@oussema_mili/test-pkg-123 1.1.34 → 1.1.36

package/docker-actions/registry.js

@@ -24,6 +24,10 @@ async function handleRegistryAction(ws, action, payload) {
       return await handleSetActiveRegistry(ws, payload);
     case "fetchRegistryImages":
       return await handleFetchRegistryImages(ws, payload);
+    case "validateRegistry":
+      return await handleValidateRegistry(ws, payload);
+    case "updateRegistryCredentials":
+      return await handleUpdateRegistryCredentials(ws, payload);
     default:
       throw new Error(`Unknown registry action: ${action}`);
   }
@@ -148,6 +152,8 @@ async function handleConnectRegistry(ws, payload) {
       type,
       connected: true,
       connectedAt: new Date().toISOString(),
+      status: "valid", // Mark as valid since we just authenticated
+      lastValidated: new Date().toISOString(),
       // Store metadata at top level for API exposure
       ...(type === "ecr" && {
         username: extractedUsername,
@@ -604,6 +610,248 @@ async function handleSetActiveRegistry(ws, payload) {
   }
 }
 
+async function handleValidateRegistry(ws, payload) {
+  try {
+    const { id, requestId } = payload;
+
+    if (!id) {
+      throw new Error("Registry ID is required");
+    }
+
+    // Get registry with credentials
+    const registry = await registryStore.getRegistryWithCredentials(id);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    let isValid = false;
+    let errorMessage = "";
+
+    try {
+      const { credentials, type } = registry;
+
+      switch (type) {
+        case "docker-hub":
+          isValid = await testDockerHubCredentials(
+            credentials.username,
+            credentials.password
+          );
+          break;
+
+        case "ecr":
+          const ecrResult = await testECRCredentials(
+            credentials.accessKeyId,
+            credentials.secretAccessKey,
+            registry.region,
+            credentials.sessionToken
+          );
+          isValid = ecrResult.success;
+          break;
+
+        case "gcr":
+          isValid = await testGCRCredentials(
+            credentials.serviceAccountJson,
+            registry.url
+          );
+          break;
+
+        case "acr":
+          isValid = await testACRCredentials(
+            credentials.username,
+            credentials.password,
+            registry.url
+          );
+          break;
+
+        case "custom":
+          isValid = await testCustomRegistryCredentials(
+            credentials.username,
+            credentials.password,
+            registry.url
+          );
+          break;
+
+        default:
+          throw new Error(`Unsupported registry type: ${type}`);
+      }
+    } catch (validationError) {
+      isValid = false;
+      errorMessage = validationError.message;
+    }
+
+    // Update registry status in store
+    const status = isValid ? "valid" : "invalid";
+    await registryStore.updateRegistryStatus(id, status, new Date().toISOString());
+
+    // Get updated registry for response
+    const updatedRegistry = await registryStore.getRegistryWithCredentials(id);
+    const { credentials, ...safeRegistry } = updatedRegistry;
+
+    ws.send(
+      JSON.stringify({
+        type: "registryValidated",
+        registry: {
+          ...safeRegistry,
+          status,
+          lastValidated: new Date().toISOString(),
+        },
+        isValid,
+        errorMessage: isValid ? null : errorMessage,
+        requestId,
+      })
+    );
+
+    if (isValid) {
+      console.log(chalk.green(`✅ Registry "${registry.name}" credentials are valid`));
+    } else {
+      console.log(chalk.yellow(`⚠️ Registry "${registry.name}" credentials are invalid: ${errorMessage}`));
+    }
+  } catch (error) {
+    console.error("Error validating registry:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to validate registry: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
+async function handleUpdateRegistryCredentials(ws, payload) {
+  try {
+    const {
+      id,
+      password,
+      accessKeyId,
+      secretAccessKey,
+      sessionToken,
+      serviceAccountJson,
+      requestId,
+    } = payload;
+
+    if (!id) {
+      throw new Error("Registry ID is required");
+    }
+
+    // Get existing registry
+    const registry = await registryStore.getRegistryWithCredentials(id);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    // Build new credentials based on registry type
+    let newCredentials = {};
+    let authenticationValid = false;
+    let errorMessage = "";
+
+    try {
+      switch (registry.type) {
+        case "docker-hub":
+        case "acr":
+        case "custom":
+          if (!password) {
+            throw new Error("Password/token is required");
+          }
+          newCredentials = {
+            ...registry.credentials,
+            password,
+          };
+          // Validate the new credentials
+          if (registry.type === "docker-hub") {
+            authenticationValid = await testDockerHubCredentials(
+              registry.credentials.username,
+              password
+            );
+          } else if (registry.type === "acr") {
+            authenticationValid = await testACRCredentials(
+              registry.credentials.username,
+              password,
+              registry.url
+            );
+          } else {
+            authenticationValid = await testCustomRegistryCredentials(
+              registry.credentials.username,
+              password,
+              registry.url
+            );
+          }
+          break;
+
+        case "ecr":
+          if (!accessKeyId || !secretAccessKey) {
+            throw new Error("AWS Access Key ID and Secret Access Key are required");
+          }
+          newCredentials = {
+            accessKeyId,
+            secretAccessKey,
+            sessionToken,
+          };
+          const ecrResult = await testECRCredentials(
+            accessKeyId,
+            secretAccessKey,
+            registry.region,
+            sessionToken
+          );
+          authenticationValid = ecrResult.success;
+          break;
+
+        case "gcr":
+          if (!serviceAccountJson) {
+            throw new Error("Service Account JSON is required");
+          }
+          newCredentials = {
+            serviceAccountJson,
+          };
+          authenticationValid = await testGCRCredentials(
+            serviceAccountJson,
+            registry.url
+          );
+          break;
+
+        default:
+          throw new Error(`Unsupported registry type: ${registry.type}`);
+      }
+    } catch (authError) {
+      authenticationValid = false;
+      errorMessage = authError.message;
+    }
+
+    if (!authenticationValid) {
+      throw new Error(errorMessage || "New credentials are invalid");
+    }
+
+    // Update credentials in store
+    const updatedRegistry = await registryStore.updateCredentials(id, newCredentials);
+
+    console.log(chalk.green(`✅ Successfully updated credentials for registry: ${registry.name}`));
+
+    // Return safe registry data
+    const { credentials, ...safeRegistry } = updatedRegistry;
+
+    ws.send(
+      JSON.stringify({
+        type: "registryCredentialsUpdated",
+        registry: {
+          ...safeRegistry,
+          status: "valid",
+          lastValidated: new Date().toISOString(),
+        },
+        requestId,
+      })
+    );
+  } catch (error) {
+    console.error("Error updating registry credentials:", error);
+    ws.send(
+      JSON.stringify({
+        type: "error",
+        error: "Failed to update registry credentials: " + error.message,
+        requestId: payload.requestId,
+      })
+    );
+  }
+}
+
 async function handleFetchRegistryImages(ws, payload) {
   try {
     const { registryId, requestId } = payload;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oussema_mili/test-pkg-123",
-  "version": "1.1.34",
+  "version": "1.1.36",
   "description": "Fenwave Docker Agent and CLI",
   "keywords": [
     "fenwave",

