.4",
"nodemailer": "^6.9.9",
"ora": "^7.0.1",
"oracledb": "^6.4.0",
"passport-github": "^1.1.0",
"passport-gitlab2": "^5.0.0",
"passport-google-oauth20": "^2.0.0",
"passport-ldapauth": "^3.0.1",
"pg": "^8.11.3",
"pino": "^8.16.1",
"pino-http": "^8.5.1",
"posthog-node": "^2.6.0",
"probot": "^12.3.1",
"query-string": "^7.1.3",
"rate-limit-mongo": "^2.3.2",
"rimraf": "^3.0.2",
"swagger-ui-express": "^4.6.2",
"pg-query-stream": "^4.5.3",
"picomatch": "^3.0.1",
"pino": "^8.16.2",
"posthog-node": "^3.6.2",
"probot": "^13.0.0",
"smee-client": "^2.0.0",
"tweetnacl": "^1.0.3",
"tweetnacl-util": "^0.15.1",
"typescript": "^4.9.3",
"utility-types": "^3.10.0",
"zod": "^3.22.3"
},
"overrides": {
"rate-limit-mongo": {
"mongodb": "5.8.0"
}
},
"name": "infisical-api",
"version": "1.0.0",
"main": "src/index.js",
"scripts": {
"start": "node build/index.js",
"dev": "nodemon index.js",
"swagger-autogen": "node ./swagger/index.ts",
"build": "rimraf ./build && tsc && cp -R ./src/templates ./build && cp -R ./src/data ./build",
"lint": "eslint . --ext .ts",
"lint-and-fix": "eslint . --ext .ts --fix",
"lint-staged": "lint-staged",
"pretest": "docker compose -f test-resources/docker-compose.test.yml up -d",
"test": "cross-env NODE_ENV=test jest --verbose --testTimeout=10000 --detectOpenHandles; npm run posttest",
"test:ci": "npm test -- --watchAll=false --ci --reporters=default --reporters=jest-junit --reporters=github-actions --coverage --testLocationInResults --json --outputFile=coverage/report.json",
"posttest": "docker compose -f test-resources/docker-compose.test.yml down"
},
"repository": {
"type": "git",
"url": "git+https://github.com/Infisical/infisical-api.git"
},
"author": "",
"license": "ISC",
"bugs": {
"url": "https://github.com/Infisical/infisical-api/issues"
},
"homepage": "https://github.com/Infisical/infisical-api#readme",
"description": "",
"devDependencies": {
"@jest/globals": "^29.3.1",
"@posthog/plugin-scaffold": "^1.3.4",
"@swc/core": "^1.3.99",
"@swc/helpers": "^0.5.3",
"@types/bcrypt": "^5.0.0",
"@types/bcryptjs": "^2.4.2",
"@types/bull": "^4.10.0",
"@types/cookie-parser": "^1.4.3",
"@types/cors": "^2.8.12",
"@types/express": "^4.17.14",
"@types/jest": "^29.5.0",
"@types/jmespath": "^0.15.1",
"@types/jsonwebtoken": "^8.5.9",
"@types/lodash": "^4.14.191",
"@types/node": "^18.11.3",
"@types/nodemailer": "^6.4.6",
"@types/passport": "^1.0.12",
"@types/pg": "^8.10.7",
"@types/picomatch": "^2.3.0",
"@types/pino": "^7.0.5",
"@types/supertest": "^2.0.12",
"@types/swagger-jsdoc": "^6.0.1",
"@types/swagger-ui-express": "^4.1.3",
"@typescript-eslint/eslint-plugin": "^5.54.0",
"@typescript-eslint/parser": "^5.40.1",
"cross-env": "^7.0.3",
"eslint": "^8.26.0",
"eslint-plugin-unused-imports": "^2.0.0",
"install": "^0.13.0",
"jest": "^29.3.1",
"jest-junit": "^15.0.0",
"nodemon": "^2.0.19",
"npm": "^8.19.3",
"pino-pretty": "^10.2.3",
"regenerator-runtime": "^0.14.0",
"smee-client": "^1.2.3",
"supertest": "^6.3.3",
"swagger-autogen": "^2.23.5",
"ts-jest": "^29.0.3",
"ts-node": "^10.9.1"
},
"jest-junit": {
"outputDirectory": "reports",
"outputName": "jest-junit.xml",
"ancestorSeparator": " ",
"uniqueOutputName": "false",
"suiteNameTemplate": "{filepath}",
"classNameTemplate": "{classname}",
"titleTemplate": "{title}"
"uuid": "^9.0.1",
"zod": "^3.22.4",
"zod-to-json-schema": "^3.22.4"
}
}

View File

@@ -0,0 +1,127 @@
/* eslint-disable */
import { mkdirSync, writeFileSync } from "fs";
import path from "path";
import promptSync from "prompt-sync";
const prompt = promptSync({
sigint: true
});
console.log(`
Component List
--------------
1. Service component
2. DAL component
3. Router component
`);
const componentType = parseInt(prompt("Select a component: "), 10);
if (componentType === 1) {
const componentName = prompt("Enter service name: ");
const dir = path.join(__dirname, `../src/services/${componentName}`);
const pascalCase = componentName
.split("-")
.map((el) => `${el[0].toUpperCase()}${el.slice(1)}`)
.join("");
const camelCase = componentName
.split("-")
.map((el, index) => (index === 0 ? el : `${el[0].toUpperCase()}${el.slice(1)}`))
.join("");
const dalTypeName = `T${pascalCase}DALFactory`;
const dalName = `${camelCase}DALFactory`;
const serviceTypeName = `T${pascalCase}ServiceFactory`;
const serviceName = `${camelCase}ServiceFactory`;
mkdirSync(dir);
writeFileSync(
path.join(dir, `${componentName}-dal.ts`),
`import { TDbClient } from "@app/db";
import { TableName } from "@app/db/schemas";
export type ${dalTypeName} = ReturnType<typeof ${dalName}>;
export const ${dalName} = (db: TDbClient) => {
return { };
};
`
);
writeFileSync(
path.join(dir, `${componentName}-service.ts`),
`import { ${dalTypeName} } from "./${componentName}-dal";
type ${serviceTypeName}Dep = {
${camelCase}DAL: ${dalTypeName};
};
export type ${serviceTypeName} = ReturnType<typeof ${serviceName}>;
export const ${serviceName} = ({ ${camelCase}DAL }: ${serviceTypeName}Dep) => {
return {};
};
`
);
writeFileSync(path.join(dir, `${componentName}-types.ts`), "");
} else if (componentType === 2) {
const componentName = prompt("Enter service name: ");
const componentPath = prompt("Path wrt service folder: ");
const pascalCase = componentName
.split("-")
.map((el) => `${el[0].toUpperCase()}${el.slice(1)}`)
.join("");
const camelCase = componentName
.split("-")
.map((el, index) => (index === 0 ? el : `${el[0].toUpperCase()}${el.slice(1)}`))
.join("");
const dalTypeName = `T${pascalCase}DALFactory`;
const dalName = `${camelCase}DALFactory`;
writeFileSync(
path.join(__dirname, "../src/services", componentPath, `${componentName}-dal.ts`),
`import { TDbClient } from "@app/db";
import { TableName } from "@app/db/schemas";
export type ${dalTypeName} = ReturnType<typeof ${dalName}>;
export const ${dalName} = (db: TDbClient) => {
return { };
};
`
);
} else if (componentType === 3) {
const name = prompt("Enter router name: ");
const version = prompt("Version number: ");
const pascalCase = name
.split("-")
.map((el) => `${el[0].toUpperCase()}${el.slice(1)}`)
.join("");
writeFileSync(
path.join(__dirname, `../src/server/routes/v${Number(version)}/${name}-router.ts`),
`import { z } from "zod";
import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
import { AuthMode } from "@app/services/auth/auth-type";
import { readLimit } from "@app/server/config/rateLimiter";
export const register${pascalCase}Router = async (server: FastifyZodProvider) => {
server.route({
method: "GET",
url: "/",
config: {
rateLimit: readLimit
},
schema: {
params: z.object({}),
response: {
200: z.object({})
}
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {}
});
};
`
);
}

View File

@@ -0,0 +1,16 @@
/* eslint-disable */
import { execSync } from "child_process";
import path from "path";
import promptSync from "prompt-sync";
const prompt = promptSync({ sigint: true });
const migrationName = prompt("Enter name for migration: ");
// Remove spaces from migration name and replace with hyphens
const formattedMigrationName = migrationName.replace(/\s+/g, "-");
execSync(
`npx knex migrate:make --knexfile ${path.join(__dirname, "../src/db/knexfile.ts")} -x ts ${formattedMigrationName}`,
{ stdio: "inherit" }
);

View File

@@ -0,0 +1,16 @@
/* eslint-disable */
import { execSync } from "child_process";
import { readdirSync } from "fs";
import path from "path";
import promptSync from "prompt-sync";
const prompt = promptSync({ sigint: true });
const migrationName = prompt("Enter name for seedfile: ");
const fileCounter = readdirSync(path.join(__dirname, "../src/db/seeds")).length || 1;
execSync(
`npx knex seed:make --knexfile ${path.join(__dirname, "../src/db/knexfile.ts")} -x ts ${
fileCounter + 1
}-${migrationName}`,
{ stdio: "inherit" }
);

View File

@@ -0,0 +1,148 @@
/* eslint-disable */
import dotenv from "dotenv";
import path from "path";
import knex from "knex";
import { writeFileSync } from "fs";
dotenv.config({
path: path.join(__dirname, "../../.env.migration")
});
const db = knex({
client: "pg",
connection: process.env.DB_CONNECTION_URI
});
const getZodPrimitiveType = (type: string) => {
switch (type) {
case "uuid":
return "z.string().uuid()";
case "character varying":
return "z.string()";
case "ARRAY":
return "z.string().array()";
case "boolean":
return "z.boolean()";
case "jsonb":
return "z.unknown()";
case "json":
return "z.unknown()";
case "timestamp with time zone":
return "z.date()";
case "integer":
return "z.number()";
case "bigint":
return "z.coerce.number()";
case "text":
return "z.string()";
default:
throw new Error(`Invalid type: ${type}`);
}
};
const getZodDefaultValue = (type: unknown, value: string | number | boolean | Object) => {
if (!value || value === "null") return;
switch (type) {
case "uuid":
return `.default("00000000-0000-0000-0000-000000000000")`;
case "character varying": {
if (value === "gen_random_uuid()") return;
if (typeof value === "string" && value.includes("::")) {
return `.default(${value.split("::")[0]})`;
}
return `.default(${value})`;
}
case "ARRAY":
return `.default(${value})`;
case "boolean":
return `.default(${value})`;
case "jsonb":
return "z.string()";
case "json":
return "z.string()";
case "timestamp with time zone": {
if (value === "CURRENT_TIMESTAMP") return;
return "z.string().datetime()";
}
case "integer": {
if ((value as string).includes("nextval")) return;
return `.default(${value})`;
}
case "bigint": {
if ((value as string).includes("nextval")) return;
return `.default(${parseInt((value as string).split("::")[0].slice(1, -1), 10)})`;
}
case "text":
if (typeof value === "string" && value.includes("::")) {
return `.default(${value.split("::")[0]})`;
}
return `.default(${value})`;
default:
throw new Error(`Invalid type: ${type}`);
}
};
const main = async () => {
const tables = (
await db("information_schema.tables")
.whereRaw("table_schema = current_schema()")
.select<{ tableName: string }[]>("table_name as tableName")
.orderBy("table_name")
).filter((el) => !el.tableName.includes("_migrations"));
for (let i = 0; i < tables.length; i += 1) {
const { tableName } = tables[i];
const columns = await db(tableName).columnInfo();
const columnNames = Object.keys(columns);
let schema = "";
for (let colNum = 0; colNum < columnNames.length; colNum++) {
const columnName = columnNames[colNum];
const colInfo = columns[columnName];
let ztype = getZodPrimitiveType(colInfo.type);
// don't put optional on id
if (colInfo.defaultValue && columnName !== "id") {
const { defaultValue } = colInfo;
const zSchema = getZodDefaultValue(colInfo.type, defaultValue);
if (zSchema) {
ztype = ztype.concat(zSchema);
}
}
if (colInfo.nullable) {
ztype = ztype.concat(".nullable().optional()");
}
schema = schema.concat(
`${!schema ? "\n" : ""} ${columnName}: ${ztype}${colNum === columnNames.length - 1 ? "" : ","}\n`
);
}
const dashcase = tableName.split("_").join("-");
const pascalCase = tableName
.split("_")
.reduce((prev, curr) => prev + `${curr.at(0)?.toUpperCase()}${curr.slice(1).toLowerCase()}`, "");
// the insert and update are changed to zod input type to use default cases
writeFileSync(
path.join(__dirname, "../src/db/schemas", `${dashcase}.ts`),
`// Code generated by automation script, DO NOT EDIT.
// Automated by pulling database and generating zod schema
// To update. Just run npm run generate:schema
// Written by akhilmhdh.
import { z } from "zod";
import { TImmutableDBKeys } from "./models";
export const ${pascalCase}Schema = z.object({${schema}});
export type T${pascalCase} = z.infer<typeof ${pascalCase}Schema>;
export type T${pascalCase}Insert = Omit<z.input<typeof ${pascalCase}Schema>, TImmutableDBKeys>;
export type T${pascalCase}Update = Partial<Omit<z.input<typeof ${pascalCase}Schema>, TImmutableDBKeys>>;
`
);
}
process.exit(0);
};
main();

File diff suppressed because it is too large Load Diff

18
backend/src/@types/fastify-zod.d.ts vendored Normal file
View File

@@ -0,0 +1,18 @@
import { FastifyInstance, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerDefault } from "fastify";
import { Logger } from "pino";
import { ZodTypeProvider } from "@app/server/plugins/fastify-zod";
declare global {
type FastifyZodProvider = FastifyInstance<
RawServerDefault,
RawRequestDefaultExpression<RawServerDefault>,
RawReplyDefaultExpression<RawServerDefault>,
Readonly<Logger>,
ZodTypeProvider
>;
// used only for testing
const testServer: FastifyZodProvider;
const jwtAuthToken: string;
}

139
backend/src/@types/fastify.d.ts vendored Normal file
View File

@@ -0,0 +1,139 @@
import "fastify";
import { TUsers } from "@app/db/schemas";
import { TAuditLogServiceFactory } from "@app/ee/services/audit-log/audit-log-service";
import { TCreateAuditLogDTO } from "@app/ee/services/audit-log/audit-log-types";
import { TDynamicSecretServiceFactory } from "@app/ee/services/dynamic-secret/dynamic-secret-service";
import { TDynamicSecretLeaseServiceFactory } from "@app/ee/services/dynamic-secret-lease/dynamic-secret-lease-service";
import { TGroupServiceFactory } from "@app/ee/services/group/group-service";
import { TIdentityProjectAdditionalPrivilegeServiceFactory } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-service";
import { TLdapConfigServiceFactory } from "@app/ee/services/ldap-config/ldap-config-service";
import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
import { TProjectUserAdditionalPrivilegeServiceFactory } from "@app/ee/services/project-user-additional-privilege/project-user-additional-privilege-service";
import { TSamlConfigServiceFactory } from "@app/ee/services/saml-config/saml-config-service";
import { TScimServiceFactory } from "@app/ee/services/scim/scim-service";
import { TSecretApprovalPolicyServiceFactory } from "@app/ee/services/secret-approval-policy/secret-approval-policy-service";
import { TSecretApprovalRequestServiceFactory } from "@app/ee/services/secret-approval-request/secret-approval-request-service";
import { TSecretRotationServiceFactory } from "@app/ee/services/secret-rotation/secret-rotation-service";
import { TSecretScanningServiceFactory } from "@app/ee/services/secret-scanning/secret-scanning-service";
import { TSecretSnapshotServiceFactory } from "@app/ee/services/secret-snapshot/secret-snapshot-service";
import { TTrustedIpServiceFactory } from "@app/ee/services/trusted-ip/trusted-ip-service";
import { TAuthMode } from "@app/server/plugins/auth/inject-identity";
import { TApiKeyServiceFactory } from "@app/services/api-key/api-key-service";
import { TAuthLoginFactory } from "@app/services/auth/auth-login-service";
import { TAuthPasswordFactory } from "@app/services/auth/auth-password-service";
import { TAuthSignupFactory } from "@app/services/auth/auth-signup-service";
import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";
import { TAuthTokenServiceFactory } from "@app/services/auth-token/auth-token-service";
import { TGroupProjectServiceFactory } from "@app/services/group-project/group-project-service";
import { TIdentityServiceFactory } from "@app/services/identity/identity-service";
import { TIdentityAccessTokenServiceFactory } from "@app/services/identity-access-token/identity-access-token-service";
import { TIdentityProjectServiceFactory } from "@app/services/identity-project/identity-project-service";
import { TIdentityUaServiceFactory } from "@app/services/identity-ua/identity-ua-service";
import { TIntegrationServiceFactory } from "@app/services/integration/integration-service";
import { TIntegrationAuthServiceFactory } from "@app/services/integration-auth/integration-auth-service";
import { TOrgRoleServiceFactory } from "@app/services/org/org-role-service";
import { TOrgServiceFactory } from "@app/services/org/org-service";
import { TProjectServiceFactory } from "@app/services/project/project-service";
import { TProjectBotServiceFactory } from "@app/services/project-bot/project-bot-service";
import { TProjectEnvServiceFactory } from "@app/services/project-env/project-env-service";
import { TProjectKeyServiceFactory } from "@app/services/project-key/project-key-service";
import { TProjectMembershipServiceFactory } from "@app/services/project-membership/project-membership-service";
import { TProjectRoleServiceFactory } from "@app/services/project-role/project-role-service";
import { TSecretServiceFactory } from "@app/services/secret/secret-service";
import { TSecretBlindIndexServiceFactory } from "@app/services/secret-blind-index/secret-blind-index-service";
import { TSecretFolderServiceFactory } from "@app/services/secret-folder/secret-folder-service";
import { TSecretImportServiceFactory } from "@app/services/secret-import/secret-import-service";
import { TSecretTagServiceFactory } from "@app/services/secret-tag/secret-tag-service";
import { TServiceTokenServiceFactory } from "@app/services/service-token/service-token-service";
import { TSuperAdminServiceFactory } from "@app/services/super-admin/super-admin-service";
import { TTelemetryServiceFactory } from "@app/services/telemetry/telemetry-service";
import { TUserDALFactory } from "@app/services/user/user-dal";
import { TUserServiceFactory } from "@app/services/user/user-service";
import { TWebhookServiceFactory } from "@app/services/webhook/webhook-service";
declare module "fastify" {
interface FastifyRequest {
realIp: string;
// used for mfa session authentication
mfa: {
userId: string;
orgId?: string;
user: TUsers;
};
// identity injection. depending on which kinda of token the information is filled in auth
auth: TAuthMode;
permission: {
authMethod: ActorAuthMethod;
type: ActorType;
id: string;
orgId: string;
};
// passport data
passportUser: {
isUserCompleted: string;
providerAuthToken: string;
};
auditLogInfo: Pick<TCreateAuditLogDTO, "userAgent" | "userAgentType" | "ipAddress" | "actor">;
ssoConfig: Awaited<ReturnType<TSamlConfigServiceFactory["getSaml"]>>;
ldapConfig: Awaited<ReturnType<TLdapConfigServiceFactory["getLdapCfg"]>>;
}
interface FastifyInstance {
services: {
login: TAuthLoginFactory;
password: TAuthPasswordFactory;
signup: TAuthSignupFactory;
authToken: TAuthTokenServiceFactory;
permission: TPermissionServiceFactory;
org: TOrgServiceFactory;
orgRole: TOrgRoleServiceFactory;
superAdmin: TSuperAdminServiceFactory;
user: TUserServiceFactory;
group: TGroupServiceFactory;
groupProject: TGroupProjectServiceFactory;
apiKey: TApiKeyServiceFactory;
project: TProjectServiceFactory;
projectMembership: TProjectMembershipServiceFactory;
projectEnv: TProjectEnvServiceFactory;
projectKey: TProjectKeyServiceFactory;
projectRole: TProjectRoleServiceFactory;
secret: TSecretServiceFactory;
secretTag: TSecretTagServiceFactory;
secretImport: TSecretImportServiceFactory;
projectBot: TProjectBotServiceFactory;
folder: TSecretFolderServiceFactory;
integration: TIntegrationServiceFactory;
integrationAuth: TIntegrationAuthServiceFactory;
webhook: TWebhookServiceFactory;
serviceToken: TServiceTokenServiceFactory;
identity: TIdentityServiceFactory;
identityAccessToken: TIdentityAccessTokenServiceFactory;
identityProject: TIdentityProjectServiceFactory;
identityUa: TIdentityUaServiceFactory;
secretApprovalPolicy: TSecretApprovalPolicyServiceFactory;
secretApprovalRequest: TSecretApprovalRequestServiceFactory;
secretRotation: TSecretRotationServiceFactory;
snapshot: TSecretSnapshotServiceFactory;
saml: TSamlConfigServiceFactory;
scim: TScimServiceFactory;
ldap: TLdapConfigServiceFactory;
auditLog: TAuditLogServiceFactory;
secretScanning: TSecretScanningServiceFactory;
license: TLicenseServiceFactory;
trustedIp: TTrustedIpServiceFactory;
secretBlindIndex: TSecretBlindIndexServiceFactory;
telemetry: TTelemetryServiceFactory;
dynamicSecret: TDynamicSecretServiceFactory;
dynamicSecretLease: TDynamicSecretLeaseServiceFactory;
projectUserAdditionalPrivilege: TProjectUserAdditionalPrivilegeServiceFactory;
identityProjectAdditionalPrivilege: TIdentityProjectAdditionalPrivilegeServiceFactory;
};
// this is exclusive use for middlewares in which we need to inject data
// everywhere else access using service layer
store: {
user: Pick<TUserDALFactory, "findById">;
};
}
}

