Merge pull request #1096 from openkfw/1076-reject-backups-before-2.0

reject backups before 2.0
openkfw · May 10, 2022 · 1c17582 · 1c17582
2 parents 673d92d + 6a23589
commit 1c17582
Show file tree

Hide file tree

Showing 8 changed files with 47 additions and 107 deletions.
diff --git a/.gitignore b/.gitignore
@@ -12,4 +12,5 @@ yarn-error.log
 .vs/
 e2e-test/debug.log
 scripts/development/.env
-scripts/operation/.env
+scripts/operation/.env
+.idea/
diff --git a/blockchain/check-backup.js b/blockchain/check-backup.js
@@ -3,9 +3,8 @@ const tar = require("tar-fs");
 const rawTar = require("tar-stream");
 const yaml = require("js-yaml");
 const shell = require("shelljs");
-const yargs = require("yargs");
-
-const { md5Dir } = require("./src/md5");
+const { version } = require("./package.json");
+const { sha256Dir } = require("./src/sha256.js");
 
 const printHelp = () => {
   console.log(`
@@ -14,7 +13,7 @@ const printHelp = () => {
     Options:
       -h/--help      prints help
       -f/--fix       creates a new fixed backup file in the same directory
-      
+
     Arguments:
       BACKUP         A Trubudget backup.gz file`);
 };
@@ -67,23 +66,36 @@ stream.on("finish", async () => {
 
     const hash = await createHash(extractPath);
     const isValidMetadataFile = config.DirectoryHash === hash;
+
+    //Check for major version compatibility
+    const incompatibleVersions =
+      config.hasOwnProperty("Version") &&
+      config.Version.split(".")[0] === version.split(".")[0];
+
     if (isValidMetadataFile) {
-      console.log(`The provided backup file is valid\n`);
-      console.log(`No updated backup is created`);
-      process.exit(0);
+      console.log("The provided backup file is valid\n");
+      console.log("No updated backup is created");
+      process.exit(1);
+    } else if (incompatibleVersions) {
+      console.log("The provided backup is from a prior major version.\n");
+      console.log(
+        "Use the migration guide to restore the backup. More information can be found on GitHub.\n",
+      );
+      console.log("No updated backup is created");
+      process.exit(1);
     } else {
-      console.log(`The provided backup file is invalid\n`);
+      console.log("The provided backup file is invalid\n");
     }
     if (fixOption) {
-      console.log(`Create updated backup...\n`);
+      console.log("Create updated backup...\n");
       await updateMetadataFile(config, hash, metadataPath);
       tar
         .pack(extractPath)
         .pipe(fs.createWriteStream(`${filePath}_updated.gz`));
       console.log(`Saved the fixed backup file in ${filePath}_updated.gz`);
     } else {
       console.log(
-        `No updated backup is created since the --fix option was not provided`,
+        "No updated backup is created since the --fix option was not provided",
       );
     }
   }
@@ -96,7 +108,7 @@ const loadConfig = (path) => {
 };
 
 const createHash = async (extractPath) => {
-  return md5Dir(extractPath);
+  return sha256Dir(extractPath);
 };
 
 const updateMetadataFile = async (config, hash, metadataPath) => {
@@ -108,7 +120,7 @@ const updateMetadataFile = async (config, hash, metadataPath) => {
     : "";
   shell
     .echo(
-      `ChainName: ${config.ChainName}${organisation}\nTimestamp: ${ts}\nDirectoryHash: ${hash}\n`,
+      `ChainName: ${config.ChainName}${organisation}\nTimestamp: ${ts}\nDirectoryHash: ${hash}\n Version: ${version}\n`,
     )
     .to(metadataPath);
   return config;

diff --git a/blockchain/src/index.js b/blockchain/src/index.js
@@ -10,6 +10,7 @@ const os = require("os");
 const KubernetesClient = require("./kubernetesClient");
 const log = require("./log/logger");
 const logService = require("trubudget-logging-service");
+const { version } = require("../package.json");
 
 const {
   startEmailNotificationWatcher,
@@ -19,7 +20,6 @@ const { startMultichainDaemon, configureChain } = require("./createChain");
 
