Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store api-key values in hashed format #158

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Store api-key values in hashed format #158

wants to merge 4 commits into from

Conversation

afitzek
Copy link
Contributor

@afitzek afitzek commented Apr 23, 2018

This stores the api key values as sha256 hashes. The database values are prefixed with 'SHA256:HEX:' to indicate, which hash algorithm and which encoding are used.

Depends-On: balena-io-modules/sbvr-types#14
Change-Type: major
Signed-off-by: Andreas Fitzek andreas@resin.io

@afitzek afitzek force-pushed the store-api-keys-hashed branch from 0e200a0 to d5343e1 Compare April 23, 2018 23:11
flesler
flesler approved these changes Apr 24, 2018
View reviewed changes
Copy link
Contributor

@flesler flesler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks OK but I really wonder if there are other people where this will impact, I expect some to be.

Page-
Page- requested changes Apr 25, 2018
View reviewed changes
Copy link
Collaborator

@Page- Page- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a template migration that can be used for the major upgrade

src/sbvr-api/permissions.coffee Outdated
@@ -47,6 +56,12 @@ parsePermissions = do ->
if value?.bind?
return { bind: value.bind + bindsLength }

exports.hashApiKey = hashApiKey = (apiKey) ->
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be replaced with sbvrUtils.sbvrTypes.SHA.validate really, to make sure it has the same behaviour (although it might make sense to have a validateSync or something)

afitzek added 4 commits April 26, 2018 16:26
@afitzek
Store api-key values in hashed format
2ce900d 
This stores the api key values as sha256 hashes. The database values are prefixed with 'SHA256:HEX:' to indicate, which hash algorithm and which encoding are used.

Change-Type: major
Signed-off-by: Andreas Fitzek <andreas@resin.io>
@afitzek
addressed review
5c842a6
@afitzek
use SHA sbvr type for api keys
fba4793
@afitzek
change minimum version 1.4.0 for sbvr-types
ccf9a2b
@afitzek afitzek force-pushed the store-api-keys-hashed branch from bab7d64 to ccf9a2b Compare April 26, 2018 23:26
@afitzek afitzek requested a review from Page- April 26, 2018 23:27
@dfunckt
Copy link
Member

dfunckt commented Apr 27, 2018

@afitzek please let’s discuss what we’re going to do with the delta server before merging this, this is a serious blocker for the new deltas.

Page-
Page- reviewed May 5, 2018
View reviewed changes
src/sbvr-api/sbvr-utils.coffee
@@ -42,6 +42,8 @@ memoizedCompileRule = memoize(

db = null

exports.hashApiKey = permissions.hashApiKey
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything from permissions is already exported below via an _.extend(exports, permissions)

petrosagg
petrosagg reviewed Apr 1, 2021
View reviewed changes
Copy link
Contributor

@petrosagg petrosagg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No-op review to dismiss stale review request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Page- Page- Page- requested changes

@petrosagg petrosagg petrosagg left review comments

@flesler flesler flesler approved these changes

@dfunckt dfunckt Awaiting requested review from dfunckt

@nazrhom nazrhom Awaiting requested review from nazrhom

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@afitzek @dfunckt @flesler @Page- @petrosagg