frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow credSecret to be managed via project settings

Browse Source
This commit is contained in:
Nick O'Leary
2017-09-26 22:51:08 +01:00
parent d8fd218409
commit 6a06142e1e
14 changed files with 401 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
red/runtime/nodes/credentials.js
View File

@@ -38,6 +38,28 @@ function decryptCredentials(key,credentials) {
return JSON.parse(decrypted);
}
function markProjectSecretValid(project,valid) {
try {
var projects = settings.get('projects');
if (projects) {
if (valid) {
if (!projects.projects[project].credentialSecretInvalid) {
return when.resolve();
} else {
delete projects.projects[project].credentialSecretInvalid;
}
} else {
projects.projects[project].credentialSecretInvalid = true;
}
return settings.set('projects',projects);
} else {
return when.resolve();
}
} catch(err) {
return when.resolve();
}
}
var api = module.exports = {
init: function(runtime) {
log = runtime.log;
@@ -75,16 +97,17 @@ var api = module.exports = {
}
var projectKey = false;
var activeProject;
try {
var projects = settings.get('projects');
if (projects && projects.activeProject) {
activeProject = projects.activeProject;
projectKey = projects.projects[projects.activeProject].credentialSecret;
}
} catch(err) {
}
if (projectKey) {
log.debug("red/runtime/nodes/credentials.load : using active project key - ignoring user provided key");
console.log(projectKey);
userKey = projectKey;
}
@@ -171,21 +194,32 @@ var api = module.exports = {
encryptedCredentials = credentials;
}
return setupEncryptionPromise.then(function() {
var clearInvalidFlag = false;
if (credentials.hasOwnProperty("$")) {
// These are encrypted credentials
try {
credentialCache = decryptCredentials(encryptionKey,credentials)
clearInvalidFlag = true;
} catch(err) {
credentialCache = {};
dirty = true;
log.warn(log._("nodes.credentials.error",{message:err.toString()}))
var error = new Error("Failed to decrypt credentials");
error.code = "credentials_load_failed";
if (projectKey) {
// This is a project with a bad key. Mark it as invalid
return markProjectSecretValid(activeProject,false).then(function() {
return when.reject(error);
})
}
return when.reject(error);
}
} else {
credentialCache = credentials;
}
if (clearInvalidFlag) {
return markProjectSecretValid(activeProject,true)
}
});
},
@@ -222,6 +256,10 @@ var api = module.exports = {
dirty = true;
},
clear: function() {
credentialCache = {};
dirty = true;
},
/**
* Deletes any credentials for nodes that no longer exist
* @param config a flow config
@@ -321,9 +359,14 @@ var api = module.exports = {
dirty: function() {
return dirty;
},
setKey: function(key) {
encryptionKey = crypto.createHash('sha256').update(key).digest();
encryptionEnabled = true;
dirty = true;
},
export: function() {
var result = credentialCache;
if (encryptionEnabled) {
if (dirty) {
try {

1
red/runtime/nodes/flows/index.js
View File

@@ -231,7 +231,6 @@ function handleStatus(node,statusMessage) {
function start(type,diff,muteLog) {
console.log("START----")
//dumpActiveNodes();
type = type||"full";
started = true;

5
red/runtime/nodes/index.js
View File

@@ -172,5 +172,8 @@ module.exports = {
addCredentials: credentials.add,
getCredentials: credentials.get,
deleteCredentials: credentials.delete,
getCredentialDefinition: credentials.getDefinition
getCredentialDefinition: credentials.getDefinition,
setCredentialSecret: credentials.setKey,
clearCredentials: credentials.clear,
exportCredentials: credentials.export
};