dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-05-03 16:23:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

encrypting password, key is stored on backend in .key file

Browse Source
This commit is contained in:
Jan Prochazka
2021-01-20 18:29:15 +01:00
parent 6a8a47cf03
commit 777c9a99a2
14 changed files with 155 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
packages/api/package.json
View File

@@ -40,6 +40,7 @@
"ncp": "^2.0.0", "ncp": "^2.0.0",
"nedb-promises": "^4.0.1", "nedb-promises": "^4.0.1",
"node-cron": "^2.0.3", "node-cron": "^2.0.3",
"simple-encryptor": "^4.0.0",
"tar": "^6.0.5", "tar": "^6.0.5",
"uuid": "^3.4.0" "uuid": "^3.4.0"
}, },

6
packages/api/src/controllers/connections.js
View File

@@ -5,6 +5,7 @@ const nedb = require('nedb-promises');
const { datadir } = require('../utility/directories'); const { datadir } = require('../utility/directories');
const socket = require('../utility/socket'); const socket = require('../utility/socket');
const { encryptConnection } = require('../utility/crypting');
function getPortalCollections() { function getPortalCollections() {
if (process.env.CONNECTIONS) { if (process.env.CONNECTIONS) {
@@ -59,10 +60,11 @@ module.exports = {
async save(connection) { async save(connection) {
if (portalConnections) return; if (portalConnections) return;
let res; let res;
const encrypted = encryptConnection(connection);
if (connection._id) { if (connection._id) {
res = await this.datastore.update(_.pick(connection, '_id'), connection); res = await this.datastore.update(_.pick(connection, '_id'), encrypted);
} else { } else {
res = await this.datastore.insert(connection); res = await this.datastore.insert(encrypted);
} }
socket.emitChanged('connection-list-changed'); socket.emitChanged('connection-list-changed');
return res; return res;

2
packages/api/src/controllers/plugins.js
View File

@@ -28,7 +28,7 @@ const hasPermission = require('../utility/hasPermission');
// } // }
const preinstallPluginMinimalVersions = { const preinstallPluginMinimalVersions = {
'dbgate-plugin-mssql': '1.0.8', 'dbgate-plugin-mssql': '1.0.9',
'dbgate-plugin-mysql': '1.0.2', 'dbgate-plugin-mysql': '1.0.2',
'dbgate-plugin-postgres': '1.0.2', 'dbgate-plugin-postgres': '1.0.2',
'dbgate-plugin-csv': '1.0.8', 'dbgate-plugin-csv': '1.0.8',

3
packages/api/src/proc/connectProcess.js
View File

@@ -1,12 +1,13 @@
const childProcessChecker = require('../utility/childProcessChecker'); const childProcessChecker = require('../utility/childProcessChecker');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
function start() { function start() {
childProcessChecker(); childProcessChecker();
process.on('message', async (connection) => { process.on('message', async (connection) => {
try { try {
const driver = requireEngineDriver(connection); const driver = requireEngineDriver(connection);
const conn = await driver.connect(connection); const conn = await driver.connect(decryptConnection(connection));
const res = await driver.getVersion(conn); const res = await driver.getVersion(conn);
process.send({ msgtype: 'connected', ...res }); process.send({ msgtype: 'connected', ...res });
} catch (e) { } catch (e) {

3
packages/api/src/proc/databaseConnectionProcess.js
View File

@@ -1,6 +1,7 @@
const stableStringify = require('json-stable-stringify'); const stableStringify = require('json-stable-stringify');
const childProcessChecker = require('../utility/childProcessChecker'); const childProcessChecker = require('../utility/childProcessChecker');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
let systemConnection; let systemConnection;
let storedConnection; let storedConnection;
@@ -59,7 +60,7 @@ async function handleConnect({ connection, structure }) {
if (!structure) setStatusName('pending'); if (!structure) setStatusName('pending');
const driver = requireEngineDriver(storedConnection); const driver = requireEngineDriver(storedConnection);
systemConnection = await checkedAsyncCall(driver.connect(storedConnection)); systemConnection = await checkedAsyncCall(driver.connect(decryptConnection(storedConnection)));
if (structure) { if (structure) {
analysedStructure = structure; analysedStructure = structure;
handleIncrementalRefresh(); handleIncrementalRefresh();

