use sync decrypt

Author: rubenfiszel

backend/ee-repo-ref.txt

@@ -1 +1 @@
-5011623a1ec6470ec3ce67d7d6abf4ebf0444888
+7cc103e5827b1ec91180a5939a9c022a2a1856c6

backend/windmill-api/src/slack_approvals.rs

@@ -23,7 +23,7 @@ use windmill_common::{
     error::{self, Error},
     jobs::JobKind,
     scripts::ScriptHash,
-    variables::{build_crypt, decrypt_value_with_mc},
+    variables::{build_crypt, decrypt},
 };
 
 #[derive(Deserialize, Debug)]
@@ -853,7 +853,7 @@ async fn get_slack_token(db: &DB, slack_resource_path: &str, w_id: &str) -> anyh
 
     if slack_token.is_secret {
         let mc = build_crypt(&db, w_id).await?;
-        let bot_token = decrypt_value_with_mc(slack_token.value, mc).await?;
+        let bot_token = decrypt(&mc, slack_token.value)?;
         Ok(bot_token)
     } else {
         Ok(slack_token.value)

backend/windmill-common/src/variables.rs

@@ -6,12 +6,11 @@
  * LICENSE-AGPL for a copy of the license.
  */
 
-use crate::error::Result;
+use crate::error;
 use crate::{worker::WORKER_GROUP, BASE_URL, DB};
 use chrono::{SecondsFormat, Utc};
 use magic_crypt::{MagicCrypt256, MagicCryptError, MagicCryptTrait};
 use serde::{Deserialize, Serialize};
-use crate::error;
 
 lazy_static::lazy_static! {
     pub static ref SECRET_SALT: Option<String> = std::env::var("SECRET_SALT").ok();
@@ -134,7 +133,7 @@ pub async fn get_secret_value_as_admin(
         let value = variable.value;
         if !value.is_empty() {
             let mc = build_crypt(db, w_id).await?;
-            decrypt_value_with_mc(value, mc).await?
+            decrypt(&mc, value)?
         } else {
             "".to_string()
         }
@@ -145,16 +144,6 @@ pub async fn get_secret_value_as_admin(
     Ok(r)
 }
 
-pub async fn decrypt_value_with_mc(value: String, mc: MagicCrypt256) -> Result<String> {
-    mc.decrypt_base64_to_string(value).map_err(|e| match e {
-        MagicCryptError::DecryptError(_) => crate::error::Error::InternalErr(
-            "Could not decrypt value. The value may have been encrypted with a different key."
-                .to_string(),
-        ),
-        _ => crate::error::Error::InternalErr(e.to_string()),
-    })
-}
-
 pub fn encrypt(mc: &MagicCrypt256, value: &str) -> String {
     mc.encrypt_str_to_base64(value)
 }

backend/windmill-worker/src/common.rs

@@ -18,7 +18,7 @@ use windmill_common::jobs::ENTRYPOINT_OVERRIDE;
 use windmill_common::s3_helpers::{
     get_etag_or_empty, LargeFileStorage, ObjectStoreResource, S3Object,
 };
-use windmill_common::variables::{build_crypt_with_key_suffix, decrypt_value_with_mc};
+use windmill_common::variables::{build_crypt_with_key_suffix, decrypt};
 use windmill_common::worker::{
     to_raw_value, write_file, CLOUD_HOSTED, ROOT_CACHE_DIR, WORKER_CONFIG,
 };
@@ -255,11 +255,9 @@ pub async fn transform_json_value(
             let encrypted = y.strip_prefix("$encrypted:").unwrap();
             let mc =
                 build_crypt_with_key_suffix(&db, &job.workspace_id, &job.id.to_string()).await?;
-            decrypt_value_with_mc(encrypted.to_string(), mc)
-                .await
-                .and_then(|x| {
-                    serde_json::from_str(&x).map_err(|e| Error::InternalErr(e.to_string()))
-                })
+            decrypt(&mc, encrypted.to_string()).and_then(|x| {
+                serde_json::from_str(&x).map_err(|e| Error::InternalErr(e.to_string()))
+            })
 
             // let path = y.strip_prefix("$res:").unwrap();
         }