427
backend/src/@types/knex.d.ts vendored Normal file
View File

@@ -0,0 +1,427 @@
import { Knex } from "knex";
import {
TableName,
TApiKeys,
TApiKeysInsert,
TApiKeysUpdate,
TAuditLogs,
TAuditLogsInsert,
TAuditLogsUpdate,
TAuthTokens,
TAuthTokenSessions,
TAuthTokenSessionsInsert,
TAuthTokenSessionsUpdate,
TAuthTokensInsert,
TAuthTokensUpdate,
TBackupPrivateKey,
TBackupPrivateKeyInsert,
TBackupPrivateKeyUpdate,
TDynamicSecretLeases,
TDynamicSecretLeasesInsert,
TDynamicSecretLeasesUpdate,
TDynamicSecrets,
TDynamicSecretsInsert,
TDynamicSecretsUpdate,
TGitAppInstallSessions,
TGitAppInstallSessionsInsert,
TGitAppInstallSessionsUpdate,
TGitAppOrg,
TGitAppOrgInsert,
TGitAppOrgUpdate,
TGroupProjectMembershipRoles,
TGroupProjectMembershipRolesInsert,
TGroupProjectMembershipRolesUpdate,
TGroupProjectMemberships,
TGroupProjectMembershipsInsert,
TGroupProjectMembershipsUpdate,
TGroups,
TGroupsInsert,
TGroupsUpdate,
TIdentities,
TIdentitiesInsert,
TIdentitiesUpdate,
TIdentityAccessTokens,
TIdentityAccessTokensInsert,
TIdentityAccessTokensUpdate,
TIdentityOrgMemberships,
TIdentityOrgMembershipsInsert,
TIdentityOrgMembershipsUpdate,
TIdentityProjectAdditionalPrivilege,
TIdentityProjectAdditionalPrivilegeInsert,
TIdentityProjectAdditionalPrivilegeUpdate,
TIdentityProjectMembershipRole,
TIdentityProjectMembershipRoleInsert,
TIdentityProjectMembershipRoleUpdate,
TIdentityProjectMemberships,
TIdentityProjectMembershipsInsert,
TIdentityProjectMembershipsUpdate,
TIdentityUaClientSecrets,
TIdentityUaClientSecretsInsert,
TIdentityUaClientSecretsUpdate,
TIdentityUniversalAuths,
TIdentityUniversalAuthsInsert,
TIdentityUniversalAuthsUpdate,
TIncidentContacts,
TIncidentContactsInsert,
TIncidentContactsUpdate,
TIntegrationAuths,
TIntegrationAuthsInsert,
TIntegrationAuthsUpdate,
TIntegrations,
TIntegrationsInsert,
TIntegrationsUpdate,
TLdapConfigs,
TLdapConfigsInsert,
TLdapConfigsUpdate,
TOrganizations,
TOrganizationsInsert,
TOrganizationsUpdate,
TOrgBots,
TOrgBotsInsert,
TOrgBotsUpdate,
TOrgMemberships,
TOrgMembershipsInsert,
TOrgMembershipsUpdate,
TOrgRoles,
TOrgRolesInsert,
TOrgRolesUpdate,
TProjectBots,
TProjectBotsInsert,
TProjectBotsUpdate,
TProjectEnvironments,
TProjectEnvironmentsInsert,
TProjectEnvironmentsUpdate,
TProjectKeys,
TProjectKeysInsert,
TProjectKeysUpdate,
TProjectMemberships,
TProjectMembershipsInsert,
TProjectMembershipsUpdate,
TProjectRoles,
TProjectRolesInsert,
TProjectRolesUpdate,
TProjects,
TProjectsInsert,
TProjectsUpdate,
TProjectUserAdditionalPrivilege,
TProjectUserAdditionalPrivilegeInsert,
TProjectUserAdditionalPrivilegeUpdate,
TProjectUserMembershipRoles,
TProjectUserMembershipRolesInsert,
TProjectUserMembershipRolesUpdate,
TSamlConfigs,
TSamlConfigsInsert,
TSamlConfigsUpdate,
TScimTokens,
TScimTokensInsert,
TScimTokensUpdate,
TSecretApprovalPolicies,
TSecretApprovalPoliciesApprovers,
TSecretApprovalPoliciesApproversInsert,
TSecretApprovalPoliciesApproversUpdate,
TSecretApprovalPoliciesInsert,
TSecretApprovalPoliciesUpdate,
TSecretApprovalRequests,
TSecretApprovalRequestSecretTags,
TSecretApprovalRequestSecretTagsInsert,
TSecretApprovalRequestSecretTagsUpdate,
TSecretApprovalRequestsInsert,
TSecretApprovalRequestsReviewers,
TSecretApprovalRequestsReviewersInsert,
TSecretApprovalRequestsReviewersUpdate,
TSecretApprovalRequestsSecrets,
TSecretApprovalRequestsSecretsInsert,
TSecretApprovalRequestsSecretsUpdate,
TSecretApprovalRequestsUpdate,
TSecretBlindIndexes,
TSecretBlindIndexesInsert,
TSecretBlindIndexesUpdate,
TSecretFolders,
TSecretFoldersInsert,
TSecretFoldersUpdate,
TSecretFolderVersions,
TSecretFolderVersionsInsert,
TSecretFolderVersionsUpdate,
TSecretImports,
TSecretImportsInsert,
TSecretImportsUpdate,
TSecretRotationOutputs,
TSecretRotationOutputsInsert,
TSecretRotationOutputsUpdate,
TSecretRotations,
TSecretRotationsInsert,
TSecretRotationsUpdate,
TSecrets,
TSecretScanningGitRisks,
TSecretScanningGitRisksInsert,
TSecretScanningGitRisksUpdate,
TSecretsInsert,
TSecretSnapshotFolders,
TSecretSnapshotFoldersInsert,
TSecretSnapshotFoldersUpdate,
TSecretSnapshots,
TSecretSnapshotSecrets,
TSecretSnapshotSecretsInsert,
TSecretSnapshotSecretsUpdate,
TSecretSnapshotsInsert,
TSecretSnapshotsUpdate,
TSecretsUpdate,
TSecretTagJunction,
TSecretTagJunctionInsert,
TSecretTagJunctionUpdate,
TSecretTags,
TSecretTagsInsert,
TSecretTagsUpdate,
TSecretVersions,
TSecretVersionsInsert,
TSecretVersionsUpdate,
TSecretVersionTagJunction,
TSecretVersionTagJunctionInsert,
TSecretVersionTagJunctionUpdate,
TServiceTokens,
TServiceTokensInsert,
TServiceTokensUpdate,
TSuperAdmin,
TSuperAdminInsert,
TSuperAdminUpdate,
TTrustedIps,
TTrustedIpsInsert,
TTrustedIpsUpdate,
TUserActions,
TUserActionsInsert,
TUserActionsUpdate,
TUserAliases,
TUserAliasesInsert,
TUserAliasesUpdate,
TUserEncryptionKeys,
TUserEncryptionKeysInsert,
TUserEncryptionKeysUpdate,
TUserGroupMembership,
TUserGroupMembershipInsert,
TUserGroupMembershipUpdate,
TUsers,
TUsersInsert,
TUsersUpdate,
TWebhooks,
TWebhooksInsert,
TWebhooksUpdate
} from "@app/db/schemas";
declare module "knex/types/tables" {
interface Tables {
[TableName.Users]: Knex.CompositeTableType<TUsers, TUsersInsert, TUsersUpdate>;
[TableName.Groups]: Knex.CompositeTableType<TGroups, TGroupsInsert, TGroupsUpdate>;
[TableName.UserGroupMembership]: Knex.CompositeTableType<
TUserGroupMembership,
TUserGroupMembershipInsert,
TUserGroupMembershipUpdate
>;
[TableName.GroupProjectMembership]: Knex.CompositeTableType<
TGroupProjectMemberships,
TGroupProjectMembershipsInsert,
TGroupProjectMembershipsUpdate
>;
[TableName.GroupProjectMembershipRole]: Knex.CompositeTableType<
TGroupProjectMembershipRoles,
TGroupProjectMembershipRolesInsert,
TGroupProjectMembershipRolesUpdate
>;
[TableName.UserAliases]: Knex.CompositeTableType<TUserAliases, TUserAliasesInsert, TUserAliasesUpdate>;
[TableName.UserEncryptionKey]: Knex.CompositeTableType<
TUserEncryptionKeys,
TUserEncryptionKeysInsert,
TUserEncryptionKeysUpdate
>;
[TableName.AuthTokens]: Knex.CompositeTableType<TAuthTokens, TAuthTokensInsert, TAuthTokensUpdate>;
[TableName.AuthTokenSession]: Knex.CompositeTableType<
TAuthTokenSessions,
TAuthTokenSessionsInsert,
TAuthTokenSessionsUpdate
>;
[TableName.BackupPrivateKey]: Knex.CompositeTableType<
TBackupPrivateKey,
TBackupPrivateKeyInsert,
TBackupPrivateKeyUpdate
>;
[TableName.Organization]: Knex.CompositeTableType<TOrganizations, TOrganizationsInsert, TOrganizationsUpdate>;
[TableName.OrgMembership]: Knex.CompositeTableType<TOrgMemberships, TOrgMembershipsInsert, TOrgMembershipsUpdate>;
[TableName.OrgRoles]: Knex.CompositeTableType<TOrgRoles, TOrgRolesInsert, TOrgRolesUpdate>;
[TableName.IncidentContact]: Knex.CompositeTableType<
TIncidentContacts,
TIncidentContactsInsert,
TIncidentContactsUpdate
>;
[TableName.UserAction]: Knex.CompositeTableType<TUserActions, TUserActionsInsert, TUserActionsUpdate>;
[TableName.SuperAdmin]: Knex.CompositeTableType<TSuperAdmin, TSuperAdminInsert, TSuperAdminUpdate>;
[TableName.ApiKey]: Knex.CompositeTableType<TApiKeys, TApiKeysInsert, TApiKeysUpdate>;
[TableName.Project]: Knex.CompositeTableType<TProjects, TProjectsInsert, TProjectsUpdate>;
[TableName.ProjectMembership]: Knex.CompositeTableType<
TProjectMemberships,
TProjectMembershipsInsert,
TProjectMembershipsUpdate
>;
[TableName.Environment]: Knex.CompositeTableType<
TProjectEnvironments,
TProjectEnvironmentsInsert,
TProjectEnvironmentsUpdate
>;
[TableName.ProjectBot]: Knex.CompositeTableType<TProjectBots, TProjectBotsInsert, TProjectBotsUpdate>;
[TableName.ProjectUserMembershipRole]: Knex.CompositeTableType<
TProjectUserMembershipRoles,
TProjectUserMembershipRolesInsert,
TProjectUserMembershipRolesUpdate
>;
[TableName.ProjectRoles]: Knex.CompositeTableType<TProjectRoles, TProjectRolesInsert, TProjectRolesUpdate>;
[TableName.ProjectUserAdditionalPrivilege]: Knex.CompositeTableType<
TProjectUserAdditionalPrivilege,
TProjectUserAdditionalPrivilegeInsert,
TProjectUserAdditionalPrivilegeUpdate
>;
[TableName.ProjectKeys]: Knex.CompositeTableType<TProjectKeys, TProjectKeysInsert, TProjectKeysUpdate>;
[TableName.Secret]: Knex.CompositeTableType<TSecrets, TSecretsInsert, TSecretsUpdate>;
[TableName.SecretBlindIndex]: Knex.CompositeTableType<
TSecretBlindIndexes,
TSecretBlindIndexesInsert,
TSecretBlindIndexesUpdate
>;
[TableName.SecretVersion]: Knex.CompositeTableType<TSecretVersions, TSecretVersionsInsert, TSecretVersionsUpdate>;
[TableName.SecretFolder]: Knex.CompositeTableType<TSecretFolders, TSecretFoldersInsert, TSecretFoldersUpdate>;
[TableName.SecretFolderVersion]: Knex.CompositeTableType<
TSecretFolderVersions,
TSecretFolderVersionsInsert,
TSecretFolderVersionsUpdate
>;
[TableName.SecretTag]: Knex.CompositeTableType<TSecretTags, TSecretTagsInsert, TSecretTagsUpdate>;
[TableName.SecretImport]: Knex.CompositeTableType<TSecretImports, TSecretImportsInsert, TSecretImportsUpdate>;
[TableName.Integration]: Knex.CompositeTableType<TIntegrations, TIntegrationsInsert, TIntegrationsUpdate>;
[TableName.Webhook]: Knex.CompositeTableType<TWebhooks, TWebhooksInsert, TWebhooksUpdate>;
[TableName.ServiceToken]: Knex.CompositeTableType<TServiceTokens, TServiceTokensInsert, TServiceTokensUpdate>;
[TableName.IntegrationAuth]: Knex.CompositeTableType<
TIntegrationAuths,
TIntegrationAuthsInsert,
TIntegrationAuthsUpdate
>;
[TableName.Identity]: Knex.CompositeTableType<TIdentities, TIdentitiesInsert, TIdentitiesUpdate>;
[TableName.IdentityUniversalAuth]: Knex.CompositeTableType<
TIdentityUniversalAuths,
TIdentityUniversalAuthsInsert,
TIdentityUniversalAuthsUpdate
>;
[TableName.IdentityUaClientSecret]: Knex.CompositeTableType<
TIdentityUaClientSecrets,
TIdentityUaClientSecretsInsert,
TIdentityUaClientSecretsUpdate
>;
[TableName.IdentityAccessToken]: Knex.CompositeTableType<
TIdentityAccessTokens,
TIdentityAccessTokensInsert,
TIdentityAccessTokensUpdate
>;
[TableName.IdentityOrgMembership]: Knex.CompositeTableType<
TIdentityOrgMemberships,
TIdentityOrgMembershipsInsert,
TIdentityOrgMembershipsUpdate
>;
[TableName.IdentityProjectMembership]: Knex.CompositeTableType<
TIdentityProjectMemberships,
TIdentityProjectMembershipsInsert,
TIdentityProjectMembershipsUpdate
>;
[TableName.IdentityProjectMembershipRole]: Knex.CompositeTableType<
TIdentityProjectMembershipRole,
TIdentityProjectMembershipRoleInsert,
TIdentityProjectMembershipRoleUpdate
>;
[TableName.IdentityProjectAdditionalPrivilege]: Knex.CompositeTableType<
TIdentityProjectAdditionalPrivilege,
TIdentityProjectAdditionalPrivilegeInsert,
TIdentityProjectAdditionalPrivilegeUpdate
>;
[TableName.ScimToken]: Knex.CompositeTableType<TScimTokens, TScimTokensInsert, TScimTokensUpdate>;
[TableName.SecretApprovalPolicy]: Knex.CompositeTableType<
TSecretApprovalPolicies,
TSecretApprovalPoliciesInsert,
TSecretApprovalPoliciesUpdate
>;
[TableName.SecretApprovalPolicyApprover]: Knex.CompositeTableType<
TSecretApprovalPoliciesApprovers,
TSecretApprovalPoliciesApproversInsert,
TSecretApprovalPoliciesApproversUpdate
>;
[TableName.SecretApprovalRequest]: Knex.CompositeTableType<
TSecretApprovalRequests,
TSecretApprovalRequestsInsert,
TSecretApprovalRequestsUpdate
>;
[TableName.SecretApprovalRequestReviewer]: Knex.CompositeTableType<
TSecretApprovalRequestsReviewers,
TSecretApprovalRequestsReviewersInsert,
TSecretApprovalRequestsReviewersUpdate
>;
[TableName.SecretApprovalRequestSecret]: Knex.CompositeTableType<
TSecretApprovalRequestsSecrets,
TSecretApprovalRequestsSecretsInsert,
TSecretApprovalRequestsSecretsUpdate
>;
[TableName.SecretApprovalRequestSecretTag]: Knex.CompositeTableType<
TSecretApprovalRequestSecretTags,
TSecretApprovalRequestSecretTagsInsert,
TSecretApprovalRequestSecretTagsUpdate
>;
[TableName.SecretRotation]: Knex.CompositeTableType<
TSecretRotations,
TSecretRotationsInsert,
TSecretRotationsUpdate
>;
[TableName.SecretRotationOutput]: Knex.CompositeTableType<
TSecretRotationOutputs,
TSecretRotationOutputsInsert,
TSecretRotationOutputsUpdate
>;
[TableName.Snapshot]: Knex.CompositeTableType<TSecretSnapshots, TSecretSnapshotsInsert, TSecretSnapshotsUpdate>;
[TableName.SnapshotSecret]: Knex.CompositeTableType<
TSecretSnapshotSecrets,
TSecretSnapshotSecretsInsert,
TSecretSnapshotSecretsUpdate
>;
[TableName.SnapshotFolder]: Knex.CompositeTableType<
TSecretSnapshotFolders,
TSecretSnapshotFoldersInsert,
TSecretSnapshotFoldersUpdate
>;
[TableName.DynamicSecret]: Knex.CompositeTableType<TDynamicSecrets, TDynamicSecretsInsert, TDynamicSecretsUpdate>;
[TableName.DynamicSecretLease]: Knex.CompositeTableType<
TDynamicSecretLeases,
TDynamicSecretLeasesInsert,
TDynamicSecretLeasesUpdate
>;
[TableName.SamlConfig]: Knex.CompositeTableType<TSamlConfigs, TSamlConfigsInsert, TSamlConfigsUpdate>;
[TableName.LdapConfig]: Knex.CompositeTableType<TLdapConfigs, TLdapConfigsInsert, TLdapConfigsUpdate>;
[TableName.OrgBot]: Knex.CompositeTableType<TOrgBots, TOrgBotsInsert, TOrgBotsUpdate>;
[TableName.AuditLog]: Knex.CompositeTableType<TAuditLogs, TAuditLogsInsert, TAuditLogsUpdate>;
[TableName.GitAppInstallSession]: Knex.CompositeTableType<
TGitAppInstallSessions,
TGitAppInstallSessionsInsert,
TGitAppInstallSessionsUpdate
>;
[TableName.GitAppOrg]: Knex.CompositeTableType<TGitAppOrg, TGitAppOrgInsert, TGitAppOrgUpdate>;
[TableName.SecretScanningGitRisk]: Knex.CompositeTableType<
TSecretScanningGitRisks,
TSecretScanningGitRisksInsert,
TSecretScanningGitRisksUpdate
>;
[TableName.TrustedIps]: Knex.CompositeTableType<TTrustedIps, TTrustedIpsInsert, TTrustedIpsUpdate>;
// Junction tables
[TableName.JnSecretTag]: Knex.CompositeTableType<
TSecretTagJunction,
TSecretTagJunctionInsert,
TSecretTagJunctionUpdate
>;
[TableName.SecretVersionTag]: Knex.CompositeTableType<
TSecretVersionTagJunction,
TSecretVersionTagJunctionInsert,
TSecretVersionTagJunctionUpdate
>;
}
}

View File

@@ -0,0 +1 @@
declare module "passport-gitlab2";

View File

@@ -1,43 +0,0 @@
import ora from "ora";
import nodemailer from "nodemailer";
import { getSmtpHost, getSmtpPort } from "./config";
import { logger } from "./utils/logging";
import mongoose from "mongoose";
import { redisClient } from "./services/RedisService";
type BootstrapOpt = {
transporter: nodemailer.Transporter;
};
export const bootstrap = async ({ transporter }: BootstrapOpt) => {
const spinner = ora().start();
spinner.info("Checking configurations...");
spinner.info("Testing smtp connection");
await transporter
.verify()
.then(async () => {
spinner.succeed("SMTP successfully connected");
})
.catch(async (err) => {
spinner.fail(`SMTP - Failed to connect to ${await getSmtpHost()}:${await getSmtpPort()}`);
logger.error(err);
});
spinner.info("Testing mongodb connection");
if (mongoose.connection.readyState !== mongoose.ConnectionStates.connected) {
spinner.fail("Mongo DB - Failed to connect");
} else {
spinner.succeed("Mongodb successfully connected");
}
spinner.info("Testing redis connection");
const redisPing = await redisClient?.ping();
if (!redisPing) {
spinner.fail("Redis - Failed to connect");
} else {
spinner.succeed("Redis successfully connected");
}
spinner.stop();
};

View File

@@ -1,173 +0,0 @@
import { GITLAB_URL } from "../variables";
import InfisicalClient from "infisical-node";
export const client = new InfisicalClient({
token: process.env.INFISICAL_TOKEN!
});
export const getPort = async () => (await client.getSecret("PORT")).secretValue || 4000;
export const getEncryptionKey = async () => {
const secretValue = (await client.getSecret("ENCRYPTION_KEY")).secretValue;
return secretValue === "" ? undefined : secretValue;
};
export const getRootEncryptionKey = async () => {
const secretValue = (await client.getSecret("ROOT_ENCRYPTION_KEY")).secretValue;
return secretValue === "" ? undefined : secretValue;
};
export const getInviteOnlySignup = async () =>
(await client.getSecret("INVITE_ONLY_SIGNUP")).secretValue === "true";
export const getSaltRounds = async () =>
parseInt((await client.getSecret("SALT_ROUNDS")).secretValue) || 10;
export const getAuthSecret = async () =>
(await client.getSecret("JWT_AUTH_SECRET")).secretValue ??
(await client.getSecret("AUTH_SECRET")).secretValue;
export const getJwtAuthLifetime = async () =>
(await client.getSecret("JWT_AUTH_LIFETIME")).secretValue || "10d";
export const getJwtMfaLifetime = async () =>
(await client.getSecret("JWT_MFA_LIFETIME")).secretValue || "5m";
export const getJwtRefreshLifetime = async () =>
(await client.getSecret("JWT_REFRESH_LIFETIME")).secretValue || "90d";
export const getJwtServiceSecret = async () =>
(await client.getSecret("JWT_SERVICE_SECRET")).secretValue; // TODO: deprecate (related to ST V1)
export const getJwtSignupLifetime = async () =>
(await client.getSecret("JWT_SIGNUP_LIFETIME")).secretValue || "15m";
export const getJwtProviderAuthLifetime = async () =>
(await client.getSecret("JWT_PROVIDER_AUTH_LIFETIME")).secretValue || "15m";
export const getMongoURL = async () => (await client.getSecret("MONGO_URL")).secretValue;
export const getNodeEnv = async () =>
(await client.getSecret("NODE_ENV")).secretValue || "production";
export const getVerboseErrorOutput = async () =>
(await client.getSecret("VERBOSE_ERROR_OUTPUT")).secretValue === "true" && true;
export const getLokiHost = async () => (await client.getSecret("LOKI_HOST")).secretValue;
export const getClientIdAzure = async () => (await client.getSecret("CLIENT_ID_AZURE")).secretValue;
export const getClientIdHeroku = async () =>
(await client.getSecret("CLIENT_ID_HEROKU")).secretValue;
export const getClientIdVercel = async () =>
(await client.getSecret("CLIENT_ID_VERCEL")).secretValue;
export const getClientIdNetlify = async () =>
(await client.getSecret("CLIENT_ID_NETLIFY")).secretValue;
export const getClientIdGitHub = async () =>
(await client.getSecret("CLIENT_ID_GITHUB")).secretValue;
export const getClientIdGitLab = async () =>
(await client.getSecret("CLIENT_ID_GITLAB")).secretValue;
export const getClientIdBitBucket = async () =>
(await client.getSecret("CLIENT_ID_BITBUCKET")).secretValue;
export const getClientIdGCPSecretManager = async () =>
(await client.getSecret("CLIENT_ID_GCP_SECRET_MANAGER")).secretValue;
export const getClientSecretAzure = async () =>
(await client.getSecret("CLIENT_SECRET_AZURE")).secretValue;
export const getClientSecretHeroku = async () =>
(await client.getSecret("CLIENT_SECRET_HEROKU")).secretValue;
export const getClientSecretVercel = async () =>
(await client.getSecret("CLIENT_SECRET_VERCEL")).secretValue;
export const getClientSecretNetlify = async () =>
(await client.getSecret("CLIENT_SECRET_NETLIFY")).secretValue;
export const getClientSecretGitHub = async () =>
(await client.getSecret("CLIENT_SECRET_GITHUB")).secretValue;
export const getClientSecretGitLab = async () =>
(await client.getSecret("CLIENT_SECRET_GITLAB")).secretValue;
export const getClientSecretBitBucket = async () =>
(await client.getSecret("CLIENT_SECRET_BITBUCKET")).secretValue;
export const getClientSecretGCPSecretManager = async () =>
(await client.getSecret("CLIENT_SECRET_GCP_SECRET_MANAGER")).secretValue;
export const getClientSlugVercel = async () =>
(await client.getSecret("CLIENT_SLUG_VERCEL")).secretValue;
export const getClientIdGoogleLogin = async () =>
(await client.getSecret("CLIENT_ID_GOOGLE_LOGIN")).secretValue;
export const getClientSecretGoogleLogin = async () =>
(await client.getSecret("CLIENT_SECRET_GOOGLE_LOGIN")).secretValue;
export const getClientIdGitHubLogin = async () =>
(await client.getSecret("CLIENT_ID_GITHUB_LOGIN")).secretValue;
export const getClientSecretGitHubLogin = async () =>
(await client.getSecret("CLIENT_SECRET_GITHUB_LOGIN")).secretValue;
export const getClientIdGitLabLogin = async () =>
(await client.getSecret("CLIENT_ID_GITLAB_LOGIN")).secretValue;
export const getClientSecretGitLabLogin = async () =>
(await client.getSecret("CLIENT_SECRET_GITLAB_LOGIN")).secretValue;
export const getUrlGitLabLogin = async () =>
(await client.getSecret("URL_GITLAB_LOGIN")).secretValue || GITLAB_URL;
export const getAwsCloudWatchLog = async () => {
const logGroupName =
(await client.getSecret("AWS_CLOUDWATCH_LOG_GROUP_NAME")).secretValue || "infisical-log-stream";
const region = (await client.getSecret("AWS_CLOUDWATCH_LOG_REGION")).secretValue;
const accessKeyId = (await client.getSecret("AWS_CLOUDWATCH_LOG_ACCESS_KEY_ID")).secretValue;
const accessKeySecret = (await client.getSecret("AWS_CLOUDWATCH_LOG_ACCESS_KEY_SECRET"))
.secretValue;
const interval = parseInt(
(await client.getSecret("AWS_CLOUDWATCH_LOG_INTERVAL")).secretValue || 1000,
10
);
if (!region || !accessKeyId || !accessKeySecret) return;
return { logGroupName, region, accessKeySecret, accessKeyId, interval };
};
export const getPostHogHost = async () =>
(await client.getSecret("POSTHOG_HOST")).secretValue || "https://app.posthog.com";
export const getPostHogProjectApiKey = async () =>
(await client.getSecret("POSTHOG_PROJECT_API_KEY")).secretValue ||
"phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE";
export const getSentryDSN = async () => (await client.getSecret("SENTRY_DSN")).secretValue;
export const getSiteURL = async () => (await client.getSecret("SITE_URL")).secretValue;
export const getSmtpHost = async () => (await client.getSecret("SMTP_HOST")).secretValue;
export const getSmtpSecure = async () =>
(await client.getSecret("SMTP_SECURE")).secretValue === "true" || false;
export const getSmtpPort = async () =>
parseInt((await client.getSecret("SMTP_PORT")).secretValue) || 587;
export const getSmtpUsername = async () => (await client.getSecret("SMTP_USERNAME")).secretValue;
export const getSmtpPassword = async () => (await client.getSecret("SMTP_PASSWORD")).secretValue;
export const getSmtpFromAddress = async () =>
(await client.getSecret("SMTP_FROM_ADDRESS")).secretValue;
export const getSmtpFromName = async () =>
(await client.getSecret("SMTP_FROM_NAME")).secretValue || "Infisical";
export const getSecretScanningWebhookProxy = async () =>
(await client.getSecret("SECRET_SCANNING_WEBHOOK_PROXY")).secretValue;
export const getSecretScanningWebhookSecret = async () =>
(await client.getSecret("SECRET_SCANNING_WEBHOOK_SECRET")).secretValue;
export const getSecretScanningGitAppId = async () =>
(await client.getSecret("SECRET_SCANNING_GIT_APP_ID")).secretValue;
export const getSecretScanningPrivateKey = async () =>
(await client.getSecret("SECRET_SCANNING_PRIVATE_KEY")).secretValue;
export const getRedisUrl = async () => (await client.getSecret("REDIS_URL")).secretValue;
export const getIsInfisicalCloud = async () =>
(await client.getSecret("INFISICAL_CLOUD")).secretValue === "true";
export const getLicenseKey = async () => {
const secretValue = (await client.getSecret("LICENSE_KEY")).secretValue;
return secretValue === "" ? undefined : secretValue;
};
export const getLicenseServerKey = async () => {
const secretValue = (await client.getSecret("LICENSE_SERVER_KEY")).secretValue;
return secretValue === "" ? undefined : secretValue;
};
export const getLicenseServerUrl = async () =>
(await client.getSecret("LICENSE_SERVER_URL")).secretValue || "https://portal.infisical.com";
export const getTelemetryEnabled = async () =>
(await client.getSecret("TELEMETRY_ENABLED")).secretValue !== "false" && true;
export const getLoopsApiKey = async () => (await client.getSecret("LOOPS_API_KEY")).secretValue;
export const getSmtpConfigured = async () =>
(await client.getSecret("SMTP_HOST")).secretValue == "" ||
(await client.getSecret("SMTP_HOST")).secretValue == undefined
? false
: true;
export const getHttpsEnabled = async () => {
if ((await getNodeEnv()) != "production") {
// no https for anything other than prod
return false;
}
if (
(await client.getSecret("HTTPS_ENABLED")).secretValue == undefined ||
(await client.getSecret("HTTPS_ENABLED")).secretValue == ""
) {
// default when no value present
return true;
}
return (await client.getSecret("HTTPS_ENABLED")).secretValue === "true" && true;
};

View File

@@ -1,124 +0,0 @@
import axios from "axios";
import axiosRetry from "axios-retry";
import {
getLicenseKeyAuthToken,
getLicenseServerKeyAuthToken,
setLicenseKeyAuthToken,
setLicenseServerKeyAuthToken,
} from "./storage";
import {
getLicenseKey,
getLicenseServerKey,
getLicenseServerUrl,
} from "./index";
// should have JWT to interact with the license server
export const licenseServerKeyRequest = axios.create();
export const licenseKeyRequest = axios.create();
export const standardRequest = axios.create();
// add retry functionality to the axios instance
axiosRetry(standardRequest, {
retries: 3,
retryDelay: axiosRetry.exponentialDelay, // exponential back-off delay between retries
retryCondition: (error) => {
// only retry if the error is a network error or a 5xx server error
return axiosRetry.isNetworkError(error) || axiosRetry.isRetryableError(error);
},
});
export const refreshLicenseServerKeyToken = async () => {
const licenseServerKey = await getLicenseServerKey();
const licenseServerUrl = await getLicenseServerUrl();
const { data: { token } } = await standardRequest.post(
`${licenseServerUrl}/api/auth/v1/license-server-login`, {},
{
headers: {
"X-API-KEY": licenseServerKey,
},
}
);
setLicenseServerKeyAuthToken(token);
return token;
}
export const refreshLicenseKeyToken = async () => {
const licenseKey = await getLicenseKey();
const licenseServerUrl = await getLicenseServerUrl();
const { data: { token } } = await standardRequest.post(
`${licenseServerUrl}/api/auth/v1/license-login`, {},
{
headers: {
"X-API-KEY": licenseKey,
},
}
);
setLicenseKeyAuthToken(token);
return token;
}
licenseServerKeyRequest.interceptors.request.use((config) => {
const token = getLicenseServerKeyAuthToken();
if (token && config.headers) {
// eslint-disable-next-line no-param-reassign
config.headers.Authorization = `Bearer ${token}`;
}
return config;
}, (err) => {
return Promise.reject(err);
});
licenseServerKeyRequest.interceptors.response.use((response) => {
return response
}, async function (err) {
const originalRequest = err.config;
if (err.response.status === 401 && !originalRequest._retry) {
originalRequest._retry = true;
// refresh
const token = await refreshLicenseServerKeyToken();
axios.defaults.headers.common["Authorization"] = "Bearer " + token;
return licenseServerKeyRequest(originalRequest);
}
return Promise.reject(err);
});
licenseKeyRequest.interceptors.request.use((config) => {
const token = getLicenseKeyAuthToken();
if (token && config.headers) {
// eslint-disable-next-line no-param-reassign
config.headers.Authorization = `Bearer ${token}`;
}
return config;
}, (err) => {
return Promise.reject(err);
});
licenseKeyRequest.interceptors.response.use((response) => {
return response
}, async function (err) {
const originalRequest = err.config;
if (err.response.status === 401 && !originalRequest._retry) {
originalRequest._retry = true;
// refresh
const token = await refreshLicenseKeyToken();
axios.defaults.headers.common["Authorization"] = "Bearer " + token;
return licenseKeyRequest(originalRequest);
}
return Promise.reject(err);
});

View File

@@ -1,24 +0,0 @@
import { IServerConfig, ServerConfig } from "../models/serverConfig";
let serverConfig: IServerConfig;
export const serverConfigInit = async () => {
const cfg = await ServerConfig.findOne({});
if (!cfg) {
const cfg = new ServerConfig();
await cfg.save();
serverConfig = cfg;
} else {
serverConfig = cfg;
}
return serverConfig;
};
export const getServerConfig = () => serverConfig;
export const updateServerConfig = async (data: Partial<IServerConfig>) => {
const cfg = await ServerConfig.findByIdAndUpdate(serverConfig._id, data, { new: true });
if (!cfg) throw new Error("Failed to update server config");
serverConfig = cfg;
return serverConfig;
};

View File

@@ -1,30 +0,0 @@
const MemoryLicenseServerKeyTokenStorage = () => {
let authToken: string;
return {
setToken: (token: string) => {
authToken = token;
},
getToken: () => authToken,
};
};
const MemoryLicenseKeyTokenStorage = () => {
let authToken: string;
return {
setToken: (token: string) => {
authToken = token;
},
getToken: () => authToken,
};
};
const licenseServerTokenStorage = MemoryLicenseServerKeyTokenStorage();
const licenseTokenStorage = MemoryLicenseKeyTokenStorage();
export const getLicenseServerKeyAuthToken = licenseServerTokenStorage.getToken;
export const setLicenseServerKeyAuthToken = licenseServerTokenStorage.setToken;
export const getLicenseKeyAuthToken = licenseTokenStorage.getToken;
export const setLicenseKeyAuthToken = licenseTokenStorage.setToken;

