src/blobs.js

/* jslint node:true */

'use strict';

exports = module.exports = {
    get,
    set,
    del,

    generateSecrets,
    restoreSecrets,

    ACME_ACCOUNT_KEY: 'acme_account_key',
    ADDON_TURN_SECRET: 'addon_turn_secret',
    DHPARAMS: 'dhparams',
    SFTP_PUBLIC_KEY: 'sftp_public_key',
    SFTP_PRIVATE_KEY: 'sftp_private_key',

    CERT_PREFIX: 'cert',

    _clear: clear
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    database = require('./database.js'),
    debug = require('debug')('box:blobs'),
    paths = require('./paths.js'),
    safe = require('safetydance');

const BLOBS_FIELDS = [ 'id', 'value' ].join(',');

async function get(id) {
    assert.strictEqual(typeof id, 'string');

    const result = await database.query(`SELECT ${BLOBS_FIELDS} FROM blobs WHERE id = ?`, [ id ]);
    if (result.length === 0) return null;
    return result[0].value;
}

async function set(id, value) {
    assert.strictEqual(typeof id, 'string');
    assert(value === null || Buffer.isBuffer(value));

    await database.query('INSERT INTO blobs (id, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value=VALUES(value)', [ id, value ]);
}

async function del(id) {
    await database.query('DELETE FROM blobs WHERE id=?', [ id ]);
}

async function clear() {
    await database.query('DELETE FROM blobs');
}

async function generateSecrets() {
    debug('generateSecrets: generating dhparams.pem');
    // https://security.stackexchange.com/questions/95178/diffie-hellman-parameters-still-calculating-after-24-hours
    const dhparams = safe.child_process.execSync('openssl dhparam -dsaparam 2048');
    if (!dhparams) throw new BoxError(BoxError.OPENSSL_ERROR, safe.error);
    if (!safe.fs.writeFileSync(paths.DHPARAMS_FILE, dhparams)) throw new BoxError(BoxError.FS_ERROR, `Could not save dhparams.pem: ${safe.error.message}`);
    await set(exports.DHPARAMS, dhparams);
}

async function restoreSecrets() {
    const dhparams = await get(exports.DHPARAMS);
    if (!dhparams) throw new BoxError(BoxError.NOT_FOUND, 'dhparams not found');
    if (!safe.fs.writeFileSync(paths.DHPARAMS_FILE, dhparams)) throw new BoxError(BoxError.FS_ERROR, `Could not save dhparams.pem: ${safe.error.message}`);
}
add async support to database.query() 2021-05-02 21:12:38 -07:00			`/* jslint node:true */`

Add secrets table 2021-04-30 21:54:53 -07:00			`'use strict';`

			`exports = module.exports = {`
			`get,`
			`set,`
delete certs that have long expired (6 months) 2021-05-18 13:28:48 -07:00			`del,`
migrate secrets into the database 2021-05-02 23:28:41 -07:00
restore: secrets must be copied over after downloading box backup 2021-11-16 11:14:41 -08:00			`generateSecrets,`
			`restoreSecrets,`
migrate secrets into the database 2021-05-02 23:28:41 -07:00
			`ACME_ACCOUNT_KEY: 'acme_account_key',`
			`ADDON_TURN_SECRET: 'addon_turn_secret',`
			`DHPARAMS: 'dhparams',`
			`SFTP_PUBLIC_KEY: 'sftp_public_key',`
			`SFTP_PRIVATE_KEY: 'sftp_private_key',`

migrate certs into the blobs database 2021-05-07 20:19:18 -07:00			`CERT_PREFIX: 'cert',`

add async support to database.query() 2021-05-02 21:12:38 -07:00			`_clear: clear`
Add secrets table 2021-04-30 21:54:53 -07:00			`};`

			`const assert = require('assert'),`
migrate secrets into the database 2021-05-02 23:28:41 -07:00			`BoxError = require('./boxerror.js'),`
			`database = require('./database.js'),`
			`debug = require('debug')('box:blobs'),`
			`paths = require('./paths.js'),`
			`safe = require('safetydance');`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`const BLOBS_FIELDS = [ 'id', 'value' ].join(',');`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`async function get(id) {`
			`assert.strictEqual(typeof id, 'string');`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			const result = await database.query(`SELECT ${BLOBS_FIELDS} FROM blobs WHERE id = ?`, [ id ]);
			`if (result.length === 0) return null;`
			`return result[0].value;`
Add secrets table 2021-04-30 21:54:53 -07:00			`}`

add async support to database.query() 2021-05-02 21:12:38 -07:00			`async function set(id, value) {`
secrets -> blobs 2021-04-30 22:26:51 -07:00			`assert.strictEqual(typeof id, 'string');`
add async support to database.query() 2021-05-02 21:12:38 -07:00			`assert(value === null \|\| Buffer.isBuffer(value));`
Add secrets table 2021-04-30 21:54:53 -07:00
add async support to database.query() 2021-05-02 21:12:38 -07:00			`await database.query('INSERT INTO blobs (id, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value=VALUES(value)', [ id, value ]);`
			`}`
Add secrets table 2021-04-30 21:54:53 -07:00
delete certs that have long expired (6 months) 2021-05-18 13:28:48 -07:00			`async function del(id) {`
			`await database.query('DELETE FROM blobs WHERE id=?', [ id ]);`
			`}`

add async support to database.query() 2021-05-02 21:12:38 -07:00			`async function clear() {`
			`await database.query('DELETE FROM blobs');`
Add secrets table 2021-04-30 21:54:53 -07:00			`}`
migrate secrets into the database 2021-05-02 23:28:41 -07:00
restore: secrets must be copied over after downloading box backup 2021-11-16 11:14:41 -08:00			`async function generateSecrets() {`
			`debug('generateSecrets: generating dhparams.pem');`
			`// https://security.stackexchange.com/questions/95178/diffie-hellman-parameters-still-calculating-after-24-hours`
			`const dhparams = safe.child_process.execSync('openssl dhparam -dsaparam 2048');`
			`if (!dhparams) throw new BoxError(BoxError.OPENSSL_ERROR, safe.error);`
			if (!safe.fs.writeFileSync(paths.DHPARAMS_FILE, dhparams)) throw new BoxError(BoxError.FS_ERROR, `Could not save dhparams.pem: ${safe.error.message}`);
			`await set(exports.DHPARAMS, dhparams);`
			`}`

			`async function restoreSecrets() {`
			`const dhparams = await get(exports.DHPARAMS);`
			`if (!dhparams) throw new BoxError(BoxError.NOT_FOUND, 'dhparams not found');`
			if (!safe.fs.writeFileSync(paths.DHPARAMS_FILE, dhparams)) throw new BoxError(BoxError.FS_ERROR, `Could not save dhparams.pem: ${safe.error.message}`);
migrate secrets into the database 2021-05-02 23:28:41 -07:00			`}`