 const {
   moveBackup,
-  verifyHash,
   verifyHashSha256,
   removeFile,
   createMetadataFileSha256,
@@ -303,11 +303,6 @@ app.post("/chain", async (req, res) => {
           config.DirectoryHash,
           extractPath,
         );
-        // TODO MD5 hashing is deprecated. Remove it in the future and keep only SHA256
-        let validMD5 = false;
-        if (!validSha256) {
-          validMD5 = await verifyHash(config.DirectoryHash, extractPath);
-        }
         const chainConfig = yaml.safeLoad(
           fs.readFileSync(chainConfigPath, "utf8"),
         );
@@ -317,8 +312,13 @@ app.post("/chain", async (req, res) => {
           const correctOrg = config.Organisation === ORGANIZATION;
           correctConfig = correctConfig && correctOrg;
         }
-        if (correctConfig) {
-          if (validSha256 || validMD5) {
+        //Check for major version compatibility
+        const compatibleVersions =
+          config.hasOwnProperty("Version") &&
+          config.Version.split(".")[0] === version.split(".")[0];
+
+        if (correctConfig && compatibleVersions) {
+          if (validSha256) {
             autostart = false;
             await stopMultichain(mcproc);
             await moveBackup(multichainDir, extractPath, CHAINNAME);
@@ -335,9 +335,19 @@ app.post("/chain", async (req, res) => {
             res.send("OK");
           } else {
             log.warn("Request did not contain a valid trubudget backup");
+            if (!compatibleVersions) {
+              log.warn(
+                "The uploaded backup is not compatible with this version of TruBudget",
+              );
+            }
             res.status(400).send("Not a valid TruBudget backup");
           }
         } else {
+          if (!compatibleVersions) {
+            log.warn(
+              "The uploaded backup is not compatible with this version of TruBudget",
+            );
+          }
           log.warn("Tried to Backup with invalid configuration");
           res
             .status(400)

diff --git a/blockchain/src/md5.js b/blockchain/src/md5.js
diff --git a/blockchain/src/shell.js b/blockchain/src/shell.js
@@ -1,13 +1,10 @@
 const shell = require("shelljs");
 const fs = require("fs");
-
-const { md5Dir } = require("./md5");
+const { version } = require("../package.json");
 const { sha256Dir } = require("./sha256");
 
 const logger = require("./log/logger");
 
-const verifyHash = async (backupDirectoryHash, extractPath) =>
-  (await md5Dir(extractPath)) === backupDirectoryHash;
 
 const createMetadataFileSha256 = async (
   chainName,
@@ -27,7 +24,7 @@ const createMetadataFileSha256 = async (
   const ts = Date.now();
   shell
     .echo(
-      `ChainName: ${chainName}\nOrganisation: ${organisation}\nTimestamp: ${ts}\nDirectoryHash: ${dirHash}`,
+      `ChainName: ${chainName}\nOrganisation: ${organisation}\nTimestamp: ${ts}\nDirectoryHash: ${dirHash}\nVersion: ${version}\n`,
     )
     .to(filePath);
 };
@@ -66,7 +63,6 @@ const moveBackup = async (multichainDir, extractPath, chainName) => {
 };
 
 module.exports = {
-  verifyHash,
   createMetadataFileSha256,
   verifyHashSha256,
   moveBackup,

diff --git a/e2e-test/cypress/fixtures/backup.gz b/e2e-test/cypress/fixtures/backup.gz
diff --git a/e2e-test/cypress/fixtures/backup_orga_test.gz b/e2e-test/cypress/fixtures/backup_orga_test.gz
diff --git a/e2e-test/cypress/integration/backup_spec.js b/e2e-test/cypress/integration/backup_spec.js
@@ -108,7 +108,7 @@ describe("Backup Feature", function() {
             expect(success).to.eq(true);
           });
           cy.get("[data-test=client-snackbar]")
-            .contains("Not a valid TruBudget backup")
+            .contains("failed to restore backup: Backup with these configurations is not permitted")
             .should("be.visible");
           cy.url()
             .should("include", "/projects")