Modify frontend to be compatible with full-loop for bot-based integra…

…tions
Infisical · Dec 10, 2022 · c2eaea2 · c2eaea2
1 parent 436f408
commit c2eaea2
Show file tree

Hide file tree

Showing 13 changed files with 411 additions and 156 deletions.
diff --git a/backend/src/controllers/integrationController.ts b/backend/src/controllers/integrationController.ts
@@ -1,11 +1,9 @@
 import { Request, Response } from 'express';
 import { readFileSync } from 'fs';
 import * as Sentry from '@sentry/node';
-import axios from 'axios';
-import { Integration } from '../models';
-import { decryptAsymmetric } from '../utils/crypto';
-import { decryptSecrets } from '../helpers/secret';
-import { PRIVATE_KEY } from '../config';
+import { Integration, Bot, BotKey } from '../models';
+import { EventService } from '../services';
+import { eventPushSecrets } from '../events';
 
 interface Key {
 	encryptedKey: string;
@@ -55,26 +53,40 @@ export const getIntegrations = async (req: Request, res: Response) => {
  * @param res
  * @returns
  */
-export const modifyIntegration = async (req: Request, res: Response) => {
+export const updateIntegration = async (req: Request, res: Response) => {
 	let integration;
 
 	try {
-		const { update } = req.body;
+		const { app, environment, isActive } = req.body;
 
 		integration = await Integration.findOneAndUpdate(
 			{
 				_id: req.integration._id
 			},
-			update,
+			{
+				app,
+				environment,
+				isActive
+			},
 			{
 				new: true
 			}
 		);
+
+		if (integration) {
+
+			// trigger event - push secrets
+			EventService.handleEvent({
+				event: eventPushSecrets({
+					workspaceId: integration.workspace.toString()
+				})
+			});
+		}
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
 		return res.status(400).send({
-			message: 'Failed to modify integration'
+			message: 'Failed to update integration'
 		});
 	}
 
@@ -84,7 +96,8 @@ export const modifyIntegration = async (req: Request, res: Response) => {
 };
 
 /**
- * Delete integration with id [integrationId]
+ * Delete integration with id [integrationId] and deactivate bot if there are
+ * no integrations left
  * @param req
  * @param res
  * @returns
@@ -97,6 +110,29 @@ export const deleteIntegration = async (req: Request, res: Response) => {
 		deletedIntegration = await Integration.findOneAndDelete({
 			_id: integrationId
 		});
+
+		if (!deletedIntegration) throw new Error('Failed to find integration');
+
+		const integrations = await Integration.find({
+			workspace: deletedIntegration.workspace
+		});
+
+		if (integrations.length === 0) {
+			// case: no integrations left, deactivate bot
+			const bot = await Bot.findOneAndUpdate({
+				workspace: deletedIntegration.workspace
+			}, {
+				isActive: false
+			}, {
+				new: true
+			});
+
+			if (bot) {
+				await BotKey.deleteOne({
+					bot: bot._id
+				});
+			}
+		}
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);

diff --git a/backend/src/controllers/secretController.ts b/backend/src/controllers/secretController.ts
@@ -62,14 +62,6 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			keys
 		});
 
-		// trigger event
-		EventService.handleEvent({
-			event: eventPushSecrets({
-				workspaceId,
-				environment,
-				secrets
-			})
-		});
 
 		if (postHogClient) {
 			postHogClient.capture({
@@ -84,6 +76,13 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			});
 		}
 
+		// trigger event - push secrets
+		EventService.handleEvent({
+			event: eventPushSecrets({
+				workspaceId
+			})
+		});
+
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);

diff --git a/backend/src/events/secret.ts b/backend/src/events/secret.ts
@@ -16,25 +16,18 @@ interface PushSecret {
  * Return event for pushing secrets
  * @param {Object} obj
  * @param {String} obj.workspaceId - id of workspace to push secrets to
- * @param {String} obj.environment - environment for secrets
- * @param {PushSecret[]} obj.secrets - secrets to push
  * @returns 
  */
 const eventPushSecrets = ({
     workspaceId,
-    environment,
-    secrets
 }: {
     workspaceId: string;
-    environment: string;
-    secrets: PushSecret[];
 }) => {
     return ({
         name: EVENT_PUSH_SECRETS,
         workspaceId,
         payload: {
-            environment,
-            secrets
+
         }
     });
 }

diff --git a/backend/src/helpers/integration.ts b/backend/src/helpers/integration.ts
@@ -73,20 +73,18 @@ const handleOAuthExchangeHelper = async ({
             accessExpiresAt: res.accessExpiresAt
         });
 
