NotificationsYou must be signed in to change notification settings
Fork925
Star10.1k

Commit6aaa09e

committed

chore: shorten provisioner key

1 parent10b09ed commit6aaa09eCopy full SHA for 6aaa09e

File tree

10 files changed

+90

-28

lines changed

coderd
- database
  - dbauthz
    - dbauthz.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - querier.go
  - queries
    - provisionerkeys.sql
  - queries.sql.go
- httpmw
  - provisionerdaemon.go
- provisionerkey
  - provisionerkey.go
enterprise/cli
- provisionerdaemonstart.go

10 files changed

+90

-28

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1680,6 +1680,10 @@ func (q *querier) GetProvisionerJobsCreatedAfter(ctx context.Context, createdAt`
`1680`	`1680`	`returnq.db.GetProvisionerJobsCreatedAfter(ctx,createdAt)`
`1681`	`1681`	`}`
`1682`	`1682`
	`1683`	`+func (q*querier)GetProvisionerKeyByHashedSecret(ctx context.Context,hashedSecret []byte) (database.ProvisionerKey,error) {`
	`1684`	`+returnfetch(q.log,q.auth,q.db.GetProvisionerKeyByHashedSecret)(ctx,hashedSecret)`
	`1685`	`+}`
	`1686`	`+`
`1683`	`1687`	`func (q*querier)GetProvisionerKeyByID(ctx context.Context,id uuid.UUID) (database.ProvisionerKey,error) {`
`1684`	`1688`	`returnfetch(q.log,q.auth,q.db.GetProvisionerKeyByID)(ctx,id)`
`1685`	`1689`	`}`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3240,6 +3240,19 @@ func (q *FakeQuerier) GetProvisionerJobsCreatedAfter(_ context.Context, after ti`
`3240`	`3240`	`returnjobs,nil`
`3241`	`3241`	`}`
`3242`	`3242`
	`3243`	`+func (q*FakeQuerier)GetProvisionerKeyByHashedSecret(ctx context.Context,hashedSecret []byte) (database.ProvisionerKey,error) {`
	`3244`	`+q.mutex.RLock()`
	`3245`	`+deferq.mutex.RUnlock()`
	`3246`	`+`
	`3247`	`+for_,key:=rangeq.provisionerKeys {`
	`3248`	`+ifbytes.Equal(key.HashedSecret,hashedSecret) {`
	`3249`	`+returnkey,nil`
	`3250`	`+}`
	`3251`	`+}`
	`3252`	`+`
	`3253`	`+return database.ProvisionerKey{},sql.ErrNoRows`
	`3254`	`+}`
	`3255`	`+`
`3243`	`3256`	`func (q*FakeQuerier)GetProvisionerKeyByID(_ context.Context,id uuid.UUID) (database.ProvisionerKey,error) {`
`3244`	`3257`	`q.mutex.RLock()`
`3245`	`3258`	`deferq.mutex.RUnlock()`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 7 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 15 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier.go`

Lines changed: 1 addition & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 23 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/provisionerkeys.sql`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,14 @@ FROM`
`19`	`19`	`WHERE`
`20`	`20`	`id= $1;`
`21`	`21`
	`22`	`+-- name: GetProvisionerKeyByHashedSecret :one`
	`23`	`+SELECT`
	`24`	`+*`
	`25`	`+FROM`
	`26`	`+ provisioner_keys`
	`27`	`+WHERE`
	`28`	`+ hashed_secret= $1;`
	`29`	`+`
`22`	`30`	`-- name: GetProvisionerKeyByName :one`
`23`	`31`	`SELECT`
`24`	`32`	`*`

`‎coderd/httpmw/provisionerdaemon.go`

Lines changed: 8 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -71,16 +71,17 @@ func ExtractProvisionerDaemonAuthenticated(opts ExtractProvisionerAuthConfig) fu`
`71`	`71`	`return`
`72`	`72`	`}`
`73`	`73`
`74`		`-id,keyValue,err:=provisionerkey.Parse(key)`
	`74`	`+err:=provisionerkey.Validate(key)`
`75`	`75`	`iferr!=nil {`
`76`		`-handleOptional(http.StatusUnauthorized, codersdk.Response{`
	`76`	`+handleOptional(http.StatusBadGateway, codersdk.Response{`
`77`	`77`	`Message:"provisioner daemon key invalid",`
	`78`	`+Detail:err.Error(),`
`78`	`79`	`})`
`79`	`80`	`return`
`80`	`81`	`}`
`81`		`-`
	`82`	`+hashedKey:=provisionerkey.HashSecret(key)`
`82`	`83`	`// nolint:gocritic // System must check if the provisioner key is valid.`
`83`		`-pk,err:=opts.DB.GetProvisionerKeyByID(dbauthz.AsSystemRestricted(ctx),id)`
	`84`	`+pk,err:=opts.DB.GetProvisionerKeyByHashedSecret(dbauthz.AsSystemRestricted(ctx),hashedKey)`
`84`	`85`	`iferr!=nil {`
`85`	`86`	`ifhttpapi.Is404Error(err) {`
`86`	`87`	`handleOptional(http.StatusUnauthorized, codersdk.Response{`
`@@ -90,12 +91,13 @@ func ExtractProvisionerDaemonAuthenticated(opts ExtractProvisionerAuthConfig) fu`
`90`	`91`	`}`
`91`	`92`
`92`	`93`	`handleOptional(http.StatusInternalServerError, codersdk.Response{`
`93`		`-Message:"get provisioner daemon key: "+err.Error(),`
	`94`	`+Message:"get provisioner daemon key",`
	`95`	`+Detail:err.Error(),`
`94`	`96`	`})`
`95`	`97`	`return`
`96`	`98`	`}`
`97`	`99`
`98`		`-ifprovisionerkey.Compare(pk.HashedSecret,provisionerkey.HashSecret(keyValue)) {`
	`100`	`+ifprovisionerkey.Compare(pk.HashedSecret,hashedKey) {`
`99`	`101`	`handleOptional(http.StatusUnauthorized, codersdk.Response{`
`100`	`102`	`Message:"provisioner daemon key invalid",`
`101`	`103`	`})`