5
packages/api/src/proc/serverConnectionProcess.js
View File

@@ -1,6 +1,7 @@
const stableStringify = require('json-stable-stringify'); const stableStringify = require('json-stable-stringify');
const childProcessChecker = require('../utility/childProcessChecker'); const childProcessChecker = require('../utility/childProcessChecker');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
let systemConnection; let systemConnection;
let storedConnection; let storedConnection;
@@ -47,7 +48,7 @@ async function handleConnect(connection) {
const driver = requireEngineDriver(storedConnection); const driver = requireEngineDriver(storedConnection);
try { try {
systemConnection = await driver.connect(storedConnection); systemConnection = await driver.connect(decryptConnection(storedConnection));
handleRefresh(); handleRefresh();
setInterval(handleRefresh, 30 * 1000); setInterval(handleRefresh, 30 * 1000);
} catch (err) { } catch (err) {
@@ -66,7 +67,7 @@ function handlePing() {
async function handleCreateDatabase({ name }) { async function handleCreateDatabase({ name }) {
const driver = requireEngineDriver(storedConnection); const driver = requireEngineDriver(storedConnection);
systemConnection = await driver.connect(storedConnection); systemConnection = await driver.connect(decryptConnection(storedConnection));
console.log(`RUNNING SCRIPT: CREATE DATABASE ${driver.dialect.quoteIdentifier(name)}`); console.log(`RUNNING SCRIPT: CREATE DATABASE ${driver.dialect.quoteIdentifier(name)}`);
await driver.query(systemConnection, `CREATE DATABASE ${driver.dialect.quoteIdentifier(name)}`); await driver.query(systemConnection, `CREATE DATABASE ${driver.dialect.quoteIdentifier(name)}`);
await handleRefresh(); await handleRefresh();

3
packages/api/src/proc/sessionProcess.js
View File

@@ -7,6 +7,7 @@ const goSplit = require('../utility/goSplit');
const { jsldir } = require('../utility/directories'); const { jsldir } = require('../utility/directories');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
let systemConnection; let systemConnection;
let storedConnection; let storedConnection;
@@ -130,7 +131,7 @@ async function handleConnect(connection) {
storedConnection = connection; storedConnection = connection;
const driver = requireEngineDriver(storedConnection); const driver = requireEngineDriver(storedConnection);
systemConnection = await driver.connect(storedConnection); systemConnection = await driver.connect(decryptConnection(storedConnection));
for (const [resolve] of afterConnectCallbacks) { for (const [resolve] of afterConnectCallbacks) {
resolve(); resolve();
} }

3
packages/api/src/shell/executeQuery.js
View File

@@ -1,11 +1,12 @@
const goSplit = require('../utility/goSplit'); const goSplit = require('../utility/goSplit');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
async function executeQuery({ connection, sql }) { async function executeQuery({ connection, sql }) {
console.log(`Execute query ${sql}`); console.log(`Execute query ${sql}`);
const driver = requireEngineDriver(connection); const driver = requireEngineDriver(connection);
const pool = await driver.connect(connection); const pool = await driver.connect(decryptConnection(connection));
console.log(`Connected.`); console.log(`Connected.`);
for (const sqlItem of goSplit(sql)) { for (const sqlItem of goSplit(sql)) {

5
packages/api/src/shell/queryReader.js
View File

@@ -1,10 +1,11 @@
const requireEngineDriver = require("../utility/requireEngineDriver"); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
async function queryReader({ connection, sql }) { async function queryReader({ connection, sql }) {
console.log(`Reading query ${sql}`); console.log(`Reading query ${sql}`);
const driver = requireEngineDriver(connection); const driver = requireEngineDriver(connection);
const pool = await driver.connect(connection); const pool = await driver.connect(decryptConnection(connection));
console.log(`Connected.`); console.log(`Connected.`);
return await driver.readQuery(pool, sql); return await driver.readQuery(pool, sql);
} }

3
packages/api/src/shell/tableReader.js
View File

@@ -1,9 +1,10 @@
const { quoteFullName, fullNameToString } = require('dbgate-tools'); const { quoteFullName, fullNameToString } = require('dbgate-tools');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
async function tableReader({ connection, pureName, schemaName }) { async function tableReader({ connection, pureName, schemaName }) {
const driver = requireEngineDriver(connection); const driver = requireEngineDriver(connection);
const pool = await driver.connect(connection); const pool = await driver.connect(decryptConnection(connection));
console.log(`Connected.`); console.log(`Connected.`);
const fullName = { pureName, schemaName }; const fullName = { pureName, schemaName };