-        // initializes an integration after exchange
-        await Integration.findOneAndUpdate(
-            { workspace: workspaceId, integration },
-            {
-                workspace: workspaceId,
-                environment: ENV_DEV,
-                isActive: false,
-                app: null,
-                integration,
-                integrationAuth: integrationAuth._id
-            },
-            { upsert: true, new: true }
-        );
+        // initialize new integration after exchange
+        await new Integration({
+            workspace: workspaceId,
+            environment: ENV_DEV,
+            isActive: false,
+            app: null,
+            integration,
+            integrationAuth: integrationAuth._id
+        }).save();
+
     } catch (err) {
+        console.error('in', err);
         Sentry.setUser(null);
         Sentry.captureException(err);
         throw new Error('Failed to handle OAuth2 code-token exchange')

diff --git a/backend/src/models/integration.ts b/backend/src/models/integration.ts
@@ -37,8 +37,7 @@ const integrationSchema = new Schema<IIntegration>(
 		app: {
 			// name of app in provider
 			type: String,
-			default: null,
-			required: true
+			default: null
 		},
 		integration: {
 			type: String,

diff --git a/backend/src/routes/integration.ts b/backend/src/routes/integration.ts
@@ -18,10 +18,12 @@ router.patch(
 		acceptedRoles: [ADMIN, MEMBER],
 		acceptedStatuses: [GRANTED]
 	}),
-	param('integrationId'),
-	body('update'),
+	param('integrationId').exists().trim(),
+	body('app').exists().trim(),
+	body('environment').exists().trim(),
+	body('isActive').exists().isBoolean(),
 	validateRequest,
-	integrationController.modifyIntegration
+	integrationController.updateIntegration
 );
 
 router.delete(
@@ -31,7 +33,7 @@ router.delete(
 		acceptedRoles: [ADMIN, MEMBER],
 		acceptedStatuses: [GRANTED]
 	}),
-	param('integrationId'),
+	param('integrationId').exists().trim(),
 	validateRequest,
 	integrationController.deleteIntegration
 );

diff --git a/frontend/components/basic/dialog/ActivateBotDialog.js b/frontend/components/basic/dialog/ActivateBotDialog.js
@@ -0,0 +1,91 @@
+import { Fragment } from "react";
+import { Dialog, Transition } from "@headlessui/react";
+import getLatestFileKey from "../../../pages/api/workspace/getLatestFileKey";
+import setBotActiveStatus from "../../../pages/api/bot/setBotActiveStatus";
+import { 
+    decryptAssymmetric,
+    encryptAssymmetric
+} from "../../utilities/cryptography/crypto";
+import Button from "../buttons/Button";
+
+const ActivateBotDialog = ({
+    isOpen,
+    closeModal,
+    selectedIntegrationOption,
+    handleBotActivate,
+    handleIntegrationOption
+}) => {
+
+    const submit = async () => {
+        try {
+            // 1. activate bot
+            await handleBotActivate();
+
+            // 2. start integration
+            await handleIntegrationOption({
+                integrationOption: selectedIntegrationOption
+            });
+        } catch (err) {
+            console.log(err);
+        }
+
+        closeModal();
+    }
+
+    return (
+        <div>
+            <Transition appear show={isOpen} as={Fragment}>
+                <Dialog as="div" className="relative z-10" onClose={closeModal}>
+                    <Transition.Child
+                        as={Fragment}
+                        enter="ease-out duration-300"
+                        enterFrom="opacity-0"
+                        enterTo="opacity-100"
+                        leave="ease-in duration-200"
+                        leaveFrom="opacity-100"
+                        leaveTo="opacity-0"
+                    >
+                        <div className="fixed inset-0 bg-black bg-opacity-70" />
+                    </Transition.Child>
+                    <div className="fixed inset-0 overflow-y-auto">
+                        <div className="flex min-h-full items-center justify-center p-4 text-center">
+                            <Transition.Child
+                                as={Fragment}
+                                enter="ease-out duration-300"
+                                enterFrom="opacity-0 scale-95"
+                                enterTo="opacity-100 scale-100"
+                                leave="ease-in duration-200"
+                                leaveFrom="opacity-100 scale-100"
+                                leaveTo="opacity-0 scale-95"
+                            >
+                                <Dialog.Panel className="w-full max-w-md transform overflow-hidden rounded-md bg-bunker-800 border border-gray-700 p-6 text-left align-middle shadow-xl transition-all">
+                                <Dialog.Title
+                                    as="h3"
+                                    className="text-lg font-medium leading-6 text-gray-400"
+                                >
+                                    Grant Infisical access to your secrets
+                                </Dialog.Title>
+                                <div className="mt-2 mb-2">
+                                    <p className="text-sm text-gray-500">
+                                        Enabling platform integrations lets Infisical decrypt your secrets so they can be forwarded to the platforms.
+                                    </p>
+                                </div>
+                                <div className="mt-6 max-w-max">
+                                    <Button 
+                                        onButtonPressed={submit}
+                                        color="mineshaft"
+                                        text="Grant access"
+                                        size="md"
+                                    />
+                                </div>
+                                </Dialog.Panel>
+                            </Transition.Child>
+                        </div>
+                    </div>
+                </Dialog>
+            </Transition>
+        </div>
+    );
+}
+
+export default ActivateBotDialog;
diff --git a/frontend/components/utilities/attemptLogin.js b/frontend/components/utilities/attemptLogin.js
@@ -74,7 +74,7 @@ const attemptLogin = async (
             tag,
             privateKey,
           });
-
+          
           const userOrgs = await getOrganizations();
           const userOrgsData = userOrgs.map((org) => org._id);
 

