src/blobs.js

/* jslint node:true */

'use strict';

exports = module.exports = {
    get,
    set,

    initSecrets,

    ACME_ACCOUNT_KEY: 'acme_account_key',
    ADDON_TURN_SECRET: 'addon_turn_secret',
    DHPARAMS: 'dhparams',
    SFTP_PUBLIC_KEY: 'sftp_public_key',
    SFTP_PRIVATE_KEY: 'sftp_private_key',

    _clear: clear
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    constants = require('./constants.js'),
    crypto = require('crypto'),
    database = require('./database.js'),
    debug = require('debug')('box:blobs'),
    paths = require('./paths.js'),
    safe = require('safetydance');

const BLOBS_FIELDS = [ 'id', 'value' ].join(',');

async function get(id) {
    assert.strictEqual(typeof id, 'string');

    const result = await database.query(`SELECT ${BLOBS_FIELDS} FROM blobs WHERE id = ?`, [ id ]);
    if (result.length === 0) return null;
    return result[0].value;
}

async function set(id, value) {
    assert.strictEqual(typeof id, 'string');
    assert(value === null || Buffer.isBuffer(value));

    await database.query('INSERT INTO blobs (id, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value=VALUES(value)', [ id, value ]);
}

async function clear() {
    await database.query('DELETE FROM blobs');
}

async function initSecrets() {
    let value = await get(exports.ACME_ACCOUNT_KEY);
    if (!value) {
        const accountKeyPem = safe.child_process.execSync('openssl genrsa 4096');
        if (!accountKeyPem) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate acme account key: ${safe.error.message}`);
        await set(exports.ACME_ACCOUNT_KEY, accountKeyPem);
    }

    value = await get(exports.ADDON_TURN_SECRET);
    if (!value) {
        const secret = 'a' + crypto.randomBytes(15).toString('hex'); // prefix with a to ensure string starts with a letter
        await set(exports.ADDON_TURN_SECRET, Buffer.from(secret));
    }

    value = await get(exports.DHPARAMS);
    if (!constants.TEST && !value) {
        debug('initSecrets: generating dhparams.pem. this takes forever');
        const dhparams = safe.child_process.execSync('openssl dhparam 2048');
        if (!dhparams) throw new BoxError(BoxError.OPENSSL_ERROR, safe.error);
        if (!safe.fs.writeFileSync(paths.DHPARAMS_FILE, dhparams)) throw new BoxError(BoxError.FS_ERROR, `Could not save dhparams.pem: ${safe.error.message}`);
        await set(exports.DHPARAMS, dhparams);
    }

    value = await get(exports.SFTP_PRIVATE_KEY);
    if (!value) {
        debug('initSecrets: generate sftp keys');
        if (constants.TEST) {
            safe.fs.unlinkSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key.pub`);
            safe.fs.unlinkSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key`);
        }
        if (!safe.child_process.execSync(`ssh-keygen -m PEM -t rsa -f "${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key" -q -N ""`)) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate sftp ssh keys: ${safe.error.message}`);
        const publicKey = safe.fs.readFileSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key.pub`);
        await set(exports.SFTP_PUBLIC_KEY, publicKey);
        const privateKey = safe.fs.readFileSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key`);
        await set(exports.SFTP_PRIVATE_KEY, privateKey);
    }
}
add async support to database.query() 2021-05-02 21:12:38 -07:00			`/* jslint node:true */`

Add secrets table 2021-04-30 21:54:53 -07:00			`'use strict';`

			`exports = module.exports = {`
			`get,`
			`set,`
migrate secrets into the database 2021-05-02 23:28:41 -07:00
			`initSecrets,`

			`ACME_ACCOUNT_KEY: 'acme_account_key',`
			`ADDON_TURN_SECRET: 'addon_turn_secret',`
			`DHPARAMS: 'dhparams',`
			`SFTP_PUBLIC_KEY: 'sftp_public_key',`
			`SFTP_PRIVATE_KEY: 'sftp_private_key',`

add async support to database.query() 2021-05-02 21:12:38 -07:00			`_clear: clear`
Add secrets table 2021-04-30 21:54:53 -07:00			`};`

