@boxyhq/saml-jackson 0.2.1-beta.155 → 0.2.1-beta.156
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/db/db.js +36 -14
- package/src/db/db.test.js +72 -22
- package/src/db/encrypter.js +36 -0
- package/src/db/mem.js +1 -1
- package/src/db/mongo.js +2 -2
- package/src/db/redis.js +1 -1
- package/src/db/sql/entity/JacksonStore.js +10 -0
- package/src/db/sql/model/JacksonStore.js +3 -1
- package/src/db/sql/sql.js +12 -4
- package/src/env.js +1 -0
package/package.json
CHANGED
package/src/db/db.js
CHANGED
|
@@ -3,18 +3,39 @@ const mongo = require('./mongo.js');
|
|
|
3
3
|
const redis = require('./redis.js');
|
|
4
4
|
const sql = require('./sql/sql.js');
|
|
5
5
|
const store = require('./store.js');
|
|
6
|
+
const encrypter = require('./encrypter.js');
|
|
7
|
+
|
|
8
|
+
const decrypt = (res, encryptionKey) => {
|
|
9
|
+
if (res.iv && res.tag) {
|
|
10
|
+
return JSON.parse(
|
|
11
|
+
encrypter.decrypt(res.value, res.iv, res.tag, encryptionKey)
|
|
12
|
+
);
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
return JSON.parse(res.value);
|
|
16
|
+
};
|
|
6
17
|
|
|
7
18
|
class DB {
|
|
8
|
-
constructor(db) {
|
|
19
|
+
constructor(db, encryptionKey) {
|
|
9
20
|
this.db = db;
|
|
21
|
+
this.encryptionKey = encryptionKey;
|
|
10
22
|
}
|
|
11
23
|
|
|
12
24
|
async get(namespace, key) {
|
|
13
|
-
|
|
25
|
+
const res = await this.db.get(namespace, key);
|
|
26
|
+
if (!res) {
|
|
27
|
+
return null;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
return decrypt(res, this.encryptionKey);
|
|
14
31
|
}
|
|
15
32
|
|
|
16
33
|
async getByIndex(namespace, idx) {
|
|
17
|
-
|
|
34
|
+
const res = await this.db.getByIndex(namespace, idx);
|
|
35
|
+
const encryptionKey = this.encryptionKey;
|
|
36
|
+
return res.map((r) => {
|
|
37
|
+
return decrypt(r, encryptionKey);
|
|
38
|
+
});
|
|
18
39
|
}
|
|
19
40
|
|
|
20
41
|
// ttl is in seconds
|
|
@@ -23,13 +44,11 @@ class DB {
|
|
|
23
44
|
throw new Error('secondary indexes not allow on a store with ttl');
|
|
24
45
|
}
|
|
25
46
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
...indexes
|
|
32
|
-
);
|
|
47
|
+
const dbVal = this.encryptionKey
|
|
48
|
+
? encrypter.encrypt(JSON.stringify(val), this.encryptionKey)
|
|
49
|
+
: { value: JSON.stringify(val) };
|
|
50
|
+
|
|
51
|
+
return await this.db.put(namespace, key, dbVal, ttl, ...indexes);
|
|
33
52
|
}
|
|
34
53
|
|
|
35
54
|
async delete(namespace, key) {
|
|
@@ -43,15 +62,18 @@ class DB {
|
|
|
43
62
|
|
|
44
63
|
module.exports = {
|
|
45
64
|
new: async (options) => {
|
|
65
|
+
const encryptionKey = options.encryptionKey
|
|
66
|
+
? Buffer.from(options.encryptionKey, 'latin1')
|
|
67
|
+
: null;
|
|
46
68
|
switch (options.engine) {
|
|
47
69
|
case 'redis':
|
|
48
|
-
return new DB(await redis.new(options));
|
|
70
|
+
return new DB(await redis.new(options), encryptionKey);
|
|
49
71
|
case 'sql':
|
|
50
|
-
return new DB(await sql.new(options));
|
|
72
|
+
return new DB(await sql.new(options), encryptionKey);
|
|
51
73
|
case 'mongo':
|
|
52
|
-
return new DB(await mongo.new(options));
|
|
74
|
+
return new DB(await mongo.new(options), encryptionKey);
|
|
53
75
|
case 'mem':
|
|
54
|
-
return new DB(await mem.new(options));
|
|
76
|
+
return new DB(await mem.new(options), encryptionKey);
|
|
55
77
|
default:
|