diff --git a/frontend/components/utilities/secrets/pushKeysIntegration.js b/frontend/components/utilities/secrets/pushKeysIntegration.js
@@ -0,0 +1,74 @@
+import publicKeyInfical from "~/pages/api/auth/publicKeyInfisical";
+import changeHerokuConfigVars from "~/pages/api/integrations/ChangeHerokuConfigVars";
+
+const crypto = require("crypto");
+const {
+  encryptSymmetric,
+  encryptAssymmetric,
+} = require("../cryptography/crypto");
+const nacl = require("tweetnacl");
+nacl.util = require("tweetnacl-util");
+
+const pushKeysIntegration = async ({ obj, integrationId }) => {
+  const PRIVATE_KEY = localStorage.getItem("PRIVATE_KEY");
+
+  let randomBytes = crypto.randomBytes(16).toString("hex");
+
+  const secrets = Object.keys(obj).map((key) => {
+    // encrypt key
+    const {
+      ciphertext: ciphertextKey,
+      iv: ivKey,
+      tag: tagKey,
+    } = encryptSymmetric({
+      plaintext: key,
+      key: randomBytes,
+    });
+
+    // encrypt value
+    const {
+      ciphertext: ciphertextValue,
+      iv: ivValue,
+      tag: tagValue,
+    } = encryptSymmetric({
+      plaintext: obj[key],
+      key: randomBytes,
+    });
+
+    const visibility = "shared";
+
+    return {
+      ciphertextKey,
+      ivKey,
+      tagKey,
+      hashKey: crypto.createHash("sha256").update(key).digest("hex"),
+      ciphertextValue,
+      ivValue,
+      tagValue,
+      hashValue: crypto.createHash("sha256").update(obj[key]).digest("hex"),
+      type: visibility,
+    };
+  });
+
+  // obtain public keys of all receivers (i.e. members in workspace)
+  let publicKeyInfisical = await publicKeyInfical();
+
+  publicKeyInfisical = (await publicKeyInfisical.json()).publicKey;
+
+  // assymmetrically encrypt key with each receiver public keys
+
+  const { ciphertext, nonce } = encryptAssymmetric({
+    plaintext: randomBytes,
+    publicKey: publicKeyInfisical,
+    privateKey: PRIVATE_KEY,
+  });
+
+  const key = {
+    encryptedKey: ciphertext,
+    nonce,
+  };
+
+  changeHerokuConfigVars({ integrationId, key, secrets });
+};
+
+export default pushKeysIntegration;
-Original file line number
+Diff line change
@@ Expand Up / @@ -74,7 +74,7 @@ const attemptLogin = async ( @@
                 tag,
                 privateKey,
               });
               const userOrgs = await getOrganizations();
               const userOrgsData = userOrgs.map((org) => org._id);
@@ Expand Down @@