npm - @adobe/aio-cli-plugin-api-mesh - Versions diffs - 3.4.0 → 3.5.0-beta.1 - Mend

@adobe/aio-cli-plugin-api-mesh 3.4.0 → 3.5.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/oclif.manifest.json +1 -1
package/package.json +7 -5
package/src/commands/__fixtures__/env_invalid +2 -8
package/src/commands/__fixtures__/sample_secrets_mesh.json +18 -0
package/src/commands/__fixtures__/secrets_invalid.yaml +3 -0
package/src/commands/__fixtures__/secrets_valid.yaml +2 -0
package/src/commands/__fixtures__/secrets_with_batch_variables.yaml +4 -0
package/src/commands/api-mesh/__tests__/create.test.js +316 -5
package/src/commands/api-mesh/__tests__/run.test.js +146 -7
package/src/commands/api-mesh/create.js +21 -1
package/src/commands/api-mesh/run.js +17 -0
package/src/commands/api-mesh/update.js +33 -7
package/src/helpers.js +21 -0
package/src/lib/devConsole.js +48 -0
package/src/server.js +7 -0
package/src/serverUtils.js +21 -0
package/src/utils.js +149 -60

package/src/utils.js CHANGED Viewed

@@ -5,6 +5,11 @@ const { Flags } = require('@oclif/core');
 const { readFile } = require('fs/promises');
 const { interpolateMesh } = require('./helpers');
 const dotenv = require('dotenv');
+const YAML = require('yaml');
+const parseEnv = require('envsub/js/envsub-parser');
+const os = require('os');
+const chalk = require('chalk');
+const crypto = require('crypto');
 /**
  * @returns returns the root directory of the project
@@ -41,6 +46,12 @@ const envFileFlag = Flags.string({
 	default: '.env',
 });
+const secretsFlag = Flags.string({
+	char: 's',
+	description: 'Path to secrets file',
+	default: false,
+});
 const portNoFlag = Flags.integer({
 	char: 'p',
 	description: 'Port number for the local dev server',
@@ -297,61 +308,6 @@ function validateFileName(filesList) {
 	}
 }
-/**validates the environment file content
- * @param {string} envContent
- * @returns {object} containing the status of validation
- * If validation is failed then the error property including the formatting errors is returned.
- */
-function validateEnvFileFormat(envContent) {
-	//Key should start with a underscore or an alphabet followed by underscore/alphanumeric characters
-	const envKeyRegex = /^[a-zA-Z_]+[a-zA-Z0-9_]*$/;
-	const envValueRegex = /^(?:"(?:\\.|[^\\"])*"|'(?:\\.|[^\\'])*'|[^'"\s])+$/;
-	/*
-	The above regex matches one or more of below :
-	(?:"(?:\\.|[^\\"])*"|'(?:\\.|[^\\'])*'|[^'"\s])
-	which is
-	1. ?:"(?:\\.|[^\\"])*" : Non capturing group starts and ends with '"'
-	*/
-	const envDict = {};
-	const lines = envContent.split(/\r?\n/);
-	const errors = [];
-	for (let index = 0; index < lines.length; index++) {
-		const line = lines[index];
-		const trimmedLine = line.trim();
-		if (trimmedLine.startsWith('#') || trimmedLine === '') {
-			// ignore comment or empty lines
-			continue;
-		}
-		if (!trimmedLine.includes('=')) {
-			errors.push(`Invalid format << ${trimmedLine} >> on line ${index + 1}`);
-		} else {
-			const [key, value] = trimmedLine.split('=', 2);
-			if (!envKeyRegex.test(key) || !envValueRegex.test(value)) {
-				// invalid format: key or value does not match regex
-				errors.push(`Invalid format for key/value << ${trimmedLine} >> on line ${index + 1}`);
-			}
-			if (key in envDict) {
-				// duplicate key found
-				errors.push(`Duplicate key << ${key} >> on line ${index + 1}`);
-			}
-			envDict[key] = value;
-		}
-	}
-	if (errors.length) {
-		return {
-			valid: false,
-			error: errors.toString(),
-		};
-	}
-	return {
-		valid: true,
-	};
-}
 /**
  * Read the environment file, checks for validation status and interpolate mesh
  * @param {string} inputMeshData
@@ -364,10 +320,10 @@ async function validateAndInterpolateMesh(inputMeshData, envFilePath, command) {
 	const envFileContent = await readFileContents(envFilePath, command, 'env');
 	//Validate the environment file
-	const envFileValidity = validateEnvFileFormat(envFileContent);
-	if (envFileValidity.valid) {
+	try {
 		//load env file using dotenv and add 'env' as the root property in the object
-		const envObj = { env: dotenv.config({ path: envFilePath }).parsed };
+		const config = dotenv.parse(envFileContent);
+		const envObj = { env: config };
 		const { interpolationStatus, missingKeys, interpolatedMeshData } = await interpolateMesh(
 			inputMeshData,
 			envObj,
@@ -386,8 +342,138 @@ async function validateAndInterpolateMesh(inputMeshData, envFilePath, command) {
 			command.log(interpolatedMeshData);
 			command.error('Interpolated mesh is not a valid JSON. Please check the generated json file.');
 		}
+	} catch (err) {
+		command.error(`Issue in ${envFilePath} file - ` + err.message);
