feat(input_schema): Enable secret objects (#515)

# Secret object/array inputs

Based on the [issue](apify/apify-core#21369):
> An ideal solution would be if we could encrypt objects

This is proposal to enable `isSecret` boolean property for `object` and
`array` fields in Input Schema.
Currently this is available only for `string` fields with editors either
`textfield` or `textarea`.

## Update based on the outcome of discussion in this PR:

- Enable this also for `array` properties (not just `object`)
- Enable "validation" properties like (`minProperties`, `maxProperties`,
sub-schema in the future,..) even for secured fields
- Encrypt the value to string and update the validation logic of JSON
Schema (Ajv) validator to this form of string (encrypted object/array)
as a value for `object`/`array` fields.
- In the encrypted string capture the hash of the field schema (without
unimportant fields like title, description, etc.) so we know that the
stored encrypted value might no longer match the Actor's input schema.
Approach suggested by @jancurn in the discussion below.

The actual implementation stringify the object value and encrypts the
string to final value in form of:
```
"ENCRYPTED_VALUE:FIELD_SCHEMA_HASH:ENCRYPTED_PASSWORD:ENCRYPTED_VALUE" // for strings
"ENCRYPTED_JSON_VALUE:FIELD_SCHEMA_HASH:ENCRYPTED_PASSWORD:ENCRYPTED_VALUE" // for objects/arrays
```
Where the second group (`FIELD_SCHEMA_HASH`) is optional so all existing
stored encrypted values are still matching and are backwards compatible.

-----

### Original description (❗outdated):
>The `object` fields with `isSecret: true` won't be able to specify some
properties that "normal" `object` fields can do, such as: `default`,
`prefill`, `patternKey`, `patternValue`, `minProperties`,
`maxProperties`.
Editor can be only `json` or `hidden`. This restriction is basically the
same as with the secret `string` property.
>
>In addition to change in the Input Schema's JSON schema it's also
needed to change the encryption/decryption logic.
If input is `string`, there is no change and the encrypted value is
stored in `ENCRYPTED_VALUE:base64:base64` form.
In case of `object` input, we need to keep the type of the encrypted
value to be still `object` because of validation of input in other
stages.
>
>This propose to store encrypted objects as object with structure:
>```
>{
>  "secret": "encrypted-stringified-json-of-original-object"
>}
>```
>where the `secret` key, contains same string value as normal encrypted
string property.
>
>When decrypting an encrypted value the logic is exactly the same as
with string. We would check if the object has `secret` field and if the
value is string that match the encrypted string regex.
>
>- API, Console and Javascript SDK uses the `@apify/input_secrets` for
encryption/decryption (it's part of this PR)
>- Python SDK uses `apify._crypto` to decrypt secrets here is draft PR
(I didn't test is yet), just to showcase what change >would be needed
there: apify/apify-sdk-python#482
>- The last required change would be in console to handle secret inputs
via input UI. Also draft, but this is tested and >works well:
apify/apify-core#21454
>
>I didn't find any other place where would this change causing issues.

Author: mfori

package-lock.json

@@ -49,6 +49,7 @@
     },
     "dependencies": {
         "@apify/consts": "^2.43.0",
+        "@apify/input_secrets": "^1.1.76",
         "acorn-loose": "^8.4.0",
         "countries-list": "^3.0.0"
     },

packages/input_schema/package.json

@@ -33,6 +33,8 @@ const intlStrings = {
         'Field schema.properties.{fieldKey} does not exist, but it is specified in schema.required. Either define the field or remove it from schema.required.',
     'inputSchema.validation.proxyGroupMustBeArrayOfStrings':
         'Field {rootName}.{fieldKey}.apifyProxyGroups must be an array of strings.',
+    'inputSchema.validation.secretFieldSchemaChanged':
+        'The field schema.properties.{fieldKey} is a secret field, but its schema has changed. Please update the value in the input editor.',
 };
 
