Skip to content

feat: support mTLS certificate upload #835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jan 25, 2025
Merged

feat: support mTLS certificate upload #835

merged 11 commits into from
Jan 25, 2025

Conversation

@arcoraven
Copy link
Contributor

@arcoraven arcoraven commented Jan 23, 2025
edited by pr-codex bot
Loading

PR-Codex overview

This PR focuses on adding support for mTLS (Mutual TLS) configuration in the application, enhancing security for webhook interactions, and updating various related schemas and functions.

Detailed summary

  • Added mtlsCertificateEncrypted and mtlsPrivateKeyEncrypted fields to the configuration table.
  • Updated updateConfiguration to use Prisma.ConfigurationUpdateInput.
  • Modified webhook creation to handle mTLS certificate and private key.
  • Introduced generateSecretHmac256 for generating HMAC headers.
  • Updated environment variables to include custom HMAC authentication settings.
  • Refactored generateSignature and generateRequestHeaders for improved header generation.
  • Added tests for generateSecretHmac256 and generateRequestHeaders.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@socket-security
Copy link

socket-security bot commented Jan 23, 2025
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] environment, network 0 1.16 MB ronag

View full report↗︎

arcoraven
arcoraven commented Jan 23, 2025
View reviewed changes
src/shared/utils/custom-auth-header.ts
.update(signature, "utf8")
.digest("base64");

return [
Copy link
Contributor Author

@arcoraven arcoraven Jan 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file generates the custom HMAC auth header used by certain clients.

arcoraven
arcoraven commented Jan 23, 2025
View reviewed changes
src/shared/utils/webhook.ts
): Promise<WebhookResponse> => {
try {
const headers = await createWebhookRequestHeaders(webhook, body);
const config = await getConfig();
Copy link
Contributor Author

@arcoraven arcoraven Jan 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file has one exported function, sendWebhookRequest() which does these steps:

  • if mTLS is configured, attach the mTLS certificates
  • generate request headers
    • if custom HMAC is enabled via env vars, sign with the custom HMAC header
    • else use the previous signature pattern
  • call the webhook URL

@arcoraven arcoraven merged commit be8b644 into main Jan 25, 2025
6 checks passed
@arcoraven arcoraven deleted the ph/acceptCert branch January 25, 2025 03:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arcoraven