+	}
+}
+/**
+ * Validate secrets file
+ *
+ * @param secretsFile Validates that secrets file extension is in yaml
+ */
+async function validateSecretsFile(secretsFile) {
+	try {
+		const validExtensions = ['.yaml', '.yml'];
+		const fileExtension = secretsFile.split('.').pop().toLowerCase();
+		if (!validExtensions.includes('.' + fileExtension)) {
+			throw new Error(
+				chalk.red('Invalid file format. Please provide a YAML file (.yaml or .yml).'),
+			);
+		}
+	} catch (error) {
+		logger.error(error.message);
+		throw new Error(error.message);
+	}
+}
+/**
+ * Read the secrets file, checks validation and interpolate mesh
+ *
+ * @param secretsFilePath Secrets file path
+ * @param command
+ */
+async function interpolateSecrets(secretsFilePath, command) {
+	try {
+		const secretsContent = await readFileContents(secretsFilePath, command, 'secrets');
+		// Check if environment variables are used in the file content
+		if (os.platform() === 'win32' && /\$({)?[a-zA-Z_][a-zA-Z0-9_]*}?/.test(secretsContent)) {
+			throw new Error(chalk.red('Batch variables are not supported in YAML files on Windows.'));
+		}
+		const secrets = await parseSecrets(secretsContent);
+		return secrets;
+	} catch (err) {
+		logger.error(err.message);
+		throw new Error(err.message);
+	}
+}
+/**
+ * Parse secrets YAML content.
+ *
+ * @param secretsFilePath Secrets file path
+ */
+async function parseSecrets(secretsContent) {
+	try {
+		const envParserConfig = {
+			outputFile: null,
+			options: {
+				all: false,
+				diff: false,
+				protect: false,
+				syntax: 'dollar-both',
+			},
+			cli: false,
+		};
+		const compiledSecretsFileContent = parseEnv(secretsContent, envParserConfig);
+		const parsedSecrets = YAML.parse(compiledSecretsFileContent);
+		//check if secrets file is empty
+		if (!parsedSecrets) {
+			throw new Error(chalk.red('Invalid YAML file contents. Please verify and try again.'));
+		}
+		//check if parsedSecrets is string and not in k:v pair
+		if (typeof parsedSecrets === 'string') {
+			throw new Error(chalk.red('Please provide a valid YAML in key:value format.'));
+		}
+		const secretsYamlString = YAML.stringify(parsedSecrets);
+		return secretsYamlString; //TODO: here we will encrypt secrets and return.
+	} catch (err) {
+		throw new Error(chalk.red(getSecretsYamlParseError(err)));
+	}
+}
+/**
+ * This function returns user friendly errors that occurs while YAML.parse
+ *
+ * @param error errors from YAML.parse
+ */
+function getSecretsYamlParseError(error) {
+	if (error.code === 'BAD_INDENT') {
+		return 'Invalid YAML - Bad Indentation: ' + error.message;
+	} else if (error.code === 'DUPLICATE_KEY') {
+		return 'Invalid YAML - Found Duplicate Keys: ' + error.message;
 	} else {
-		command.error(`Issue in ${envFilePath} file - ` + envFileValidity.error);
+		return 'Unexpected Error: ' + error.message;
+	}
+}
+/**
+ * Performs hybrid encryption of secrets(AES + RSA)
+ *
+ * @param publicKey Public key for (AES + RSA) encryption
+ * @param secrets Secrets Data that needs encryption
+ */
+async function encryptSecrets(publicKey, secrets) {
+	if (!publicKey || typeof publicKey !== 'string' || !publicKey.trim()) {
+		throw new Error(chalk.red('Unable to encrypt secerts. Invalid Public Key.'));
+	}
+	try {
+		// Generate a random AES key and IV
+		const aesKey = crypto.randomBytes(32); // 256-bit key for AES-256
+		const iv = crypto.randomBytes(16); // Initialization vector
+		// Encrypt the secrets using AES-256-CBC
+		const cipher = crypto.createCipheriv('aes-256-cbc', aesKey, iv);
+		let encryptedData = cipher.update(secrets, 'utf8', 'base64');
+		encryptedData += cipher.final('base64');
+		// Encrypt the AES key using RSA with OAEP padding
+		const encryptedAesKey = crypto.publicEncrypt(
+			{
+				key: publicKey,
+				padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+			},
+			aesKey,
+		);
+		// Package the encrypted AES key, IV, and encrypted data
+		const encryptedPackage = {
+			iv: iv.toString('base64'),
+			key: encryptedAesKey.toString('base64'),
+			data: encryptedData,
+		};
+		return JSON.stringify(encryptedPackage);
+	} catch (error) {
+		logger.error('Unable to encrypt secrets. Please try again. :', error.message);
+		throw new Error(`Unable to encrypt secerts. ${error.message}`);
 	}
 }
@@ -399,10 +485,13 @@ module.exports = {
 	envFileFlag,
 	checkPlaceholders,
 	readFileContents,
-	validateEnvFileFormat,
 	validateAndInterpolateMesh,
 	getAppRootDir,
 	portNoFlag,
 	debugFlag,
 	selectFlag,
+	secretsFlag,
+	interpolateSecrets,
+	validateSecretsFile,
+	encryptSecrets,
 };