3
packages/api/src/shell/tableWriter.js
View File

@@ -1,11 +1,12 @@
const { fullNameToString } = require('dbgate-tools'); const { fullNameToString } = require('dbgate-tools');
const requireEngineDriver = require('../utility/requireEngineDriver'); const requireEngineDriver = require('../utility/requireEngineDriver');
const { decryptConnection } = require('../utility/crypting');
async function tableWriter({ connection, schemaName, pureName, ...options }) { async function tableWriter({ connection, schemaName, pureName, ...options }) {
console.log(`Writing table ${fullNameToString({ schemaName, pureName })}`); console.log(`Writing table ${fullNameToString({ schemaName, pureName })}`);
const driver = requireEngineDriver(connection); const driver = requireEngineDriver(connection);
const pool = await driver.connect(connection); const pool = await driver.connect(decryptConnection(connection));
console.log(`Connected.`); console.log(`Connected.`);
return await driver.writeTable(pool, { schemaName, pureName }, options); return await driver.writeTable(pool, { schemaName, pureName }, options);
} }

69
packages/api/src/utility/crypting.js Normal file
View File

@@ -0,0 +1,69 @@
const crypto = require('crypto');
const simpleEncryptor = require('simple-encryptor');
const fs = require('fs');
const path = require('path');
const { datadir } = require('./directories');
const defaultEncryptionKey = 'mQAUaXhavRGJDxDTXSCg7Ej0xMmGCrx6OKA07DIMBiDcYYkvkaXjTAzPUEHEHEf9';
let _encryptionKey = null;
function loadEncryptionKey() {
if (_encryptionKey) {
return _encryptionKey;
}
const encryptor = simpleEncryptor.createEncryptor(defaultEncryptionKey);
const keyFile = path.join(datadir(), '.key');
if (!fs.existsSync(keyFile)) {
const generatedKey = crypto.randomBytes(32);
const newKey = generatedKey.toString('hex');
const result = {
encryptionKey: newKey,
};
fs.writeFileSync(keyFile, encryptor.encrypt(result), 'utf-8');
}
const encryptedData = fs.readFileSync(keyFile, 'utf-8');
const data = encryptor.decrypt(encryptedData);
_encryptionKey = data['encryptionKey'];
return _encryptionKey;
}
let _encryptor = null;
function getEncryptor() {
if (_encryptor) {
return _encryptor;
}
_encryptor = simpleEncryptor.createEncryptor(loadEncryptionKey());
return _encryptor;
}
function encryptConnection(connection) {
if (connection && connection.password && !connection.password.startsWith('crypt:')) {
return {
...connection,
password: 'crypt:' + getEncryptor().encrypt(connection.password),
};
}
return connection;
}
function decryptConnection(connection) {
if (connection && connection.password && connection.password.startsWith('crypt:')) {
return {
...connection,
password: getEncryptor().decrypt(connection.password.substring('crypt:'.length)),
};
}
return connection;
}
module.exports = {
loadEncryptionKey,
encryptConnection,
decryptConnection,
};