			`const assert = require('assert'),`
migrate secrets into the database 2021-05-02 23:28:41 -07:00			`BoxError = require('./boxerror.js'),`
			`constants = require('./constants.js'),`
			`crypto = require('crypto'),`
			`database = require('./database.js'),`
			`debug = require('debug')('box:blobs'),`
			`paths = require('./paths.js'),`
			`safe = require('safetydance');`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`const BLOBS_FIELDS = [ 'id', 'value' ].join(',');`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`async function get(id) {`
			`assert.strictEqual(typeof id, 'string');`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			const result = await database.query(`SELECT ${BLOBS_FIELDS} FROM blobs WHERE id = ?`, [ id ]);
			`if (result.length === 0) return null;`
			`return result[0].value;`
Add secrets table 2021-04-30 21:54:53 -07:00			`}`

add async support to database.query() 2021-05-02 21:12:38 -07:00			`async function set(id, value) {`
secrets -> blobs 2021-04-30 22:26:51 -07:00			`assert.strictEqual(typeof id, 'string');`
add async support to database.query() 2021-05-02 21:12:38 -07:00			`assert(value === null \|\| Buffer.isBuffer(value));`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`await database.query('INSERT INTO blobs (id, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value=VALUES(value)', [ id, value ]);`
			`}`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`async function clear() {`
			`await database.query('DELETE FROM blobs');`
Add secrets table 2021-04-30 21:54:53 -07:00			`}`
migrate secrets into the database 2021-05-02 23:28:41 -07:00
			`async function initSecrets() {`
			`let value = await get(exports.ACME_ACCOUNT_KEY);`
			`if (!value) {`
			`const accountKeyPem = safe.child_process.execSync('openssl genrsa 4096');`
better error messages 2021-05-04 10:45:36 -07:00			if (!accountKeyPem) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate acme account key: ${safe.error.message}`);
migrate secrets into the database 2021-05-02 23:28:41 -07:00			`await set(exports.ACME_ACCOUNT_KEY, accountKeyPem);`
			`}`

			`value = await get(exports.ADDON_TURN_SECRET);`
			`if (!value) {`
			`const secret = 'a' + crypto.randomBytes(15).toString('hex'); // prefix with a to ensure string starts with a letter`
			`await set(exports.ADDON_TURN_SECRET, Buffer.from(secret));`
			`}`

			`value = await get(exports.DHPARAMS);`
			`if (!constants.TEST && !value) {`
			`debug('initSecrets: generating dhparams.pem. this takes forever');`
			`const dhparams = safe.child_process.execSync('openssl dhparam 2048');`
			`if (!dhparams) throw new BoxError(BoxError.OPENSSL_ERROR, safe.error);`
			if (!safe.fs.writeFileSync(paths.DHPARAMS_FILE, dhparams)) throw new BoxError(BoxError.FS_ERROR, `Could not save dhparams.pem: ${safe.error.message}`);
			`await set(exports.DHPARAMS, dhparams);`
			`}`

			`value = await get(exports.SFTP_PRIVATE_KEY);`
			`if (!value) {`
			`debug('initSecrets: generate sftp keys');`
			`if (constants.TEST) {`
			safe.fs.unlinkSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key.pub`);
			safe.fs.unlinkSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key`);
			`}`
better error messages 2021-05-04 10:45:36 -07:00			if (!safe.child_process.execSync(`ssh-keygen -m PEM -t rsa -f "${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key" -q -N ""`)) throw new BoxError(BoxError.OPENSSL_ERROR, `Could not generate sftp ssh keys: ${safe.error.message}`);
migrate secrets into the database 2021-05-02 23:28:41 -07:00			const publicKey = safe.fs.readFileSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key.pub`);
			`await set(exports.SFTP_PUBLIC_KEY, publicKey);`
			const privateKey = safe.fs.readFileSync(`${paths.SFTP_KEYS_DIR}/ssh_host_rsa_key`);
			`await set(exports.SFTP_PRIVATE_KEY, privateKey);`
			`}`
			`}`