View File

@@ -1,100 +0,0 @@
import { Request, Response } from "express";
import { getHttpsEnabled } from "../../config";
import { getServerConfig, updateServerConfig as setServerConfig } from "../../config/serverConfig";
import { initializeDefaultOrg, issueAuthTokens } from "../../helpers";
import { validateRequest } from "../../helpers/validation";
import { User } from "../../models";
import { TelemetryService } from "../../services";
import { BadRequestError, UnauthorizedRequestError } from "../../utils/errors";
import * as reqValidator from "../../validation/admin";
export const getServerConfigInfo = (_req: Request, res: Response) => {
const config = getServerConfig();
return res.send({ config });
};
export const updateServerConfig = async (req: Request, res: Response) => {
const {
body: { allowSignUp }
} = await validateRequest(reqValidator.UpdateServerConfigV1, req);
const config = await setServerConfig({ allowSignUp });
return res.send({ config });
};
export const adminSignUp = async (req: Request, res: Response) => {
const cfg = getServerConfig();
if (cfg.initialized) throw UnauthorizedRequestError({ message: "Admin has been created" });
const {
body: {
email,
publicKey,
salt,
lastName,
verifier,
firstName,
protectedKey,
protectedKeyIV,
protectedKeyTag,
encryptedPrivateKey,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag
}
} = await validateRequest(reqValidator.SignupV1, req);
let user = await User.findOne({ email });
if (user) throw BadRequestError({ message: "User already exist" });
user = new User({
email,
firstName,
lastName,
encryptionVersion: 2,
protectedKey,
protectedKeyIV,
protectedKeyTag,
publicKey,
encryptedPrivateKey,
iv: encryptedPrivateKeyIV,
tag: encryptedPrivateKeyTag,
salt,
verifier,
superAdmin: true
});
await user.save();
await initializeDefaultOrg({ organizationName: "Admin Org", user });
await setServerConfig({ initialized: true });
// issue tokens
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
const token = tokens.token;
const postHogClient = await TelemetryService.getPostHogClient();
if (postHogClient) {
postHogClient.capture({
event: "admin initialization",
properties: {
email: user.email,
lastName,
firstName
}
});
}
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled()
});
return res.status(200).send({
message: "Successfully set up admin account",
user,
token
});
};

View File

@@ -1,277 +0,0 @@
import { Request, Response } from "express";
import jwt from "jsonwebtoken";
import * as bigintConversion from "bigint-conversion";
// eslint-disable-next-line @typescript-eslint/no-var-requires
const jsrp = require("jsrp");
import {
LoginSRPDetail,
TokenVersion,
User
} from "../../models";
import { clearTokens, createToken, issueAuthTokens } from "../../helpers/auth";
import { checkUserDevice } from "../../helpers/user";
import { AuthTokenType } from "../../variables";
import {
BadRequestError,
UnauthorizedRequestError
} from "../../utils/errors";
import {
getAuthSecret,
getHttpsEnabled,
getJwtAuthLifetime,
} from "../../config";
import { ActorType } from "../../ee/models";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/auth";
declare module "jsonwebtoken" {
export interface AuthnJwtPayload extends jwt.JwtPayload {
authTokenType: AuthTokenType;
}
export interface UserIDJwtPayload extends jwt.JwtPayload {
userId: string;
refreshVersion?: number;
}
export interface IdentityAccessTokenJwtPayload extends jwt.JwtPayload {
_id: string;
clientSecretId: string;
identityAccessTokenId: string;
authTokenType: string;
}
}
/**
* Log in user step 1: Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
* @param req
* @param res
* @returns
*/
export const login1 = async (req: Request, res: Response) => {
const {
body: { email, clientPublicKey }
} = await validateRequest(reqValidator.Login1V1, req);
const user = await User.findOne({
email
}).select("+salt +verifier");
if (!user) throw new Error("Failed to find user");
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier
},
async () => {
// generate server-side public key
const serverPublicKey = server.getPublicKey();
await LoginSRPDetail.findOneAndReplace(
{ email: email },
{
email: email,
clientPublicKey: clientPublicKey,
serverBInt: bigintConversion.bigintToBuf(server.bInt)
},
{ upsert: true, returnNewDocument: false }
);
return res.status(200).send({
serverPublicKey,
salt: user.salt
});
}
);
};
/**
* Log in user step 2: complete step 2 of SRP protocol and return token and their (encrypted)
* private key
* @param req
* @param res
* @returns
*/
export const login2 = async (req: Request, res: Response) => {
const {
body: { email, clientProof }
} = await validateRequest(reqValidator.Login2V1, req);
const user = await User.findOne({
email
}).select("+salt +verifier +publicKey +encryptedPrivateKey +iv +tag");
if (!user) throw new Error("Failed to find user");
const loginSRPDetailFromDB = await LoginSRPDetail.findOneAndDelete({ email: email });
if (!loginSRPDetailFromDB) {
return BadRequestError(
Error(
"It looks like some details from the first login are not found. Please try login one again"
)
);
}
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier,
b: loginSRPDetailFromDB.serverBInt
},
async () => {
server.setClientPublicKey(loginSRPDetailFromDB.clientPublicKey);
// compare server and client shared keys
if (server.checkClientProof(clientProof)) {
// issue tokens
await checkUserDevice({
user,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled()
});
// return (access) token in response
return res.status(200).send({
token: tokens.token,
publicKey: user.publicKey,
encryptedPrivateKey: user.encryptedPrivateKey,
iv: user.iv,
tag: user.tag
});
}
return res.status(400).send({
message: "Failed to authenticate. Try again?"
});
}
);
};
/**
* Log out user
* @param req
* @param res
* @returns
*/
export const logout = async (req: Request, res: Response) => {
if (req.authData.actor.type === ActorType.USER && req.authData.tokenVersionId) {
await clearTokens(req.authData.tokenVersionId);
}
// clear httpOnly cookie
res.cookie("jid", "", {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: (await getHttpsEnabled()) as boolean
});
return res.status(200).send({
message: "Successfully logged out."
});
};
export const revokeAllSessions = async (req: Request, res: Response) => {
await TokenVersion.updateMany(
{
user: req.user._id
},
{
$inc: {
refreshVersion: 1,
accessVersion: 1
}
}
);
return res.status(200).send({
message: "Successfully revoked all sessions."
});
};
/**
* Return user is authenticated
* @param req
* @param res
* @returns
*/
export const checkAuth = async (req: Request, res: Response) => {
return res.status(200).send({
message: "Authenticated"
});
};
/**
* Return new JWT access token by first validating the refresh token
* @param req
* @param res
* @returns
*/
export const getNewToken = async (req: Request, res: Response) => {
const refreshToken = req.cookies.jid;
if (!refreshToken)
throw BadRequestError({
message: "Failed to find refresh token in request cookies"
});
const decodedToken = <jwt.UserIDJwtPayload>jwt.verify(refreshToken, await getAuthSecret());
if (decodedToken.authTokenType !== AuthTokenType.REFRESH_TOKEN) throw UnauthorizedRequestError();
const user = await User.findOne({
_id: decodedToken.userId
}).select("+publicKey +refreshVersion +accessVersion");
if (!user) throw new Error("Failed to authenticate unfound user");
if (!user?.publicKey) throw new Error("Failed to authenticate not fully set up account");
const tokenVersion = await TokenVersion.findById(decodedToken.tokenVersionId);
if (!tokenVersion)
throw UnauthorizedRequestError({
message: "Failed to validate refresh token"
});
if (decodedToken.refreshVersion !== tokenVersion.refreshVersion)
throw BadRequestError({
message: "Failed to validate refresh token"
});
const token = createToken({
payload: {
authTokenType: AuthTokenType.ACCESS_TOKEN,
userId: decodedToken.userId,
tokenVersionId: tokenVersion._id.toString(),
accessVersion: tokenVersion.refreshVersion
},
expiresIn: await getJwtAuthLifetime(),
secret: await getAuthSecret()
});
return res.status(200).send({
token
});
};
export const handleAuthProviderCallback = (req: Request, res: Response) => {
res.redirect(`/login/provider/success?token=${encodeURIComponent(req.providerAuthToken)}`);
};

View File

@@ -1,135 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import { Bot, BotKey } from "../../models";
import { createBot } from "../../helpers/bot";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/bot";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
import { BadRequestError } from "../../utils/errors";
interface BotKey {
encryptedKey: string;
nonce: string;
}
/**
* Return bot for workspace with id [workspaceId]. If a workspace bot doesn't exist,
* then create and return a new bot.
* @param req
* @param res
* @returns
*/
export const getBotByWorkspaceId = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetBotByWorkspaceIdV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Integrations
);
let bot = await Bot.findOne({
workspace: workspaceId
});
if (!bot) {
// case: bot doesn't exist for workspace with id [workspaceId]
// -> create a new bot and return it
bot = await createBot({
name: "Infisical Bot",
workspaceId: new Types.ObjectId(workspaceId)
});
}
return res.status(200).send({
bot
});
};
/**
* Return bot with id [req.bot._id] with active state set to [isActive].
* @param req
* @param res
* @returns
*/
export const setBotActiveState = async (req: Request, res: Response) => {
const {
body: { botKey, isActive },
params: { botId }
} = await validateRequest(reqValidator.SetBotActiveStateV1, req);
const bot = await Bot.findById(botId);
if (!bot) {
throw BadRequestError({ message: "Bot not found" });
}
const userId = req.user._id;
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: bot.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Integrations
);
if (isActive) {
// bot state set to active -> share workspace key with bot
if (!botKey?.encryptedKey || !botKey?.nonce) {
return res.status(400).send({
message: "Failed to set bot state to active - missing bot key"
});
}
await BotKey.findOneAndUpdate(
{
workspace: bot.workspace
},
{
encryptedKey: botKey.encryptedKey,
nonce: botKey.nonce,
sender: userId,
bot: bot._id,
workspace: bot.workspace
},
{
upsert: true,
new: true
}
);
} else {
// case: bot state set to inactive -> delete bot's workspace key
await BotKey.deleteOne({
bot: bot._id
});
}
const updatedBot = await Bot.findOneAndUpdate(
{
_id: bot._id
},
{
isActive
},
{
new: true
}
);
if (!updatedBot) throw new Error("Failed to update bot active state");
return res.status(200).send({
bot
});
};

View File

@@ -1,43 +0,0 @@
import * as authController from "./authController";
import * as universalAuthController from "./universalAuthController";
import * as botController from "./botController";
import * as integrationAuthController from "./integrationAuthController";
import * as integrationController from "./integrationController";
import * as keyController from "./keyController";
import * as membershipController from "./membershipController";
import * as membershipOrgController from "./membershipOrgController";
import * as organizationController from "./organizationController";
import * as passwordController from "./passwordController";
import * as secretController from "./secretController";
import * as serviceTokenController from "./serviceTokenController";
import * as signupController from "./signupController";
import * as userActionController from "./userActionController";
import * as userController from "./userController";
import * as workspaceController from "./workspaceController";
import * as secretScanningController from "./secretScanningController";
import * as webhookController from "./webhookController";
import * as secretImpsController from "./secretImpsController";
import * as adminController from "./adminController";
export {
authController,
universalAuthController,
botController,
integrationAuthController,
integrationController,
keyController,
membershipController,
membershipOrgController,
organizationController,
passwordController,
secretController,
serviceTokenController,
signupController,
userActionController,
userController,
workspaceController,
secretScanningController,
webhookController,
secretImpsController,
adminController
};

File diff suppressed because it is too large Load Diff

View File

@@ -1,307 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import { Folder, IWorkspace, Integration, IntegrationAuth } from "../../models";
import { EventService } from "../../services";
import { eventStartIntegration } from "../../events";
import { getFolderByPath } from "../../services/FolderService";
import { BadRequestError } from "../../utils/errors";
import { EEAuditLogService } from "../../ee/services";
import { EventType } from "../../ee/models";
import { syncSecretsToActiveIntegrationsQueue } from "../../queues/integrations/syncSecretsToThirdPartyServices";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/integration";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
/**
* Create/initialize an (empty) integration for integration authorization
* @param req
* @param res
* @returns
*/
export const createIntegration = async (req: Request, res: Response) => {
const {
body: {
isActive,
sourceEnvironment,
secretPath,
app,
path,
appId,
owner,
region,
scope,
targetService,
targetServiceId,
integrationAuthId,
targetEnvironment,
targetEnvironmentId,
metadata
}
} = await validateRequest(reqValidator.CreateIntegrationV1, req);
const integrationAuth = await IntegrationAuth.findById(integrationAuthId)
.populate<{ workspace: IWorkspace }>("workspace")
.select(
"+refreshCiphertext +refreshIV +refreshTag +accessCiphertext +accessIV +accessTag +accessExpiresAt"
);
if (!integrationAuth) throw BadRequestError({ message: "Integration auth not found" });
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: integrationAuth.workspace._id
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Integrations
);
const folders = await Folder.findOne({
workspace: integrationAuth.workspace._id,
environment: sourceEnvironment
});
if (folders) {
const folder = getFolderByPath(folders.nodes, secretPath);
if (!folder) {
throw BadRequestError({
message: "Folder path doesn't exist"
});
}
}
// TODO: validate [sourceEnvironment] and [targetEnvironment]
// initialize new integration after saving integration access token
const integration = await new Integration({
workspace: integrationAuth.workspace._id,
environment: sourceEnvironment,
isActive,
app,
appId,
targetEnvironment,
targetEnvironmentId,
targetService,
targetServiceId,
owner,
path,
region,
scope,
secretPath,
integration: integrationAuth.integration,
integrationAuth: new Types.ObjectId(integrationAuthId),
metadata
}).save();
if (integration) {
// trigger event - push secrets
EventService.handleEvent({
event: eventStartIntegration({
workspaceId: integration.workspace,
environment: sourceEnvironment
})
});
}
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_INTEGRATION,
metadata: {
integrationId: integration._id.toString(),
integration: integration.integration,
environment: integration.environment,
secretPath,
url: integration.url,
app: integration.app,
appId: integration.appId,
targetEnvironment: integration.targetEnvironment,
targetEnvironmentId: integration.targetEnvironmentId,
targetService: integration.targetService,
targetServiceId: integration.targetServiceId,
path: integration.path,
region: integration.region
}
},
{
workspaceId: integration.workspace
}
);
return res.status(200).send({
integration
});
};
/**
* Change environment or name of integration with id [integrationId]
* @param req
* @param res
* @returns
*/
export const updateIntegration = async (req: Request, res: Response) => {
// TODO: add integration-specific validation to ensure that each
// integration has the correct fields populated in [Integration]
const {
body: {
environment,
isActive,
app,
appId,
targetEnvironment,
owner, // github-specific integration param
secretPath
},
params: { integrationId }
} = await validateRequest(reqValidator.UpdateIntegrationV1, req);
const integration = await Integration.findById(integrationId);
if (!integration) throw BadRequestError({ message: "Integration not found" });
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: integration.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Integrations
);
const folders = await Folder.findOne({
workspace: integration.workspace,
environment
});
if (folders) {
const folder = getFolderByPath(folders.nodes, secretPath);
if (!folder) {
throw BadRequestError({
message: "Path for service token does not exist"
});
}
}
const updatedIntegration = await Integration.findOneAndUpdate(
{
_id: integration._id
},
{
environment,
isActive,
app,
appId,
targetEnvironment,
owner,
secretPath
},
{
new: true
}
);
if (updatedIntegration) {
// trigger event - push secrets
EventService.handleEvent({
event: eventStartIntegration({
workspaceId: updatedIntegration.workspace,
environment
})
});
}
return res.status(200).send({
integration: updatedIntegration
});
};
/**
* Delete integration with id [integrationId]
* @param req
* @param res
* @returns
*/
export const deleteIntegration = async (req: Request, res: Response) => {
const {
params: { integrationId }
} = await validateRequest(reqValidator.DeleteIntegrationV1, req);
const integration = await Integration.findById(integrationId);
if (!integration) throw BadRequestError({ message: "Integration not found" });
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: integration.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Integrations
);
const deletedIntegration = await Integration.findOneAndDelete({
_id: integrationId
});
if (!deletedIntegration) throw new Error("Failed to find integration");
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.DELETE_INTEGRATION,
metadata: {
integrationId: integration._id.toString(),
integration: integration.integration,
environment: integration.environment,
secretPath: integration.secretPath,
url: integration.url,
app: integration.app,
appId: integration.appId,
targetEnvironment: integration.targetEnvironment,
targetEnvironmentId: integration.targetEnvironmentId,
targetService: integration.targetService,
targetServiceId: integration.targetServiceId,
path: integration.path,
region: integration.region
}
},
{
workspaceId: integration.workspace
}
);
return res.status(200).send({
integration
});
};
// Will trigger sync for all integrations within the given env and workspace id
export const manualSync = async (req: Request, res: Response) => {
const {
body: { workspaceId, environment }
} = await validateRequest(reqValidator.ManualSyncV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Integrations
);
syncSecretsToActiveIntegrationsQueue({
workspaceId,
environment
});
res.status(200).send();
};

View File

@@ -1,101 +0,0 @@
import { Types } from "mongoose";
import { Request, Response } from "express";
import { Key } from "../../models";
import { findMembership } from "../../helpers/membership";
import { EventType } from "../../ee/models";
import { EEAuditLogService } from "../../ee/services";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/key";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
/**
* Add (encrypted) copy of workspace key for workspace with id [workspaceId] for user with
* id [key.userId]
* @param req
* @param res
* @returns
*/
export const uploadKey = async (req: Request, res: Response) => {
const {
params: { workspaceId },
body: { key }
} = await validateRequest(reqValidator.UploadKeyV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Member
);
// validate membership of receiver
const receiverMembership = await findMembership({
user: key.userId,
workspace: workspaceId
});
if (!receiverMembership) {
throw new Error("Failed receiver membership validation for workspace");
}
await new Key({
encryptedKey: key.encryptedKey,
nonce: key.nonce,
sender: req.user._id,
receiver: key.userId,
workspace: workspaceId
}).save();
return res.status(200).send({
message: "Successfully uploaded key to workspace"
});
};
/**
* Return latest (encrypted) copy of workspace key for user
* @param req
* @param res
* @returns
*/
export const getLatestKey = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetLatestKeyV1, req);
// get latest key
const latestKey = await Key.find({
workspace: workspaceId,
receiver: req.user._id
})
.sort({ createdAt: -1 })
.limit(1)
.populate("sender", "+publicKey");
const resObj: any = {};
if (latestKey.length > 0) {
resObj["latestKey"] = latestKey[0];
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.GET_WORKSPACE_KEY,
metadata: {
keyId: latestKey[0]._id.toString()
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
}
return res.status(200).send(resObj);
};

View File

@@ -1,286 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import { IUser, Key, Membership, MembershipOrg, User, Workspace } from "../../models";
import { EventType, Role } from "../../ee/models";
import { deleteMembership as deleteMember, findMembership } from "../../helpers/membership";
import { sendMail } from "../../helpers/nodemailer";
import { ACCEPTED, ADMIN, CUSTOM, MEMBER, NO_ACCESS, VIEWER } from "../../variables";
import { getSiteURL } from "../../config";
import { EEAuditLogService, EELicenseService } from "../../ee/services";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/membership";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
import { BadRequestError } from "../../utils/errors";
import { InviteUserToWorkspaceV1 } from "../../validation/workspace";
/**
* Check that user is a member of workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const validateMembership = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.ValidateMembershipV1, req);
// validate membership
const membership = await findMembership({
user: req.user._id,
workspace: workspaceId
});
if (!membership) {
throw new Error("Failed to validate membership");
}
return res.status(200).send({
message: "Workspace membership confirmed"
});
};
/**
* Delete membership with id [membershipId]
* @param req
* @param res
* @returns
*/
export const deleteMembership = async (req: Request, res: Response) => {
const {
params: { membershipId }
} = await validateRequest(reqValidator.DeleteMembershipV1, req);
// check if membership to delete exists
const membershipToDelete = await Membership.findOne({
_id: membershipId
}).populate<{ user: IUser }>("user");
if (!membershipToDelete) {
throw new Error("Failed to delete workspace membership that doesn't exist");
}
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: membershipToDelete.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Member
);
// delete workspace membership
const deletedMembership = await deleteMember({
membershipId: membershipToDelete._id.toString()
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.REMOVE_WORKSPACE_MEMBER,
metadata: {
userId: membershipToDelete.user._id.toString(),
email: membershipToDelete.user.email
}
},
{
workspaceId: membershipToDelete.workspace
}
);
return res.status(200).send({
deletedMembership
});
};
/**
* Change and return workspace membership role
* @param req
* @param res
* @returns
*/
export const changeMembershipRole = async (req: Request, res: Response) => {
const {
body: { role },
params: { membershipId }
} = await validateRequest(reqValidator.ChangeMembershipRoleV1, req);
// validate target membership
const membershipToChangeRole = await Membership.findById(membershipId).populate<{ user: IUser }>(
"user"
);
if (!membershipToChangeRole) {
throw new Error("Failed to find membership to change role");
}
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: membershipToChangeRole.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Member
);
const isCustomRole = ![ADMIN, MEMBER, VIEWER, NO_ACCESS].includes(role);
if (isCustomRole) {
const wsRole = await Role.findOne({
slug: role,
isOrgRole: false,
workspace: membershipToChangeRole.workspace
});
if (!wsRole) throw BadRequestError({ message: "Role not found" });
const plan = await EELicenseService.getPlan(wsRole.organization);
if (!plan.rbac) return res.status(400).send({
message: "Failed to assign custom role due to RBAC restriction. Upgrade plan to assign custom role to member."
});
const membership = await Membership.findByIdAndUpdate(membershipId, {
role: CUSTOM,
customRole: wsRole
});
return res.status(200).send({
membership
});
}
const membership = await Membership.findByIdAndUpdate(
membershipId,
{
$set: {
role
},
$unset: {
customRole: 1
}
},
{
new: true
}
);
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.UPDATE_USER_WORKSPACE_ROLE,
metadata: {
userId: membershipToChangeRole.user._id.toString(),
email: membershipToChangeRole.user.email,
oldRole: membershipToChangeRole.role,
newRole: role
}
},
{
workspaceId: membershipToChangeRole.workspace
}
);
return res.status(200).send({
membership
});
};
/**
* Add user with email [email] to workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const inviteUserToWorkspace = async (req: Request, res: Response) => {
const {
params: { workspaceId },
body: { email }
} = await validateRequest(InviteUserToWorkspaceV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Member
);
const invitee = await User.findOne({
email
}).select("+publicKey");
if (!invitee || !invitee?.publicKey) throw new Error("Failed to validate invitee");
// validate invitee's workspace membership - ensure member isn't
// already a member of the workspace
const inviteeMembership = await Membership.findOne({
user: invitee._id,
workspace: workspaceId
}).populate<{ user: IUser }>("user");
if (inviteeMembership) throw new Error("Failed to add existing member of workspace");
const workspace = await Workspace.findById(workspaceId);
if (!workspace) throw new Error("Failed to find workspace");
// validate invitee's organization membership - ensure that only
// (accepted) organization members can be added to the workspace
const membershipOrg = await MembershipOrg.findOne({
user: invitee._id,
organization: workspace.organization,
status: ACCEPTED
});
if (!membershipOrg) throw new Error("Failed to validate invitee's organization membership");
// get latest key
const latestKey = await Key.findOne({
workspace: workspaceId,
receiver: req.user._id
})
.sort({ createdAt: -1 })
.populate("sender", "+publicKey");
// create new workspace membership
await new Membership({
user: invitee._id,
workspace: workspaceId,
role: MEMBER
}).save();
await sendMail({
template: "workspaceInvitation.handlebars",
subjectLine: "Infisical workspace invitation",
recipients: [invitee.email],
substitutions: {
inviterFirstName: req.user.firstName,
inviterEmail: req.user.email,
workspaceName: workspace.name,
callback_url: (await getSiteURL()) + "/login"
}
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.ADD_WORKSPACE_MEMBER,
metadata: {
userId: invitee._id.toString(),
email: invitee.email
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.status(200).send({
invitee,
latestKey
});
};

View File

@@ -1,292 +0,0 @@
import { Types } from "mongoose";
import { Request, Response } from "express";
import { MembershipOrg, Organization, User } from "../../models";
import { SSOConfig } from "../../ee/models";
import { deleteMembershipOrg as deleteMemberFromOrg } from "../../helpers/membershipOrg";
import { createToken } from "../../helpers/auth";
import { updateSubscriptionOrgQuantity } from "../../helpers/organization";
import { sendMail } from "../../helpers/nodemailer";
import { TokenService } from "../../services";
import { EELicenseService } from "../../ee/services";
import { ACCEPTED, AuthTokenType, INVITED, MEMBER, TOKEN_EMAIL_ORG_INVITATION } from "../../variables";
import * as reqValidator from "../../validation/membershipOrg";
import {
getAuthSecret,
getJwtSignupLifetime,
getSiteURL,
getSmtpConfigured
} from "../../config";
import { validateUserEmail } from "../../validation";
import { validateRequest } from "../../helpers/validation";
import {
OrgPermissionActions,
OrgPermissionSubjects,
getAuthDataOrgPermissions
} from "../../ee/services/RoleService";
import { ForbiddenError } from "@casl/ability";
/**
* Delete organization membership with id [membershipOrgId] from organization
* @param req
* @param res
* @returns
*/
export const deleteMembershipOrg = async (req: Request, _res: Response) => {
const {
params: { membershipOrgId }
} = await validateRequest(reqValidator.DelOrgMembershipv1, req);
// check if organization membership to delete exists
const membershipOrgToDelete = await MembershipOrg.findOne({
_id: membershipOrgId
}).populate("user");
if (!membershipOrgToDelete) {
throw new Error("Failed to delete organization membership that doesn't exist");
}
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: membershipOrgToDelete.organization
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Delete,
OrgPermissionSubjects.Member
);
// delete organization membership
await deleteMemberFromOrg({
membershipOrgId: membershipOrgToDelete._id.toString()
});
await updateSubscriptionOrgQuantity({
organizationId: membershipOrgToDelete.organization.toString()
});
return membershipOrgToDelete;
};
/**
* Change and return organization membership role
* @param req
* @param res
* @returns
*/
export const changeMembershipOrgRole = async (req: Request, res: Response) => {
// change role for (target) organization membership with id
// [membershipOrgId]
let membershipToChangeRole;
return res.status(200).send({
membershipOrg: membershipToChangeRole
});
};
/**
* Organization invitation step 1: Send email invitation to user with email [email]
* for organization with id [organizationId] containing magic link
* @param req
* @param res
* @returns
*/
export const inviteUserToOrganization = async (req: Request, res: Response) => {
let inviteeMembershipOrg, completeInviteLink;
const {
body: { inviteeEmail, organizationId }
} = await validateRequest(reqValidator.InviteUserToOrgv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Create,
OrgPermissionSubjects.Member
);
const host = req.headers.host;
const siteUrl = `${req.protocol}://${host}`;
const plan = await EELicenseService.getPlan(new Types.ObjectId(organizationId));
const ssoConfig = await SSOConfig.findOne({
organization: new Types.ObjectId(organizationId)
});
if (ssoConfig && ssoConfig.isActive) {
// case: SAML SSO is enabled for the organization
return res.status(400).send({
message: "Failed to invite member due to SAML SSO configured for organization"
});
}
if (plan.memberLimit !== null) {
// case: limit imposed on number of members allowed
if (plan.membersUsed >= plan.memberLimit) {
// case: number of members used exceeds the number of members allowed
return res.status(400).send({
message:
"Failed to invite member due to member limit reached. Upgrade plan to invite more members."
});
}
}
const invitee = await User.findOne({
email: inviteeEmail
}).select("+publicKey");
if (invitee) {
// case: invitee is an existing user
inviteeMembershipOrg = await MembershipOrg.findOne({
user: invitee._id,
organization: organizationId
});
if (inviteeMembershipOrg && inviteeMembershipOrg.status === ACCEPTED) {
throw new Error("Failed to invite an existing member of the organization");
}
if (!inviteeMembershipOrg) {
await new MembershipOrg({
user: invitee,
inviteEmail: inviteeEmail,
organization: organizationId,
role: MEMBER,
status: INVITED
}).save();
}
} else {
// check if invitee has been invited before
inviteeMembershipOrg = await MembershipOrg.findOne({
inviteEmail: inviteeEmail,
organization: organizationId
});
if (!inviteeMembershipOrg) {
// case: invitee has never been invited before
// validate that email is not disposable
validateUserEmail(inviteeEmail);
await new MembershipOrg({
inviteEmail: inviteeEmail,
organization: organizationId,
role: MEMBER,
status: INVITED
}).save();
}
}
const organization = await Organization.findOne({ _id: organizationId });
if (organization) {
const token = await TokenService.createToken({
type: TOKEN_EMAIL_ORG_INVITATION,
email: inviteeEmail,
organizationId: organization._id
});
await sendMail({
template: "organizationInvitation.handlebars",
subjectLine: "Infisical organization invitation",
recipients: [inviteeEmail],
substitutions: {
inviterFirstName: req.user.firstName,
inviterEmail: req.user.email,
organizationName: organization.name,
email: inviteeEmail,
organizationId: organization._id.toString(),
token,
callback_url: (await getSiteURL()) + "/signupinvite"
}
});
if (!(await getSmtpConfigured())) {
completeInviteLink = `${
siteUrl + "/signupinvite"
}?token=${token}&to=${inviteeEmail}&organization_id=${organization._id}`;
}
}
await updateSubscriptionOrgQuantity({ organizationId });
return res.status(200).send({
message: `Sent an invite link to ${req.body.inviteeEmail}`,
completeInviteLink
});
};
/**
* Organization invitation step 2: Verify that code [code] was sent to email [email] as part of
* magic link and issue a temporary signup token for user to complete setting up their account
* @param req
* @param res
* @returns
*/
export const verifyUserToOrganization = async (req: Request, res: Response) => {
let user;
const {
body: { organizationId, email, code }
} = await validateRequest(reqValidator.VerifyUserToOrgv1, req);
user = await User.findOne({ email }).select("+publicKey");
const membershipOrg = await MembershipOrg.findOne({
inviteEmail: email,
status: INVITED,
organization: new Types.ObjectId(organizationId)
});
if (!membershipOrg) throw new Error("Failed to find any invitations for email");
await TokenService.validateToken({
type: TOKEN_EMAIL_ORG_INVITATION,
email,
organizationId: membershipOrg.organization,
token: code
});
if (user && user?.publicKey) {
// case: user has already completed account
// membership can be approved and redirected to login/dashboard
membershipOrg.status = ACCEPTED;
await membershipOrg.save();
await updateSubscriptionOrgQuantity({
organizationId
});
return res.status(200).send({
message: "Successfully verified email",
user
});
}
if (!user) {
// initialize user account
user = await new User({
email
}).save();
}
// generate temporary signup token
const token = createToken({
payload: {
authTokenType: AuthTokenType.SIGNUP_TOKEN,
userId: user._id.toString()
},
expiresIn: await getJwtSignupLifetime(),
secret: await getAuthSecret()
});
return res.status(200).send({
message: "Successfully verified email",
user,
token
});
};