|
56
78
|
throw new Error('unsupported db engine: ' + options.engine);
|
|
57
79
|
}
|
package/src/db/db.test.js
CHANGED
|
@@ -2,6 +2,8 @@ const t = require('tap');
|
|
|
2
2
|
|
|
3
3
|
const DB = require('./db.js');
|
|
4
4
|
|
|
5
|
+
const encryptionKey = '3yGrTcnKPBqqHoH3zZMAU6nt4bmIYb2q';
|
|
6
|
+
|
|
5
7
|
let configStores = [];
|
|
6
8
|
let ttlStores = [];
|
|
7
9
|
const ttl = 3;
|
|
@@ -17,39 +19,87 @@ const record2 = {
|
|
|
17
19
|
city: 'London',
|
|
18
20
|
};
|
|
19
21
|
|
|
22
|
+
const memDbConfig = {
|
|
23
|
+
engine: 'mem',
|
|
24
|
+
ttl: 1,
|
|
25
|
+
};
|
|
26
|
+
|
|
27
|
+
const redisDbConfig = {
|
|
28
|
+
engine: 'redis',
|
|
29
|
+
url: 'redis://localhost:6379',
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
const postgresDbConfig = {
|
|
33
|
+
engine: 'sql',
|
|
34
|
+
url: 'postgresql://postgres:postgres@localhost:5432/postgres',
|
|
35
|
+
type: 'postgres',
|
|
36
|
+
ttl: 1,
|
|
37
|
+
limit: 1,
|
|
38
|
+
};
|
|
39
|
+
|
|
40
|
+
const mongoDbConfig = {
|
|
41
|
+
engine: 'mongo',
|
|
42
|
+
url: 'mongodb://localhost:27017/jackson',
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
const mysqlDbConfig = {
|
|
46
|
+
engine: 'sql',
|
|
47
|
+
url: 'mysql://root:mysql@localhost:3307/mysql',
|
|
48
|
+
type: 'mysql',
|
|
49
|
+
ttl: 1,
|
|
50
|
+
limit: 1,
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
const mariadbDbConfig = {
|
|
54
|
+
engine: 'sql',
|
|
55
|
+
url: 'mariadb://root@localhost:3306/mysql',
|
|
56
|
+
type: 'mariadb',
|
|
57
|
+
ttl: 1,
|
|
58
|
+
limit: 1,
|
|
59
|
+
};
|
|
60
|
+
|
|
20
61
|
const dbs = [
|
|
21
62
|
{
|
|
22
|
-
|
|
23
|
-
|
|
63
|
+
...memDbConfig,
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
...memDbConfig,
|
|
67
|
+
encryptionKey,
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
...redisDbConfig,
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
...redisDbConfig,
|
|
74
|
+
encryptionKey,
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
...postgresDbConfig,
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
...postgresDbConfig,
|
|
81
|
+
encryptionKey,
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
...mongoDbConfig,
|
|
24
85
|
},
|
|
25
86
|
{
|
|
26
|
-
|
|
27
|
-
|
|
87
|
+
...mongoDbConfig,
|
|
88
|
+
encryptionKey,
|
|
28
89
|
},
|
|
29
90
|
{
|
|
30
|
-
|
|
31
|
-
url: 'postgresql://postgres:postgres@localhost:5432/postgres',
|
|
32
|
-
type: 'postgres',
|
|
33
|
-
ttl: 1,
|
|
34
|
-
limit: 1,
|
|
91
|
+
...mysqlDbConfig,
|
|
35
92
|
},
|
|
36
93
|
{
|
|
37
|
-
|
|
38
|
-
|
|
94
|
+
...mysqlDbConfig,
|
|
95
|
+
encryptionKey,
|
|
39
96
|
},
|
|
40
97
|
{
|
|
41
|
-
|
|
42
|
-
url: 'mysql://root:mysql@localhost:3307/mysql',
|
|
43
|
-
type: 'mysql',
|
|
44
|
-
ttl: 1,
|
|
45
|
-
limit: 1,
|
|
98
|
+
...mariadbDbConfig,
|
|
46
99
|
},
|
|
47
100
|
{
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
type: 'mariadb',
|
|
51
|
-
ttl: 1,
|
|
52
|
-
limit: 1,
|
|
101
|
+
...mariadbDbConfig,
|
|
102
|
+
encryptionKey,
|
|
53
103
|
},
|
|
54
104
|
];
|
|
55
105
|
|
|
@@ -224,7 +274,7 @@ t.test('dbs', ({ end }) => {
|
|
|
224
274
|
}
|
|
225
275
|
|
|
226
276
|
await new Promise((resolve) =>
|
|
227
|
-
setTimeout(resolve, (2*ttl + 0.5) * 1000)
|
|
277
|
+
setTimeout(resolve, (2 * ttl + 0.5) * 1000)
|
|
228
278
|
);
|
