From 5df020445072e28296d532c181e1013db22b4139 Mon Sep 17 00:00:00 2001
From: Jan Prochazka <jan.prochazka@gmail.com>
Date: Sun, 20 Mar 2022 11:33:44 +0100
Subject: [PATCH] mask portal connetions - FE needs no passwords

---
 packages/api/src/controllers/connections.js   | 20 ++++++++++++++-----
 .../src/controllers/databaseConnections.js    |  6 +++---
 .../api/src/controllers/serverConnections.js  |  2 +-
 packages/api/src/controllers/sessions.js      |  2 +-
 packages/api/src/utility/connectUtility.js    |  2 +-
 packages/api/src/utility/crypting.js          |  8 +++++++-
 6 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/packages/api/src/controllers/connections.js b/packages/api/src/controllers/connections.js
index 54c0e572..f46bc1e3 100644
--- a/packages/api/src/controllers/connections.js
+++ b/packages/api/src/controllers/connections.js
@@ -5,13 +5,14 @@ const fs = require('fs-extra');
 
 const { datadir, filesdir } = require('../utility/directories');
 const socket = require('../utility/socket');
-const { encryptConnection } = require('../utility/crypting');
+const { encryptConnection, maskConnection } = require('../utility/crypting');
 const { handleProcessCommunication } = require('../utility/processComm');
 const { pickSafeConnectionInfo } = require('../utility/crypting');
 const JsonLinesDatabase = require('../utility/JsonLinesDatabase');
 
 const processArgs = require('../utility/processArgs');
 const { safeJsonParse } = require('dbgate-tools');
+const platformInfo = require('../utility/platformInfo');
 
 function getNamedArgs() {
   const res = {};
@@ -165,7 +166,9 @@ module.exports = {
 
   list_meta: true,
   async list() {
-    return portalConnections || this.datastore.find();
+    return portalConnections && !platformInfo.allowShellConnection
+      ? portalConnections.map(maskConnection)
+      : this.datastore.find();
   },
 
   test_meta: true,
@@ -244,14 +247,21 @@ module.exports = {
     return res;
   },
 
-  get_meta: true,
-  async get({ conid }) {
+  async getCore({ conid, mask = false }) {
     if (!conid) return null;
-    if (portalConnections) return portalConnections.find(x => x._id == conid) || null;
+    if (portalConnections) {
+      const res = portalConnections.find(x => x._id == conid) || null;
+      return mask && !platformInfo.allowShellConnection ? maskConnection(res) : res;
+    }
     const res = await this.datastore.get(conid);
     return res || null;
   },
 
+  get_meta: true,
+  async get({ conid }) {
+    return this.getCore({ conid, mask: true });
+  },
+
   newSqliteDatabase_meta: true,
   async newSqliteDatabase({ file }) {
     const sqliteDir = path.join(filesdir(), 'sqlite');
diff --git a/packages/api/src/controllers/databaseConnections.js b/packages/api/src/controllers/databaseConnections.js
index 85e90d89..32511167 100644
--- a/packages/api/src/controllers/databaseConnections.js
+++ b/packages/api/src/controllers/databaseConnections.js
@@ -79,7 +79,7 @@ module.exports = {
   async ensureOpened(conid, database) {
     const existing = this.opened.find(x => x.conid == conid && x.database == database);
     if (existing) return existing;
-    const connection = await connections.get({ conid });
+    const connection = await connections.getCore({ conid });
     const subprocess = fork(global['API_PACKAGE'] || process.argv[1], [
       '--is-forked-api',
       '--start-process',
@@ -392,8 +392,8 @@ module.exports = {
     const targetDb = generateDbPairingId(
       extendDatabaseInfo(await this.structure({ conid: targetConid, database: targetDatabase }))
     );
-    // const sourceConnection = await connections.get({conid:sourceConid})
-    const connection = await connections.get({ conid: targetConid });
+    // const sourceConnection = await connections.getCore({conid:sourceConid})
+    const connection = await connections.getCore({ conid: targetConid });
     const driver = requireEngineDriver(connection);
     const targetDbPaired = matchPairedObjects(sourceDb, targetDb, dbDiffOptions);
     const diffRows = computeDbDiffRows(sourceDb, targetDbPaired, dbDiffOptions, driver);
diff --git a/packages/api/src/controllers/serverConnections.js b/packages/api/src/controllers/serverConnections.js
index 673fefeb..09466aa3 100644
--- a/packages/api/src/controllers/serverConnections.js
+++ b/packages/api/src/controllers/serverConnections.js
@@ -37,7 +37,7 @@ module.exports = {
     const res = await lock.acquire(conid, async () => {
       const existing = this.opened.find(x => x.conid == conid);
       if (existing) return existing;
-      const connection = await connections.get({ conid });
+      const connection = await connections.getCore({ conid });
       const subprocess = fork(global['API_PACKAGE'] || process.argv[1], [
         '--is-forked-api',
         '--start-process',
diff --git a/packages/api/src/controllers/sessions.js b/packages/api/src/controllers/sessions.js
index f8e995fd..1a7f9fad 100644
--- a/packages/api/src/controllers/sessions.js
+++ b/packages/api/src/controllers/sessions.js
@@ -78,7 +78,7 @@ module.exports = {
   create_meta: true,
   async create({ conid, database }) {
     const sesid = uuidv1();
-    const connection = await connections.get({ conid });
+    const connection = await connections.getCore({ conid });
     const subprocess = fork(global['API_PACKAGE'] || process.argv[1], [
       '--is-forked-api',
       '--start-process',
diff --git a/packages/api/src/utility/connectUtility.js b/packages/api/src/utility/connectUtility.js
index 629f5c58..4d8f0ee6 100644
--- a/packages/api/src/utility/connectUtility.js
+++ b/packages/api/src/utility/connectUtility.js
@@ -20,7 +20,7 @@ async function loadConnection(driver, storedConnection, connectionMode) {
     }
 
     await connections._init();
-    const loaded = await connections.get({ conid: storedConnection._id });
+    const loaded = await connections.getCore({ conid: storedConnection._id });
     const loadedWithDb = {
       ...loaded,
       database: storedConnection.database,
diff --git a/packages/api/src/utility/crypting.js b/packages/api/src/utility/crypting.js
index 64ab3deb..871d561b 100644
--- a/packages/api/src/utility/crypting.js
+++ b/packages/api/src/utility/crypting.js
@@ -55,7 +55,7 @@ function encryptPasswordField(connection, field) {
       [field]: 'crypt:' + getEncryptor().encrypt(connection[field]),
     };
   }
-return connection;
+  return connection;
 }
 
 function decryptPasswordField(connection, field) {
@@ -75,6 +75,11 @@ function encryptConnection(connection) {
   return connection;
 }
 
+function maskConnection(connection) {
+  if (!connection) return connection;
+  return _.omit(connection, ['password', 'sshPassword', 'sshKeyfilePassword']);
+}
+
 function decryptConnection(connection) {
   connection = decryptPasswordField(connection, 'password');
   connection = decryptPasswordField(connection, 'sshPassword');
@@ -95,5 +100,6 @@ module.exports = {
   loadEncryptionKey,
   encryptConnection,
   decryptConnection,
+  maskConnection,
   pickSafeConnectionInfo,
 };