View File

@@ -1,387 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import {
IncidentContactOrg,
Membership,
MembershipOrg,
Organization,
Workspace
} from "../../models";
import { getLicenseServerUrl, getSiteURL } from "../../config";
import { licenseServerKeyRequest } from "../../config/request";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/organization";
import { ACCEPTED } from "../../variables";
import {
OrgPermissionActions,
OrgPermissionSubjects,
getAuthDataOrgPermissions
} from "../../ee/services/RoleService";
import { OrganizationNotFoundError } from "../../utils/errors";
import { ForbiddenError } from "@casl/ability";
export const getOrganizations = async (req: Request, res: Response) => {
const organizations = (
await MembershipOrg.find({
user: req.user._id,
status: ACCEPTED
}).populate("organization")
).map((m) => m.organization);
return res.status(200).send({
organizations
});
};
/**
* Return organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const getOrganization = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgv1, req);
// ensure user has membership
await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
})
const organization = await Organization.findById(organizationId);
if (!organization) {
throw OrganizationNotFoundError({
message: "Failed to find organization"
});
}
return res.status(200).send({
organization
});
};
/**
* Return organization memberships for organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const getOrganizationMembers = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgMembersv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Member
);
const users = await MembershipOrg.find({
organization: organizationId
}).populate("user", "+publicKey");
return res.status(200).send({
users
});
};
/**
* Return workspaces that user is part of in organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const getOrganizationWorkspaces = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgWorkspacesv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
})
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Workspace
);
const workspacesSet = new Set(
(
await Workspace.find(
{
organization: organizationId
},
"_id"
)
).map((w) => w._id.toString())
);
const workspaces = (
await Membership.find({
user: req.user._id
}).populate("workspace")
)
.filter((m) => workspacesSet.has(m.workspace._id.toString()))
.map((m) => m.workspace);
return res.status(200).send({
workspaces
});
};
/**
* Change name of organization with id [organizationId] to [name]
* @param req
* @param res
* @returns
*/
export const changeOrganizationName = async (req: Request, res: Response) => {
const {
params: { organizationId },
body: { name }
} = await validateRequest(reqValidator.ChangeOrgNamev1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Edit,
OrgPermissionSubjects.Settings
);
const organization = await Organization.findOneAndUpdate(
{
_id: organizationId
},
{
name
},
{
new: true
}
);
return res.status(200).send({
message: "Successfully changed organization name",
organization
});
};
/**
* Return incident contacts of organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const getOrganizationIncidentContacts = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgIncidentContactv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.IncidentAccount
);
const incidentContactsOrg = await IncidentContactOrg.find({
organization: organizationId
});
return res.status(200).send({
incidentContactsOrg
});
};
/**
* Add and return new incident contact with email [email] for organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const addOrganizationIncidentContact = async (req: Request, res: Response) => {
const {
params: { organizationId },
body: { email }
} = await validateRequest(reqValidator.CreateOrgIncideContact, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Create,
OrgPermissionSubjects.IncidentAccount
);
const incidentContactOrg = await IncidentContactOrg.findOneAndUpdate(
{ email, organization: organizationId },
{ email, organization: organizationId },
{ upsert: true, new: true }
);
return res.status(200).send({
incidentContactOrg
});
};
/**
* Delete incident contact with email [email] for organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const deleteOrganizationIncidentContact = async (req: Request, res: Response) => {
const {
params: { organizationId },
body: { email }
} = await validateRequest(reqValidator.DelOrgIncideContact, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Delete,
OrgPermissionSubjects.IncidentAccount
);
const incidentContactOrg = await IncidentContactOrg.findOneAndDelete({
email,
organization: organizationId
});
return res.status(200).send({
message: "Successfully deleted organization incident contact",
incidentContactOrg
});
};
/**
* Redirect user to billing portal or add card page depending on
* if there is a card on file
* @param req
* @param res
* @returns
*/
export const createOrganizationPortalSession = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgPlanBillingInfov1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Edit,
OrgPermissionSubjects.Billing
);
const organization = await Organization.findById(organizationId);
if (!organization) {
throw OrganizationNotFoundError({
message: "Failed to find organization"
});
}
const {
data: { pmtMethods }
} = await licenseServerKeyRequest.get(
`${await getLicenseServerUrl()}/api/license-server/v1/customers/${
organization.customerId
}/billing-details/payment-methods`
);
if (pmtMethods.length < 1) {
// case: organization has no payment method on file
// -> redirect to add payment method portal
const {
data: { url }
} = await licenseServerKeyRequest.post(
`${await getLicenseServerUrl()}/api/license-server/v1/customers/${
organization.customerId
}/billing-details/payment-methods`,
{
success_url: (await getSiteURL()) + "/dashboard",
cancel_url: (await getSiteURL()) + "/dashboard"
}
);
return res.status(200).send({ url });
} else {
// case: organization has payment method on file
// -> redirect to billing portal
const {
data: { url }
} = await licenseServerKeyRequest.post(
`${await getLicenseServerUrl()}/api/license-server/v1/customers/${
organization.customerId
}/billing-details/billing-portal`,
{
return_url: (await getSiteURL()) + "/dashboard"
}
);
return res.status(200).send({ url });
}
};
/**
* Given a org id, return the projects each member of the org belongs to
* @param req
* @param res
* @returns
*/
export const getOrganizationMembersAndTheirWorkspaces = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgMembersv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Member
);
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Workspace
);
const workspacesSet = (
await Workspace.find(
{
organization: organizationId
},
"_id"
)
).map((w) => w._id.toString());
const memberships = await Membership.find({
workspace: { $in: workspacesSet }
}).populate("workspace");
const userToWorkspaceIds: any = {};
memberships.forEach((membership) => {
const user = membership.user.toString();
if (userToWorkspaceIds[user]) {
userToWorkspaceIds[user].push(membership.workspace);
} else {
userToWorkspaceIds[user] = [membership.workspace];
}
});
return res.json(userToWorkspaceIds);
};

View File

@@ -1,370 +0,0 @@
import { Request, Response } from "express";
// eslint-disable-next-line @typescript-eslint/no-var-requires
const jsrp = require("jsrp");
import * as bigintConversion from "bigint-conversion";
import { BackupPrivateKey, LoginSRPDetail, User } from "../../models";
import { clearTokens, createToken, sendMail } from "../../helpers";
import { TokenService } from "../../services";
import { AuthTokenType, TOKEN_EMAIL_PASSWORD_RESET } from "../../variables";
import { BadRequestError } from "../../utils/errors";
import {
getAuthSecret,
getHttpsEnabled,
getJwtSignupLifetime,
getSiteURL
} from "../../config";
import { ActorType } from "../../ee/models";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/auth";
/**
* Password reset step 1: Send email verification link to email [email]
* for account recovery.
* @param req
* @param res
* @returns
*/
export const emailPasswordReset = async (req: Request, res: Response) => {
const {
body: { email }
} = await validateRequest(reqValidator.EmailPasswordResetV1, req);
const user = await User.findOne({ email }).select("+publicKey");
if (!user || !user?.publicKey) {
// case: user has already completed account
return res.status(200).send({
message: "If an account exists with this email, a password reset link has been sent"
});
}
const token = await TokenService.createToken({
type: TOKEN_EMAIL_PASSWORD_RESET,
email
});
await sendMail({
template: "passwordReset.handlebars",
subjectLine: "Infisical password reset",
recipients: [email],
substitutions: {
email,
token,
callback_url: (await getSiteURL()) + "/password-reset"
}
});
return res.status(200).send({
message: "If an account exists with this email, a password reset link has been sent"
});
};
/**
* Password reset step 2: Verify email verification link sent to email [email]
* @param req
* @param res
* @returns
*/
export const emailPasswordResetVerify = async (req: Request, res: Response) => {
const {
body: { email, code }
} = await validateRequest(reqValidator.EmailPasswordResetVerifyV1, req);
const user = await User.findOne({ email }).select("+publicKey");
if (!user || !user?.publicKey) {
// case: user doesn't exist with email [email] or
// hasn't even completed their account
return res.status(403).send({
error: "Failed email verification for password reset"
});
}
await TokenService.validateToken({
type: TOKEN_EMAIL_PASSWORD_RESET,
email,
token: code
});
// generate temporary password-reset token
const token = createToken({
payload: {
authTokenType: AuthTokenType.SIGNUP_TOKEN,
userId: user._id.toString()
},
expiresIn: await getJwtSignupLifetime(),
secret: await getAuthSecret()
});
return res.status(200).send({
message: "Successfully verified email",
user,
token
});
};
/**
* Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
* @param req
* @param res
* @returns
*/
export const srp1 = async (req: Request, res: Response) => {
// return salt, serverPublicKey as part of first step of SRP protocol
const {
body: { clientPublicKey }
} = await validateRequest(reqValidator.Srp1V1, req);
const user = await User.findOne({
email: req.user.email
}).select("+salt +verifier");
if (!user) throw new Error("Failed to find user");
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier
},
async () => {
// generate server-side public key
const serverPublicKey = server.getPublicKey();
await LoginSRPDetail.findOneAndReplace(
{ email: req.user.email },
{
email: req.user.email,
clientPublicKey: clientPublicKey,
serverBInt: bigintConversion.bigintToBuf(server.bInt)
},
{ upsert: true, returnNewDocument: false }
);
return res.status(200).send({
serverPublicKey,
salt: user.salt
});
}
);
};
/**
* Change account SRP authentication information for user
* Requires verifying [clientProof] as part of step 2 of SRP protocol
* as initiated in POST /srp1
* @param req
* @param res
* @returns
*/
export const changePassword = async (req: Request, res: Response) => {
const {
body: {
clientProof,
protectedKey,
protectedKeyIV,
protectedKeyTag,
encryptedPrivateKey,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag,
salt,
verifier
}
} = await validateRequest(reqValidator.ChangePasswordV1, req);
const user = await User.findOne({
email: req.user.email
}).select("+salt +verifier");
if (!user) throw new Error("Failed to find user");
const loginSRPDetailFromDB = await LoginSRPDetail.findOneAndDelete({ email: req.user.email });
if (!loginSRPDetailFromDB) {
return BadRequestError(
Error(
"It looks like some details from the first login are not found. Please try login one again"
)
);
}
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier,
b: loginSRPDetailFromDB.serverBInt
},
async () => {
server.setClientPublicKey(loginSRPDetailFromDB.clientPublicKey);
// compare server and client shared keys
if (server.checkClientProof(clientProof)) {
// change password
await User.findByIdAndUpdate(
req.user._id.toString(),
{
encryptionVersion: 2,
protectedKey,
protectedKeyIV,
protectedKeyTag,
encryptedPrivateKey,
iv: encryptedPrivateKeyIV,
tag: encryptedPrivateKeyTag,
salt,
verifier
},
{
new: true
}
);
if (req.authData.actor.type === ActorType.USER && req.authData.tokenVersionId) {
await clearTokens(req.authData.tokenVersionId);
}
// clear httpOnly cookie
res.cookie("jid", "", {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: (await getHttpsEnabled()) as boolean
});
return res.status(200).send({
message: "Successfully changed password"
});
}
return res.status(400).send({
error: "Failed to change password. Try again?"
});
}
);
};
/**
* Create or change backup private key for user
* @param req
* @param res
* @returns
*/
export const createBackupPrivateKey = async (req: Request, res: Response) => {
// create/change backup private key
// requires verifying [clientProof] as part of second step of SRP protocol
// as initiated in /srp1
const {
body: { clientProof, encryptedPrivateKey, salt, verifier, iv, tag }
} = await validateRequest(reqValidator.CreateBackupPrivateKeyV1, req);
const user = await User.findOne({
email: req.user.email
}).select("+salt +verifier");
if (!user) throw new Error("Failed to find user");
const loginSRPDetailFromDB = await LoginSRPDetail.findOneAndDelete({ email: req.user.email });
if (!loginSRPDetailFromDB) {
return BadRequestError(
Error(
"It looks like some details from the first login are not found. Please try login one again"
)
);
}
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier,
b: loginSRPDetailFromDB.serverBInt
},
async () => {
server.setClientPublicKey(loginSRPDetailFromDB.clientPublicKey);
// compare server and client shared keys
if (server.checkClientProof(clientProof)) {
// create new or replace backup private key
const backupPrivateKey = await BackupPrivateKey.findOneAndUpdate(
{ user: req.user._id },
{
user: req.user._id,
encryptedPrivateKey,
iv,
tag,
salt,
verifier
},
{ upsert: true, new: true }
).select("+user, encryptedPrivateKey");
// issue tokens
return res.status(200).send({
message: "Successfully updated backup private key",
backupPrivateKey
});
}
return res.status(400).send({
message: "Failed to update backup private key"
});
}
);
};
/**
* Return backup private key for user
* @param req
* @param res
* @returns
*/
export const getBackupPrivateKey = async (req: Request, res: Response) => {
const backupPrivateKey = await BackupPrivateKey.findOne({
user: req.user._id
}).select("+encryptedPrivateKey +iv +tag");
if (!backupPrivateKey) throw new Error("Failed to find backup private key");
return res.status(200).send({
backupPrivateKey
});
};
export const resetPassword = async (req: Request, res: Response) => {
const {
body: {
encryptedPrivateKey,
protectedKeyTag,
protectedKey,
protectedKeyIV,
salt,
verifier,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag
}
} = await validateRequest(reqValidator.ResetPasswordV1, req);
await User.findByIdAndUpdate(
req.user._id.toString(),
{
encryptionVersion: 2,
protectedKey,
protectedKeyIV,
protectedKeyTag,
encryptedPrivateKey,
iv: encryptedPrivateKeyIV,
tag: encryptedPrivateKeyTag,
salt,
verifier
},
{
new: true
}
);
return res.status(200).send({
message: "Successfully reset password"
});
};

View File

@@ -1,209 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import { Key } from "../../models";
import {
pullSecrets as pull,
v1PushSecrets as push,
reformatPullSecrets
} from "../../helpers/secret";
import { pushKeys } from "../../helpers/key";
import { eventPushSecrets } from "../../events";
import { EventService } from "../../services";
import { TelemetryService } from "../../services";
interface PushSecret {
ciphertextKey: string;
ivKey: string;
tagKey: string;
hashKey: string;
ciphertextValue: string;
ivValue: string;
tagValue: string;
hashValue: string;
ciphertextComment: string;
ivComment: string;
tagComment: string;
hashComment: string;
type: "shared" | "personal";
}
/**
* Upload (encrypted) secrets to workspace with id [workspaceId]
* for environment [environment]
* @param req
* @param res
* @returns
*/
export const pushSecrets = async (req: Request, res: Response) => {
// upload (encrypted) secrets to workspace with id [workspaceId]
const postHogClient = await TelemetryService.getPostHogClient();
let { secrets }: { secrets: PushSecret[] } = req.body;
const { keys, environment, channel } = req.body;
const { workspaceId } = req.params;
// validate environment
const workspaceEnvs = req.membership.workspace.environments;
if (!workspaceEnvs.find(({ slug }: { slug: string }) => slug === environment)) {
throw new Error("Failed to validate environment");
}
// sanitize secrets
secrets = secrets.filter((s: PushSecret) => s.ciphertextKey !== "" && s.ciphertextValue !== "");
await push({
userId: req.user._id,
workspaceId,
environment,
secrets
});
await pushKeys({
userId: req.user._id,
workspaceId,
keys
});
if (postHogClient) {
postHogClient.capture({
event: "secrets pushed",
distinctId: req.user.email,
properties: {
numberOfSecrets: secrets.length,
environment,
workspaceId,
channel: channel ? channel : "cli"
}
});
}
// trigger event - push secrets
EventService.handleEvent({
event: eventPushSecrets({
workspaceId: new Types.ObjectId(workspaceId),
environment,
secretPath: "/"
})
});
return res.status(200).send({
message: "Successfully uploaded workspace secrets"
});
};
/**
* Return (encrypted) secrets for workspace with id [workspaceId]
* for environment [environment] and (encrypted) workspace key
* @param req
* @param res
* @returns
*/
export const pullSecrets = async (req: Request, res: Response) => {
let secrets;
const postHogClient = await TelemetryService.getPostHogClient();
const environment: string = req.query.environment as string;
const channel: string = req.query.channel as string;
const { workspaceId } = req.params;
// validate environment
const workspaceEnvs = req.membership.workspace.environments;
if (!workspaceEnvs.find(({ slug }: { slug: string }) => slug === environment)) {
throw new Error("Failed to validate environment");
}
secrets = await pull({
userId: req.user._id.toString(),
workspaceId,
environment,
channel: channel ? channel : "cli",
ipAddress: req.realIP
});
const key = await Key.findOne({
workspace: workspaceId,
receiver: req.user._id
})
.sort({ createdAt: -1 })
.populate("sender", "+publicKey");
if (channel !== "cli") {
secrets = reformatPullSecrets({ secrets });
}
if (postHogClient) {
// capture secrets pushed event in production
postHogClient.capture({
distinctId: req.user.email,
event: "secrets pulled",
properties: {
numberOfSecrets: secrets.length,
environment,
workspaceId,
channel: channel ? channel : "cli"
}
});
}
return res.status(200).send({
secrets,
key
});
};
/**
* Return (encrypted) secrets for workspace with id [workspaceId]
* for environment [environment] and (encrypted) workspace key
* via service token
* @param req
* @param res
* @returns
*/
export const pullSecretsServiceToken = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const environment: string = req.query.environment as string;
const channel: string = req.query.channel as string;
const { workspaceId } = req.params;
// validate environment
const workspaceEnvs = req.membership.workspace.environments;
if (!workspaceEnvs.find(({ slug }: { slug: string }) => slug === environment)) {
throw new Error("Failed to validate environment");
}
const secrets = await pull({
userId: req.serviceToken.user._id.toString(),
workspaceId,
environment,
channel: "cli",
ipAddress: req.realIP
});
const key = {
encryptedKey: req.serviceToken.encryptedKey,
nonce: req.serviceToken.nonce,
sender: {
publicKey: req.serviceToken.publicKey
},
receiver: req.serviceToken.user,
workspace: req.serviceToken.workspace
};
if (postHogClient) {
// capture secrets pulled event in production
postHogClient.capture({
distinctId: req.serviceToken.user.email,
event: "secrets pulled",
properties: {
numberOfSecrets: secrets.length,
environment,
workspaceId,
channel: channel ? channel : "cli"
}
});
}
return res.status(200).send({
secrets: reformatPullSecrets({ secrets }),
key
});
};

View File

@@ -1,721 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import { isValidScope } from "../../helpers";
import { Folder, IServiceTokenData, SecretImport, ServiceTokenData } from "../../models";
import { getAllImportedSecrets } from "../../services/SecretImportService";
import { getFolderByPath, getFolderWithPathFromId } from "../../services/FolderService";
import {
BadRequestError,
ResourceNotFoundError,
UnauthorizedRequestError
} from "../../utils/errors";
import { EEAuditLogService } from "../../ee/services";
import { EventType } from "../../ee/models";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/secretImports";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError, subject } from "@casl/ability";
export const createSecretImp = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Create secret import'
#swagger.description = 'Create secret import'
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"workspaceId": {
"type": "string",
"description": "ID of workspace where to create secret import",
"example": "someWorkspaceId"
},
"environment": {
"type": "string",
"description": "Slug of environment where to create secret import",
"example": "dev"
},
"directory": {
"type": "string",
"description": "Path where to create secret import like / or /foo/bar. Default is /",
"example": "/foo/bar"
},
"secretImport": {
"type": "object",
"properties": {
"environment": {
"type": "string",
"description": "Slug of environment to import from",
"example": "development"
},
"secretPath": {
"type": "string",
"description": "Path where to import from like / or /foo/bar.",
"example": "/user/oauth"
}
}
}
},
"required": ["workspaceId", "environment", "directory", "secretImport"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "successfully created secret import"
}
},
"description": "Confirmation of secret import creation"
}
}
}
}
#swagger.responses[400] = {
description: "Bad Request. For example, 'Secret import already exist'"
}
#swagger.responses[401] = {
description: "Unauthorized request. For example, 'Folder Permission Denied'"
}
#swagger.responses[404] = {
description: "Resource Not Found. For example, 'Failed to find folder'"
}
*/
const {
body: { workspaceId, environment, directory, secretImport }
} = await validateRequest(reqValidator.CreateSecretImportV1, req);
if (req.authData.authPayload instanceof ServiceTokenData) {
// root check
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
);
}
const folders = await Folder.findOne({
workspace: workspaceId,
environment
}).lean();
if (!folders && directory !== "/")
throw ResourceNotFoundError({ message: "Failed to find folder" });
let folderId = "root";
if (folders) {
const folder = getFolderByPath(folders.nodes, directory);
if (!folder) throw BadRequestError({ message: "Folder not found" });
folderId = folder.id;
}
const importSecDoc = await SecretImport.findOne({
workspace: workspaceId,
environment,
folderId
});
if (!importSecDoc) {
const doc = new SecretImport({
workspace: workspaceId,
environment,
folderId,
imports: [{ environment: secretImport.environment, secretPath: secretImport.secretPath }]
});
await doc.save();
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_SECRET_IMPORT,
metadata: {
secretImportId: doc._id.toString(),
folderId: doc.folderId.toString(),
importFromEnvironment: secretImport.environment,
importFromSecretPath: secretImport.secretPath,
importToEnvironment: environment,
importToSecretPath: directory
}
},
{
workspaceId: doc.workspace
}
);
return res.status(200).json({ message: "successfully created secret import" });
}
const doesImportExist = importSecDoc.imports.find(
(el) => el.environment === secretImport.environment && el.secretPath === secretImport.secretPath
);
if (doesImportExist) {
throw BadRequestError({ message: "Secret import already exist" });
}
importSecDoc.imports.push({
environment: secretImport.environment,
secretPath: secretImport.secretPath
});
await importSecDoc.save();
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_SECRET_IMPORT,
metadata: {
secretImportId: importSecDoc._id.toString(),
folderId: importSecDoc.folderId.toString(),
importFromEnvironment: secretImport.environment,
importFromSecretPath: secretImport.secretPath,
importToEnvironment: environment,
importToSecretPath: directory
}
},
{
workspaceId: importSecDoc.workspace
}
);
return res.status(200).json({ message: "successfully created secret import" });
};
// to keep the ordering, you must pass all the imports in here not the only updated one
// this is because the order decide which import gets overriden
/**
* Update secret import
* @param req
* @param res
* @returns
*/
export const updateSecretImport = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Update secret import'
#swagger.description = 'Update secret import'
#swagger.parameters['id'] = {
in: 'path',
description: 'ID of secret import to update',
required: true,
type: 'string',
example: 'import12345'
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"secretImports": {
"type": "array",
"description": "List of secret imports to update to",
"items": {
"type": "object",
"properties": {
"environment": {
"type": "string",
"description": "Slug of environment to import from",
"example": "dev"
},
"secretPath": {
"type": "string",
"description": "Path where to import secrets from like / or /foo/bar",
"example": "/foo/bar"
}
},
"required": ["environment", "secretPath"]
}
}
},
"required": ["secretImports"]
}
}
}
}
#swagger.responses[200] = {
description: 'Successfully updated the secret import',
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "successfully updated secret import"
}
}
}
}
}
}
#swagger.responses[400] = {
description: 'Bad Request - Import not found',
}
#swagger.responses[403] = {
description: 'Forbidden access due to insufficient permissions',
}
#swagger.responses[401] = {
description: 'Unauthorized access due to invalid token or scope',
}
*/
const {
body: { secretImports },
params: { id }
} = await validateRequest(reqValidator.UpdateSecretImportV1, req);
const importSecDoc = await SecretImport.findById(id);
if (!importSecDoc) {
throw BadRequestError({ message: "Import not found" });
}
// check for service token validity
const folders = await Folder.findOne({
workspace: importSecDoc.workspace,
environment: importSecDoc.environment
}).lean();
let secretPath = "/";
if (folders) {
const { folderPath } = getFolderWithPathFromId(folders.nodes, importSecDoc.folderId);
secretPath = folderPath;
}
if (req.authData.authPayload instanceof ServiceTokenData) {
// token permission check
const isValidScopeAccess = isValidScope(
req.authData.authPayload,
importSecDoc.environment,
secretPath
);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
// non token entry check
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: importSecDoc.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
subject(ProjectPermissionSub.Secrets, {
environment: importSecDoc.environment,
secretPath
})
);
}
const orderBefore = importSecDoc.imports;
importSecDoc.imports = secretImports;
await importSecDoc.save();
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.UPDATE_SECRET_IMPORT,
metadata: {
importToEnvironment: importSecDoc.environment,
importToSecretPath: secretPath,
secretImportId: importSecDoc._id.toString(),
folderId: importSecDoc.folderId.toString(),
orderBefore,
orderAfter: secretImports
}
},
{
workspaceId: importSecDoc.workspace
}
);
return res.status(200).json({ message: "successfully updated secret import" });
};
/**
* Delete secret import
* @param req
* @param res
* @returns
*/
export const deleteSecretImport = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Delete secret import'
#swagger.description = 'Delete secret import'
#swagger.parameters['id'] = {
in: 'path',
description: 'ID of parent secret import document from which to delete secret import',
required: true,
type: 'string',
example: '12345abcde'
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"secretImportEnv": {
"type": "string",
"description": "Slug of environment of import to delete",
"example": "someWorkspaceId"
},
"secretImportPath": {
"type": "string",
"description": "Path like / or /foo/bar of import to delete",
"example": "production"
}
},
"required": ["id", "secretImportEnv", "secretImportPath"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "successfully delete secret import"
}
},
"description": "Confirmation of secret import deletion"
}
}
}
}
*/
const {
params: { id },
body: { secretImportEnv, secretImportPath }
} = await validateRequest(reqValidator.DeleteSecretImportV1, req);
const importSecDoc = await SecretImport.findById(id);
if (!importSecDoc) {
throw BadRequestError({ message: "Import not found" });
}
// check for service token validity
const folders = await Folder.findOne({
workspace: importSecDoc.workspace,
environment: importSecDoc.environment
}).lean();
let secretPath = "/";
if (folders) {
const { folderPath } = getFolderWithPathFromId(folders.nodes, importSecDoc.folderId);
secretPath = folderPath;
}
if (req.authData.authPayload instanceof ServiceTokenData) {
const isValidScopeAccess = isValidScope(
req.authData.authPayload,
importSecDoc.environment,
secretPath
);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: importSecDoc.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
subject(ProjectPermissionSub.Secrets, {
environment: importSecDoc.environment,
secretPath
})
);
}
importSecDoc.imports = importSecDoc.imports.filter(
({ environment, secretPath }) =>
!(environment === secretImportEnv && secretPath === secretImportPath)
);
await importSecDoc.save();
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.DELETE_SECRET_IMPORT,
metadata: {
secretImportId: importSecDoc._id.toString(),
folderId: importSecDoc.folderId.toString(),
importFromEnvironment: secretImportEnv,
importFromSecretPath: secretImportPath,
importToEnvironment: importSecDoc.environment,
importToSecretPath: secretPath
}
},
{
workspaceId: importSecDoc.workspace
}
);
return res.status(200).json({ message: "successfully delete secret import" });
};
/**
* Get secret imports
* @param req
* @param res
* @returns
*/
export const getSecretImports = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Get secret imports'
#swagger.description = 'Get secret imports'
#swagger.parameters['workspaceId'] = {
in: 'query',
description: 'ID of workspace where to get secret imports from',
required: true,
type: 'string',
example: 'workspace12345'
}
#swagger.parameters['environment'] = {
in: 'query',
description: 'Slug of environment where to get secret imports from',
required: true,
type: 'string',
example: 'production'
}
#swagger.parameters['directory'] = {
in: 'query',
description: 'Path where to get secret imports from like / or /foo/bar. Default is /',
required: false,
type: 'string',
example: 'folder12345'
}
#swagger.responses[200] = {
description: 'Successfully retrieved secret import',
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"secretImport": {
$ref: '#/definitions/SecretImport'
}
}
}
}
}
}
#swagger.responses[403] = {
description: 'Forbidden access due to insufficient permissions',
}
#swagger.responses[401] = {
description: 'Unauthorized access due to invalid token or scope',
}
*/
const {
query: { workspaceId, environment, directory }
} = await validateRequest(reqValidator.GetSecretImportsV1, req);
if (req.authData.authPayload instanceof ServiceTokenData) {
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
subject(ProjectPermissionSub.Secrets, {
environment,
secretPath: directory
})
);
}
const folders = await Folder.findOne({
workspace: workspaceId,
environment
}).lean();
if (!folders && directory !== "/") throw BadRequestError({ message: "Folder not found" });
let folderId = "root";
if (folders) {
const folder = getFolderByPath(folders.nodes, directory);
if (!folder) throw BadRequestError({ message: "Folder not found" });
folderId = folder.id;
}
const importSecDoc = await SecretImport.findOne({
workspace: workspaceId,
environment,
folderId
});
if (!importSecDoc) {
return res.status(200).json({ secretImport: {} });
}
return res.status(200).json({ secretImport: importSecDoc });
};
/**
* Get all secret imports
* @param req
* @param res
* @returns
*/
export const getAllSecretsFromImport = async (req: Request, res: Response) => {
const {
query: { workspaceId, environment, directory }
} = await validateRequest(reqValidator.GetAllSecretsFromImportV1, req);
if (req.authData.authPayload instanceof ServiceTokenData) {
// check for service token validity
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
subject(ProjectPermissionSub.Secrets, {
environment,
secretPath: directory
})
);
}
const folders = await Folder.findOne({
workspace: workspaceId,
environment
}).lean();
if (!folders && directory !== "/") throw BadRequestError({ message: "Folder not found" });
let folderId = "root";
if (folders) {
const folder = getFolderByPath(folders.nodes, directory);
if (!folder) throw BadRequestError({ message: "Folder not found" });
folderId = folder.id;
}
const importSecDoc = await SecretImport.findOne({
workspace: workspaceId,
environment,
folderId
});
if (!importSecDoc) {
return res.status(200).json({ secrets: [] });
}
let secretPath = "/";
if (folders) {
const { folderPath } = getFolderWithPathFromId(folders.nodes, importSecDoc.folderId);
secretPath = folderPath;
}
let permissionCheckFn: (env: string, secPath: string) => boolean; // used to pass as callback function to import secret
if (req.authData.authPayload instanceof ServiceTokenData) {
// check for service token validity
const isValidScopeAccess = isValidScope(
req.authData.authPayload,
importSecDoc.environment,
secretPath
);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
permissionCheckFn = (env: string, secPath: string) =>
isValidScope(req.authData.authPayload as IServiceTokenData, env, secPath);
} else {
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: importSecDoc.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
subject(ProjectPermissionSub.Secrets, {
environment: importSecDoc.environment,
secretPath
})
);
permissionCheckFn = (env: string, secPath: string) =>
permission.can(
ProjectPermissionActions.Read,
subject(ProjectPermissionSub.Secrets, {
environment: env,
secretPath: secPath
})
);
}
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.GET_SECRET_IMPORTS,
metadata: {
environment,
secretImportId: importSecDoc._id.toString(),
folderId,
numberOfImports: importSecDoc.imports.length
}
},
{
workspaceId: importSecDoc.workspace
}
);
const secrets = await getAllImportedSecrets(
workspaceId,
environment,
folderId,
permissionCheckFn
);
return res.status(200).json({ secrets });
};