`‎coderd/provisionerkey/provisionerkey.go`

Lines changed: 9 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,6 @@ package provisionerkey`
`3`	`3`	`import (`
`4`	`4`	`"crypto/sha256"`
`5`	`5`	`"crypto/subtle"`
`6`		`-"fmt"`
`7`		`-"strings"`
`8`	`6`
`9`	`7`	`"github.com/google/uuid"`
`10`	`8`	`"golang.org/x/xerrors"`
`@@ -15,40 +13,31 @@ import (`
`15`	`13`	`)`
`16`	`14`
`17`	`15`	`funcNew(organizationID uuid.UUID,namestring,tagsmap[string]string) (database.InsertProvisionerKeyParams,string,error) {`
`18`		`-id:=uuid.New()`
`19`		`-secret,err:=cryptorand.HexString(64)`
	`16`	`+secret,err:=cryptorand.String(64)`
`20`	`17`	`iferr!=nil {`
`21`		`-return database.InsertProvisionerKeyParams{},"",xerrors.Errorf("generatetoken: %w",err)`
	`18`	`+return database.InsertProvisionerKeyParams{},"",xerrors.Errorf("generatesecret: %w",err)`
`22`	`19`	`}`
`23`		`-hashedSecret:=HashSecret(secret)`
`24`		`-token:=fmt.Sprintf("%s:%s",id,secret)`
`25`	`20`
`26`	`21`	`iftags==nil {`
`27`	`22`	`tags=map[string]string{}`
`28`	`23`	`}`
`29`	`24`
`30`	`25`	`return database.InsertProvisionerKeyParams{`
`31`		`-ID:id,`
	`26`	`+ID:uuid.New(),`
`32`	`27`	`CreatedAt:dbtime.Now(),`
`33`	`28`	`OrganizationID:organizationID,`
`34`	`29`	`Name:name,`
`35`		`-HashedSecret:hashedSecret,`
	`30`	`+HashedSecret:HashSecret(secret),`
`36`	`31`	`Tags:tags,`
`37`		`-},token,nil`
	`32`	`+},secret,nil`
`38`	`33`	`}`
`39`	`34`
`40`		`-funcParse(tokenstring) (uuid.UUID,string,error) {`
`41`		`-parts:=strings.Split(token,":")`
`42`		`-iflen(parts)!=2 {`
`43`		`-return uuid.UUID{},"",xerrors.Errorf("invalid token format")`
	`35`	`+funcValidate(tokenstring)error {`
	`36`	`+iflen(token)!=64 {`
	`37`	`+returnxerrors.Errorf("must be 64 characters")`
`44`	`38`	`}`
`45`	`39`
`46`		`-id,err:=uuid.Parse(parts[0])`
`47`		`-iferr!=nil {`
`48`		`-return uuid.UUID{},"",xerrors.Errorf("parse id: %w",err)`
`49`		`-}`
`50`		`-`
`51`		`-returnid,parts[1],nil`
	`40`	`+returnnil`
`52`	`41`	`}`
`53`	`42`
`54`	`43`	`funcHashSecret(secretstring) []byte {`

`‎enterprise/cli/provisionerdaemonstart.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -122,9 +122,9 @@ func (r RootCmd) provisionerDaemonStart() serpent.Command {`
`122`	`122`	`iflen(rawTags)>0 {`
`123`	`123`	`returnxerrors.New("cannot provide tags when using provisioner key")`
`124`	`124`	`}`
`125`		`-_,_,err:=provisionerkey.Parse(provisionerKey)`
	`125`	`+err=provisionerkey.Validate(provisionerKey)`
`126`	`126`	`iferr!=nil {`
`127`		`-returnxerrors.Errorf("parse provisioner key: %w",err)`
	`127`	`+returnxerrors.Errorf("validate provisioner key: %w",err)`
`128`	`128`	`}`
`129`	`129`	`}`
`130`	`130`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6aaa09e

File tree

10 files changed

10 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/provisionerkeys.sql`

`‎coderd/httpmw/provisionerdaemon.go`

`‎coderd/provisionerkey/provisionerkey.go`

`‎enterprise/cli/provisionerdaemonstart.go`

0 commit comments