package/store/registryStore.js

@@ -3,6 +3,7 @@ import fs from "fs";
 import path from "path";
 import chalk from "chalk";
 import dotenv from "dotenv";
+import { encrypt, decrypt } from "../utils/encryption.js";
 dotenv.config();
 
 const fsPromises = fs.promises;
@@ -14,10 +15,93 @@ const REGISTRY_FILE = path.join(
   os.homedir(),
   AGENT_ROOT_DIR,
   REGISTRIES_DIR,
-  REGISTRIES_FILE
+  REGISTRIES_FILE,
 );
 
-const SCHEMA_VERSION = 1;
+const SCHEMA_VERSION = 2; // Bumped for encryption support
+
+/**
+ * Encrypt sensitive credentials based on registry type
+ */
+function encryptCredentials(credentials, type) {
+  if (!credentials) return credentials;
+
+  const encrypted = { ...credentials };
+
+  switch (type) {
+    case "docker-hub":
+    case "acr":
+    case "custom":
+      if (credentials.password) {
+        encrypted.password = encrypt(credentials.password);
+        encrypted._encrypted = true;
+      }
+      break;
+    case "ecr":
+      if (credentials.secretAccessKey) {
+        encrypted.secretAccessKey = encrypt(credentials.secretAccessKey);
+        encrypted._encrypted = true;
+      }
+      if (credentials.sessionToken) {
+        encrypted.sessionToken = encrypt(credentials.sessionToken);
+      }
+      break;
+    case "gcr":
+      if (credentials.serviceAccountJson) {
+        encrypted.serviceAccountJson = encrypt(credentials.serviceAccountJson);
+        encrypted._encrypted = true;
+      }
+      break;
+  }
+
+  return encrypted;
+}
+
+/**
+ * Decrypt sensitive credentials based on registry type
+ */
+function decryptCredentials(credentials, type) {
+  if (!credentials || !credentials._encrypted) return credentials;
+
+  const decrypted = { ...credentials };
+  delete decrypted._encrypted;
+
+  try {
+    switch (type) {
+      case "docker-hub":
+      case "acr":
+      case "custom":
+        if (credentials.password) {
+          decrypted.password = decrypt(credentials.password);
+        }
+        break;
+      case "ecr":
+        if (credentials.secretAccessKey) {
+          decrypted.secretAccessKey = decrypt(credentials.secretAccessKey);
+        }
+        if (credentials.sessionToken) {
+          decrypted.sessionToken = decrypt(credentials.sessionToken);
+        }
+        break;
+      case "gcr":
+        if (credentials.serviceAccountJson) {
+          decrypted.serviceAccountJson = decrypt(
+            credentials.serviceAccountJson,
+          );
+        }
+        break;
+    }
+  } catch (error) {
+    console.error(
+      chalk.red("❌ Failed to decrypt credentials:", error.message),
+    );
+    throw new Error(
+      "Failed to decrypt credentials. The encryption key may have changed.",
+    );
+  }
+
+  return decrypted;
+}
 