View File

@@ -1,193 +0,0 @@
import { Request, Response } from "express";
import {
GitAppInstallationSession,
GitAppOrganizationInstallation,
GitRisks
} from "../../ee/models";
import crypto from "crypto";
import { Types } from "mongoose";
import { OrganizationNotFoundError, UnauthorizedRequestError } from "../../utils/errors";
import { scanGithubFullRepoForSecretLeaks } from "../../queues/secret-scanning/githubScanFullRepository";
import { getSecretScanningGitAppId, getSecretScanningPrivateKey } from "../../config";
import {
STATUS_RESOLVED_FALSE_POSITIVE,
STATUS_RESOLVED_NOT_REVOKED,
STATUS_RESOLVED_REVOKED
} from "../../ee/models/gitRisks";
import { ProbotOctokit } from "probot";
import { Organization } from "../../models";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/secretScanning";
import {
OrgPermissionActions,
OrgPermissionSubjects,
getAuthDataOrgPermissions
} from "../../ee/services/RoleService";
import { ForbiddenError } from "@casl/ability";
export const createInstallationSession = async (req: Request, res: Response) => {
const sessionId = crypto.randomBytes(16).toString("hex");
const {
params: { organizationId }
} = await validateRequest(reqValidator.CreateInstalLSessionv1, req);
const organization = await Organization.findById(organizationId);
if (!organization) {
throw OrganizationNotFoundError({
message: "Failed to find organization"
});
}
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Create,
OrgPermissionSubjects.SecretScanning
);
await GitAppInstallationSession.findByIdAndUpdate(
organization,
{
organization: organization.id,
sessionId: sessionId,
user: new Types.ObjectId(req.user._id)
},
{ upsert: true }
).lean();
res.send({
sessionId: sessionId
});
};
export const linkInstallationToOrganization = async (req: Request, res: Response) => {
const {
body: { sessionId, installationId }
} = await validateRequest(reqValidator.LinkInstallationToOrgv1, req);
const installationSession = await GitAppInstallationSession.findOneAndDelete({
sessionId: sessionId
});
if (!installationSession) {
throw UnauthorizedRequestError();
}
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: installationSession.organization
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Edit,
OrgPermissionSubjects.SecretScanning
);
const installationLink = await GitAppOrganizationInstallation.findOneAndUpdate(
{
organizationId: installationSession.organization
},
{
installationId: installationId,
organizationId: installationSession.organization,
user: installationSession.user
},
{
upsert: true
}
).lean();
const octokit = new ProbotOctokit({
auth: {
appId: await getSecretScanningGitAppId(),
privateKey: await getSecretScanningPrivateKey(),
installationId: installationId.toString()
}
});
const {
data: { repositories }
} = await octokit.apps.listReposAccessibleToInstallation();
for (const repository of repositories) {
scanGithubFullRepoForSecretLeaks({
organizationId: installationSession.organization.toString(),
installationId,
repository: { id: repository.id, fullName: repository.full_name }
});
}
res.json(installationLink);
};
export const getCurrentOrganizationInstallationStatus = async (req: Request, res: Response) => {
const { organizationId } = req.params;
try {
const appInstallation = await GitAppOrganizationInstallation.findOne({
organizationId: organizationId
}).lean();
if (!appInstallation) {
res.json({
appInstallationComplete: false
});
}
res.json({
appInstallationComplete: true
});
} catch {
res.json({
appInstallationComplete: false
});
}
};
export const getRisksForOrganization = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgRisksv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.SecretScanning
);
const risks = await GitRisks.find({ organization: organizationId })
.sort({ createdAt: -1 })
.lean();
res.json({
risks: risks
});
};
export const updateRisksStatus = async (req: Request, res: Response) => {
const {
params: { organizationId, riskId },
body: { status }
} = await validateRequest(reqValidator.UpdateRiskStatusv1, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Edit,
OrgPermissionSubjects.SecretScanning
);
const isRiskResolved =
status == STATUS_RESOLVED_FALSE_POSITIVE ||
status == STATUS_RESOLVED_REVOKED ||
status == STATUS_RESOLVED_NOT_REVOKED
? true
: false;
const risk = await GitRisks.findByIdAndUpdate(riskId, {
status: status,
isResolved: isRiskResolved
}).lean();
res.json(risk);
};

View File

@@ -1,680 +0,0 @@
import { ForbiddenError, subject } from "@casl/ability";
import { Request, Response } from "express";
import { Types } from "mongoose";
import { EventType, FolderVersion } from "../../ee/models";
import { EEAuditLogService, EESecretService } from "../../ee/services";
import { isValidScope } from "../../helpers/secrets";
import { validateRequest } from "../../helpers/validation";
import { Secret, ServiceTokenData } from "../../models";
import { Folder } from "../../models/folder";
import {
appendFolder,
getAllFolderIds,
getFolderByPath,
getFolderWithPathFromId,
validateFolderName
} from "../../services/FolderService";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { BadRequestError, UnauthorizedRequestError } from "../../utils/errors";
import * as reqValidator from "../../validation/folders";
const ERR_FOLDER_NOT_FOUND = BadRequestError({ message: "The folder doesn't exist" });
// verify workspace id/environment
export const createFolder = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Create folder'
#swagger.description = 'Create folder'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"workspaceId": {
"type": "string",
"description": "ID of the workspace where to create folder",
"example": "someWorkspaceId"
},
"environment": {
"type": "string",
"description": "Slug of environment where to create folder",
"example": "production"
},
"folderName": {
"type": "string",
"description": "Name of folder to create",
"example": "my_folder"
},
"directory": {
"type": "string",
"description": "Path where to create folder like / or /foo/bar. Default is /",
"example": "/foo/bar"
}
},
"required": ["workspaceId", "environment", "folderName"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"folder": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "ID of folder",
"example": "someFolderId"
},
"name": {
"type": "string",
"description": "Name of folder",
"example": "my_folder"
},
"version": {
"type": "number",
"description": "Version of folder",
"example": 1
}
},
"description": "Details of created folder"
}
}
}
}
}
}
#swagger.responses[400] = {
description: "Bad Request. For example, 'Folder name cannot contain spaces. Only underscore and dashes'"
}
#swagger.responses[401] = {
description: "Unauthorized request. For example, 'Folder Permission Denied'"
}
*/
const {
body: { workspaceId, environment, folderName, directory }
} = await validateRequest(reqValidator.CreateFolderV1, req);
if (!validateFolderName(folderName)) {
throw BadRequestError({
message: "Folder name cannot contain spaces. Only underscore and dashes"
});
}
if (req.authData.authPayload instanceof ServiceTokenData) {
// token check
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
// user check
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
);
}
const folders = await Folder.findOne({
workspace: workspaceId,
environment
}).lean();
// space has no folders initialized
if (!folders) {
const folder = new Folder({
workspace: workspaceId,
environment,
nodes: {
id: "root",
name: "root",
version: 1,
children: []
}
});
const { parent, child } = appendFolder(folder.nodes, { folderName, directory });
await folder.save();
const folderVersion = new FolderVersion({
workspace: workspaceId,
environment,
nodes: parent
});
await folderVersion.save();
await EESecretService.takeSecretSnapshot({
workspaceId: new Types.ObjectId(workspaceId),
environment
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_FOLDER,
metadata: {
environment,
folderId: child.id,
folderName,
folderPath: directory
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.json({ folder: { id: child.id, name: folderName } });
}
const { parent, child, hasCreated } = appendFolder(folders.nodes, { folderName, directory });
if (!hasCreated) return res.json({ folder: child });
await Folder.findByIdAndUpdate(folders._id, folders);
const folderVersion = new FolderVersion({
workspace: workspaceId,
environment,
nodes: parent
});
await folderVersion.save();
await EESecretService.takeSecretSnapshot({
workspaceId: new Types.ObjectId(workspaceId),
environment,
folderId: child.id
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_FOLDER,
metadata: {
environment,
folderId: child.id,
folderName,
folderPath: directory
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.json({ folder: child });
};
/**
* Update folder with id [folderId]
* @param req
* @param res
* @returns
*/
export const updateFolderById = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Update folder'
#swagger.description = 'Update folder'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['folderName'] = {
"description": "Name of folder to update",
"required": true,
"type": "string"
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"workspaceId": {
"type": "string",
"description": "ID of workspace where to update folder",
"example": "someWorkspaceId"
},
"environment": {
"type": "string",
"description": "Slug of environment where to update folder",
"example": "production"
},
"name": {
"type": "string",
"description": "Name of folder to update to",
"example": "updated_folder_name"
},
"directory": {
"type": "string",
"description": "Path where to update folder like / or /foo/bar. Default is /",
"example": "/foo/bar"
}
},
"required": ["workspaceId", "environment", "name"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"description": "Success message",
"example": "Successfully updated folder"
},
"folder": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Name of updated folder",
"example": "updated_folder_name"
},
"id": {
"type": "string",
"description": "ID of created folder",
"example": "abc123"
}
},
"description": "Details of the updated folder"
}
}
}
}
}
}
#swagger.responses[400] = {
description: "Bad Request. Reasons can include 'The folder doesn't exist' or 'Folder name cannot contain spaces. Only underscore and dashes'"
}
#swagger.responses[401] = {
description: "Unauthorized request. For example, 'Folder Permission Denied'"
}
*/
const {
body: { workspaceId, environment, name, directory },
params: { folderName }
} = await validateRequest(reqValidator.UpdateFolderV1, req);
if (!validateFolderName(name)) {
throw BadRequestError({
message: "Folder name cannot contain spaces. Only underscore and dashes"
});
}
if (req.authData.authPayload instanceof ServiceTokenData) {
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
);
}
const folders = await Folder.findOne({ workspace: workspaceId, environment });
if (!folders) {
throw BadRequestError({ message: "The folder doesn't exist" });
}
const parentFolder = getFolderByPath(folders.nodes, directory);
if (!parentFolder) {
throw BadRequestError({ message: "The folder doesn't exist" });
}
const folder = parentFolder.children.find(({ name }) => name === folderName);
if (!folder) throw ERR_FOLDER_NOT_FOUND;
const oldFolderName = folder.name;
parentFolder.version += 1;
folder.name = name;
await Folder.findByIdAndUpdate(folders._id, folders);
const folderVersion = new FolderVersion({
workspace: workspaceId,
environment,
nodes: parentFolder
});
await folderVersion.save();
await EESecretService.takeSecretSnapshot({
workspaceId: new Types.ObjectId(workspaceId),
environment,
folderId: parentFolder.id
});
const { folderPath } = getFolderWithPathFromId(folders.nodes, folder.id);
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.UPDATE_FOLDER,
metadata: {
environment,
folderId: folder.id,
oldFolderName,
newFolderName: name,
folderPath
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.json({
message: "Successfully updated folder",
folder: { name: folder.name, id: folder.id }
});
};
/**
* Delete folder with id [folderId]
* @param req
* @param res
* @returns
*/
export const deleteFolder = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Delete folder'
#swagger.description = 'Delete folder'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['folderName'] = {
"description": "Name of folder to delete",
"required": true,
"type": "string",
"in": "path"
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"workspaceId": {
"type": "string",
"description": "ID of the workspace where to delete folder",
"example": "someWorkspaceId"
},
"environment": {
"type": "string",
"description": "Slug of environment where to delete folder",
"example": "production"
},
"directory": {
"type": "string",
"description": "Path where to delete folder like / or /foo/bar. Default is /",
"example": "/foo/bar"
}
},
"required": ["workspaceId", "environment"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"description": "Success message",
"example": "successfully deleted folders"
},
"folders": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "ID of deleted folder",
"example": "abc123"
},
"name": {
"type": "string",
"description": "Name of deleted folder",
"example": "someFolderName"
}
}
},
"description": "List of IDs and names of deleted folders"
}
}
}
}
}
}
#swagger.responses[400] = {
description: "Bad Request. Reasons can include 'The folder doesn't exist'"
}
#swagger.responses[401] = {
description: "Unauthorized request. For example, 'Folder Permission Denied'"
}
*/
const {
params: { folderName },
body: { environment, workspaceId, directory }
} = await validateRequest(reqValidator.DeleteFolderV1, req);
if (req.authData.authPayload instanceof ServiceTokenData) {
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
// check that user is a member of the workspace
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
);
}
const folders = await Folder.findOne({ workspace: workspaceId, environment });
if (!folders) throw ERR_FOLDER_NOT_FOUND;
const parentFolder = getFolderByPath(folders.nodes, directory);
if (!parentFolder) throw ERR_FOLDER_NOT_FOUND;
const index = parentFolder.children.findIndex(({ name }) => name === folderName);
if (index === -1) throw ERR_FOLDER_NOT_FOUND;
const deletedFolder = parentFolder.children.splice(index, 1)[0];
parentFolder.version += 1;
const delFolderIds = getAllFolderIds(deletedFolder);
await Folder.findByIdAndUpdate(folders._id, folders);
const folderVersion = new FolderVersion({
workspace: workspaceId,
environment,
nodes: parentFolder
});
await folderVersion.save();
if (delFolderIds.length) {
await Secret.deleteMany({
folder: { $in: delFolderIds.map(({ id }) => id) },
workspace: workspaceId,
environment
});
}
await EESecretService.takeSecretSnapshot({
workspaceId: new Types.ObjectId(workspaceId),
environment,
folderId: parentFolder.id
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.DELETE_FOLDER,
metadata: {
environment,
folderId: deletedFolder.id,
folderName: deletedFolder.name,
folderPath: directory
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.send({ message: "successfully deleted folders", folders: delFolderIds });
};
/**
* Get folders for workspace with id [workspaceId] and environment [environment]
* considering directory/path [directory]
* @param req
* @param res
* @returns
*/
export const getFolders = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Get folders'
#swagger.description = 'Get folders'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of the workspace where to get folders from",
"required": true,
"type": "string",
"in": "query"
}
#swagger.parameters['environment'] = {
"description": "Slug of environment where to get folders from",
"required": true,
"type": "string",
"in": "query"
}
#swagger.parameters['directory'] = {
"description": "Path where to get fodlers from like / or /foo/bar. Default is /",
"required": false,
"type": "string",
"in": "query"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"folders": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "someFolderId"
},
"name": {
"type": "string",
"example": "someFolderName"
}
}
},
"description": "List of folders"
}
}
}
}
}
}
#swagger.responses[400] = {
description: "Bad Request. For instance, 'The folder doesn't exist'"
}
#swagger.responses[401] = {
description: "Unauthorized request. For example, 'Folder Permission Denied'"
}
*/
const {
query: { workspaceId, environment, directory }
} = await validateRequest(reqValidator.GetFoldersV1, req);
if (req.authData.authPayload instanceof ServiceTokenData) {
const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, directory);
if (!isValidScopeAccess) {
throw UnauthorizedRequestError({ message: "Folder Permission Denied" });
}
} else {
// check that user is a member of the workspace
await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
}
const folders = await Folder.findOne({ workspace: workspaceId, environment });
if (!folders) {
return res.send({ folders: [], dir: [] });
}
const folder = getFolderByPath(folders.nodes, directory);
return res.send({
folders: folder?.children?.map(({ id, name }) => ({ id, name })) || []
});
};

View File

@@ -1,75 +0,0 @@
import { Request, Response } from "express";
import { ServiceToken } from "../../models";
import { createToken } from "../../helpers/auth";
import { getJwtServiceSecret } from "../../config";
/**
* Return service token on request
* @param req
* @param res
* @returns
*/
export const getServiceToken = async (req: Request, res: Response) => {
return res.status(200).send({
serviceToken: req.serviceToken,
});
};
/**
* Create and return a new service token
* @param req
* @param res
* @returns
*/
export const createServiceToken = async (req: Request, res: Response) => {
let token;
try {
const {
name,
workspaceId,
environment,
expiresIn,
publicKey,
encryptedKey,
nonce,
} = req.body;
// validate environment
const workspaceEnvs = req.membership.workspace.environments;
if (!workspaceEnvs.find(({ slug }: { slug: string }) => slug === environment)) {
throw new Error("Failed to validate environment");
}
// compute access token expiration date
const expiresAt = new Date();
expiresAt.setSeconds(expiresAt.getSeconds() + expiresIn);
const serviceToken = await new ServiceToken({
name,
user: req.user._id,
workspace: workspaceId,
environment,
expiresAt,
publicKey,
encryptedKey,
nonce,
}).save();
token = createToken({
payload: {
serviceTokenId: serviceToken._id.toString(),
workspaceId,
},
expiresIn: expiresIn,
secret: await getJwtServiceSecret(),
});
} catch (err) {
return res.status(400).send({
message: "Failed to create service token",
});
}
return res.status(200).send({
token,
});
};

View File

@@ -1,99 +0,0 @@
import { Request, Response } from "express";
import { AuthMethod, User } from "../../models";
import { checkEmailVerification, sendEmailVerification } from "../../helpers/signup";
import { createToken } from "../../helpers/auth";
import {
getAuthSecret,
getJwtSignupLifetime,
getSmtpConfigured
} from "../../config";
import { validateUserEmail } from "../../validation";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/auth";
import { AuthTokenType } from "../../variables";
/**
* Signup step 1: Initialize account for user under email [email] and send a verification code
* to that email
* @param req
* @param res
* @returns
*/
export const beginEmailSignup = async (req: Request, res: Response) => {
const {
body: { email }
} = await validateRequest(reqValidator.BeginEmailSignUpV1, req);
// validate that email is not disposable
validateUserEmail(email);
const user = await User.findOne({ email }).select("+publicKey");
if (user && user?.publicKey) {
// case: user has already completed account
return res.status(403).send({
error: "Failed to send email verification code for complete account"
});
}
// send send verification email
await sendEmailVerification({ email });
return res.status(200).send({
message: `Sent an email verification code to ${email}`
});
};
/**
* Signup step 2: Verify that code [code] was sent to email [email] and issue
* a temporary signup token for user to complete setting up their account
* @param req
* @param res
* @returns
*/
export const verifyEmailSignup = async (req: Request, res: Response) => {
let user;
const {
body: { email, code }
} = await validateRequest(reqValidator.VerifyEmailSignUpV1, req);
// initialize user account
user = await User.findOne({ email }).select("+publicKey");
if (user && user?.publicKey) {
// case: user has already completed account
return res.status(403).send({
error: "Failed email verification for complete user"
});
}
// verify email
if (await getSmtpConfigured()) {
await checkEmailVerification({
email,
code
});
}
if (!user) {
user = await new User({
email,
authMethods: [AuthMethod.EMAIL]
}).save();
}
// generate temporary signup token
const token = createToken({
payload: {
authTokenType: AuthTokenType.SIGNUP_TOKEN,
userId: user._id.toString()
},
expiresIn: await getJwtSignupLifetime(),
secret: await getAuthSecret()
});
return res.status(200).send({
message: "Successfuly verified email",
user,
token
});
};

File diff suppressed because it is too large Load Diff

View File

@@ -1,56 +0,0 @@
import { Request, Response } from "express";
import { validateRequest } from "../../helpers/validation";
import { UserAction } from "../../models";
import * as reqValidator from "../../validation/action";
/**
* Add user action [action]
* @param req
* @param res
* @returns
*/
export const addUserAction = async (req: Request, res: Response) => {
// add/record new action [action] for user with id [req.user._id]
const {
body: { action }
} = await validateRequest(reqValidator.AddUserActionV1, req);
const userAction = await UserAction.findOneAndUpdate(
{
user: req.user._id,
action
},
{ user: req.user._id, action },
{
new: true,
upsert: true
}
);
return res.status(200).send({
message: "Successfully recorded user action",
userAction
});
};
/**
* Return user action [action] for user
* @param req
* @param res
* @returns
*/
export const getUserAction = async (req: Request, res: Response) => {
// get user action [action] for user with id [req.user._id]
const {
query: { action }
} = await validateRequest(reqValidator.GetUserActionV1, req);
const userAction = await UserAction.findOne({
user: req.user._id,
action
});
return res.status(200).send({
userAction
});
};

View File

@@ -1,13 +0,0 @@
import { Request, Response } from "express";
/**
* Return user on request
* @param req
* @param res
* @returns
*/
export const getUser = async (req: Request, res: Response) => {
return res.status(200).send({
user: req.user,
});
};

