[server] use encryption_key for couchbase env as hash is reserved keyword

lakhansamani · lakhansamani · commit a1df2ce31fc1 · 2023-01-31T11:18:20.000+05:30
diff --git a/Makefile b/Makefile
@@ -34,17 +34,18 @@ test-dynamodb:
 	cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
 	docker rm -vf dynamodb-local-test
 test-couchbase:
-	# docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
-	# create a docker container, set the cluster information and then run the tests
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
 	cd server && go clean --testcache && TEST_DBS="couchbase" go test -p 1 -v ./test
-	# docker rm -vf couchbase-local-test
+	docker rm -vf couchbase-local-test
 test-all-db:
 	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal
 	docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
 	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
 	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest
-	# docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
 	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
diff --git a/scripts/couchbase-test.sh b/scripts/couchbase-test.sh
@@ -36,6 +36,4 @@ if [ "$TYPE" = "WORKER" ]; then
   else
     couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
   fi;
-fi;
-
-fg 1
+fi;
diff --git a/server/crypto/aes.go b/server/crypto/aes.go
@@ -4,6 +4,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"fmt"
 	"io"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -56,6 +57,7 @@ func DecryptAES(text string) (string, error) {
 func EncryptAESEnv(text []byte) ([]byte, error) {
 	var res []byte
 	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
+	fmt.Println("=> key:", k)
 	if err != nil {
 		return res, err
 	}
diff --git a/server/db/models/env.go b/server/db/models/env.go
@@ -4,10 +4,11 @@ package models
 
 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
-	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
-	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	Key           string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID            string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData       string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash          string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs.
+	UpdatedAt     int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt     int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }
diff --git a/server/db/providers/couchbase/env.go b/server/db/providers/couchbase/env.go
@@ -18,6 +18,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
 	env.CreatedAt = time.Now().Unix()
 	env.UpdatedAt = time.Now().Unix()
 	env.Key = env.ID
+	env.EncryptionKey = env.Hash
 
 	insertOpt := gocb.InsertOptions{
 		Context: ctx,
@@ -32,6 +33,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
 // UpdateEnv to update environment information in database
 func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
 	env.UpdatedAt = time.Now().Unix()
+	env.EncryptionKey = env.Hash
 
 	updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env)
 	_, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{
@@ -50,7 +52,7 @@ func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, e
 func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
 	var env models.Env
 
-	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
+	query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		Context:         ctx,
 		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
@@ -63,5 +65,6 @@ func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
 	if err != nil {
 		return env, err
 	}
+	env.Hash = env.EncryptionKey
 	return env, nil
 }
diff --git a/server/db/providers/couchbase/provider.go b/server/db/providers/couchbase/provider.go
@@ -52,9 +52,9 @@ func NewProvider() (*provider, error) {
 	scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName)
 	v := reflect.ValueOf(models.Collections)
 	for i := 0; i < v.NumField(); i++ {
-		field := v.Field(i)
+		collectionName := v.Field(i)
 		user := gocb.CollectionSpec{
-			Name:      field.String(),
+			Name:      collectionName.String(),
 			ScopeName: scopeName,
 		}
 		collectionOpts := gocb.CreateCollectionOptions{
@@ -64,8 +64,11 @@ func NewProvider() (*provider, error) {
 		if err != nil && !errors.Is(err, gocb.ErrCollectionExists) {
 			return nil, err
 		}
-		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, field.String())
-		scope.Query(indexQuery, nil)
+		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String())
+		_, err = scope.Query(indexQuery, nil)
+		if err != nil {
+			fmt.Println("=> err", err, collectionName.String())
+		}
 	}
 
 	indices := GetIndex(scopeIdentifier)
@@ -85,7 +88,6 @@ func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName st
 	settings := gocb.BucketSettings{
 		Name:            bucketName,
 		RAMQuotaMB:      1000,
-		NumReplicas:     1,
 		BucketType:      gocb.CouchbaseBucketType,
 		EvictionPolicy:  gocb.EvictionPolicyTypeValueOnly,
 		FlushEnabled:    true,
diff --git a/server/env/persist_env.go b/server/env/persist_env.go
@@ -3,6 +3,7 @@ package env
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"os"
 	"reflect"
 	"strconv"
@@ -115,6 +116,7 @@ func PersistEnv() error {
 	if err != nil || env.EnvData == "" {
 		// AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid
 		hash := uuid.New().String()[:36-4]
+		fmt.Println("hash:", hash)
 		err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, hash)
 		if err != nil {
 			log.Debug("Error while updating encryption env variable: ", err)
diff --git a/server/resolvers/admin_signup.go b/server/resolvers/admin_signup.go
@@ -67,6 +67,7 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
 	envData, err := crypto.EncryptEnvData(storeData)
 	if err != nil {
 		log.Debug("Failed to encrypt envstore: ", err)
+		fmt.Println("Failed to encrypt envstore: ", err)
 		return res, err
 	}
 
diff --git a/server/test/admin_signup_test.go b/server/test/admin_signup_test.go
@@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) {
 		_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{
 			AdminSecret: "admin123",
 		})
-
 		assert.Nil(t, err)
 	})
 }

-Original file line number
+Diff line change
   else
     couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
   fi;
 -fi;
+-
 -fg 1
 +fi;
Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m`
`67`	`67`	`envData, err := crypto.EncryptEnvData(storeData)`
`68`	`68`	`if err != nil {`
`69`	`69`	`log.Debug("Failed to encrypt envstore: ", err)`
	`70`	`+ fmt.Println("Failed to encrypt envstore: ", err)`
`70`	`71`	`return res, err`
`71`	`72`	`}`
`72`	`73`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) {`
`25`	`25`	`_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{`
`26`	`26`	`AdminSecret: "admin123",`
`27`	`27`	`})`
`28`		`-`
`29`	`28`	`assert.Nil(t, err)`
`30`	`29`	`})`
`31`	`30`	`}`