Refactor EE secret versioning/snapshot access

Infisical · Dec 26, 2022 · 9f724b5 · 9f724b5
1 parent 8f765cb
commit 9f724b5
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 30 deletions.
diff --git a/backend/src/app.ts b/backend/src/app.ts
@@ -1,4 +1,3 @@
-
 import { patchRouterParam } from './utils/patchAsyncRoutes';
 import express from 'express';
 import helmet from 'helmet';
@@ -7,7 +6,7 @@ import cookieParser from 'cookie-parser';
 import dotenv from 'dotenv';
 
 dotenv.config();
-import { PORT, NODE_ENV, SITE_URL } from './config';
+import { PORT, NODE_ENV, SITE_URL, LICENSE_KEY } from './config';
 import { apiLimiter } from './helpers/rateLimiter';
 
 import {

diff --git a/backend/src/ee/helpers/secret.ts b/backend/src/ee/helpers/secret.ts
@@ -3,7 +3,9 @@ import {
     Secret
 } from '../../models';
 import {
-    SecretSnapshot
+    SecretSnapshot,
+	SecretVersion,
+	ISecretVersion
 } from '../models';
 
 /**
@@ -52,6 +54,21 @@ import {
 	}
 }
 
+const addSecretVersionsHelper = async ({
+	secretVersions
+}: {
+	secretVersions: ISecretVersion[]
+}) => {
+	try {
+		await SecretVersion.insertMany(secretVersions);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		throw new Error('Failed to add secret versions');
+	}
+}
+
 export {
-    takeSecretSnapshotHelper
+    takeSecretSnapshotHelper,
+	addSecretVersionsHelper
 }
diff --git a/backend/src/ee/models/index.ts b/backend/src/ee/models/index.ts
@@ -3,5 +3,7 @@ import SecretVersion, { ISecretVersion } from "./secretVersion";
 
 export {
     SecretSnapshot,
-    SecretVersion
+    ISecretSnapshot,
+    SecretVersion,
+    ISecretVersion
 }
diff --git a/backend/src/ee/models/secretVersion.ts b/backend/src/ee/models/secretVersion.ts
@@ -1,7 +1,7 @@
 import { Schema, model, Types } from 'mongoose';
 
 export interface ISecretVersion {
-    _id: Types.ObjectId;
+    _id?: Types.ObjectId;
     secret: Types.ObjectId;
     version: number;
     isDeleted: boolean;

diff --git a/backend/src/ee/services/EELicenseService.ts b/backend/src/ee/services/EELicenseService.ts
@@ -1,22 +1,19 @@
+import { LICENSE_KEY } from '../../config';
+
 /**
  * Class to handle Enterprise Edition license actions
  */
 class EELicenseService {
-    /**
-     * Check if license key [licenseKey] corresponds to a
-     * valid Infisical Enterprise Edition license.
-     * @param {Object} obj
-     * @param {Object} obj.licenseKey
-     * @returns {Boolean}
-     */
-    static async checkLicense({
-        licenseKey
-    }: {
-        licenseKey: string;
-    }) {
-        // TODO
-        return true;
+
+    private readonly _isLicenseValid: boolean;
+
+    constructor(licenseKey: string) {
+        this._isLicenseValid = true;
+    }
+
+    public get isLicenseValid(): boolean {
+        return this._isLicenseValid;
     }
 }
 
-export default EELicenseService;
+export default new EELicenseService(LICENSE_KEY);
diff --git a/backend/src/ee/services/EESecretService.ts b/backend/src/ee/services/EESecretService.ts
@@ -1,4 +1,8 @@
-import { takeSecretSnapshotHelper } from '../helpers/secret';
+import { ISecretVersion } from '../models';
+import { 
+    takeSecretSnapshotHelper,
+    addSecretVersionsHelper
+} from '../helpers/secret';
 import EELicenseService from './EELicenseService';
 
 /**
@@ -21,9 +25,25 @@ class EESecretService {
         licenseKey: string;
         workspaceId: string;
     }) {
-        EELicenseService.checkLicense({ licenseKey });
+        if (!EELicenseService.isLicenseValid) return;
         await takeSecretSnapshotHelper({ workspaceId });
     }
+
+    /**
+     * Adds secret versions [secretVersions] to the SecretVersion collection.
+     * @param {Object} obj
+     * @param {SecretVersion} obj.secretVersions
+     */
+    static async addSecretVersions({
+        secretVersions
+    }: {
+        secretVersions: ISecretVersion[];
+    }) {
+        if (!EELicenseService.isLicenseValid) return;
+        await addSecretVersionsHelper({
+            secretVersions
+        });
+    }
 }
 
 export default EESecretService;
diff --git a/backend/src/helpers/secret.ts b/backend/src/helpers/secret.ts
@@ -130,8 +130,10 @@ const pushSecrets = async ({
 				};
 			});
 		await Secret.bulkWrite(operations as any);
-		await SecretVersion.insertMany(
-			toUpdate.map(({
+
+		// (EE) add secret versions for updated secrets
+		await EESecretService.addSecretVersions({
+			secretVersions: toUpdate.map(({
 				type,
 				ciphertextKey,
 				ivKey,
@@ -153,8 +155,8 @@ const pushSecrets = async ({
 				secretValueIV: ivValue,
 				secretValueTag: tagValue,
 				secretValueHash: hashValue
-			}))
-		);
+			})) 
+		});
 
 		// handle adding new secrets
 		const toAdd = secrets.filter((s) => !(`${s.type}-${s.hashKey}` in oldSecretsObj));
@@ -185,8 +187,9 @@ const pushSecrets = async ({
 				})
 			);
 
-			await SecretVersion.insertMany(
-				newSecrets.map(({
+			// (EE) add secret versions for new secrets
+			EESecretService.addSecretVersions({
+				secretVersions: newSecrets.map(({
 					_id,
 					secretKeyCiphertext,
 					secretKeyIV,
@@ -209,7 +212,7 @@ const pushSecrets = async ({
 					secretValueTag,
 					secretValueHash
 				}))
-			);
+			});
 		}
 
 		// (EE) take a secret snapshot