View File

@@ -1,268 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import { client, getEncryptionKey, getRootEncryptionKey } from "../../config";
import { Webhook } from "../../models";
import { getWebhookPayload, triggerWebhookRequest } from "../../services/WebhookService";
import { BadRequestError, ResourceNotFoundError } from "../../utils/errors";
import { EEAuditLogService } from "../../ee/services";
import { EventType } from "../../ee/models";
import {
ALGORITHM_AES_256_GCM,
ENCODING_SCHEME_BASE64,
ENCODING_SCHEME_UTF8
} from "../../variables";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/webhooks";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
import { encryptSymmetric128BitHexKeyUTF8 } from "../../utils/crypto";
export const createWebhook = async (req: Request, res: Response) => {
const {
body: { webhookUrl, webhookSecretKey, environment, workspaceId, secretPath }
} = await validateRequest(reqValidator.CreateWebhookV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Webhooks
);
const webhook = new Webhook({
workspace: workspaceId,
environment,
secretPath,
url: webhookUrl
});
if (webhookSecretKey) {
const encryptionKey = await getEncryptionKey();
const rootEncryptionKey = await getRootEncryptionKey();
if (rootEncryptionKey) {
const { ciphertext, iv, tag } = client.encryptSymmetric(webhookSecretKey, rootEncryptionKey);
webhook.iv = iv;
webhook.tag = tag;
webhook.encryptedSecretKey = ciphertext;
webhook.algorithm = ALGORITHM_AES_256_GCM;
webhook.keyEncoding = ENCODING_SCHEME_BASE64;
} else if (encryptionKey) {
const { ciphertext, iv, tag } = encryptSymmetric128BitHexKeyUTF8({
plaintext: webhookSecretKey,
key: encryptionKey
});
webhook.iv = iv;
webhook.tag = tag;
webhook.encryptedSecretKey = ciphertext;
webhook.algorithm = ALGORITHM_AES_256_GCM;
webhook.keyEncoding = ENCODING_SCHEME_UTF8;
}
}
await webhook.save();
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_WEBHOOK,
metadata: {
webhookId: webhook._id.toString(),
environment,
secretPath,
webhookUrl,
isDisabled: false
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.status(200).send({
webhook,
message: "successfully created webhook"
});
};
export const updateWebhook = async (req: Request, res: Response) => {
const {
body: { isDisabled },
params: { webhookId }
} = await validateRequest(reqValidator.UpdateWebhookV1, req);
const webhook = await Webhook.findById(webhookId);
if (!webhook) {
throw BadRequestError({ message: "Webhook not found!!" });
}
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: webhook.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Webhooks
);
if (typeof isDisabled !== undefined) {
webhook.isDisabled = isDisabled;
}
await webhook.save();
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.UPDATE_WEBHOOK_STATUS,
metadata: {
webhookId: webhook._id.toString(),
environment: webhook.environment,
secretPath: webhook.secretPath,
webhookUrl: webhook.url,
isDisabled
}
},
{
workspaceId: webhook.workspace
}
);
return res.status(200).send({
webhook,
message: "successfully updated webhook"
});
};
export const deleteWebhook = async (req: Request, res: Response) => {
const {
params: { webhookId }
} = await validateRequest(reqValidator.DeleteWebhookV1, req);
let webhook = await Webhook.findById(webhookId);
if (!webhook) {
throw ResourceNotFoundError({ message: "Webhook not found!!" });
}
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: webhook.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Webhooks
);
webhook = await Webhook.findByIdAndDelete(webhookId);
if (!webhook) {
throw ResourceNotFoundError({ message: "Webhook not found!!" });
}
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.DELETE_WEBHOOK,
metadata: {
webhookId: webhook._id.toString(),
environment: webhook.environment,
secretPath: webhook.secretPath,
webhookUrl: webhook.url,
isDisabled: webhook.isDisabled
}
},
{
workspaceId: webhook.workspace
}
);
return res.status(200).send({
message: "successfully removed webhook"
});
};
export const testWebhook = async (req: Request, res: Response) => {
const {
params: { webhookId }
} = await validateRequest(reqValidator.TestWebhookV1, req);
const webhook = await Webhook.findById(webhookId);
if (!webhook) {
throw BadRequestError({ message: "Webhook not found!!" });
}
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: webhook.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Webhooks
);
try {
await triggerWebhookRequest(
webhook,
getWebhookPayload(
"test",
webhook.workspace.toString(),
webhook.environment,
webhook.secretPath
)
);
await Webhook.findByIdAndUpdate(webhookId, {
lastStatus: "success",
lastRunErrorMessage: null
});
} catch (err) {
await Webhook.findByIdAndUpdate(webhookId, {
lastStatus: "failed",
lastRunErrorMessage: (err as Error).message
});
return res.status(400).send({
message: "Failed to receive response",
error: (err as Error).message
});
}
return res.status(200).send({
message: "Successfully received response"
});
};
export const listWebhooks = async (req: Request, res: Response) => {
const {
query: { environment, workspaceId, secretPath }
} = await validateRequest(reqValidator.ListWebhooksV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Webhooks
);
const optionalFilters: Record<string, string> = {};
if (environment) optionalFilters.environment = environment as string;
if (secretPath) optionalFilters.secretPath = secretPath as string;
const webhooks = await Webhook.find({
workspace: new Types.ObjectId(workspaceId as string),
...optionalFilters
});
return res.status(200).send({
webhooks
});
};

View File

@@ -1,359 +0,0 @@
import { Types } from "mongoose";
import { Request, Response } from "express";
import {
IUser,
Integration,
IntegrationAuth,
Membership,
Organization,
ServiceToken,
Workspace
} from "../../models";
import { createWorkspace as create, deleteWorkspace as deleteWork } from "../../helpers/workspace";
import { EELicenseService } from "../../ee/services";
import { addMemberships } from "../../helpers/membership";
import { ADMIN } from "../../variables";
import { OrganizationNotFoundError } from "../../utils/errors";
import {
OrgPermissionActions,
OrgPermissionSubjects,
getAuthDataOrgPermissions
} from "../../ee/services/RoleService";
import { ForbiddenError } from "@casl/ability";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
/**
* Return public keys of members of workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspacePublicKeys = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspacePublicKeysV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Member
);
const publicKeys = (
await Membership.find({
workspace: workspaceId
}).populate<{ user: IUser }>("user", "publicKey")
).map((member) => {
return {
publicKey: member.user.publicKey,
userId: member.user._id
};
});
return res.status(200).send({
publicKeys
});
};
/**
* Return memberships for workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspaceMemberships = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceMembershipsV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Member
);
const users = await Membership.find({
workspace: workspaceId
}).populate("user", "+publicKey");
return res.status(200).send({
users
});
};
/**
* Return workspaces that user is part of
* @param req
* @param res
* @returns
*/
export const getWorkspaces = async (req: Request, res: Response) => {
const workspaces = (
await Membership.find({
user: req.user._id
}).populate("workspace")
).map((m) => m.workspace);
return res.status(200).send({
workspaces
});
};
/**
* Return workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspace = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceV1, req);
const workspace = await Workspace.findOne({
_id: workspaceId
});
return res.status(200).send({
workspace
});
};
/**
* Create new workspace named [workspaceName] under organization with id
* [organizationId] and add user as admin
* @param req
* @param res
* @returns
*/
export const createWorkspace = async (req: Request, res: Response) => {
const {
body: { organizationId, workspaceName }
} = await validateRequest(reqValidator.CreateWorkspaceV1, req);
const organization = await Organization.findById(organizationId);
if (!organization) {
throw OrganizationNotFoundError({
message: "Failed to find organization"
});
}
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Create,
OrgPermissionSubjects.Workspace
);
const plan = await EELicenseService.getPlan(new Types.ObjectId(organizationId));
if (plan.workspaceLimit !== null) {
// case: limit imposed on number of workspaces allowed
if (plan.workspacesUsed >= plan.workspaceLimit) {
// case: number of workspaces used exceeds the number of workspaces allowed
return res.status(400).send({
message:
"Failed to create workspace due to plan limit reached. Upgrade plan to add more workspaces."
});
}
}
if (workspaceName.length < 1) {
throw new Error("Workspace names must be at least 1-character long");
}
// create workspace and add user as member
const workspace = await create({
name: workspaceName,
organizationId: new Types.ObjectId(organizationId)
});
await addMemberships({
userIds: [req.user._id],
workspaceId: workspace._id.toString(),
roles: [ADMIN]
});
return res.status(200).send({
workspace
});
};
/**
* Delete workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const deleteWorkspace = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.DeleteWorkspaceV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Workspace
);
// delete workspace
const workspace = await deleteWork({
workspaceId: new Types.ObjectId(workspaceId)
});
return res.status(200).send({
workspace
});
};
/**
* Change name of workspace with id [workspaceId] to [name]
* @param req
* @param res
* @returns
*/
export const changeWorkspaceName = async (req: Request, res: Response) => {
const {
params: { workspaceId },
body: { name }
} = await validateRequest(reqValidator.ChangeWorkspaceNameV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Workspace
);
const workspace = await Workspace.findOneAndUpdate(
{
_id: workspaceId
},
{
name
},
{
new: true
}
);
return res.status(200).send({
message: "Successfully changed workspace name",
workspace
});
};
/**
* Return integrations for workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspaceIntegrations = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceIntegrationsV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Integrations
);
const integrations = await Integration.find({
workspace: workspaceId
});
return res.status(200).send({
integrations
});
};
/**
* Return (integration) authorizations for workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspaceIntegrationAuthorizations = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceIntegrationAuthorizationsV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Integrations
);
const authorizations = await IntegrationAuth.find({
workspace: workspaceId
});
return res.status(200).send({
authorizations
});
};
/**
* Return service service tokens for workspace [workspaceId] belonging to user
* @param req
* @param res
* @returns
*/
export const getWorkspaceServiceTokens = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceServiceTokensV1, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.ServiceTokens
);
// ?? FIX.
const serviceTokens = await ServiceToken.find({
user: req.user._id,
workspace: workspaceId
});
return res.status(200).send({
serviceTokens
});
};

View File

@@ -1,315 +0,0 @@
/* eslint-disable @typescript-eslint/no-var-requires */
import { Request, Response } from "express";
import jwt from "jsonwebtoken";
import * as bigintConversion from "bigint-conversion";
const jsrp = require("jsrp");
import { LoginSRPDetail, User } from "../../models";
import { createToken, issueAuthTokens } from "../../helpers/auth";
import { checkUserDevice } from "../../helpers/user";
import { sendMail } from "../../helpers/nodemailer";
import { TokenService } from "../../services";
import { BadRequestError, InternalServerError } from "../../utils/errors";
import { AuthTokenType, TOKEN_EMAIL_MFA } from "../../variables";
import { getAuthSecret, getHttpsEnabled, getJwtMfaLifetime } from "../../config";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/auth";
declare module "jsonwebtoken" {
export interface UserIDJwtPayload extends jwt.JwtPayload {
userId: string;
}
}
/**
* Log in user step 1: Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
* @param req
* @param res
* @returns
*/
export const login1 = async (req: Request, res: Response) => {
const { email, clientPublicKey }: { email: string; clientPublicKey: string } = req.body;
const user = await User.findOne({
email
}).select("+salt +verifier");
if (!user) throw new Error("Failed to find user");
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier
},
async () => {
// generate server-side public key
const serverPublicKey = server.getPublicKey();
await LoginSRPDetail.findOneAndReplace(
{ email: email },
{
email: email,
clientPublicKey: clientPublicKey,
serverBInt: bigintConversion.bigintToBuf(server.bInt)
},
{ upsert: true, returnNewDocument: false }
);
return res.status(200).send({
serverPublicKey,
salt: user.salt
});
}
);
};
/**
* Log in user step 2: complete step 2 of SRP protocol and return token and their (encrypted)
* private key
* @param req
* @param res
* @returns
*/
export const login2 = async (req: Request, res: Response) => {
if (!req.headers["user-agent"])
throw InternalServerError({ message: "User-Agent header is required" });
const { email, clientProof } = req.body;
const user = await User.findOne({
email
}).select(
"+salt +verifier +encryptionVersion +protectedKey +protectedKeyIV +protectedKeyTag +publicKey +encryptedPrivateKey +iv +tag +devices"
);
if (!user) throw new Error("Failed to find user");
const loginSRPDetail = await LoginSRPDetail.findOneAndDelete({ email: email });
if (!loginSRPDetail) {
return BadRequestError(Error("Failed to find login details for SRP"));
}
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier,
b: loginSRPDetail.serverBInt
},
async () => {
server.setClientPublicKey(loginSRPDetail.clientPublicKey);
// compare server and client shared keys
if (server.checkClientProof(clientProof)) {
if (user.isMfaEnabled) {
// case: user has MFA enabled
// generate temporary MFA token
const token = createToken({
payload: {
authTokenType: AuthTokenType.MFA_TOKEN,
userId: user._id.toString()
},
expiresIn: await getJwtMfaLifetime(),
secret: await getAuthSecret()
});
const code = await TokenService.createToken({
type: TOKEN_EMAIL_MFA,
email
});
// send MFA code [code] to [email]
await sendMail({
template: "emailMfa.handlebars",
subjectLine: "Infisical MFA code",
recipients: [email],
substitutions: {
code
}
});
return res.status(200).send({
mfaEnabled: true,
token
});
}
await checkUserDevice({
user,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// issue tokens
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled()
});
// case: user does not have MFA enabled
// return (access) token in response
interface ResponseData {
mfaEnabled: boolean;
encryptionVersion: any;
protectedKey?: string;
protectedKeyIV?: string;
protectedKeyTag?: string;
token: string;
publicKey?: string;
encryptedPrivateKey?: string;
iv?: string;
tag?: string;
}
const response: ResponseData = {
mfaEnabled: false,
encryptionVersion: user.encryptionVersion,
token: tokens.token,
publicKey: user.publicKey,
encryptedPrivateKey: user.encryptedPrivateKey,
iv: user.iv,
tag: user.tag
};
if (user?.protectedKey && user?.protectedKeyIV && user?.protectedKeyTag) {
response.protectedKey = user.protectedKey;
response.protectedKeyIV = user.protectedKeyIV;
response.protectedKeyTag = user.protectedKeyTag;
}
return res.status(200).send(response);
}
return res.status(400).send({
message: "Failed to authenticate. Try again?"
});
}
);
};
/**
* Send MFA token to email [email]
* @param req
* @param res
*/
export const sendMfaToken = async (req: Request, res: Response) => {
const code = await TokenService.createToken({
type: TOKEN_EMAIL_MFA,
email: req.user.email
});
// send MFA code [code] to [email]
await sendMail({
template: "emailMfa.handlebars",
subjectLine: "Infisical MFA code",
recipients: [req.user.email],
substitutions: {
code
}
});
return res.status(200).send({
message: "Successfully sent new MFA code"
});
};
/**
* Verify MFA token [mfaToken] and issue JWT and refresh tokens if the
* MFA token [mfaToken] is valid
* @param req
* @param res
*/
export const verifyMfaToken = async (req: Request, res: Response) => {
const {
body: { mfaToken }
} = await validateRequest(reqValidator.VerifyMfaTokenV2, req);
await TokenService.validateToken({
type: TOKEN_EMAIL_MFA,
email: req.user.email,
token: mfaToken
});
const user = await User.findOne({
email: req.user.email
}).select(
"+salt +verifier +encryptionVersion +protectedKey +protectedKeyIV +protectedKeyTag +publicKey +encryptedPrivateKey +iv +tag +devices"
);
if (!user) throw new Error("Failed to find user");
await LoginSRPDetail.deleteOne({ userId: user.id });
await checkUserDevice({
user,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// issue tokens
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled()
});
interface VerifyMfaTokenRes {
encryptionVersion: number;
protectedKey?: string;
protectedKeyIV?: string;
protectedKeyTag?: string;
token: string;
publicKey: string;
encryptedPrivateKey: string;
iv: string;
tag: string;
}
interface VerifyMfaTokenRes {
encryptionVersion: number;
protectedKey?: string;
protectedKeyIV?: string;
protectedKeyTag?: string;
token: string;
publicKey: string;
encryptedPrivateKey: string;
iv: string;
tag: string;
}
const resObj: VerifyMfaTokenRes = {
encryptionVersion: user.encryptionVersion,
token: tokens.token,
publicKey: user.publicKey as string,
encryptedPrivateKey: user.encryptedPrivateKey as string,
iv: user.iv as string,
tag: user.tag as string
};
if (user?.protectedKey && user?.protectedKeyIV && user?.protectedKeyTag) {
resObj.protectedKey = user.protectedKey;
resObj.protectedKeyIV = user.protectedKeyIV;
resObj.protectedKeyTag = user.protectedKeyTag;
}
return res.status(200).send(resObj);
};

View File

@@ -1,604 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import {
Folder,
Integration,
Membership,
Secret,
ServiceToken,
ServiceTokenData,
Workspace
} from "../../models";
import { EventType, SecretVersion } from "../../ee/models";
import { EEAuditLogService, EELicenseService } from "../../ee/services";
import { BadRequestError, WorkspaceNotFoundError } from "../../utils/errors";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/environments";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
import { SecretImport } from "../../models";
import { Webhook } from "../../models";
/**
* Create new workspace environment named [environmentName]
* with slug [environmentSlug] under workspace with id
* @param req
* @param res
* @returns
*/
export const createWorkspaceEnvironment = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Create environment'
#swagger.description = 'Create environment'
#swagger.security = [{
"apiKeyAuth": [],
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of workspace where to create environment",
"required": true,
"type": "string",
"in": "path"
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"environmentName": {
"type": "string",
"description": "Name of the environment to create",
"example": "development"
},
"environmentSlug": {
"type": "string",
"description": "Slug of environment to create",
"example": "dev-environment"
}
},
"required": ["environmentName", "environmentSlug"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"description": "Sucess message",
"example": "Successfully created environment"
},
"workspace": {
"type": "string",
"description": "ID of workspace where environment was created",
"example": "abc123"
},
"environment": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Name of created environment",
"example": "Staging"
},
"slug": {
"type": "string",
"description": "Slug of created environment",
"example": "staging"
}
}
}
},
"description": "Details of the created environment"
}
}
}
}
*/
const {
params: { workspaceId },
body: { environmentName, environmentSlug }
} = await validateRequest(reqValidator.CreateWorkspaceEnvironmentV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Environments
);
const workspace = await Workspace.findById(workspaceId).exec();
if (!workspace) throw WorkspaceNotFoundError();
const plan = await EELicenseService.getPlan(workspace.organization);
if (plan.environmentLimit !== null) {
// case: limit imposed on number of environments allowed
if (workspace.environments.length >= plan.environmentLimit) {
// case: number of environments used exceeds the number of environments allowed
return res.status(400).send({
message:
"Failed to create environment due to environment limit reached. Upgrade plan to create more environments."
});
}
}
if (
!workspace ||
workspace?.environments.find(
({ name, slug }) => slug === environmentSlug || environmentName === name
)
) {
throw new Error("Failed to create workspace environment");
}
workspace?.environments.push({
name: environmentName,
slug: environmentSlug.toLowerCase()
});
await workspace.save();
await EELicenseService.refreshPlan(workspace.organization, new Types.ObjectId(workspaceId));
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_ENVIRONMENT,
metadata: {
name: environmentName,
slug: environmentSlug
}
},
{
workspaceId: workspace._id
}
);
return res.status(200).send({
message: "Successfully created new environment",
workspace: workspaceId,
environment: {
name: environmentName,
slug: environmentSlug
}
});
};
/**
* Swaps the ordering of two environments in the database. This is purely for aesthetic purposes.
* @param req
* @param res
* @returns
*/
export const reorderWorkspaceEnvironments = async (req: Request, res: Response) => {
const {
params: { workspaceId },
body: { environmentName, environmentSlug, otherEnvironmentSlug, otherEnvironmentName }
} = await validateRequest(reqValidator.ReorderWorkspaceEnvironmentsV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Environments
);
// atomic update the env to avoid conflict
const workspace = await Workspace.findById(workspaceId).exec();
if (!workspace) {
throw BadRequestError({ message: "Couldn't load workspace" });
}
const environmentIndex = workspace.environments.findIndex(
(env) => env.name === environmentName && env.slug === environmentSlug
);
const otherEnvironmentIndex = workspace.environments.findIndex(
(env) => env.name === otherEnvironmentName && env.slug === otherEnvironmentSlug
);
if (environmentIndex === -1 || otherEnvironmentIndex === -1) {
throw BadRequestError({ message: "environment or otherEnvironment couldn't be found" });
}
// swap the order of the environments
[workspace.environments[environmentIndex], workspace.environments[otherEnvironmentIndex]] = [
workspace.environments[otherEnvironmentIndex],
workspace.environments[environmentIndex]
];
await workspace.save();
return res.status(200).send({
message: "Successfully reordered environments",
workspace: workspaceId
});
};
/**
* Rename workspace environment with new name and slug of a workspace with [workspaceId]
* Old slug [oldEnvironmentSlug] must be provided
* @param req
* @param res
* @returns
*/
export const renameWorkspaceEnvironment = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Update environment'
#swagger.description = 'Update environment'
#swagger.security = [{
"apiKeyAuth": [],
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of workspace where to update environment",
"required": true,
"type": "string",
"in": "path"
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"environmentName": {
"type": "string",
"description": "Name of environment to update to",
"example": "Staging-Renamed"
},
"environmentSlug": {
"type": "string",
"description": "Slug of environment to update to",
"example": "staging-renamed"
},
"oldEnvironmentSlug": {
"type": "string",
"description": "Current slug of environment",
"example": "staging-old"
}
},
"required": ["environmentName", "environmentSlug", "oldEnvironmentSlug"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"description": "Success message",
"example": "Successfully update environment"
},
"workspace": {
"type": "string",
"description": "ID of workspace where environment was updated",
"example": "abc123"
},
"environment": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Name of updated environment",
"example": "Staging-Renamed"
},
"slug": {
"type": "string",
"description": "Slug of updated environment",
"example": "staging-renamed"
}
}
}
},
"description": "Details of the renamed environment"
}
}
}
}
*/
const {
params: { workspaceId },
body: { environmentName, environmentSlug, oldEnvironmentSlug }
} = await validateRequest(reqValidator.UpdateWorkspaceEnvironmentV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Environments
);
// user should pass both new slug and env name
if (!environmentSlug || !environmentName) {
throw new Error("Invalid environment given.");
}
// atomic update the env to avoid conflict
const workspace = await Workspace.findById(workspaceId).exec();
if (!workspace) {
throw new Error("Failed to create workspace environment");
}
const isEnvExist = workspace.environments.some(
({ name, slug }) =>
slug !== oldEnvironmentSlug && (name === environmentName || slug === environmentSlug)
);
if (isEnvExist) {
throw new Error("Invalid environment given");
}
const envIndex = workspace?.environments.findIndex(({ slug }) => slug === oldEnvironmentSlug);
if (envIndex === -1) {
throw new Error("Invalid environment given");
}
const oldEnvironment = workspace.environments[envIndex];
workspace.environments[envIndex].name = environmentName;
workspace.environments[envIndex].slug = environmentSlug.toLowerCase();
await workspace.save();
await Secret.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await SecretVersion.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await ServiceToken.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await ServiceTokenData.updateMany(
{
workspace: workspaceId,
"scopes.environment": oldEnvironmentSlug
},
{ $set: { "scopes.$[element].environment": environmentSlug } },
{ arrayFilters: [{ "element.environment": oldEnvironmentSlug }] }
);
await Integration.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await Folder.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await SecretImport.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await SecretImport.updateMany(
{ workspace: workspaceId, "imports.environment": oldEnvironmentSlug },
{ $set: { "imports.$[element].environment": environmentSlug } },
{ arrayFilters: [{ "element.environment": oldEnvironmentSlug }] },
);
await Webhook.updateMany(
{ workspace: workspaceId, environment: oldEnvironmentSlug },
{ environment: environmentSlug }
);
await Membership.updateMany(
{
workspace: workspaceId,
"deniedPermissions.environmentSlug": oldEnvironmentSlug
},
{ $set: { "deniedPermissions.$[element].environmentSlug": environmentSlug } },
{ arrayFilters: [{ "element.environmentSlug": oldEnvironmentSlug }] }
);
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.UPDATE_ENVIRONMENT,
metadata: {
oldName: oldEnvironment.name,
newName: environmentName,
oldSlug: oldEnvironment.slug,
newSlug: environmentSlug.toLowerCase()
}
},
{
workspaceId: workspace._id
}
);
return res.status(200).send({
message: "Successfully update environment",
workspace: workspaceId,
environment: {
name: environmentName,
slug: environmentSlug
}
});
};
/**
* Delete workspace environment by [environmentSlug] of workspace [workspaceId] and do the clean up
* @param req
* @param res
* @returns
*/
export const deleteWorkspaceEnvironment = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Delete environment'
#swagger.description = 'Delete environment'
#swagger.security = [{
"apiKeyAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of workspace where to delete environment",
"required": true,
"type": "string",
"in": "path"
}
#swagger.requestBody = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"environmentSlug": {
"type": "string",
"description": "Slug of environment to delete",
"example": "dev"
}
},
"required": ["environmentSlug"]
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"message": {
"type": "string",
"description": "Success message",
"example": "Successfully deleted environment"
},
"workspace": {
"type": "string",
"description": "ID of workspace where environment was deleted",
"example": "abc123"
},
"environment": {
"type": "string",
"description": "Slug of deleted environment",
"example": "dev"
}
},
"description": "Response after deleting an environment from a workspace"
}
}
}
}
*/
const {
params: { workspaceId },
body: { environmentSlug }
} = await validateRequest(reqValidator.DeleteWorkspaceEnvironmentV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Environments
);
// atomic update the env to avoid conflict
const workspace = await Workspace.findById(workspaceId).exec();
if (!workspace) {
throw new Error("Failed to create workspace environment");
}
const envIndex = workspace?.environments.findIndex(({ slug }) => slug === environmentSlug);
if (envIndex === -1) {
throw new Error("Invalid environment given");
}
const oldEnvironment = workspace.environments[envIndex];
workspace.environments.splice(envIndex, 1);
await workspace.save();
// clean up
await Secret.deleteMany({
workspace: workspaceId,
environment: environmentSlug
});
await SecretVersion.deleteMany({
workspace: workspaceId,
environment: environmentSlug
});
// await ServiceToken.deleteMany({
// workspace: workspaceId,
// environment: environmentSlug,
// });
const result = await ServiceTokenData.updateMany(
{ workspace: workspaceId },
{ $pull: { scopes: { environment: environmentSlug } } }
);
if (result.modifiedCount > 0) {
await ServiceTokenData.deleteMany({ workspace: workspaceId, scopes: { $size: 0 } });
}
await Integration.deleteMany({
workspace: workspaceId,
environment: environmentSlug
});
await Membership.updateMany(
{ workspace: workspaceId },
{ $pull: { deniedPermissions: { environmentSlug: environmentSlug } } }
);
await EELicenseService.refreshPlan(workspace.organization, new Types.ObjectId(workspaceId));
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.DELETE_ENVIRONMENT,
metadata: {
name: oldEnvironment.name,
slug: oldEnvironment.slug
}
},
{
workspaceId: workspace._id
}
);
return res.status(200).send({
message: "Successfully deleted environment",
workspace: workspaceId,
environment: environmentSlug
});
};

View File

@@ -1,25 +0,0 @@
import * as authController from "./authController";
import * as signupController from "./signupController";
import * as usersController from "./usersController";
import * as organizationsController from "./organizationsController";
import * as workspaceController from "./workspaceController";
import * as serviceTokenDataController from "./serviceTokenDataController";
import * as secretController from "./secretController";
import * as secretsController from "./secretsController";
import * as environmentController from "./environmentController";
import * as tagController from "./tagController";
import * as membershipController from "./membershipController";
export {
authController,
signupController,
usersController,
organizationsController,
workspaceController,
serviceTokenDataController,
secretController,
secretsController,
environmentController,
tagController,
membershipController
};

View File

@@ -1,107 +0,0 @@
import { ForbiddenError } from "@casl/ability";
import { Request, Response } from "express";
import { Types } from "mongoose";
import { getSiteURL } from "../../config";
import { EventType } from "../../ee/models";
import { EEAuditLogService } from "../../ee/services";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { sendMail } from "../../helpers";
import { validateRequest } from "../../helpers/validation";
import { IUser, Key, Membership, MembershipOrg, Workspace } from "../../models";
import { BadRequestError } from "../../utils/errors";
import * as reqValidator from "../../validation/membership";
import { ACCEPTED, MEMBER } from "../../variables";
export const addUserToWorkspace = async (req: Request, res: Response) => {
const {
params: { workspaceId },
body: { members }
} = await validateRequest(reqValidator.AddUserToWorkspaceV2, req);
// check workspace
const workspace = await Workspace.findById(workspaceId);
if (!workspace) throw new Error("Failed to find workspace");
// check permission
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Member
);
// validate members are part of the organization
const orgMembers = await MembershipOrg.find({
status: ACCEPTED,
_id: { $in: members.map(({ orgMembershipId }) => orgMembershipId) },
organization: workspace.organization
})
.populate<{ user: IUser }>("user")
.select({ _id: 1, user: 1 })
.lean();
if (orgMembers.length !== members.length)
throw BadRequestError({ message: "Org member not found" });
const existingMember = await Membership.find({
workspace: workspaceId,
user: { $in: orgMembers.map(({ user }) => user) }
});
if (existingMember?.length)
throw BadRequestError({ message: "Some users are already part of workspace" });
await Membership.insertMany(
orgMembers.map(({ user }) => ({ user: user._id, workspace: workspaceId, role: MEMBER }))
);
const encKeyGroupedByOrgMemberId = members.reduce<Record<string, (typeof members)[number]>>(
(prev, curr) => ({ ...prev, [curr.orgMembershipId]: curr }),
{}
);
await Key.insertMany(
orgMembers.map(({ user, _id: id }) => ({
encryptedKey: encKeyGroupedByOrgMemberId[id.toString()].workspaceEncryptedKey,
nonce: encKeyGroupedByOrgMemberId[id.toString()].workspaceEncryptedNonce,
sender: req.user._id,
receiver: user._id,
workspace: workspaceId
}))
);
await sendMail({
template: "workspaceInvitation.handlebars",
subjectLine: "Infisical workspace invitation",
recipients: orgMembers.map(({ user }) => user.email),
substitutions: {
inviterFirstName: req.user.firstName,
inviterEmail: req.user.email,
workspaceName: workspace.name,
callback_url: (await getSiteURL()) + "/login"
}
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.ADD_BATCH_WORKSPACE_MEMBER,
metadata: orgMembers.map(({ user }) => ({
userId: user._id.toString(),
email: user.email
}))
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.status(200).send({
success: true,
data: orgMembers
});
};