 /**
  * Registry Store for managing registry credentials
@@ -44,7 +128,7 @@ class RegistryStore {
       this.initialized = true;
     } catch (error) {
       console.error(
-        chalk.red("❌ Failed to initialize registry store:", error.message)
+        chalk.red("❌ Failed to initialize registry store:", error.message),
       );
       throw error;
     }
@@ -72,13 +156,16 @@ class RegistryStore {
       const data = await fsPromises.readFile(REGISTRY_FILE, "utf8");
       const parsed = JSON.parse(data);
 
-      if (parsed.version !== SCHEMA_VERSION) {
-        console.warn(
-          `⚠️ Registry file version mismatch. Expected ${SCHEMA_VERSION}, got ${parsed.version}`
+      // Handle schema migration
+      if (parsed.version < SCHEMA_VERSION) {
+        console.log(
+          chalk.yellow(
+            `⚠️ Migrating registry file from version ${parsed.version} to ${SCHEMA_VERSION}`,
+          ),
         );
       }
 
-      // Load registries with plain text credentials
+      // Load registries and decrypt credentials
       let hasActiveRegistry = false;
 
       for (const registry of parsed.registries || []) {
@@ -92,12 +179,20 @@ class RegistryStore {
             hasActiveRegistry = true;
           }
 
-          // Store registry with credentials directly
+          // Decrypt credentials if they were encrypted
+          if (registry.credentials?._encrypted) {
+            registry.credentials = decryptCredentials(
+              registry.credentials,
+              registry.type,
+            );
+          }
+
+          // Store registry with decrypted credentials in memory
           this.registries.set(registry.id, registry);
         } catch (error) {
           console.error(
             chalk.red(`❌ Failed to load registry ${registry.id}:`),
-            error.message
+            error.message,
           );
           // Skip this registry but continue with others
         }
@@ -123,15 +218,19 @@ class RegistryStore {
   }
 
   /**
-   * Save registries to file with plain text credentials
+   * Save registries to file with encrypted credentials
    */
   async saveRegistries() {
     try {
       const registriesToSave = [];
 
       for (const [id, registry] of this.registries.entries()) {
-        // Save registry with credentials directly
-        registriesToSave.push(registry);
+        // Create a copy and encrypt credentials before saving
+        const registryToSave = {
+          ...registry,
+          credentials: encryptCredentials(registry.credentials, registry.type),
+        };
+        registriesToSave.push(registryToSave);
       }
 
       const data = {
@@ -212,6 +311,10 @@ class RegistryStore {
       // Ensure active field is included (default to false if not set)
       metadata.active = registry.active || false;
 
+      // Include status and lastValidated fields
+      metadata.status = registry.status || "unknown";
+      metadata.lastValidated = registry.lastValidated || null;
+
       result.push(metadata);
     }
 
@@ -321,6 +424,55 @@ class RegistryStore {
     const activeRegistry = await this.getActiveRegistry();
     return activeRegistry ? activeRegistry.id : null;
   }
+
+  /**
+   * Update credentials for an existing registry
+   */
+  async updateCredentials(id, newCredentials) {
+    await this.initialize();
+
+    const registry = this.registries.get(id);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    // Update credentials
+    registry.credentials = {
+      ...registry.credentials,
+      ...newCredentials,
+    };
+    registry.updatedAt = new Date().toISOString();
+    registry.lastValidated = new Date().toISOString();
+    registry.status = "valid";
+
+    this.registries.set(id, registry);
+    await this.saveRegistries();
+
+    return registry;
+  }
+
+  /**
+   * Update registry status
+   */
+  async updateRegistryStatus(id, status, lastValidated = null) {
+    await this.initialize();
+
+    const registry = this.registries.get(id);
+    if (!registry) {
+      throw new Error("Registry not found");
+    }
+
+    registry.status = status;
+    if (lastValidated) {
+      registry.lastValidated = lastValidated;
+    }
+    registry.updatedAt = new Date().toISOString();
+
+    this.registries.set(id, registry);
+    await this.saveRegistries();
+
+    return registry;
+  }
 }
 
 // Singleton instance

package/websocket-server.js

@@ -334,7 +334,9 @@ async function routeMessage(ws, clientId, data) {
     action === "disconnectRegistry" ||
     action === "renameRegistry" ||
     action === "fetchRegistryImages" ||
-    action === "setActiveRegistry"
+    action === "setActiveRegistry" ||
+    action === "validateRegistry" ||
+    action === "updateRegistryCredentials"
   ) {
     return await registryHandlers.handleRegistryAction(ws, action, payload);
   }