Skip to content

Commit

Permalink
fix(backend): save repo object; update requirements; wrong pw
Browse files Browse the repository at this point in the history
  • Loading branch information
dr460nf1r3 committed Nov 16, 2024
1 parent 4e15845 commit f138f10
Show file tree
Hide file tree
Showing 5 changed files with 99 additions and 65 deletions.
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ This will allow using the production API without CORS issues.
- AUTH0_CLIENT_SECRET: Auth0 client secret
- AUTH0_DOMAIN: Auth0 domain
- CAUR_DEPLOY_LOG_ID: Telegram chat id for deploy logs
- CAUR_GITLAB_TOKEN: Gitlab token for pushing to the repository
- CAUR_JWT_SECRET: JWT secret for the backend
- CAUR_NEWS_ID: Telegram chat id for news
- CAUR_TRUST_PROXY: IP address of the proxy, if any
Expand Down
1 change: 0 additions & 1 deletion backend/src/config/repo-manager.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ export default registerAs("repoMan", () => ({
gitAuthor: process.env.GIT_AUTHOR ?? "Temeraire",
gitEmail: process.env.GIT_EMAIL ?? "ci@chaotic.cx",
gitUsername: process.env.GIT_USERNAME ?? "git",
gitlabToken: process.env.CAUR_GITLAB_TOKEN,
globalBlacklist: process.env.REPOMANAGER_NEVER_REBUILD ?? "[]",
globalTriggers: process.env.REPOMANAGER_ALWAYS_REBUILD ?? "[]",
regenDatabase: process.env.REPOMANAGER_REGEN_DB ?? false,
Expand Down
24 changes: 24 additions & 0 deletions backend/src/functions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import type { ConfigService } from "@nestjs/config";
import * as bcrypt from "bcrypt";
import { requiredEnvVarsDev, requiredEnvVarsProd } from "./constants";
import { BumpType } from "./interfaces/repo-manager";
import CryptoJs from "crypto-js";

/**
* Parse the output of the non-single line metrics.
Expand Down Expand Up @@ -112,3 +113,26 @@ export function bumpTypeToText(type: BumpType, phrase: 1 | 2 = 1): string {
return "Unknown";
}
}

/**
* Encrypts a value with a given key
* @param value Text to encrypt
* @param key Key to use
* @returns The AES encrypted string
*/
export function encryptAes(value: string, key: string) {
const encJson = CryptoJs.AES.encrypt(JSON.stringify(value), key).toString();
return CryptoJs.enc.Base64.stringify(CryptoJs.enc.Utf8.parse(encJson));
}

/**
* Decrypt a value with a given key
* @param value Text to decrypt
* @param key Key to use
* @returns The decrypted string
*/
export function decryptAes(value: string, key: string) {
const decData = CryptoJs.enc.Base64.parse(value).toString(CryptoJs.enc.Utf8);
const bytes = CryptoJs.AES.decrypt(decData, key).toString(CryptoJs.enc.Utf8);
return JSON.parse(bytes);
}
5 changes: 2 additions & 3 deletions backend/src/interfaces/repo-manager.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { Package } from "../builder/builder.entity";
import { ArchlinuxPackage } from "../repo-manager/repo-manager.entity";
import type { Package } from "../builder/builder.entity";
import type { ArchlinuxPackage } from "../repo-manager/repo-manager.entity";

export interface Repo {
name: string;
Expand Down Expand Up @@ -48,7 +48,6 @@ export interface RepoSettings {
gitAuthor: string;
gitEmail: string;
gitUsername: string;
gitlabToken: string;
globalBlacklist: string[];
globalTriggers: string[];
regenDatabase: boolean;
Expand Down
133 changes: 73 additions & 60 deletions backend/src/repo-manager/repo-manager.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,11 @@ import { IsNull, MoreThanOrEqual, Not, Repository } from "typeorm";
import { ARCH } from "../constants";
import { Build, Package, pkgnameExists, Repo } from "../builder/builder.entity";
import { ConfigService } from "@nestjs/config";
import { AxiosResponse } from "axios";
import { bumpTypeToText, isValidUrl } from "../functions";
import type { AxiosResponse } from "axios";
import { bumpTypeToText, decryptAes, encryptAes, isValidUrl } from "../functions";
import { CronJob } from "cron";
import util from "node:util";
import { exec } from "node:child_process";
import { AES } from "crypto-js";