View File

@@ -1,485 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import {
IdentityMembershipOrg,
Membership,
MembershipOrg,
Workspace
} from "../../models";
import { Role } from "../../ee/models";
import { deleteMembershipOrg } from "../../helpers/membershipOrg";
import {
createOrganization as create,
deleteOrganization,
updateSubscriptionOrgQuantity
} from "../../helpers/organization";
import { addMembershipsOrg } from "../../helpers/membershipOrg";
import { BadRequestError, ResourceNotFoundError, UnauthorizedRequestError } from "../../utils/errors";
import { ACCEPTED, ADMIN, CUSTOM, MEMBER, NO_ACCESS } from "../../variables";
import * as reqValidator from "../../validation/organization";
import { validateRequest } from "../../helpers/validation";
import {
OrgPermissionActions,
OrgPermissionSubjects,
getAuthDataOrgPermissions
} from "../../ee/services/RoleService";
import { EELicenseService } from "../../ee/services";
import { ForbiddenError } from "@casl/ability";
/**
* Return memberships for organization with id [organizationId]
* @param req
* @param res
*/
export const getOrganizationMemberships = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return organization user memberships'
#swagger.description = 'Return organization user memberships'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['organizationId'] = {
"description": "ID of organization",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"memberships": {
"type": "array",
"items": {
$ref: "#/components/schemas/MembershipOrg"
},
"description": "Memberships of organization"
}
}
}
}
}
}
*/
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgMembersv2, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Member
);
const memberships = await MembershipOrg.find({
organization: organizationId
}).populate("user", "+publicKey");
return res.status(200).send({
memberships
});
};
/**
* Update role of membership with id [membershipId] to role [role]
* @param req
* @param res
*/
export const updateOrganizationMembership = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Update organization user membership'
#swagger.description = 'Update organization user membership'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['organizationId'] = {
"description": "ID of organization",
"required": true,
"type": "string"
}
#swagger.parameters['membershipId'] = {
"description": "ID of organization membership to update",
"required": true,
"type": "string"
}
#swagger.requestBody = {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"role": {
"type": "string",
"description": "Role of organization membership - either owner, admin, or member",
}
}
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"membership": {
$ref: "#/components/schemas/MembershipOrg",
"description": "Updated organization membership"
}
}
}
}
}
}
*/
const {
params: { organizationId, membershipId },
body: { role }
} = await validateRequest(reqValidator.UpdateOrgMemberv2, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Edit,
OrgPermissionSubjects.Member
);
const isCustomRole = ![ADMIN, MEMBER, NO_ACCESS].includes(role);
if (isCustomRole) {
const orgRole = await Role.findOne({
slug: role,
isOrgRole: true,
organization: new Types.ObjectId(organizationId)
});
if (!orgRole) throw BadRequestError({ message: "Role not found" });
const plan = await EELicenseService.getPlan(new Types.ObjectId(organizationId));
if (!plan.rbac) return res.status(400).send({
message:
"Failed to assign custom role due to RBAC restriction. Upgrade plan to assign custom role to member."
});
const membership = await MembershipOrg.findByIdAndUpdate(membershipId, {
role: CUSTOM,
customRole: orgRole
});
return res.status(200).send({
membership
});
}
const membership = await MembershipOrg.findByIdAndUpdate(
membershipId,
{
$set: {
role
},
$unset: {
customRole: 1
}
},
{
new: true
}
);
return res.status(200).send({
membership
});
};
/**
* Delete organization membership with id [membershipId]
* @param req
* @param res
* @returns
*/
export const deleteOrganizationMembership = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Delete organization user membership'
#swagger.description = 'Delete organization user membership'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['organizationId'] = {
"description": "ID of organization",
"required": true,
"type": "string"
}
#swagger.parameters['membershipId'] = {
"description": "ID of organization membership to delete",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"membership": {
$ref: "#/components/schemas/MembershipOrg",
"description": "Deleted organization membership"
}
}
}
}
}
}
*/
const {
params: { organizationId, membershipId }
} = await validateRequest(reqValidator.DeleteOrgMemberv2, req);
const membershipOrg = await MembershipOrg.findOne({
_id: new Types.ObjectId(membershipId),
organization: new Types.ObjectId(organizationId)
});
if (!membershipOrg) throw ResourceNotFoundError();
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: membershipOrg.organization
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Delete,
OrgPermissionSubjects.Member
);
// delete organization membership
const membership = await deleteMembershipOrg({
membershipOrgId: membershipId
});
await updateSubscriptionOrgQuantity({
organizationId: membership.organization.toString()
});
return res.status(200).send({
membership
});
};
/**
* Return workspaces for organization with id [organizationId] that user has
* access to
* @param req
* @param res
*/
export const getOrganizationWorkspaces = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return projects in organization that user is part of'
#swagger.description = 'Return projects in organization that user is part of'
#swagger.security = [{
"apiKeyAuth": []
}]
#swagger.parameters['organizationId'] = {
"description": "ID of organization",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"workspaces": {
"type": "array",
"items": {
$ref: "#/components/schemas/Project"
},
"description": "Projects of organization"
}
}
}
}
}
}
*/
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgWorkspacesv2, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Workspace
);
const workspacesSet = new Set(
(
await Workspace.find(
{
organization: organizationId
},
"_id"
)
).map((w) => w._id.toString())
);
const workspaces = (
await Membership.find({
user: req.user._id
}).populate("workspace")
)
.filter((m) => workspacesSet.has(m.workspace._id.toString()))
.map((m) => m.workspace);
return res.status(200).send({
workspaces
});
};
/**
* Create new organization named [organizationName]
* and add user as owner
* @param req
* @param res
* @returns
*/
export const createOrganization = async (req: Request, res: Response) => {
const {
body: { name }
} = await validateRequest(reqValidator.CreateOrgv2, req);
// create organization and add user as member
const organization = await create({
email: req.user.email,
name
});
await addMembershipsOrg({
userIds: [req.user._id.toString()],
organizationId: organization._id.toString(),
roles: [ADMIN],
statuses: [ACCEPTED]
});
return res.status(200).send({
organization
});
};
/**
* Delete organization with id [organizationId]
* @param req
* @param res
*/
export const deleteOrganizationById = async (req: Request, res: Response) => {
const {
params: { organizationId }
} = await validateRequest(reqValidator.DeleteOrgv2, req);
const membershipOrg = await MembershipOrg.findOne({
user: req.user._id,
organization: new Types.ObjectId(organizationId),
role: ADMIN
});
if (!membershipOrg) throw UnauthorizedRequestError();
const organization = await deleteOrganization({
organizationId: new Types.ObjectId(organizationId)
});
return res.status(200).send({
organization
});
};
/**
* Return list of identity memberships for organization with id [organizationId]
* @param req
* @param res
* @returns
*/
export const getOrganizationIdentityMemberships = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return organization identity memberships'
#swagger.description = 'Return organization identity memberships'
#swagger.security = [{
"bearerAuth": []
}]
#swagger.parameters['organizationId'] = {
"description": "ID of organization",
"required": true,
"type": "string",
"in": "path"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"identityMemberships": {
"type": "array",
"items": {
$ref: "#/components/schemas/IdentityMembershipOrg"
},
"description": "Identity memberships of organization"
}
}
}
}
}
}
*/
const {
params: { organizationId }
} = await validateRequest(reqValidator.GetOrgIdentityMembershipsV2, req);
const { permission } = await getAuthDataOrgPermissions({
authData: req.authData,
organizationId: new Types.ObjectId(organizationId)
});
ForbiddenError.from(permission).throwUnlessCan(
OrgPermissionActions.Read,
OrgPermissionSubjects.Identity
);
const identityMemberships = await IdentityMembershipOrg.find({
organization: new Types.ObjectId(organizationId)
}).populate("identity customRole");
return res.status(200).send({
identityMemberships
});
}

View File

@@ -1,419 +0,0 @@
import { Request, Response } from "express";
import mongoose, { Types } from "mongoose";
import {
CreateSecretRequestBody,
ModifySecretRequestBody,
SanitizedSecretForCreate,
SanitizedSecretModify
} from "../../types/secret";
const { ValidationError } = mongoose.Error;
import {
ValidationError as RouteValidationError,
UnauthorizedRequestError
} from "../../utils/errors";
import {
ALGORITHM_AES_256_GCM,
ENCODING_SCHEME_UTF8,
SECRET_PERSONAL,
SECRET_SHARED
} from "../../variables";
import { TelemetryService } from "../../services";
import { Secret, User } from "../../models";
import { AccountNotFoundError } from "../../utils/errors";
/**
* Create secret for workspace with id [workspaceId] and environment [environment]
* @param req
* @param res
*/
export const createSecret = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const secretToCreate: CreateSecretRequestBody = req.body.secret;
const { workspaceId, environment } = req.params;
const sanitizedSecret: SanitizedSecretForCreate = {
secretKeyCiphertext: secretToCreate.secretKeyCiphertext,
secretKeyIV: secretToCreate.secretKeyIV,
secretKeyTag: secretToCreate.secretKeyTag,
secretKeyHash: secretToCreate.secretKeyHash,
secretValueCiphertext: secretToCreate.secretValueCiphertext,
secretValueIV: secretToCreate.secretValueIV,
secretValueTag: secretToCreate.secretValueTag,
secretValueHash: secretToCreate.secretValueHash,
secretCommentCiphertext: secretToCreate.secretCommentCiphertext,
secretCommentIV: secretToCreate.secretCommentIV,
secretCommentTag: secretToCreate.secretCommentTag,
secretCommentHash: secretToCreate.secretCommentHash,
workspace: new Types.ObjectId(workspaceId),
environment,
type: secretToCreate.type,
user: new Types.ObjectId(req.user._id),
algorithm: ALGORITHM_AES_256_GCM,
keyEncoding: ENCODING_SCHEME_UTF8
};
const secret = await new Secret(sanitizedSecret).save();
if (postHogClient) {
postHogClient.capture({
event: "secrets added",
distinctId: req.user.email,
properties: {
numberOfSecrets: 1,
workspaceId,
environment,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
res.status(200).send({
secret
});
};
/**
* Create many secrets for workspace with id [workspaceId] and environment [environment]
* @param req
* @param res
*/
export const createSecrets = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const secretsToCreate: CreateSecretRequestBody[] = req.body.secrets;
const { workspaceId, environment } = req.params;
const sanitizedSecretesToCreate: SanitizedSecretForCreate[] = [];
secretsToCreate.forEach((rawSecret) => {
const safeUpdateFields: SanitizedSecretForCreate = {
secretKeyCiphertext: rawSecret.secretKeyCiphertext,
secretKeyIV: rawSecret.secretKeyIV,
secretKeyTag: rawSecret.secretKeyTag,
secretKeyHash: rawSecret.secretKeyHash,
secretValueCiphertext: rawSecret.secretValueCiphertext,
secretValueIV: rawSecret.secretValueIV,
secretValueTag: rawSecret.secretValueTag,
secretValueHash: rawSecret.secretValueHash,
secretCommentCiphertext: rawSecret.secretCommentCiphertext,
secretCommentIV: rawSecret.secretCommentIV,
secretCommentTag: rawSecret.secretCommentTag,
secretCommentHash: rawSecret.secretCommentHash,
workspace: new Types.ObjectId(workspaceId),
environment,
type: rawSecret.type,
user: new Types.ObjectId(req.user._id),
algorithm: ALGORITHM_AES_256_GCM,
keyEncoding: ENCODING_SCHEME_UTF8
};
sanitizedSecretesToCreate.push(safeUpdateFields);
});
const secrets = await Secret.insertMany(sanitizedSecretesToCreate);
if (postHogClient) {
postHogClient.capture({
event: "secrets added",
distinctId: req.user.email,
properties: {
numberOfSecrets: (secretsToCreate ?? []).length,
workspaceId,
environment,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
res.status(200).send({
secrets
});
};
/**
* Delete secrets in workspace with id [workspaceId] and environment [environment]
* @param req
* @param res
*/
export const deleteSecrets = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const { workspaceId, environmentName } = req.params;
const secretIdsToDelete: string[] = req.body.secretIds;
const secretIdsUserCanDelete = await Secret.find({ workspace: workspaceId, environment: environmentName }, { _id: 1 });
const secretsUserCanDeleteSet: Set<string> = new Set(
secretIdsUserCanDelete.map((objectId) => objectId._id.toString())
);
// Filter out IDs that user can delete and then map them to delete operations
const deleteOperationsToPerform = secretIdsToDelete
.filter(secretIdToDelete => {
if (!secretsUserCanDeleteSet.has(secretIdToDelete)) {
throw RouteValidationError({
message: "You cannot delete secrets that you do not have access to"
});
}
return true;
})
.map(secretIdToDelete => ({
deleteOne: { filter: { _id: new Types.ObjectId(secretIdToDelete) } }
}));
const numSecretsDeleted = deleteOperationsToPerform.length;
await Secret.bulkWrite(deleteOperationsToPerform);
if (postHogClient) {
postHogClient.capture({
event: "secrets deleted",
distinctId: req.user.email,
properties: {
numberOfSecrets: numSecretsDeleted,
environment: environmentName,
workspaceId,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
res.status(200).send();
};
/**
* Delete secret with id [secretId]
* @param req
* @param res
*/
export const deleteSecret = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
await Secret.findByIdAndDelete(req._secret._id);
if (postHogClient) {
postHogClient.capture({
event: "secrets deleted",
distinctId: req.user.email,
properties: {
numberOfSecrets: 1,
workspaceId: req._secret.workspace.toString(),
environment: req._secret.environment,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
res.status(200).send({
secret: req._secret
});
};
/**
* Update secrets for workspace with id [workspaceId] and environment [environment]
* @param req
* @param res
* @returns
*/
export const updateSecrets = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const { workspaceId, environmentName } = req.params;
const secretsModificationsRequested: ModifySecretRequestBody[] = req.body.secrets;
const secretIdsUserCanModify = await Secret.find({ workspace: workspaceId, environment: environmentName }, { _id: 1 });
const secretsUserCanModifySet: Set<string> = new Set(
secretIdsUserCanModify.map((objectId) => objectId._id.toString())
);
const updateOperationsToPerform: any = [];
secretsModificationsRequested.forEach((userModifiedSecret) => {
if (secretsUserCanModifySet.has(userModifiedSecret._id.toString())) {
const sanitizedSecret: SanitizedSecretModify = {
secretKeyCiphertext: userModifiedSecret.secretKeyCiphertext,
secretKeyIV: userModifiedSecret.secretKeyIV,
secretKeyTag: userModifiedSecret.secretKeyTag,
secretKeyHash: userModifiedSecret.secretKeyHash,
secretValueCiphertext: userModifiedSecret.secretValueCiphertext,
secretValueIV: userModifiedSecret.secretValueIV,
secretValueTag: userModifiedSecret.secretValueTag,
secretValueHash: userModifiedSecret.secretValueHash,
secretCommentCiphertext: userModifiedSecret.secretCommentCiphertext,
secretCommentIV: userModifiedSecret.secretCommentIV,
secretCommentTag: userModifiedSecret.secretCommentTag,
secretCommentHash: userModifiedSecret.secretCommentHash
};
const updateOperation = {
updateOne: {
filter: { _id: userModifiedSecret._id, workspace: workspaceId },
update: { $inc: { version: 1 }, $set: sanitizedSecret }
}
};
updateOperationsToPerform.push(updateOperation);
} else {
throw UnauthorizedRequestError({
message: "You do not have permission to modify one or more of the requested secrets"
});
}
});
await Secret.bulkWrite(updateOperationsToPerform);
if (postHogClient) {
postHogClient.capture({
event: "secrets modified",
distinctId: req.user.email,
properties: {
numberOfSecrets: (secretsModificationsRequested ?? []).length,
environment: environmentName,
workspaceId,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
return res.status(200).send();
};
/**
* Update a secret within workspace with id [workspaceId] and environment [environment]
* @param req
* @param res
* @returns
*/
export const updateSecret = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const { workspaceId, environmentName } = req.params;
const secretModificationsRequested: ModifySecretRequestBody = req.body.secret;
await Secret.findOne({ workspace: workspaceId, environment: environmentName }, { _id: 1 });
const sanitizedSecret: SanitizedSecretModify = {
secretKeyCiphertext: secretModificationsRequested.secretKeyCiphertext,
secretKeyIV: secretModificationsRequested.secretKeyIV,
secretKeyTag: secretModificationsRequested.secretKeyTag,
secretKeyHash: secretModificationsRequested.secretKeyHash,
secretValueCiphertext: secretModificationsRequested.secretValueCiphertext,
secretValueIV: secretModificationsRequested.secretValueIV,
secretValueTag: secretModificationsRequested.secretValueTag,
secretValueHash: secretModificationsRequested.secretValueHash,
secretCommentCiphertext: secretModificationsRequested.secretCommentCiphertext,
secretCommentIV: secretModificationsRequested.secretCommentIV,
secretCommentTag: secretModificationsRequested.secretCommentTag,
secretCommentHash: secretModificationsRequested.secretCommentHash
};
const singleModificationUpdate = await Secret.updateOne(
{ _id: secretModificationsRequested._id, workspace: workspaceId },
{ $inc: { version: 1 }, $set: sanitizedSecret }
)
.catch((error) => {
if (error instanceof ValidationError) {
throw RouteValidationError({
message: "Unable to apply modifications, please try again",
stack: error.stack
});
}
throw error;
});
if (postHogClient) {
postHogClient.capture({
event: "secrets modified",
distinctId: req.user.email,
properties: {
numberOfSecrets: 1,
environment: environmentName,
workspaceId,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
return res.status(200).send(singleModificationUpdate);
};
/**
* Return secrets for workspace with id [workspaceId], environment [environment] and user
* with id [req.user._id]
* @param req
* @param res
* @returns
*/
export const getSecrets = async (req: Request, res: Response) => {
const postHogClient = await TelemetryService.getPostHogClient();
const { environment } = req.query;
const { workspaceId } = req.params;
let userId: Types.ObjectId | undefined = undefined; // used for getting personal secrets for user
let userEmail: string | undefined = undefined; // used for posthog
if (req.user) {
userId = req.user._id;
userEmail = req.user.email;
}
if (req.serviceTokenData) {
userId = req.serviceTokenData.user;
const user = await User.findById(req.serviceTokenData.user, "email");
if (!user) throw AccountNotFoundError();
userEmail = user.email;
}
const secrets = await Secret.find({
workspace: workspaceId,
environment,
$or: [{ user: userId }, { user: { $exists: false } }],
type: { $in: [SECRET_SHARED, SECRET_PERSONAL] }
})
.catch((err) => {
throw RouteValidationError({
message: "Failed to get secrets, please try again",
stack: err.stack
});
})
if (postHogClient) {
postHogClient.capture({
event: "secrets pulled",
distinctId: userEmail,
properties: {
numberOfSecrets: (secrets ?? []).length,
environment,
workspaceId,
channel: req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli",
userAgent: req.headers?.["user-agent"]
}
});
}
return res.json(secrets);
};
/**
* Return secret with id [secretId]
* @param req
* @param res
* @returns
*/
export const getSecret = async (req: Request, res: Response) => {
// if (postHogClient) {
// postHogClient.capture({
// event: 'secrets pulled',
// distinctId: req.user.email,
// properties: {
// numberOfSecrets: 1,
// workspaceId: req._secret.workspace.toString(),
// environment: req._secret.environment,
// channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
// userAgent: req.headers?.['user-agent']
// }
// });
// }
return res.status(200).send({
secret: req._secret
});
};

File diff suppressed because it is too large Load Diff

View File

@@ -1,193 +0,0 @@
import { Request, Response } from "express";
import crypto from "crypto";
import bcrypt from "bcrypt";
import { ServiceTokenData } from "../../models";
import { getSaltRounds } from "../../config";
import { BadRequestError } from "../../utils/errors";
import { ActorType, EventType } from "../../ee/models";
import { EEAuditLogService } from "../../ee/services";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/serviceTokenData";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
import { Types } from "mongoose";
/**
* Return service token data associated with service token on request
* @param req
* @param res
* @returns
*/
export const getServiceTokenData = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return Infisical Token data'
#swagger.description = 'Return Infisical Token data'
#swagger.security = [{
"bearerAuth": []
}]
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"serviceTokenData": {
"type": "object",
$ref: "#/components/schemas/ServiceTokenData",
"description": "Details of service token"
}
}
}
}
}
}
*/
if (!(req.authData.authPayload instanceof ServiceTokenData))
throw BadRequestError({
message: "Failed accepted client validation for service token data"
});
const serviceTokenData = await ServiceTokenData.findById(req.authData.authPayload._id)
.select("+encryptedKey +iv +tag")
.populate("user")
.lean();
return res.status(200).json(serviceTokenData);
};
/**
* Create new service token data for workspace with id [workspaceId] and
* environment [environment].
* @param req
* @param res
* @returns
*/
export const createServiceTokenData = async (req: Request, res: Response) => {
let serviceTokenData;
const {
body: { workspaceId, permissions, tag, encryptedKey, scopes, name, expiresIn, iv }
} = await validateRequest(reqValidator.CreateServiceTokenV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.ServiceTokens
);
const secret = crypto.randomBytes(16).toString("hex");
const secretHash = await bcrypt.hash(secret, await getSaltRounds());
let expiresAt;
if (expiresIn) {
expiresAt = new Date();
expiresAt.setSeconds(expiresAt.getSeconds() + expiresIn);
}
let user;
if (req.authData.actor.type === ActorType.USER) {
user = req.authData.authPayload._id;
}
serviceTokenData = await new ServiceTokenData({
name,
workspace: workspaceId,
user,
scopes,
lastUsed: new Date(),
expiresAt,
secretHash,
encryptedKey,
iv,
tag,
permissions
}).save();
// return service token data without sensitive data
serviceTokenData = await ServiceTokenData.findById(serviceTokenData._id);
if (!serviceTokenData) throw new Error("Failed to find service token data");
const serviceToken = `st.${serviceTokenData._id.toString()}.${secret}`;
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.CREATE_SERVICE_TOKEN,
metadata: {
name,
scopes
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.status(200).send({
serviceToken,
serviceTokenData
});
};
/**
* Delete service token data with id [serviceTokenDataId].
* @param req
* @param res
* @returns
*/
export const deleteServiceTokenData = async (req: Request, res: Response) => {
const {
params: { serviceTokenDataId }
} = await validateRequest(reqValidator.DeleteServiceTokenV2, req);
let serviceTokenData = await ServiceTokenData.findById(serviceTokenDataId);
if (!serviceTokenData) throw BadRequestError({ message: "Service token not found" });
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: serviceTokenData.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.ServiceTokens
);
serviceTokenData = await ServiceTokenData.findByIdAndDelete(serviceTokenDataId);
if (!serviceTokenData)
return res.status(200).send({
message: "Failed to delete service token"
});
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.DELETE_SERVICE_TOKEN,
metadata: {
name: serviceTokenData.name,
scopes: serviceTokenData?.scopes
}
},
{
workspaceId: serviceTokenData.workspace
}
);
return res.status(200).send({
serviceTokenData
});
};

View File

@@ -1,262 +0,0 @@
import { Request, Response } from "express";
import { MembershipOrg, User } from "../../models";
import { completeAccount } from "../../helpers/user";
import {
initializeDefaultOrg,
} from "../../helpers/signup";
import { issueAuthTokens } from "../../helpers/auth";
import { ACCEPTED, INVITED } from "../../variables";
import { standardRequest } from "../../config/request";
import { getHttpsEnabled, getLoopsApiKey } from "../../config";
import { updateSubscriptionOrgQuantity } from "../../helpers/organization";
/**
* Complete setting up user by adding their personal and auth information as part of the
* signup flow
* @param req
* @param res
* @returns
*/
export const completeAccountSignup = async (req: Request, res: Response) => {
let user;
const {
email,
firstName,
lastName,
protectedKey,
protectedKeyIV,
protectedKeyTag,
publicKey,
encryptedPrivateKey,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag,
salt,
verifier,
organizationName,
}: {
email: string;
firstName: string;
lastName: string;
protectedKey: string;
protectedKeyIV: string;
protectedKeyTag: string;
publicKey: string;
encryptedPrivateKey: string;
encryptedPrivateKeyIV: string;
encryptedPrivateKeyTag: string;
salt: string;
verifier: string;
organizationName: string;
} = req.body;
// get user
user = await User.findOne({ email });
if (!user || (user && user?.publicKey)) {
// case 1: user doesn't exist.
// case 2: user has already completed account
return res.status(403).send({
error: "Failed to complete account for complete user",
});
}
// complete setting up user's account
user = await completeAccount({
userId: user._id.toString(),
firstName,
lastName,
encryptionVersion: 2,
protectedKey,
protectedKeyIV,
protectedKeyTag,
publicKey,
encryptedPrivateKey,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag,
salt,
verifier,
});
if (!user)
throw new Error("Failed to complete account for non-existent user"); // ensure user is non-null
// initialize default organization and workspace
await initializeDefaultOrg({
organizationName,
user,
});
// update organization membership statuses that are
// invited to completed with user attached
const membershipsToUpdate = await MembershipOrg.find({
inviteEmail: email,
status: INVITED,
});
membershipsToUpdate.forEach(async (membership) => {
await updateSubscriptionOrgQuantity({
organizationId: membership.organization.toString(),
});
});
// update organization membership statuses that are
// invited to completed with user attached
await MembershipOrg.updateMany(
{
inviteEmail: email,
status: INVITED,
},
{
user,
status: ACCEPTED,
}
);
// issue tokens
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? "",
});
const token = tokens.token;
// sending a welcome email to new users
if (await getLoopsApiKey()) {
await standardRequest.post("https://app.loops.so/api/v1/events/send", {
"email": email,
"eventName": "Sign Up",
"firstName": firstName,
"lastName": lastName,
}, {
headers: {
"Accept": "application/json",
"Authorization": "Bearer " + (await getLoopsApiKey()),
},
});
}
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled(),
});
return res.status(200).send({
message: "Successfully set up account",
user,
token,
});
};
/**
* Complete setting up user by adding their personal and auth information as part of the
* invite flow
* @param req
* @param res
* @returns
*/
export const completeAccountInvite = async (req: Request, res: Response) => {
let user;
const {
email,
firstName,
lastName,
protectedKey,
protectedKeyIV,
protectedKeyTag,
publicKey,
encryptedPrivateKey,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag,
salt,
verifier,
} = req.body;
// get user
user = await User.findOne({ email });
if (!user || (user && user?.publicKey)) {
// case 1: user doesn't exist.
// case 2: user has already completed account
return res.status(403).send({
error: "Failed to complete account for complete user",
});
}
const membershipOrg = await MembershipOrg.findOne({
inviteEmail: email,
status: INVITED,
});
if (!membershipOrg) throw new Error("Failed to find invitations for email");
// complete setting up user's account
user = await completeAccount({
userId: user._id.toString(),
firstName,
lastName,
encryptionVersion: 2,
protectedKey,
protectedKeyIV,
protectedKeyTag,
publicKey,
encryptedPrivateKey,
encryptedPrivateKeyIV,
encryptedPrivateKeyTag,
salt,
verifier,
});
if (!user)
throw new Error("Failed to complete account for non-existent user");
// update organization membership statuses that are
// invited to completed with user attached
const membershipsToUpdate = await MembershipOrg.find({
inviteEmail: email,
status: INVITED,
});
membershipsToUpdate.forEach(async (membership) => {
await updateSubscriptionOrgQuantity({
organizationId: membership.organization.toString(),
});
});
await MembershipOrg.updateMany(
{
inviteEmail: email,
status: INVITED,
},
{
user,
status: ACCEPTED,
}
);
// issue tokens
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? "",
});
const token = tokens.token;
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled(),
});
return res.status(200).send({
message: "Successfully set up account",
user,
token,
});
};