69
packages/web/src/utility/forms.js
View File

@@ -33,7 +33,7 @@ export function FormCondition({ condition, children }) {
export function FormTextFieldRaw({ name, focused = false, ...other }) { export function FormTextFieldRaw({ name, focused = false, ...other }) {
const { values, setFieldValue } = useForm(); const { values, setFieldValue } = useForm();
const handleChange = event => { const handleChange = (event) => {
setFieldValue(name, event.target.value); setFieldValue(name, event.target.value);
}; };
const textFieldRef = React.useRef(null); const textFieldRef = React.useRef(null);
@@ -44,6 +44,35 @@ export function FormTextFieldRaw({ name, focused = false, ...other }) {
return <TextField {...other} value={values[name]} onChange={handleChange} editorRef={textFieldRef} />; return <TextField {...other} value={values[name]} onChange={handleChange} editorRef={textFieldRef} />;
} }
export function FormPasswordFieldRaw({ name, focused = false, ...other }) {
const { values, setFieldValue } = useForm();
const [showPassword, setShowPassword] = React.useState(false);
const handleChange = (event) => {
setFieldValue(name, event.target.value);
};
const textFieldRef = React.useRef(null);
React.useEffect(() => {
if (textFieldRef.current && focused) textFieldRef.current.focus();
}, [textFieldRef.current, focused]);
const value = values[name];
const isCrypted = value && value.startsWith('crypt:');
return (
<>
<TextField
{...other}
value={isCrypted ? '' : value}
onChange={handleChange}
editorRef={textFieldRef}
placeholder={isCrypted ? '(Password is encrypted)' : undefined}
type={isCrypted || showPassword ? 'text' : 'password'}
/>
{!isCrypted && <FontIcon icon="icon eye" onClick={() => setShowPassword((x) => !x)} />}
</>
);
}
export function FormTextField({ name, label, focused = false, ...other }) { export function FormTextField({ name, label, focused = false, ...other }) {
const FieldTemplate = useFormFieldTemplate(); const FieldTemplate = useFormFieldTemplate();
return ( return (
@@ -55,18 +84,16 @@ export function FormTextField({ name, label, focused = false, ...other }) {
export function FormPasswordField({ name, label, focused = false, ...other }) { export function FormPasswordField({ name, label, focused = false, ...other }) {
const FieldTemplate = useFormFieldTemplate(); const FieldTemplate = useFormFieldTemplate();
const [showPassword, setShowPassword] = React.useState(false);
return ( return (
<FieldTemplate label={label} type="text"> <FieldTemplate label={label} type="text">
<FormTextFieldRaw name={name} focused={focused} type={showPassword ? 'text' : 'password'} {...other} /> <FormPasswordFieldRaw name={name} focused={focused} {...other} />
<FontIcon icon="icon eye" onClick={() => setShowPassword(x => !x)} />
</FieldTemplate> </FieldTemplate>
); );
} }
export function FormCheckboxFieldRaw({ name = undefined, defaultValue = undefined, ...other }) { export function FormCheckboxFieldRaw({ name = undefined, defaultValue = undefined, ...other }) {
const { values, setFieldValue } = useForm(); const { values, setFieldValue } = useForm();
const handleChange = event => { const handleChange = (event) => {
setFieldValue(name, event.target.checked); setFieldValue(name, event.target.checked);
}; };
let isChecked = values[name]; let isChecked = values[name];
@@ -86,7 +113,7 @@ export function FormCheckboxField({ label, ...other }) {
export function FormSelectFieldRaw({ children, name, ...other }) { export function FormSelectFieldRaw({ children, name, ...other }) {
const { values, setFieldValue } = useForm(); const { values, setFieldValue } = useForm();
const handleChange = event => { const handleChange = (event) => {
setFieldValue(name, event.target.value); setFieldValue(name, event.target.value);
}; };
return ( return (
@@ -142,7 +169,7 @@ export function FormReactSelect({ options, name, isMulti = false, Component = Se
return ( return (
<Component <Component
theme={t => ({ theme={(t) => ({
...t, ...t,
colors: { colors: {
...t.colors, ...t.colors,
@@ -167,10 +194,12 @@ export function FormReactSelect({ options, name, isMulti = false, Component = Se
options={options} options={options}
value={ value={
isMulti isMulti
? options.filter(x => values[name] && values[name].includes(x.value)) ? options.filter((x) => values[name] && values[name].includes(x.value))
: options.find(x => x.value == values[name]) : options.find((x) => x.value == values[name])
}
onChange={(item) =>
setFieldValue(name, isMulti ? getAsArray(item).map((x) => x.value) : item ? item.value : null)
} }
onChange={item => setFieldValue(name, isMulti ? getAsArray(item).map(x => x.value) : item ? item.value : null)}
menuPortalTarget={document.body} menuPortalTarget={document.body}
isMulti={isMulti} isMulti={isMulti}
closeMenuOnSelect={!isMulti} closeMenuOnSelect={!isMulti}
@@ -183,7 +212,7 @@ export function FormConnectionSelect({ name }) {
const connections = useConnectionList(); const connections = useConnectionList();
const connectionOptions = React.useMemo( const connectionOptions = React.useMemo(
() => () =>
(connections || []).map(conn => ({ (connections || []).map((conn) => ({
value: conn._id, value: conn._id,
label: conn.displayName || conn.server, label: conn.displayName || conn.server,
})), })),
@@ -199,7 +228,7 @@ export function FormDatabaseSelect({ conidName, name }) {
const databases = useDatabaseList({ conid: values[conidName] }); const databases = useDatabaseList({ conid: values[conidName] });
const databaseOptions = React.useMemo( const databaseOptions = React.useMemo(
() => () =>
(databases || []).map(db => ({ (databases || []).map((db) => ({
value: db.name, value: db.name,
label: db.name, label: db.name,
})), })),
@@ -215,7 +244,7 @@ export function FormSchemaSelect({ conidName, databaseName, name }) {
const dbinfo = useDatabaseInfo({ conid: values[conidName], database: values[databaseName] }); const dbinfo = useDatabaseInfo({ conid: values[conidName], database: values[databaseName] });
const schemaOptions = React.useMemo( const schemaOptions = React.useMemo(
() => () =>
((dbinfo && dbinfo.schemas) || []).map(schema => ({ ((dbinfo && dbinfo.schemas) || []).map((schema) => ({
value: schema.schemaName, value: schema.schemaName,
label: schema.schemaName, label: schema.schemaName,
})), })),
@@ -232,8 +261,8 @@ export function FormTablesSelect({ conidName, databaseName, schemaName, name })
const tablesOptions = React.useMemo( const tablesOptions = React.useMemo(
() => () =>
[...((dbinfo && dbinfo.tables) || []), ...((dbinfo && dbinfo.views) || [])] [...((dbinfo && dbinfo.tables) || []), ...((dbinfo && dbinfo.views) || [])]
.filter(x => !values[schemaName] || x.schemaName == values[schemaName]) .filter((x) => !values[schemaName] || x.schemaName == values[schemaName])
.map(x => ({ .map((x) => ({
value: x.pureName, value: x.pureName,
label: x.pureName, label: x.pureName,
})), })),
@@ -249,7 +278,7 @@ export function FormArchiveFilesSelect({ folderName, name }) {
const files = useArchiveFiles({ folder: folderName }); const files = useArchiveFiles({ folder: folderName });
const filesOptions = React.useMemo( const filesOptions = React.useMemo(
() => () =>
(files || []).map(x => ({ (files || []).map((x) => ({
value: x.name, value: x.name,
label: x.name, label: x.name,
})), })),
@@ -265,13 +294,13 @@ export function FormArchiveFolderSelect({ name, additionalFolders = [], ...other
const folders = useArchiveFolders(); const folders = useArchiveFolders();
const folderOptions = React.useMemo( const folderOptions = React.useMemo(
() => [ () => [
...(folders || []).map(folder => ({ ...(folders || []).map((folder) => ({
value: folder.name, value: folder.name,
label: folder.name, label: folder.name,
})), })),
...additionalFolders ...additionalFolders
.filter(x => !(folders || []).find(y => y.name == x)) .filter((x) => !(folders || []).find((y) => y.name == x))
.map(folder => ({ .map((folder) => ({
value: folder, value: folder,
label: folder, label: folder,
})), })),
@@ -279,7 +308,7 @@ export function FormArchiveFolderSelect({ name, additionalFolders = [], ...other
[folders] [folders]
); );
const handleCreateOption = folder => { const handleCreateOption = (folder) => {
axios.post('archive/create-folder', { folder }); axios.post('archive/create-folder', { folder });
setFieldValue(name, folder); setFieldValue(name, folder);
}; };

