feat: add secret settings manager and migration for legacy settings
- Implemented SecretSettingsManager to handle secret settings with encryption. - Added functionality to migrate legacy plaintext settings into encrypted storage. - Introduced methods for setting, getting, and clearing secret settings. - Created tests for verifying the migration and canonicalization of secret settings. - Updated app state to handle service updates via socket communication. - Added interface for push service updates to manage service state changes.
This commit is contained in:
@@ -0,0 +1,61 @@
|
||||
import { assert, assertEquals } from '@std/assert';
|
||||
|
||||
import { SecretSettingsManager } from '../ts/database/secret-settings.ts';
|
||||
|
||||
class FakeAuthRepository {
|
||||
public settings = new Map<string, string>();
|
||||
public secretSettings = new Map<string, string>();
|
||||
|
||||
getSetting(key: string): string | null {
|
||||
return this.settings.get(key) ?? null;
|
||||
}
|
||||
|
||||
setSetting(key: string, value: string): void {
|
||||
this.settings.set(key, value);
|
||||
}
|
||||
|
||||
deleteSetting(key: string): void {
|
||||
this.settings.delete(key);
|
||||
}
|
||||
|
||||
getSecretSetting(key: string): string | null {
|
||||
return this.secretSettings.get(key) ?? null;
|
||||
}
|
||||
|
||||
setSecretSetting(key: string, value: string): void {
|
||||
this.secretSettings.set(key, value);
|
||||
}
|
||||
|
||||
deleteSecretSetting(key: string): void {
|
||||
this.secretSettings.delete(key);
|
||||
}
|
||||
}
|
||||
|
||||
Deno.test('secret settings migrate legacy plaintext aliases into encrypted storage', async () => {
|
||||
const authRepo = new FakeAuthRepository();
|
||||
authRepo.setSetting('cloudflareAPIKey', 'cf-secret-token');
|
||||
|
||||
const secretSettings = new SecretSettingsManager(authRepo as any);
|
||||
const token = await secretSettings.get('cloudflareToken');
|
||||
|
||||
assertEquals(token, 'cf-secret-token');
|
||||
assertEquals(authRepo.getSetting('cloudflareAPIKey'), null);
|
||||
assertEquals(authRepo.getSetting('cloudflareToken'), null);
|
||||
|
||||
const storedSecret = authRepo.getSecretSetting('cloudflareToken');
|
||||
assert(storedSecret?.startsWith('enc:v1:'));
|
||||
});
|
||||
|
||||
Deno.test('secret settings canonicalize aliases and clear old secret entries', async () => {
|
||||
const authRepo = new FakeAuthRepository();
|
||||
const secretSettings = new SecretSettingsManager(authRepo as any);
|
||||
|
||||
await secretSettings.set('backup_encryption_password', 'backup-passphrase');
|
||||
|
||||
assertEquals(await secretSettings.get('backupPassword'), 'backup-passphrase');
|
||||
assert(authRepo.getSecretSetting('backupPassword')?.startsWith('enc:v1:'));
|
||||
assertEquals(authRepo.getSecretSetting('backup_encryption_password'), null);
|
||||
|
||||
secretSettings.clear('backupPassword');
|
||||
assertEquals(await secretSettings.get('backupPassword'), null);
|
||||
});
|
||||
Reference in New Issue
Block a user