feat: removed public key. fix: encrypt private key for new access key

fiftin · fiftin · commit e991800693e8 · 2021-08-31T10:47:19.000+05:00
diff --git a/api/projects/keys.go b/api/projects/keys.go
@@ -98,6 +98,13 @@ func AddKey(w http.ResponseWriter, r *http.Request) {
 		*key.Secret += "\n"
 	}
 
+	err := key.EncryptSecret()
+
+	if err != nil {
+		helpers.WriteError(w, err)
+		return
+	}
+
 	newKey, err := helpers.Store(r).CreateAccessKey(key)
 
 	if err != nil {
@@ -146,7 +153,6 @@ func UpdateKey(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if key.Type == db.AccessKeyNone {
-		key.Key = nil
 		key.Secret = nil
 	} else if key.Secret == nil || len(*key.Secret) == 0 {
 		// override secret
diff --git a/api/tasks/pool.go b/api/tasks/pool.go
@@ -37,7 +37,7 @@ var pool = taskPool{
 	activeNodes:  make(map[string]*task),
 	running:      0, // number of running tasks
 	runningTasks: make(map[int]*task), // working tasks
-	logger:       make(chan logRecord, 1000), // store log records to database
+	logger:       make(chan logRecord, 10000), // store log records to database
 }
 
 var resourceLocker = make(chan *resourceLock)
diff --git a/api/tasks/runner.go b/api/tasks/runner.go
@@ -339,11 +339,6 @@ func (t *task) installKey(key db.AccessKey) error {
 	t.log("access key " + key.Name + " installed")
 
 	path := key.GetPath()
-	if key.Key != nil {
-		if err := ioutil.WriteFile(path+"-cert.pub", []byte(*key.Key), 0600); err != nil {
-			return err
-		}
-	}
 
 	secret, err := key.DecryptSecret()
 
diff --git a/db/AccessKey.go b/db/AccessKey.go
@@ -26,7 +26,6 @@ type AccessKey struct {
 	Type string `db:"type" json:"type" binding:"required"`
 
 	ProjectID *int    `db:"project_id" json:"project_id"`
-	Key       *string `db:"key" json:"key"`
 	Secret    *string `db:"secret" json:"secret"`
 
 	Removed bool `db:"removed" json:"removed"`
diff --git a/db/sql/Version.go b/db/sql/Version.go
@@ -79,5 +79,6 @@ func init() {
 		{Major: 2, Minor: 7, Patch: 6},
 		{Major: 2, Minor: 7, Patch: 8},
 		{Major: 2, Minor: 7, Patch: 9},
+		{Major: 2, Minor: 7, Patch: 10},
 	}
 }
diff --git a/db/sql/access_key.go b/db/sql/access_key.go
@@ -16,10 +16,9 @@ func (d *SqlDb) GetAccessKeys(projectID int, params db.RetrieveQueryParams) ([]d
 
 func (d *SqlDb) UpdateAccessKey(key db.AccessKey) error {
 	res, err := d.exec(
-		"update access_key set name=?, type=?, `key`=?, secret=? where project_id=? and id=?",
+		"update access_key set name=?, type=?, secret=? where project_id=? and id=?",
 		key.Name,
 		key.Type,
-		key.Key,
 		key.Secret,
 		key.ProjectID,
 		key.ID)
@@ -30,11 +29,10 @@ func (d *SqlDb) UpdateAccessKey(key db.AccessKey) error {
 func (d *SqlDb) CreateAccessKey(key db.AccessKey) (newKey db.AccessKey, err error) {
 	insertID, err := d.insert(
 		"id",
-		"insert into access_key (name, type, project_id, `key`, secret) values (?, ?, ?, ?, ?)",
+		"insert into access_key (name, type, project_id, secret) values (?, ?, ?, ?)",
 		key.Name,
 		key.Type,
 		key.ProjectID,
-		key.Key,
 		key.Secret)
 
 	if err != nil {
@@ -54,7 +52,6 @@ func (d *SqlDb) DeleteAccessKeySoft(projectID int, accessKeyID int) error {
 	return d.deleteObjectSoft(projectID, db.AccessKeyProps, accessKeyID)
 }
 
-
 func (d *SqlDb) GetGlobalAccessKey(accessKeyID int) (db.AccessKey, error) {
 	var key db.AccessKey
 	err := d.getObject(0, db.GlobalAccessKeyProps, accessKeyID, &key)
@@ -69,10 +66,9 @@ func (d *SqlDb) GetGlobalAccessKeys(params db.RetrieveQueryParams) ([]db.AccessK
 
 func (d *SqlDb) UpdateGlobalAccessKey(key db.AccessKey) error {
 	res, err := d.exec(
-		"update access_key set name=?, type=?, `key`=?, secret=? where id=?",
+		"update access_key set name=?, type=?, secret=? where id=?",
 		key.Name,
 		key.Type,
-		key.Key,
 		key.Secret,
 		key.ID)
 
@@ -82,10 +78,9 @@ func (d *SqlDb) UpdateGlobalAccessKey(key db.AccessKey) error {
 func (d *SqlDb) CreateGlobalAccessKey(key db.AccessKey) (newKey db.AccessKey, err error) {
 	insertID, err := d.insert(
 		"id",
-		"insert into access_key (name, type, `key`, secret) values (?, ?, ?, ?)",
+		"insert into access_key (name, type, secret) values (?, ?, ?)",
 		key.Name,
 		key.Type,
-		key.Key,
 		key.Secret)
 
 	if err != nil {
diff --git a/db/sql/migrations/v2.7.10.sql b/db/sql/migrations/v2.7.10.sql
@@ -0,0 +1 @@
+alter table `access_key` drop column `key`;
diff --git a/web2/src/components/KeyForm.vue b/web2/src/components/KeyForm.vue
@@ -30,13 +30,6 @@
       :disabled="formSaving"
     ></v-select>
 
-    <v-textarea
-      v-model="item.key"
-      label="Public Key"
-      :disabled="formSaving"
-      v-if="item.type === 'ssh'"
-    ></v-textarea>
-
     <v-textarea
       v-model="item.secret"
       label="Private Key"

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ var pool = taskPool{`
`37`	`37`	`activeNodes: make(map[string]*task),`
`38`	`38`	`running: 0, // number of running tasks`
`39`	`39`	`runningTasks: make(map[int]*task), // working tasks`
`40`		`- logger: make(chan logRecord, 1000), // store log records to database`
	`40`	`+ logger: make(chan logRecord, 10000), // store log records to database`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`var resourceLocker = make(chan *resourceLock)`
Original file line number	Diff line number	Diff line change
`@@ -79,5 +79,6 @@ func init() {`
`79`	`79`	`{Major: 2, Minor: 7, Patch: 6},`
`80`	`80`	`{Major: 2, Minor: 7, Patch: 8},`
`81`	`81`	`{Major: 2, Minor: 7, Patch: 9},`
	`82`	`+ {Major: 2, Minor: 7, Patch: 10},`
`82`	`83`	`}`
`83`	`84`	`}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+alter table `access_key` drop column `key`;