12
yarn.lock
View File

@@ -10554,6 +10554,11 @@ schema-utils@^3.0.0:
ajv "^6.12.5" ajv "^6.12.5"
ajv-keywords "^3.5.2" ajv-keywords "^3.5.2"
scmp@2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/scmp/-/scmp-2.0.0.tgz#247110ef22ccf897b13a3f0abddb52782393cd6a"
integrity sha1-JHEQ7yLM+JexOj8KvdtSeCOTzWo=
select-hose@^2.0.0: select-hose@^2.0.0:
version "2.0.0" version "2.0.0"
resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca" resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca"
@@ -10742,6 +10747,13 @@ simple-concat@^1.0.0:
resolved "https://registry.yarnpkg.com/simple-concat/-/simple-concat-1.0.1.tgz#f46976082ba35c2263f1c8ab5edfe26c41c9552f" resolved "https://registry.yarnpkg.com/simple-concat/-/simple-concat-1.0.1.tgz#f46976082ba35c2263f1c8ab5edfe26c41c9552f"
integrity sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q== integrity sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==
simple-encryptor@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/simple-encryptor/-/simple-encryptor-4.0.0.tgz#aac74b12c365879115ed683c05e17c235a457cc8"
integrity sha512-J3oCeJDjRf/X6ZQkpowMKutEDxkjDESRIbdov+PiPwmatepkGZQaF2WHTr7V1cUQnd843E4dQq4zlwruGKGM7w==
dependencies:
scmp "2.0.0"
simple-get@^3.0.3: simple-get@^3.0.3:
version "3.1.0" version "3.1.0"
resolved "https://registry.yarnpkg.com/simple-get/-/simple-get-3.1.0.tgz#b45be062435e50d159540b576202ceec40b9c6b3" resolved "https://registry.yarnpkg.com/simple-get/-/simple-get-3.1.0.tgz#b45be062435e50d159540b576202ceec40b9c6b3"