jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

domains: do not return secret keys in api responses

Browse Source 
part of #615
This commit is contained in:
Girish Ramakrishnan
2019-02-08 20:35:05 -08:00
parent 139a2bac1a
commit dada79cf65
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/asyncif.js Normal file
View File

@@ -0,0 +1,16 @@
'use strict';
exports = module.exports = asyncIf;
let assert = require('assert');
function asyncIf(condition, func, callback) {
assert.strictEqual(typeof condition, 'boolean');
assert.strictEqual(typeof func, 'function');
assert.strictEqual(typeof callback, 'function');
if (!condition) return callback();
func(callback);
}

12
src/domains.js
View File

@@ -33,6 +33,7 @@ module.exports = exports = {
var assert = require('assert'), var assert = require('assert'),
async = require('async'), async = require('async'),
asyncIf = require('./asyncif.js'),
config = require('./config.js'), config = require('./config.js'),
constants = require('./constants.js'), constants = require('./constants.js'),
DatabaseError = require('./databaseerror.js'), DatabaseError = require('./databaseerror.js'),
@@ -307,10 +308,13 @@ function update(domain, data, auditSource, callback) {
error = validateTlsConfig(tlsConfig, provider); error = validateTlsConfig(tlsConfig, provider);
if (error) return callback(error); if (error) return callback(error);
verifyDnsConfig(config, domain, zoneName, provider, function (error, sanitizedConfig) { asyncIf(!!config, (done) => verifyDnsConfig(config, domain, zoneName, provider, done), function (error, sanitizedConfig) {
if (error) return callback(error); if (error) return callback(error);
domaindb.update(domain, { zoneName: zoneName, provider: provider, config: sanitizedConfig, tlsConfig: tlsConfig }, function (error) { let newData = { zoneName: zoneName, provider: provider, tlsConfig: tlsConfig };
if (config) newData.config = sanitizedConfig;
domaindb.update(domain, newData, function (error) {
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND)); if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error)); if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
@@ -454,6 +458,10 @@ function waitForDnsRecord(location, domain, type, value, options, callback) {
function removePrivateFields(domain) { function removePrivateFields(domain) {
var result = _.pick(domain, 'domain', 'zoneName', 'provider', 'config', 'tlsConfig', 'fallbackCertificate', 'locked'); var result = _.pick(domain, 'domain', 'zoneName', 'provider', 'config', 'tlsConfig', 'fallbackCertificate', 'locked');
if (result.fallbackCertificate) delete result.fallbackCertificate.key; // do not return the 'key'. in caas, this is private if (result.fallbackCertificate) delete result.fallbackCertificate.key; // do not return the 'key'. in caas, this is private
// remove 'apiSecret' and 'secretAccessKey'. not remove 'apiKey' and 'accessKeyId' as these are meant to be user visible
result.config = _.omit(result.config, (v, k) => k === 'token' || k === 'credentials' || k.toLowerCase().includes('secret'));
return result; return result;
} }