View File

@@ -1,92 +0,0 @@
import { ForbiddenError } from "@casl/ability";
import { Request, Response } from "express";
import { Types } from "mongoose";
import { Secret, Tag } from "../../models";
import { BadRequestError } from "../../utils/errors";
import { validateRequest } from "../../helpers/validation";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions
} from "../../ee/services/ProjectRoleService";
import * as reqValidator from "../../validation/tags";
export const createWorkspaceTag = async (req: Request, res: Response) => {
const {
body: { name, slug },
params: { workspaceId }
} = await validateRequest(reqValidator.CreateWorkspaceTagsV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Tags
);
const tagToCreate = {
name,
workspace: new Types.ObjectId(workspaceId),
slug,
user: new Types.ObjectId(req.user._id)
};
const createdTag = await new Tag(tagToCreate).save();
res.json(createdTag);
};
export const deleteWorkspaceTag = async (req: Request, res: Response) => {
const {
params: { tagId }
} = await validateRequest(reqValidator.DeleteWorkspaceTagsV2, req);
const tagFromDB = await Tag.findById(tagId);
if (!tagFromDB) {
throw BadRequestError();
}
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: tagFromDB.workspace
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Tags
);
const result = await Tag.findByIdAndDelete(tagId);
// remove the tag from secrets
await Secret.updateMany({ tags: { $in: [tagId] } }, { $pull: { tags: tagId } });
res.json(result);
};
export const getWorkspaceTags = async (req: Request, res: Response) => {
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceTagsV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Tags
);
const workspaceTags = await Tag.find({
workspace: new Types.ObjectId(workspaceId)
});
return res.json({
workspaceTags
});
};

View File

@@ -1,314 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import crypto from "crypto";
import bcrypt from "bcrypt";
import { APIKeyData, AuthMethod, MembershipOrg, TokenVersion, User } from "../../models";
import { getSaltRounds } from "../../config";
import { validateRequest } from "../../helpers/validation";
import { deleteUser } from "../../helpers/user";
import * as reqValidator from "../../validation";
/**
* Update the current user's MFA-enabled status [isMfaEnabled].
* Note: Infisical currently only supports email-based 2FA only; this will expand to
* include SMS and authenticator app modes of authentication in the future.
* @param req
* @param res
* @returns
*/
export const updateMyMfaEnabled = async (req: Request, res: Response) => {
const {
body: { isMfaEnabled }
} = await validateRequest(reqValidator.UpdateMyMfaEnabledV2, req);
req.user.isMfaEnabled = isMfaEnabled;
if (isMfaEnabled) {
// TODO: adapt this route/controller
// to work for different forms of MFA
req.user.mfaMethods = ["email"];
} else {
req.user.mfaMethods = [];
}
await req.user.save();
const user = req.user;
return res.status(200).send({
user
});
};
/**
* Update name of the current user to [firstName, lastName].
* @param req
* @param res
* @returns
*/
export const updateName = async (req: Request, res: Response) => {
const {
body: { lastName, firstName }
} = await validateRequest(reqValidator.UpdateNameV2, req);
const user = await User.findByIdAndUpdate(
req.user._id.toString(),
{
firstName,
lastName: lastName ?? ""
},
{
new: true
}
);
return res.status(200).send({
user
});
};
/**
* Update auth method of the current user to [authMethods]
* @param req
* @param res
* @returns
*/
export const updateAuthMethods = async (req: Request, res: Response) => {
const {
body: { authMethods }
} = await validateRequest(reqValidator.UpdateAuthMethodsV2, req);
const hasSamlEnabled = req.user.authMethods.some((authMethod: AuthMethod) =>
[AuthMethod.OKTA_SAML, AuthMethod.AZURE_SAML, AuthMethod.JUMPCLOUD_SAML].includes(authMethod)
);
if (hasSamlEnabled) {
return res.status(400).send({
message: "Failed to update user authentication method because SAML SSO is enforced"
});
}
const user = await User.findByIdAndUpdate(
req.user._id.toString(),
{
authMethods
},
{
new: true
}
);
return res.status(200).send({
user
});
};
/**
* Return organizations that the current user is part of.
* @param req
* @param res
*/
export const getMyOrganizations = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return organizations that current user is part of'
#swagger.description = 'Return organizations that current user is part of'
#swagger.security = [{
"apiKeyAuth": []
}]
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"organizations": {
"type": "array",
"items": {
$ref: "#/components/schemas/Organization"
},
"description": "Organizations that user is part of"
}
}
}
}
}
}
*/
const organizations = (
await MembershipOrg.find({
user: req.user._id
}).populate("organization")
).map((m) => m.organization);
return res.status(200).send({
organizations
});
};
/**
* Return API keys belonging to current user.
* @param req
* @param res
* @returns
*/
export const getMyAPIKeys = async (req: Request, res: Response) => {
const apiKeyData = await APIKeyData.find({
user: req.user._id
});
return res.status(200).send(apiKeyData);
};
/**
* Create new API key for current user.
* @param req
* @param res
* @returns
*/
export const createAPIKey = async (req: Request, res: Response) => {
const {
body: { name, expiresIn }
} = await validateRequest(reqValidator.CreateApiKeyV2, req);
const secret = crypto.randomBytes(16).toString("hex");
const secretHash = await bcrypt.hash(secret, await getSaltRounds());
const expiresAt = new Date();
expiresAt.setSeconds(expiresAt.getSeconds() + expiresIn);
let apiKeyData = await new APIKeyData({
name,
lastUsed: new Date(),
expiresAt,
user: req.user._id,
secretHash
}).save();
// return api key data without sensitive data
apiKeyData = (await APIKeyData.findById(apiKeyData._id)) as any;
if (!apiKeyData) throw new Error("Failed to find API key data");
const apiKey = `ak.${apiKeyData._id.toString()}.${secret}`;
return res.status(200).send({
apiKey,
apiKeyData
});
};
/**
* Delete API key with id [apiKeyDataId] belonging to current user
* @param req
* @param res
*/
export const deleteAPIKey = async (req: Request, res: Response) => {
const {
params: { apiKeyDataId }
} = await validateRequest(reqValidator.DeleteApiKeyV2, req);
const apiKeyData = await APIKeyData.findOneAndDelete({
_id: new Types.ObjectId(apiKeyDataId),
user: req.user._id
});
return res.status(200).send({
apiKeyData
});
};
/**
* Return active sessions (TokenVersion) belonging to user
* @param req
* @param res
* @returns
*/
export const getMySessions = async (req: Request, res: Response) => {
const tokenVersions = await TokenVersion.find({
user: req.user._id
});
return res.status(200).send(tokenVersions);
};
/**
* Revoke all active sessions belong to user
* @param req
* @param res
* @returns
*/
export const deleteMySessions = async (req: Request, res: Response) => {
await TokenVersion.updateMany(
{
user: req.user._id
},
{
$inc: {
refreshVersion: 1,
accessVersion: 1
}
}
);
return res.status(200).send({
message: "Successfully revoked all sessions"
});
};
/**
* Return the current user.
* @param req
* @param res
* @returns
*/
export const getMe = async (req: Request, res: Response) => {
/*
#swagger.summary = "Retrieve the current user on the request"
#swagger.description = "Retrieve the current user on the request"
#swagger.security = [{
"apiKeyAuth": []
}]
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"user": {
"type": "object",
$ref: "#/components/schemas/CurrentUser",
"description": "Current user on request"
}
}
}
}
}
}
*/
const user = await User.findById(req.user._id).select(
"+salt +publicKey +encryptedPrivateKey +iv +tag +encryptionVersion +protectedKey +protectedKeyIV +protectedKeyTag"
);
return res.status(200).send({
user
});
};
/**
* Delete the current user.
* @param req
* @param res
*/
export const deleteMe = async (req: Request, res: Response) => {
const user = await deleteUser({
userId: req.user._id
});
return res.status(200).send({
user
});
}

View File

@@ -1,883 +0,0 @@
import { Request, Response } from "express";
import { Types } from "mongoose";
import {
IIdentity,
IdentityMembership,
IdentityMembershipOrg,
Key,
Membership,
ServiceTokenData,
Workspace
} from "../../models";
import { IRole, Role } from "../../ee/models";
import {
pullSecrets as pull,
v2PushSecrets as push,
reformatPullSecrets
} from "../../helpers/secret";
import { pushKeys } from "../../helpers/key";
import { EventService, TelemetryService } from "../../services";
import { eventPushSecrets } from "../../events";
import { EEAuditLogService } from "../../ee/services";
import { EventType } from "../../ee/models";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation";
import {
ProjectPermissionActions,
ProjectPermissionSub,
getAuthDataProjectPermissions,
getWorkspaceRolePermissions,
isAtLeastAsPrivilegedWorkspace
} from "../../ee/services/ProjectRoleService";
import { ForbiddenError } from "@casl/ability";
import { BadRequestError, ForbiddenRequestError, ResourceNotFoundError } from "../../utils/errors";
import { ADMIN, CUSTOM, MEMBER, NO_ACCESS, VIEWER } from "../../variables";
interface V2PushSecret {
type: string; // personal or shared
secretKeyCiphertext: string;
secretKeyIV: string;
secretKeyTag: string;
secretKeyHash: string;
secretValueCiphertext: string;
secretValueIV: string;
secretValueTag: string;
secretValueHash: string;
secretCommentCiphertext?: string;
secretCommentIV?: string;
secretCommentTag?: string;
secretCommentHash?: string;
}
/**
* Upload (encrypted) secrets to workspace with id [workspaceId]
* for environment [environment]
* @param req
* @param res
* @returns
*/
export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
// upload (encrypted) secrets to workspace with id [workspaceId]
const postHogClient = await TelemetryService.getPostHogClient();
let { secrets }: { secrets: V2PushSecret[] } = req.body;
const { keys, environment, channel } = req.body;
const { workspaceId } = req.params;
// validate environment
const workspaceEnvs = req.membership.workspace.environments;
if (!workspaceEnvs.find(({ slug }: { slug: string }) => slug === environment)) {
throw new Error("Failed to validate environment");
}
// sanitize secrets
secrets = secrets.filter(
(s: V2PushSecret) => s.secretKeyCiphertext !== "" && s.secretValueCiphertext !== ""
);
await push({
userId: req.user._id,
workspaceId,
environment,
secrets,
channel: channel ? channel : "cli",
ipAddress: req.realIP
});
await pushKeys({
userId: req.user._id,
workspaceId,
keys
});
if (postHogClient) {
postHogClient.capture({
event: "secrets pushed",
distinctId: req.user.email,
properties: {
numberOfSecrets: secrets.length,
environment,
workspaceId,
channel: channel ? channel : "cli"
}
});
}
// trigger event - push secrets
EventService.handleEvent({
event: eventPushSecrets({
workspaceId: new Types.ObjectId(workspaceId),
environment,
secretPath: "/"
})
});
return res.status(200).send({
message: "Successfully uploaded workspace secrets"
});
};
/**
* Return (encrypted) secrets for workspace with id [workspaceId]
* for environment [environment]
* @param req
* @param res
* @returns
*/
export const pullSecrets = async (req: Request, res: Response) => {
let secrets;
const postHogClient = await TelemetryService.getPostHogClient();
const environment: string = req.query.environment as string;
const channel: string = req.query.channel as string;
const { workspaceId } = req.params;
let userId;
if (req.user) {
userId = req.user._id.toString();
} else if (req.serviceTokenData) {
userId = req.serviceTokenData.user.toString();
}
// validate environment
const workspaceEnvs = req.membership.workspace.environments;
if (!workspaceEnvs.find(({ slug }: { slug: string }) => slug === environment)) {
throw new Error("Failed to validate environment");
}
secrets = await pull({
userId,
workspaceId,
environment,
channel: channel ? channel : "cli",
ipAddress: req.realIP
});
if (channel !== "cli") {
secrets = reformatPullSecrets({ secrets });
}
if (postHogClient) {
// capture secrets pushed event in production
postHogClient.capture({
distinctId: req.user.email,
event: "secrets pulled",
properties: {
numberOfSecrets: secrets.length,
environment,
workspaceId,
channel: channel ? channel : "cli"
}
});
}
return res.status(200).send({
secrets
});
};
export const getWorkspaceKey = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return encrypted project key'
#swagger.description = 'Return encrypted project key'
#swagger.security = [{
"apiKeyAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "array",
"items": {
$ref: "#/components/schemas/ProjectKey"
},
"description": "Encrypted project key for the given project"
}
}
}
}
*/
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceKeyV2, req);
const key = await Key.findOne({
workspace: workspaceId,
receiver: req.user._id
}).populate("sender", "+publicKey");
if (!key) throw new Error(`getWorkspaceKey: Failed to find workspace key [workspaceId=${workspaceId}] [receiver=${req.user._id}]`);
await EEAuditLogService.createAuditLog(
req.authData,
{
type: EventType.GET_WORKSPACE_KEY,
metadata: {
keyId: key._id.toString()
}
},
{
workspaceId: new Types.ObjectId(workspaceId)
}
);
return res.status(200).json(key);
};
export const getWorkspaceServiceTokenData = async (req: Request, res: Response) => {
const { workspaceId } = req.params;
const serviceTokenData = await ServiceTokenData.find({
workspace: workspaceId
}).select("+encryptedKey +iv +tag");
return res.status(200).send({
serviceTokenData
});
};
/**
* Return memberships for workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspaceMemberships = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return project user memberships'
#swagger.description = 'Return project user memberships'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"memberships": {
"type": "array",
"items": {
$ref: "#/components/schemas/Membership"
},
"description": "Memberships of project"
}
}
}
}
}
}
*/
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceMembershipsV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Member
);
const memberships = await Membership.find({
workspace: workspaceId
}).populate("user", "+publicKey");
return res.status(200).send({
memberships
});
};
/**
* Update role of membership with id [membershipId] to role [role]
* @param req
* @param res
* @returns
*/
export const updateWorkspaceMembership = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Update project user membership'
#swagger.description = 'Update project user membership'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string"
}
#swagger.parameters['membershipId'] = {
"description": "ID of project membership to update",
"required": true,
"type": "string"
}
#swagger.requestBody = {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"role": {
"type": "string",
"description": "Role to update to for project membership",
}
}
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"membership": {
$ref: "#/components/schemas/Membership",
"description": "Updated membership"
}
}
}
}
}
}
*/
const {
params: { workspaceId, membershipId },
body: { role }
} = await validateRequest(reqValidator.UpdateWorkspaceMembershipsV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Member
);
const membership = await Membership.findByIdAndUpdate(
membershipId,
{
role
},
{
new: true
}
);
return res.status(200).send({
membership
});
};
/**
* Delete workspace membership with id [membershipId]
* @param req
* @param res
* @returns
*/
export const deleteWorkspaceMembership = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Delete project user membership'
#swagger.description = 'Delete project user membership'
#swagger.security = [{
"apiKeyAuth": [],
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string"
}
#swagger.parameters['membershipId'] = {
"description": "ID of project membership to delete",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"membership": {
$ref: "#/components/schemas/Membership",
"description": "Deleted membership"
}
}
}
}
}
}
*/
const {
params: { workspaceId, membershipId }
} = await validateRequest(reqValidator.DeleteWorkspaceMembershipsV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Member
);
const membership = await Membership.findByIdAndDelete(membershipId);
if (!membership) throw new Error("Failed to delete workspace membership");
await Key.deleteMany({
receiver: membership.user,
workspace: membership.workspace
});
return res.status(200).send({
membership
});
};
/**
* Change autoCapitilzation Rule of workspace
* @param req
* @param res
* @returns
*/
export const toggleAutoCapitalization = async (req: Request, res: Response) => {
const {
params: { workspaceId },
body: { autoCapitalization }
} = await validateRequest(reqValidator.ToggleAutoCapitalizationV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Settings
);
const workspace = await Workspace.findOneAndUpdate(
{
_id: workspaceId
},
{
autoCapitalization
},
{
new: true
}
);
return res.status(200).send({
message: "Successfully changed autoCapitalization setting",
workspace
});
};
/**
* Add identity with id [identityId] to workspace
* with id [workspaceId]
* @param req
* @param res
*/
export const addIdentityToWorkspace = async (req: Request, res: Response) => {
const {
params: { workspaceId, identityId },
body: {
role
}
} = await validateRequest(reqValidator.AddIdentityToWorkspaceV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Create,
ProjectPermissionSub.Identity
);
let identityMembership = await IdentityMembership.findOne({
identity: new Types.ObjectId(identityId),
workspace: new Types.ObjectId(workspaceId)
});
if (identityMembership) throw BadRequestError({
message: `Identity with id ${identityId} already exists in project with id ${workspaceId}`
});
const workspace = await Workspace.findById(workspaceId);
if (!workspace) throw ResourceNotFoundError();
const identityMembershipOrg = await IdentityMembershipOrg.findOne({
identity: new Types.ObjectId(identityId),
organization: workspace.organization
});
if (!identityMembershipOrg) throw ResourceNotFoundError({
message: `Failed to find identity with id ${identityId}`
});
if (!identityMembershipOrg.organization.equals(workspace.organization)) throw BadRequestError({
message: "Failed to add identity to project in another organization"
});
const rolePermission = await getWorkspaceRolePermissions(role, workspaceId);
const isAsPrivilegedAsIntendedRole = isAtLeastAsPrivilegedWorkspace(permission, rolePermission);
if (!isAsPrivilegedAsIntendedRole) throw ForbiddenRequestError({
message: "Failed to add identity to project with more privileged role"
});
let customRole;
if (role) {
const isCustomRole = ![ADMIN, MEMBER, VIEWER, NO_ACCESS].includes(role);
if (isCustomRole) {
customRole = await Role.findOne({
slug: role,
isOrgRole: false,
workspace: new Types.ObjectId(workspaceId)
});
if (!customRole) throw BadRequestError({ message: "Role not found" });
}
}
identityMembership = await new IdentityMembership({
identity: identityMembershipOrg.identity,
workspace: new Types.ObjectId(workspaceId),
role: customRole ? CUSTOM : role,
customRole
}).save();
return res.status(200).send({
identityMembership
});
}
/**
* Update role of identity with id [identityId] in workspace
* with id [workspaceId] to [role]
* @param req
* @param res
*/
export const updateIdentityWorkspaceRole = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Update project identity membership'
#swagger.description = 'Update project identity membership'
#swagger.security = [{
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string"
}
#swagger.parameters['identityId'] = {
"description": "ID of identity whose membership to update in project",
"required": true,
"type": "string"
}
#swagger.requestBody = {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"role": {
"type": "string",
"description": "Role to update to for identity project membership",
}
}
}
}
}
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"identityMembership": {
$ref: "#/components/schemas/IdentityMembership",
"description": "Updated identity membership"
}
}
}
}
}
}
*/
const {
params: { workspaceId, identityId },
body: {
role
}
} = await validateRequest(reqValidator.UpdateIdentityWorkspaceRoleV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Edit,
ProjectPermissionSub.Identity
);
let identityMembership = await IdentityMembership
.findOne({
identity: new Types.ObjectId(identityId),
workspace: new Types.ObjectId(workspaceId)
})
.populate<{
identity: IIdentity,
customRole: IRole
}>("identity customRole");
if (!identityMembership) throw BadRequestError({
message: `Identity with id ${identityId} does not exist in project with id ${workspaceId}`
});
const identityRolePermission = await getWorkspaceRolePermissions(
identityMembership?.customRole?.slug ?? identityMembership.role,
identityMembership.workspace.toString()
);
const isAsPrivilegedAsIdentity = isAtLeastAsPrivilegedWorkspace(permission, identityRolePermission);
if (!isAsPrivilegedAsIdentity) throw ForbiddenRequestError({
message: "Failed to update role of more privileged identity"
});
const rolePermission = await getWorkspaceRolePermissions(role, workspaceId);
const isAsPrivilegedAsIntendedRole = isAtLeastAsPrivilegedWorkspace(permission, rolePermission);
if (!isAsPrivilegedAsIntendedRole) throw ForbiddenRequestError({
message: "Failed to update identity to a more privileged role"
});
let customRole;
if (role) {
const isCustomRole = ![ADMIN, MEMBER, VIEWER, NO_ACCESS].includes(role);
if (isCustomRole) {
customRole = await Role.findOne({
slug: role,
isOrgRole: false,
workspace: new Types.ObjectId(workspaceId)
});
if (!customRole) throw BadRequestError({ message: "Role not found" });
}
}
identityMembership = await IdentityMembership.findOneAndUpdate(
{
identity: identityMembership.identity._id,
workspace: new Types.ObjectId(workspaceId),
},
{
role: customRole ? CUSTOM : role,
customRole
},
{
new: true
}
);
return res.status(200).send({
identityMembership
});
}
/**
* Delete identity with id [identityId] from workspace
* with id [workspaceId]
* @param req
* @param res
*/
export const deleteIdentityFromWorkspace = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Delete project identity membership'
#swagger.description = 'Delete project identity membership'
#swagger.security = [{
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string"
}
#swagger.parameters['identityId'] = {
"description": "ID of identity whose membership to delete in project",
"required": true,
"type": "string"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"identityMembership": {
$ref: "#/components/schemas/IdentityMembership",
"description": "Deleted identity membership"
}
}
}
}
}
}
*/
const {
params: { workspaceId, identityId }
} = await validateRequest(reqValidator.DeleteIdentityFromWorkspaceV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Delete,
ProjectPermissionSub.Identity
);
const identityMembership = await IdentityMembership
.findOne({
identity: new Types.ObjectId(identityId),
workspace: new Types.ObjectId(workspaceId)
})
.populate<{
identity: IIdentity,
customRole: IRole
}>("identity customRole");
if (!identityMembership) throw ResourceNotFoundError({
message: `Identity with id ${identityId} does not exist in project with id ${workspaceId}`
});
const identityRolePermission = await getWorkspaceRolePermissions(
identityMembership?.customRole?.slug ?? identityMembership.role,
identityMembership.workspace.toString()
);
const isAsPrivilegedAsIdentity = isAtLeastAsPrivilegedWorkspace(permission, identityRolePermission);
if (!isAsPrivilegedAsIdentity) throw ForbiddenRequestError({
message: "Failed to remove more privileged identity from project"
});
await IdentityMembership.findByIdAndDelete(identityMembership._id);
return res.status(200).send({
identityMembership
});
}
/**
* Return list of identity memberships for workspace with id [workspaceId]
* @param req
* @param res
* @returns
*/
export const getWorkspaceIdentityMemberships = async (req: Request, res: Response) => {
/*
#swagger.summary = 'Return project identity memberships'
#swagger.description = 'Return project identity memberships'
#swagger.security = [{
"bearerAuth": []
}]
#swagger.parameters['workspaceId'] = {
"description": "ID of project",
"required": true,
"type": "string",
"in": "path"
}
#swagger.responses[200] = {
content: {
"application/json": {
"schema": {
"type": "object",
"properties": {
"identityMemberships": {
"type": "array",
"items": {
$ref: "#/components/schemas/IdentityMembership"
},
"description": "Identity memberships of project"
}
}
}
}
}
}
*/
const {
params: { workspaceId }
} = await validateRequest(reqValidator.GetWorkspaceIdentityMembersV2, req);
const { permission } = await getAuthDataProjectPermissions({
authData: req.authData,
workspaceId: new Types.ObjectId(workspaceId)
});
ForbiddenError.from(permission).throwUnlessCan(
ProjectPermissionActions.Read,
ProjectPermissionSub.Identity
);
const identityMemberships = await IdentityMembership.find({
workspace: new Types.ObjectId(workspaceId)
}).populate("identity customRole");
return res.status(200).send({
identityMemberships
});
}

View File

@@ -1,224 +0,0 @@
/* eslint-disable @typescript-eslint/no-var-requires */
import { Request, Response } from "express";
import jwt from "jsonwebtoken";
import * as bigintConversion from "bigint-conversion";
const jsrp = require("jsrp");
import { LoginSRPDetail, User } from "../../models";
import { createToken, issueAuthTokens, validateProviderAuthToken } from "../../helpers/auth";
import { checkUserDevice } from "../../helpers/user";
import { sendMail } from "../../helpers/nodemailer";
import { TokenService } from "../../services";
import { BadRequestError, InternalServerError } from "../../utils/errors";
import { AuthTokenType, TOKEN_EMAIL_MFA } from "../../variables";
import { getAuthSecret, getHttpsEnabled, getJwtMfaLifetime } from "../../config";
import { AuthMethod } from "../../models/user";
import { validateRequest } from "../../helpers/validation";
import * as reqValidator from "../../validation/auth";
declare module "jsonwebtoken" {
export interface ProviderAuthJwtPayload extends jwt.JwtPayload {
userId: string;
email: string;
authProvider: AuthMethod;
isUserCompleted: boolean;
}
}
/**
* Log in user step 1: Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
* @param req
* @param res
* @returns
*/
export const login1 = async (req: Request, res: Response) => {
const {
body: { email, clientPublicKey, providerAuthToken }
} = await validateRequest(reqValidator.Login1V3, req);
const user = await User.findOne({
email
}).select("+salt +verifier");
if (!user) throw new Error("Failed to find user");
if (!user.authMethods.includes(AuthMethod.EMAIL)) {
await validateProviderAuthToken({
email,
providerAuthToken
});
}
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier
},
async () => {
// generate server-side public key
const serverPublicKey = server.getPublicKey();
await LoginSRPDetail.findOneAndReplace(
{
email: email
},
{
email,
userId: user.id,
clientPublicKey: clientPublicKey,
serverBInt: bigintConversion.bigintToBuf(server.bInt)
},
{ upsert: true, returnNewDocument: false }
);
return res.status(200).send({
serverPublicKey,
salt: user.salt
});
}
);
};
/**
* Log in user step 2: complete step 2 of SRP protocol and return token and their (encrypted)
* private key
* @param req
* @param res
* @returns
*/
export const login2 = async (req: Request, res: Response) => {
if (!req.headers["user-agent"])
throw InternalServerError({ message: "User-Agent header is required" });
const {
body: { email, providerAuthToken, clientProof }
} = await validateRequest(reqValidator.Login2V3, req);
const user = await User.findOne({
email
}).select(
"+salt +verifier +encryptionVersion +protectedKey +protectedKeyIV +protectedKeyTag +publicKey +encryptedPrivateKey +iv +tag +devices"
);
if (!user) throw new Error("Failed to find user");
if (!user.authMethods.includes(AuthMethod.EMAIL)) {
await validateProviderAuthToken({
email,
providerAuthToken
});
}
const loginSRPDetail = await LoginSRPDetail.findOneAndDelete({ email: email });
if (!loginSRPDetail) {
return BadRequestError(Error("Failed to find login details for SRP"));
}
const server = new jsrp.server();
server.init(
{
salt: user.salt,
verifier: user.verifier,
b: loginSRPDetail.serverBInt
},
async () => {
server.setClientPublicKey(loginSRPDetail.clientPublicKey);
// compare server and client shared keys
if (server.checkClientProof(clientProof)) {
if (user.isMfaEnabled) {
// case: user has MFA enabled
// generate temporary MFA token
const token = createToken({
payload: {
authTokenType: AuthTokenType.MFA_TOKEN,
userId: user._id.toString()
},
expiresIn: await getJwtMfaLifetime(),
secret: await getAuthSecret()
});
const code = await TokenService.createToken({
type: TOKEN_EMAIL_MFA,
email
});
// send MFA code [code] to [email]
await sendMail({
template: "emailMfa.handlebars",
subjectLine: "Infisical MFA code",
recipients: [user.email],
substitutions: {
code
}
});
return res.status(200).send({
mfaEnabled: true,
token
});
}
await checkUserDevice({
user,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// issue tokens
const tokens = await issueAuthTokens({
userId: user._id,
ip: req.realIP,
userAgent: req.headers["user-agent"] ?? ""
});
// store (refresh) token in httpOnly cookie
res.cookie("jid", tokens.refreshToken, {
httpOnly: true,
path: "/",
sameSite: "strict",
secure: await getHttpsEnabled()
});
// case: user does not have MFA enablgged
// return (access) token in response
interface ResponseData {
mfaEnabled: boolean;
encryptionVersion: any;
protectedKey?: string;
protectedKeyIV?: string;
protectedKeyTag?: string;
token: string;
publicKey?: string;
encryptedPrivateKey?: string;
iv?: string;
tag?: string;
}
const response: ResponseData = {
mfaEnabled: false,
encryptionVersion: user.encryptionVersion,
token: tokens.token,
publicKey: user.publicKey,
encryptedPrivateKey: user.encryptedPrivateKey,
iv: user.iv,
tag: user.tag
};
if (user?.protectedKey && user?.protectedKeyIV && user?.protectedKeyTag) {
response.protectedKey = user.protectedKey;
response.protectedKeyIV = user.protectedKeyIV;
response.protectedKeyTag = user.protectedKeyTag;
}
return res.status(200).send(response);
}
return res.status(400).send({
message: "Failed to authenticate. Try again?"
});
}
);
};

Some files were not shown because too many files have changed in this diff Show More