From f3b461a62c20541de645cdcd8981368d08eb16db Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Tue, 13 Jun 2023 16:50:56 +0100 Subject: [PATCH] Handle password on creation --- .../server/src/api/controllers/application.ts | 24 +++++++++++++++---- packages/server/src/api/controllers/backup.ts | 2 +- .../server/src/sdk/app/backups/imports.ts | 21 ++++++++++------ 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/packages/server/src/api/controllers/application.ts b/packages/server/src/api/controllers/application.ts index 9c89b48b8a..ab2956fb9f 100644 --- a/packages/server/src/api/controllers/application.ts +++ b/packages/server/src/api/controllers/application.ts @@ -114,7 +114,18 @@ function checkAppName( } } -async function createInstance(appId: string, template: any) { +interface AppTemplate { + templateString: string + useTemplate: string + file?: { + type: string + path: string + password?: string + } + key?: string +} + +async function createInstance(appId: string, template: AppTemplate) { const db = context.getAppDB() await db.put({ _id: "_design/database", @@ -237,19 +248,24 @@ export async function fetchAppPackage(ctx: UserCtx) { async function performAppCreate(ctx: UserCtx) { const apps = (await dbCore.getAllApps({ dev: true })) as App[] const name = ctx.request.body.name, - possibleUrl = ctx.request.body.url + possibleUrl = ctx.request.body.url, + encryptionPassword = ctx.request.body.encryptionPassword + checkAppName(ctx, apps, name) const url = sdk.applications.getAppUrl({ name, url: possibleUrl }) checkAppUrl(ctx, apps, url) const { useTemplate, templateKey, templateString } = ctx.request.body - const instanceConfig: any = { + const instanceConfig: AppTemplate = { useTemplate, key: templateKey, templateString, } if (ctx.request.files && ctx.request.files.templateFile) { - instanceConfig.file = ctx.request.files.templateFile + instanceConfig.file = { + ...(ctx.request.files.templateFile as any), + password: encryptionPassword, + } } const tenantId = tenancy.isMultiTenant() ? tenancy.getTenantId() : null const appId = generateDevAppID(generateAppID(tenantId)) diff --git a/packages/server/src/api/controllers/backup.ts b/packages/server/src/api/controllers/backup.ts index c599641ef0..e3b98f0058 100644 --- a/packages/server/src/api/controllers/backup.ts +++ b/packages/server/src/api/controllers/backup.ts @@ -10,7 +10,7 @@ export async function exportAppDump(ctx: any) { const appName = decodeURI(ctx.query.appname) excludeRows = isQsTrue(excludeRows) const backupIdentifier = `${appName}-export-${new Date().getTime()}${ - encryptPassword ? "-enc" : "" + encryptPassword ? ".enc" : "" }.tar.gz` ctx.attachment(backupIdentifier) ctx.body = await sdk.backups.streamExportApp({ diff --git a/packages/server/src/sdk/app/backups/imports.ts b/packages/server/src/sdk/app/backups/imports.ts index 08b003a55b..0bc415badb 100644 --- a/packages/server/src/sdk/app/backups/imports.ts +++ b/packages/server/src/sdk/app/backups/imports.ts @@ -124,12 +124,19 @@ export function untarFile(file: { path: string }) { return tmpPath } -async function decryptFiles(path: string) { - for (let file of fs.readdirSync(path)) { - const inputPath = join(path, file) - const outputPath = inputPath.replace(/\.enc$/, "") - await encryption.decryptFile(inputPath, outputPath, "password") - fs.rmSync(inputPath) +async function decryptFiles(path: string, password: string) { + try { + for (let file of fs.readdirSync(path)) { + const inputPath = join(path, file) + const outputPath = inputPath.replace(/\.enc$/, "") + await encryption.decryptFile(inputPath, outputPath, password) + fs.rmSync(inputPath) + } + } catch (err: any) { + if (err.message === "incorrect header check") { + throw new Error("Wrong password") + } + throw err } } @@ -154,7 +161,7 @@ export async function importApp( if (template.file && (isTar || isDirectory)) { const tmpPath = isTar ? untarFile(template.file) : template.file.path if (isTar && template.file.password) { - await decryptFiles(tmpPath) + await decryptFiles(tmpPath, template.file.password) } const contents = fs.readdirSync(tmpPath) // have to handle object import