yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
728790e38f490eb338493cf147f5796461943dd8
outline/server/models/decorators/Encrypted.ts
Tom Moor 728790e38f feat: Validate Google, Azure, OIDC SSO access (#3590) 
* chore: Store expiresAt on UserAuthentications. This represents the time that the accessToken is no longer valid and should be exchanged using the refreshToken

* feat: Check and expire Google SSO

* fix: Better handling of multiple auth methods
Added more docs

* fix: Retry access validation with network errors

* Small refactor, add Azure token validation support

* doc

* test

* lint

* OIDC refresh support

* CheckSSOAccessTask -> ValidateSSOAccessTask
Added lastValidatedAt column
Skip checks if validated within 5min
Some edge cases around encrypted columns
2022-06-05 13:18:51 -07:00

52 lines
1.4 KiB
TypeScript
Raw Blame History

import { isNil } from "lodash";
import vaults from "@server/database/vaults";
import Logger from "@server/logging/Logger";
const key = "sequelize:vault";
/**
* A decorator that stores the encrypted vault for a particular database column
* so that it can be used by getters and setters. Must be accompanied by a
* @Column(DataType.BLOB) annotation.
*/
export default function Encrypted(target: any, propertyKey: string) {
Reflect.defineMetadata(key, vaults().vault(propertyKey), target, propertyKey);
}
/**
* Get the value of an encrypted column given the target and the property key.
*/
export function getEncryptedColumn(target: any, propertyKey: string): string {
try {
return Reflect.getMetadata(key, target, propertyKey).get.call(target);
} catch (err) {
if (err.message.includes("Unexpected end of JSON input")) {
return "";
}
if (err.message.includes("bad decrypt")) {
Logger.error(
`Failed to decrypt database column (${propertyKey}). The SECRET_KEY environment variable may have changed since installation.`,
err
);
process.exit(1);
}
throw err;
}
}
/**
* Set the value of an encrypted column given the target and the property key.
*/
export function setEncryptedColumn(
target: any,
propertyKey: string,
value: string
) {
if (isNil(value)) {
target.setDataValue(propertyKey, value);
} else {
Reflect.getMetadata(key, target, propertyKey).set.call(target, value);
}
}
Reference in New Issue View Git Blame Copy Permalink