@Injectable()
export class RepoManagerService {
Expand Down Expand Up @@ -87,33 +86,37 @@ export class RepoManagerService {

// We explicitly want to encrypt API tokens if they are prefixed with "CLEAR:"
try {
const reposWithTokens = await this.repoRepository.find({where: {apiToken: Not(IsNull())}})
const dbKey = this.configService.getOrThrow("app.dbKey")
const reposWithTokens = await this.repoRepository.find({ where: { apiToken: Not(IsNull()) } });
const dbKey = this.configService.getOrThrow("app.dbKey");
for (const repo of reposWithTokens) {
if (repo.apiToken.startsWith("CLEAR:")) {
repo.apiToken = AES.encrypt(repo.apiToken.split(":")[1], dbKey).toString()
const token = repo.apiToken.split(":")[1];
repo.apiToken = encryptAes(token, dbKey);
await this.repoRepository.save(repo);
}
Logger.log(`Encrypted token for repo ${repo.name}`)
Logger.log(`Encrypted token for repo ${repo.name}`);
}
} catch(err: unknown) {
Logger.error(err, "RepoManager")
} catch (err: unknown) {
Logger.error(err, "RepoManager");
}

try {
if (globalTriggers && globalTriggers.length > 0) {
if (existingSettings?.value) {
const existing: string[] = JSON.parse(existingSettings.value);

for (const key of existing) {
if (!globalTriggers.includes(key)) {
globalTriggers.push(key);
try {
Logger.log(existingSettings);
const existing: string[] = JSON.parse(existingSettings.value);
for (const key of existing) {
if (!globalTriggers.includes(key)) {
globalTriggers.push(key);
}
}
}

await this.settingsRepository.update(
{ key: "alwaysRebuild" },
{ value: JSON.stringify(globalTriggers) },
);
await this.settingsRepository.update(
{ key: "alwaysRebuild" },
{ value: JSON.stringify(globalTriggers) },
);
} catch (err: unknown) {}
} else {
await this.settingsRepository.save({
key: "globalTriggers",
Expand All @@ -122,7 +125,9 @@ export class RepoManagerService {
}
} else {
if (existingSettings) {
globalTriggers.push(...JSON.parse(existingSettings.value));
try {
globalTriggers.push(...JSON.parse(existingSettings.value));
} catch (err: unknown) {}
}
}
} catch (err: unknown) {
Expand Down Expand Up @@ -179,7 +184,6 @@ export class RepoManagerService {
gitAuthor: this.configService.getOrThrow<string>("repoMan.gitAuthor"),
gitEmail: this.configService.getOrThrow<string>("repoMan.gitEmail"),
gitUsername: this.configService.getOrThrow<string>("repoMan.gitUsername"),
gitlabToken: this.configService.getOrThrow<string>("repoMan.gitlabToken"),
globalTriggers:
globalTriggers ?? JSON.parse(this.configService.getOrThrow<string>("repoMan.globalTriggers")),
globalBlacklist:
Expand Down Expand Up @@ -496,7 +500,7 @@ class RepoManager {
settings: Repository<RepoManagerSettings>;
};
private readonly httpService: HttpService;
private readonly configService: ConfigService
private readonly configService: ConfigService;

private repoDirs: string[] = [];
private repoManagerSettings: RepoSettings;
Expand All @@ -511,7 +515,7 @@ class RepoManager {
settings: Repository<RepoManagerSettings>;
},
settings: RepoSettings,
configService: ConfigService
configService: ConfigService,
) {
this.httpService = httpService;
this.dbConnections = dbConnections;
Expand Down Expand Up @@ -639,39 +643,41 @@ class RepoManager {
}
}

if (!foundTrigger && soProvidingArchPackages.length > 0 && metadata?.deps) {
const trigger = soProvidingArchPackages.find((soProviding) => {
const hasSoDep = metadata?.deps?.some((dep) => {
const pkgNoSo = dep.split(".so")[0];