 /**

packages/input_schema/src/intl.ts

@@ -152,6 +152,7 @@
                     "type": { "enum": ["string"] },
                     "title": { "type": "string" },
                     "description": { "type": "string" },
+                    "prefill": { "type": "string" },
                     "example": { "type": "string" },
                     "nullable": { "type": "boolean" },
                     "editor": { "enum": ["textfield", "textarea", "hidden"] },
@@ -166,59 +167,94 @@
             "type": "object",
             "properties": {
                 "type": { "enum": ["array"] },
-                "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "select", "hidden"] }
+                "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "select", "hidden"] },
+                "isSecret": { "type": "boolean" }
             },
             "additionalProperties": true,
             "required": ["type", "title", "description", "editor"],
             "if": {
                 "properties": {
-                    "editor": { "const": "select" }
+                    "isSecret": {
+                        "not": {
+                            "const": true
+                        }
+                    }
                 }
             },
             "then": {
-                "additionalProperties": false,
-                "required": ["items"],
-                "properties": {
-                    "type": { "enum": ["array"] },
-                    "editor": { "enum": ["select"] },
-                    "title": { "type": "string" },
-                    "description": { "type": "string" },
-                    "default": { "type": "array" },
-                    "prefill": { "type": "array" },
-                    "example": { "type": "array" },
-                    "nullable": { "type": "boolean" },
-                    "minItems": { "type": "integer" },
-                    "maxItems": { "type": "integer" },
-                    "uniqueItems": { "type": "boolean" },
-                    "sectionCaption": { "type": "string" },
-                    "sectionDescription": { "type": "string" },
-                    "items": {
-                        "type": "object",
-                        "additionalProperties": false,
-                        "properties": {
-                            "type": { "enum": ["string"] },
-                            "enum": {
-                                "type": "array",
-                                "items": { "type": "string" },
-                                "uniqueItems": true
+                "if": {
+                    "properties": {
+                        "editor": { "const": "select" }
+                    }
+                },
+                "then": {
+                    "additionalProperties": false,
+                    "required": ["items"],
+                    "properties": {
+                        "type": { "enum": ["array"] },
+                        "editor": { "enum": ["select"] },
+                        "title": { "type": "string" },
+                        "description": { "type": "string" },
+                        "default": { "type": "array" },
+                        "prefill": { "type": "array" },
+                        "example": { "type": "array" },
+                        "nullable": { "type": "boolean" },
+                        "minItems": { "type": "integer" },
+                        "maxItems": { "type": "integer" },
+                        "uniqueItems": { "type": "boolean" },
+                        "sectionCaption": { "type": "string" },
+                        "sectionDescription": { "type": "string" },
+                        "items": {
+                            "type": "object",
+                            "additionalProperties": false,
+                            "properties": {
+                                "type": { "enum": ["string"] },
+                                "enum": {
+                                    "type": "array",
+                                    "items": { "type": "string" },
+                                    "uniqueItems": true
+                                },
+                                "enumTitles": {
+                                    "type": "array",
+                                    "items": { "type": "string" }
+                                }
                             },
-                            "enumTitles": {
-                                "type": "array",
-                                "items": { "type": "string" }
-                            }
+                            "required": ["type", "enum"]
                         },
-                        "required": ["type", "enum"]
+                        "isSecret": { "enum": [false] }
+                    }
+                },
+                "else": {
+                    "additionalProperties": false,
+                    "properties": {
+                        "type": { "enum": ["array"] },
+                        "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "hidden"] },
+                        "title": { "type": "string" },
+                        "description": { "type": "string" },
+                        "default": { "type": "array" },
+                        "prefill": { "type": "array" },
+                        "example": { "type": "array" },