|
229
279
|
|
|
230
280
|
const ret1 = await ttlStore.get(record1.id);
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
const crypto = require('crypto');
|
|
2
|
+
|
|
3
|
+
const ALGO = 'aes-256-gcm';
|
|
4
|
+
const BLOCK_SIZE = 16; // 128 bit
|
|
5
|
+
|
|
6
|
+
const encrypt = (text, key) => {
|
|
7
|
+
const iv = crypto.randomBytes(BLOCK_SIZE);
|
|
8
|
+
const cipher = crypto.createCipheriv(ALGO, key, iv);
|
|
9
|
+
|
|
10
|
+
let ciphertext = cipher.update(text, 'utf8', 'base64');
|
|
11
|
+
ciphertext += cipher.final('base64');
|
|
12
|
+
return {
|
|
13
|
+
iv: iv.toString('base64'),
|
|
14
|
+
tag: cipher.getAuthTag().toString('base64'),
|
|
15
|
+
value: ciphertext,
|
|
16
|
+
};
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
const decrypt = (ciphertext, iv, tag, key) => {
|
|
20
|
+
const decipher = crypto.createDecipheriv(
|
|
21
|
+
ALGO,
|
|
22
|
+
key,
|
|
23
|
+
Buffer.from(iv, 'base64')
|
|
24
|
+
);
|
|
25
|
+
decipher.setAuthTag(Buffer.from(tag, 'base64'));
|
|
26
|
+
|
|
27
|
+
let cleartext = decipher.update(ciphertext, 'base64', 'utf8');
|
|
28
|
+
cleartext += decipher.final('utf8');
|
|
29
|
+
|
|
30
|
+
return cleartext;
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
module.exports = {
|
|
34
|
+
encrypt,
|
|
35
|
+
decrypt,
|
|
36
|
+
};
|
package/src/db/mem.js
CHANGED
package/src/db/mongo.js
CHANGED
|
@@ -25,7 +25,7 @@ class Mongo {
|
|
|
25
25
|
_id: dbutils.key(namespace, key),
|
|
26
26
|
});
|
|
27
27
|
if (res && res.value) {
|
|
28
|
-
return
|
|
28
|
+
return res.value;
|
|
29
29
|
}
|
|
30
30
|
|
|
31
31
|
return null;
|
|
@@ -40,7 +40,7 @@ class Mongo {
|
|
|
40
40
|
|
|
41
41
|
const ret = [];
|
|
42
42
|
for (const doc of docs || []) {
|
|
43
|
-
ret.push(
|
|
43
|
+
ret.push(doc.value);
|
|
44
44
|
}
|
|
45
45
|
|
|
46
46
|
return ret;
|
package/src/db/redis.js
CHANGED
package/src/db/sql/sql.js
CHANGED
|
@@ -14,7 +14,7 @@ class Sql {
|
|
|
14
14
|
while (true) {
|
|
15
15
|
try {
|
|
16
16
|
this.connection = await typeorm.createConnection({
|
|
17
|
-
name: options.type,
|
|
17
|
+
name: options.type + Math.floor(Math.random() * 100000),
|
|
18
18
|
type: options.type,
|
|
19
19
|
url: options.url,
|
|
20
20
|
synchronize: true,
|
|
@@ -82,7 +82,11 @@ class Sql {
|
|
|
82
82
|
});
|
|
83
83
|
|
|
84
84
|
if (res && res.value) {
|
|
85
|
-
return
|
|
85
|
+
return {
|
|
86
|
+
value: res.value,
|
|
87
|
+
iv: res.iv,
|
|
88
|
+
tag: res.tag,
|
|
89
|
+
};
|
|
86
90
|
}
|
|
87
91
|
|
|
88
92
|
return null;
|
|
@@ -97,7 +101,11 @@ class Sql {
|
|
|
97
101
|
|
|
98
102
|
if (res) {
|
|
99
103
|
res.forEach((r) => {
|
|
100
|
-
ret.push(
|
|
104
|
+
ret.push({
|
|
105
|
+
value: r.store.value,
|
|
106
|
+
iv: r.store.iv,
|
|
107
|
+
tag: r.store.tag,
|
|
108
|
+
});
|
|
101
109
|
});
|
|
102
110
|
}
|
|
103
111
|
|
|
@@ -107,7 +115,7 @@ class Sql {
|
|
|
107
115
|
async put(namespace, key, val, ttl = 0, ...indexes) {
|
|
108
116
|
await this.connection.transaction(async (transactionalEntityManager) => {
|
|
109
117
|
const dbKey = dbutils.key(namespace, key);
|
|
110
|
-
const store = new JacksonStore(dbKey, val);
|
|
118
|
+
const store = new JacksonStore(dbKey, val.value, val.iv, val.tag);
|
|
111
119
|
await transactionalEntityManager.save(store);
|
|
112
120
|
|
|
113
121
|
if (ttl) {
|