// TODO: probably too sensitive and causing too many builds
return soProviding.provides.some(
(pkg) => pkg.includes(pkgNoSo) || soProviding.pkg.pkgname.includes(pkgNoSo),
);
});

if (hasSoDep) {
Logger.debug(`Found shared library trigger ${soProviding.pkg.pkgname} by name`, "RepoManager");
return true;
}
return false;
});
if (trigger) {
needsRebuild.push({
archPkg: trigger.pkg,
configs: pkgConfig.configs,
pkg: pkgConfig.pkgInDb,
bumpType: BumpType.FROM_DEPS,
triggerFrom: TriggerType.ARCH,
});

Logger.debug(
`Rebuilding ${pkgbaseDir} because of changed shared library ${trigger.pkg.pkgname}`,
"RepoManager",
);
foundTrigger = true;
}
}
// if (!foundTrigger && soProvidingArchPackages.length > 0 && metadata?.deps) {
// const trigger = soProvidingArchPackages.find((soProviding) => {
// const hasSoDep = metadata?.deps?.some((dep) => {
// const pkgNoSo = dep.split(".so")[0];
//
// // TODO: probably too sensitive and causing too many builds
// return soProviding.provides.some(
// (pkg) => pkg.includes(pkgNoSo) || soProviding.pkg.pkgname.includes(pkgNoSo),
// );
// });
//
// if (hasSoDep) {
// Logger.debug(`Found shared library trigger ${soProviding.pkg.pkgname} by name`, "RepoManager");
// return true;
// }
// return false;
// });
// if (trigger) {
// needsRebuild.push({
// archPkg: trigger.pkg,
// configs: pkgConfig.configs,
// pkg: pkgConfig.pkgInDb,
// bumpType: BumpType.FROM_DEPS,
// triggerFrom: TriggerType.ARCH,
// });
//
// Logger.debug(
// `Rebuilding ${pkgbaseDir} because of changed shared library ${trigger.pkg.pkgname}`,
// "RepoManager",
// );
// foundTrigger = true;
// }
// }

Logger.debug(pkgConfig.pkgInDb.namcapAnalysis);

if (!foundTrigger && pkgConfig.pkgInDb.namcapAnalysis) {
const namcapAnalysis: Partial<NamcapAnalysis> = pkgConfig.pkgInDb.namcapAnalysis;
Expand All @@ -683,10 +689,14 @@ class RepoManager {
"link-level-dependence",
];

Logger.debug(`searching shared lib for ${pkgConfig.pkgInDb.pkgname}`);
Logger.debug(namcapAnalysis);

for (const key of relevantKeys) {
let trigger: ArchlinuxPackage;
if (namcapAnalysis[key]) {
for (const depPkg of namcapAnalysis[key]) {
Logger.debug(`${depPkg}`);
const foundSoProvider: {
pkg: ArchlinuxPackage;
provides: string[];
Expand Down Expand Up @@ -1225,7 +1235,7 @@ class RepoManager {
}

try {
const token = AES.decrypt(repo.apiToken, this.configService.getOrThrow("app.dbKey")).toString()
const token = decryptAes(repo.apiToken, this.configService.getOrThrow("app.dbKey"));
await git.push({
fs,
http,
Expand Down Expand Up @@ -1460,7 +1470,7 @@ class RepoManager {
if (!repoDir) {
repoDir = await this.createRepoDir(build.repo);
} else {
const token = AES.decrypt(build.repo.apiToken, this.configService.getOrThrow("app.dbKey")).toString()
const token = decryptAes(build.repo.apiToken, this.configService.getOrThrow("app.dbKey"));
await git.pull({
fs,
http,
Expand Down Expand Up @@ -1490,9 +1500,12 @@ class RepoManager {
pkg.pkgname,
);

Logger.log(pkg.metadata, "CheckDeps");
Logger.log(soNameList, "CheckDeps");

if (
(pkg.metadata.deps && pkg.metadata.deps.includes(build.pkgbase.pkgname)) ||
soNameList.find((soName) => pkg.metadata.deps.includes(soName))
pkg.metadata?.deps?.includes(build.pkgbase.pkgname) ||
soNameList.find((soName) => pkg.metadata?.deps?.includes(soName))
) {
needsRebuild.push({
configs: configs.configs,
Expand Down

0 comments on commit f138f10

Please sign in to comment.