+                        "nullable": { "type": "boolean" },
+                        "minItems": { "type": "integer" },
+                        "maxItems": { "type": "integer" },
+                        "uniqueItems": { "type": "boolean" },
+                        "sectionCaption": { "type": "string" },
+                        "sectionDescription": { "type": "string" },
+                        "placeholderKey": { "type": "string" },
+                        "placeholderValue": { "type": "string" },
+                        "patternKey": { "type": "string" },
+                        "patternValue": { "type": "string" },
+                        "isSecret": { "enum": [false] }
                     }
                 }
             },
             "else": {
                 "additionalProperties": false,
                 "properties": {
                     "type": { "enum": ["array"] },
-                    "editor": { "enum": ["json", "requestListSources", "pseudoUrls", "globs", "keyValue", "stringList", "hidden"] },
+                    "editor": { "enum": ["json", "hidden"] },
                     "title": { "type": "string" },
                     "description": { "type": "string" },
-                    "default": { "type": "array" },
                     "prefill": { "type": "array" },
                     "example": { "type": "array" },
                     "nullable": { "type": "boolean" },
@@ -227,35 +263,70 @@
                     "uniqueItems": { "type": "boolean" },
                     "sectionCaption": { "type": "string" },
                     "sectionDescription": { "type": "string" },
-                    "placeholderKey": { "type": "string" },
-                    "placeholderValue": { "type": "string" },
-                    "patternKey": { "type": "string" },
-                    "patternValue": { "type": "string" }
+                    "isSecret": { "enum": [true] }
                 }
             }
         },
         "objectProperty": {
             "title": "Object property",
             "type": "object",
-            "additionalProperties": false,
+            "additionalProperties": true,
             "properties": {
                 "type": { "enum": ["object"] },
                 "title": { "type": "string" },
                 "description": { "type": "string" },
-                "default": { "type": "object" },
-                "prefill": { "type": "object" },
-                "example": { "type": "object" },
-                "patternKey": { "type": "string" },
-                "patternValue": { "type": "string" },
-                "nullable": { "type": "boolean" },
-                "minProperties": { "type": "integer" },
-                "maxProperties": { "type": "integer" },
-
                 "editor": { "enum": ["json", "proxy", "hidden"] },
-                "sectionCaption": { "type": "string" },
-                "sectionDescription": { "type": "string" }
+                "isSecret": { "type": "boolean" }
             },
-            "required": ["type", "title", "description", "editor"]
+            "required": ["type", "title", "description", "editor"],
+            "if": {
+                "properties": {
+                    "isSecret": {
+                        "not": {
+                            "const": true
+                        }
+                    }
+                }
+            },
+            "then": {
+                "additionalProperties": false,
+                "properties": {
+                    "type": { "enum": ["object"] },
+                    "title": { "type": "string" },
+                    "description": { "type": "string" },
+                    "default": { "type": "object" },
+                    "prefill": { "type": "object" },
+                    "example": { "type": "object" },
+                    "patternKey": { "type": "string" },
+                    "patternValue": { "type": "string" },
+                    "nullable": { "type": "boolean" },
+                    "minProperties": { "type": "integer" },
+                    "maxProperties": { "type": "integer" },
+                    "editor": { "enum": ["json", "proxy", "hidden"] },
+                    "sectionCaption": { "type": "string" },
+                    "sectionDescription": { "type": "string" },
+                    "isSecret": { "enum": [false] }
+                }
+            },
+            "else": {
+                "additionalProperties": false,
+                "properties": {
+                    "type": { "enum": ["object"] },
+                    "title": { "type": "string" },
+                    "description": { "type": "string" },
+                    "prefill": { "type": "object" },
+                    "example": { "type": "object" },
+                    "patternKey": { "type": "string" },
+                    "patternValue": { "type": "string" },
+                    "nullable": { "type": "boolean" },
+                    "minProperties": { "type": "integer" },
+                    "maxProperties": { "type": "integer" },
+                    "editor": { "enum": ["json", "hidden"] },
+                    "sectionCaption": { "type": "string" },
+                    "sectionDescription": { "type": "string" },
+                    "isSecret": { "enum": [true] }
+                }
+            }
         },
         "integerProperty": {
             "title": "Integer property",

