98fed4bc30
Add getSalt to projects api. Add action, GET_SALT, on Store Projects module to make the api request and return the salt string everywhere in the web app that generates an access grant. The Wasm code which is used to create the access grant has been changed to decode the salt as a base64 encoded string. The names of the function calls in the changed Wasm code have also been changed to ensure that access grant creation fails if JS access grant worker code and Wasm code are not the same version. https://github.com/storj/storj-private/issues/64 Change-Id: Ia2bc4cbadad84b066ca1882b042a3f0bb13c783a
139 lines
3.5 KiB
Go
139 lines
3.5 KiB
Go
// Copyright (C) 2022 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha256"
|
|
"database/sql"
|
|
"encoding/base64"
|
|
"errors"
|
|
|
|
"github.com/zeebo/errs"
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
"storj.io/common/macaroon"
|
|
"storj.io/common/memory"
|
|
"storj.io/common/uuid"
|
|
"storj.io/storj/satellite"
|
|
"storj.io/storj/satellite/console"
|
|
"storj.io/storj/satellite/console/consolewasm"
|
|
)
|
|
|
|
const (
|
|
fullMigration = "full"
|
|
snapshotMigration = "snapshot"
|
|
testDataCreation = "testdata"
|
|
noMigration = "none"
|
|
)
|
|
|
|
var migrationTypes = []string{fullMigration, snapshotMigration, testDataCreation, noMigration}
|
|
|
|
var (
|
|
projectID = uuid.UUID([16]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1})
|
|
apiKeyID = uuid.UUID([16]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2})
|
|
head = []byte{
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3,
|
|
}
|
|
secret = []byte{
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4,
|
|
}
|
|
password = "123a123"
|
|
)
|
|
|
|
// createTestData creates predefined test account to make the integration tests easier.
|
|
func createTestData(ctx context.Context, db satellite.DB) error {
|
|
userID, err := uuid.FromString("be041c3c-0658-40d1-8f7c-e70a0a26cc12")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = db.Console().Users().Get(ctx, userID)
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = db.Console().Users().Insert(ctx, &console.User{
|
|
ID: userID,
|
|
FullName: "Hiro Protagonist",
|
|
Email: "test@storj.io",
|
|
ProjectLimit: 5,
|
|
ProjectStorageLimit: (memory.GB * 150).Int64(),
|
|
ProjectBandwidthLimit: (memory.GB * 150).Int64(),
|
|
PasswordHash: hash,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
active := console.Active
|
|
err = db.Console().Users().Update(ctx, userID, console.UpdateUserRequest{
|
|
Status: &active,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = db.Console().Projects().Get(ctx, projectID)
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
_, err := db.Console().Projects().Insert(ctx, &console.Project{
|
|
ID: projectID,
|
|
OwnerID: userID,
|
|
Name: "testproject",
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = db.Console().ProjectMembers().Insert(ctx, userID, projectID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = db.Console().APIKeys().GetByNameAndProjectID(ctx, "testkey", projectID)
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
_, err = db.Console().APIKeys().Create(ctx, head, console.APIKeyInfo{
|
|
ID: apiKeyID,
|
|
ProjectID: projectID,
|
|
Name: "testkey",
|
|
Secret: secret,
|
|
})
|
|
} else if err != nil {
|
|
return err
|
|
}
|
|
return err
|
|
}
|
|
|
|
// GetTestApiKey can calculate an access grant for the predefined test users/project.
|
|
func GetTestApiKey(satelliteId string) (string, error) {
|
|
key, err := macaroon.FromParts(head, secret)
|
|
if err != nil {
|
|
return "", errs.Wrap(err)
|
|
}
|
|
|
|
idHash := sha256.Sum256(projectID[:])
|
|
base64Salt := base64.StdEncoding.EncodeToString(idHash[:])
|
|
|
|
accessGrant, err := consolewasm.GenAccessGrant(satelliteId, key.Serialize(), password, base64Salt)
|
|
if err != nil {
|
|
return "", errs.Wrap(err)
|
|
}
|
|
|
|
return accessGrant, nil
|
|
}
|