mask portal connetions - FE needs no passwords

2024-11-07 20:26:23 +00:00 · 2022-03-20 11:33:44 +01:00 · 2022-03-20 11:33:44 +01:00 · 5df0204450
commit 5df0204450
parent 2bec053809
6 changed files with 28 additions and 12 deletions
--- a/packages/api/src/controllers/connections.js
+++ b/packages/api/src/controllers/connections.js
@ -5,13 +5,14 @@ const fs = require('fs-extra');

 const { datadir, filesdir } = require('../utility/directories');
 const socket = require('../utility/socket');
-const { encryptConnection } = require('../utility/crypting');
+const { encryptConnection, maskConnection } = require('../utility/crypting');
 const { handleProcessCommunication } = require('../utility/processComm');
 const { pickSafeConnectionInfo } = require('../utility/crypting');
 const JsonLinesDatabase = require('../utility/JsonLinesDatabase');

 const processArgs = require('../utility/processArgs');
 const { safeJsonParse } = require('dbgate-tools');
+const platformInfo = require('../utility/platformInfo');

 function getNamedArgs() {
  const res = {};
@ -165,7 +166,9 @@ module.exports = {

  list_meta: true,
  async list() {
-    return portalConnections || this.datastore.find();
+    return portalConnections && !platformInfo.allowShellConnection
+      ? portalConnections.map(maskConnection)
+      : this.datastore.find();
  },

  test_meta: true,
@ -244,14 +247,21 @@ module.exports = {
    return res;
  },

-  get_meta: true,
-  async get({ conid }) {
+  async getCore({ conid, mask = false }) {
    if (!conid) return null;
-    if (portalConnections) return portalConnections.find(x => x._id == conid) || null;
+    if (portalConnections) {
+      const res = portalConnections.find(x => x._id == conid) || null;
+      return mask && !platformInfo.allowShellConnection ? maskConnection(res) : res;
+    }
    const res = await this.datastore.get(conid);
    return res || null;
  },

+  get_meta: true,
+  async get({ conid }) {
+    return this.getCore({ conid, mask: true });
+  },
+
  newSqliteDatabase_meta: true,
  async newSqliteDatabase({ file }) {
    const sqliteDir = path.join(filesdir(), 'sqlite');
--- a/packages/api/src/controllers/databaseConnections.js
+++ b/packages/api/src/controllers/databaseConnections.js
@ -79,7 +79,7 @@ module.exports = {
  async ensureOpened(conid, database) {
    const existing = this.opened.find(x => x.conid == conid && x.database == database);
    if (existing) return existing;
-    const connection = await connections.get({ conid });
+    const connection = await connections.getCore({ conid });
    const subprocess = fork(global['API_PACKAGE'] || process.argv[1], [
      '--is-forked-api',
      '--start-process',
@ -392,8 +392,8 @@ module.exports = {
    const targetDb = generateDbPairingId(
      extendDatabaseInfo(await this.structure({ conid: targetConid, database: targetDatabase }))
    );
-    // const sourceConnection = await connections.get({conid:sourceConid})
-    const connection = await connections.get({ conid: targetConid });
+    // const sourceConnection = await connections.getCore({conid:sourceConid})
+    const connection = await connections.getCore({ conid: targetConid });
    const driver = requireEngineDriver(connection);
    const targetDbPaired = matchPairedObjects(sourceDb, targetDb, dbDiffOptions);
    const diffRows = computeDbDiffRows(sourceDb, targetDbPaired, dbDiffOptions, driver);
--- a/packages/api/src/controllers/serverConnections.js
+++ b/packages/api/src/controllers/serverConnections.js
@ -37,7 +37,7 @@ module.exports = {
    const res = await lock.acquire(conid, async () => {
      const existing = this.opened.find(x => x.conid == conid);
      if (existing) return existing;
-      const connection = await connections.get({ conid });
+      const connection = await connections.getCore({ conid });
      const subprocess = fork(global['API_PACKAGE'] || process.argv[1], [
        '--is-forked-api',
        '--start-process',
--- a/packages/api/src/controllers/sessions.js
+++ b/packages/api/src/controllers/sessions.js
@ -78,7 +78,7 @@ module.exports = {
  create_meta: true,
  async create({ conid, database }) {
    const sesid = uuidv1();
-    const connection = await connections.get({ conid });
+    const connection = await connections.getCore({ conid });
    const subprocess = fork(global['API_PACKAGE'] || process.argv[1], [
      '--is-forked-api',
      '--start-process',
--- a/packages/api/src/utility/connectUtility.js
+++ b/packages/api/src/utility/connectUtility.js
@ -20,7 +20,7 @@ async function loadConnection(driver, storedConnection, connectionMode) {
    }

    await connections._init();
-    const loaded = await connections.get({ conid: storedConnection._id });
+    const loaded = await connections.getCore({ conid: storedConnection._id });
    const loadedWithDb = {
      ...loaded,
      database: storedConnection.database,
--- a/packages/api/src/utility/crypting.js
+++ b/packages/api/src/utility/crypting.js
@ -55,7 +55,7 @@ function encryptPasswordField(connection, field) {
      [field]: 'crypt:' + getEncryptor().encrypt(connection[field]),
    };
  }
-return connection;
+  return connection;
 }

 function decryptPasswordField(connection, field) {
@ -75,6 +75,11 @@ function encryptConnection(connection) {
  return connection;
 }

+function maskConnection(connection) {
+  if (!connection) return connection;
+  return _.omit(connection, ['password', 'sshPassword', 'sshKeyfilePassword']);
+}
+
 function decryptConnection(connection) {
  connection = decryptPasswordField(connection, 'password');
  connection = decryptPasswordField(connection, 'sshPassword');
@ -95,5 +100,6 @@ module.exports = {
  loadEncryptionKey,
  encryptConnection,
  decryptConnection,
+  maskConnection,
  pickSafeConnectionInfo,
 };