packages/input_schema/src/schema.json

@@ -3,6 +3,7 @@ import type { ValidateFunction } from 'ajv';
 import { countries } from 'countries-list';
 
 import { PROXY_URL_REGEX, URL_REGEX } from '@apify/consts';
+import { isEncryptedValueForFieldSchema, isEncryptedValueForFieldType } from '@apify/input_secrets';
 
 import { parseAjvError } from './input_schema';
 import { m } from './intl';
@@ -133,13 +134,34 @@ export function validateInputUsingValidator(
     // Process AJV validation errors
     if (!isValid) {
         errors = validator.errors!
+            .filter((error) => {
+                // We are storing encrypted objects/arrays as strings, so AJV will throw type the error here.
+                // So we need to skip these errors.
+                if (error.keyword === 'type' && error.instancePath) {
+                    const path = error.instancePath.replace(/^\//, '').split('/')[0];
+                    const propSchema = inputSchema.properties?.[path];
+                    const value = input[path];
+
+                    // Check if the property is a secret and if the value is an encrypted value.
+                    // We do additional validation of the field schema in the later part of this function
+                    if (
+                        propSchema?.isSecret
+                        && typeof value === 'string'
+                        && (propSchema.type === 'object' || propSchema.type === 'array')
+                        && isEncryptedValueForFieldType(value, propSchema.type)
+                    ) {
+                        return false;
+                    }
+                }
+                return true;
+            })
             .map((error) => parseAjvError(error, 'input', properties, input))
             .filter((error) => !!error) as any[];
     }
 
     Object.keys(properties).forEach((property) => {
         const value = input[property];
-        const { type, editor, patternKey, patternValue } = properties[property];
+        const { type, editor, patternKey, patternValue, isSecret } = properties[property];
         const fieldErrors = [];
         // Check that proxy is required, if yes, valides that it's correctly setup
         if (type === 'object' && editor === 'proxy') {
@@ -215,7 +237,7 @@ export function validateInputUsingValidator(
             }
         }
         // Check that object items fit patternKey and patternValue
-        if (type === 'object' && value) {
+        if (type === 'object' && value && typeof value === 'object') {
             if (patternKey) {
                 const check = new RegExp(patternKey);
                 const invalidKeys: any[] = [];
@@ -249,6 +271,16 @@ export function validateInputUsingValidator(
             }
         }
 
+        // Additional validation for secret fields
+        if (isSecret && value && typeof value === 'string') {
+            // If the value is a valid encrypted string for the field type,
+            // we check if the field schema is likely to be still valid (is unchanged from the time of encryption).
+            if (isEncryptedValueForFieldType(value, type) && !isEncryptedValueForFieldSchema(value, properties[property])) {
+                // If not, we add an error message to the field errors and user needs to update the value in the input editor.
+                fieldErrors.push(m('inputSchema.validation.secretFieldSchemaChanged', { fieldKey: property }));
+            }
+        }
+
         if (fieldErrors.length > 0) {
             const message = fieldErrors.join(', ');
             errors.push({ fieldKey: property, message });

packages/input_schema/src/utilities.ts

@@ -0,0 +1,43 @@
+import crypto from 'node:crypto';
+
+/**
+ * These keys are omitted from the field schema normalization process
+ * because they are not relevant for validation of values against the schema.
+ */
+const OMIT_KEYS = new Set(['title', 'description', 'sectionCaption', 'sectionDescription', 'nullable', 'example', 'prefill', 'editor']);
+
+/**
+ * Normalizes the field schema by removing irrelevant keys and sorting the remaining keys.
+ */
+function normalizeFieldSchema(value: any): any {
+    if (Array.isArray(value)) {
+        return value.map(normalizeFieldSchema);
+    }
+
+    if (value && typeof value === 'object') {
+        const result: Record<string, any> = {};
+        Object.keys(value)
+            .filter((key) => !OMIT_KEYS.has(key))
+            .sort()
+            .forEach((key) => {
+                result[key] = normalizeFieldSchema(value[key]);
+            });
+        return result;
+    }
+
+    return value;
+}
+
+/**
+ * Generates a stable hash for the field schema.
+ * @param fieldSchema
+ */
+export function getFieldSchemaHash(fieldSchema: Record<string, any>): string {
+    try {
+        const stringifiedSchema = JSON.stringify(normalizeFieldSchema(fieldSchema));
+        // Create a SHA-256 hash of the stringified schema and return the first 10 characters in hex.
+        return crypto.createHash('sha256').update(stringifiedSchema).digest('hex').slice(0, 10);
+    } catch (err) {
+        throw new Error(`The field schema could not be stringified for hash: ${err}`);
+    }
+}