Generate secret before starting main process

Hexagon · Apr 22, 2024 · 3719127 · 3719127
1 parent 6998a77
commit 3719127
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 21 deletions.
diff --git a/application.meta.ts b/application.meta.ts
@@ -21,7 +21,7 @@
 
 const Application = {
   name: "pup",
-  version: "1.0.0-rc.27",
+  version: "1.0.0-rc.28",
   url: "jsr:@pup/pup@$VERSION",
   canary_url: "https://raw.githubusercontent.com/Hexagon/pup/main/pup.ts",
   deno: null, /* Minimum stable version of Deno required to run Pup (without --unstable-* flags)  */

diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
   "name": "@pup/pup",
-  "version": "1.0.0-rc.27",
+  "version": "1.0.0-rc.28",
 
   "exports": {
     ".": "./pup.ts",

diff --git a/docs/src/changelog.md b/docs/src/changelog.md
@@ -9,6 +9,10 @@ nav_order: 13
 
 All notable changes to this project will be documented in this section.
 
+## [1.0.0-rc.28] - 2023-04-22
+
+- fix(core): Generate secret before starting main process.
+
 ## [1.0.0-rc.27] - 2023-04-21
 
 - fix(upgrader): Update upgrader. **If coming from a previous version, you'll have to run upgrade twice to make pup work**

diff --git a/lib/cli/main.ts b/lib/cli/main.ts
@@ -7,7 +7,7 @@
 
 // Import core dependencies
 import { Pup } from "../core/pup.ts"
-import { type Configuration, DEFAULT_REST_API_HOSTNAME, generateConfiguration, validateConfiguration } from "../core/configuration.ts"
+import { type Configuration, DEFAULT_REST_API_HOSTNAME, DEFAULT_SECRET_LENGTH_BYTES, generateConfiguration, validateConfiguration } from "../core/configuration.ts"
 
 // Import CLI utilities
 import { printFlags, printHeader, printUsage } from "./output.ts"
@@ -35,6 +35,7 @@ import { RestClient } from "../common/restclient.ts"
 import { ApiApplicationState } from "../core/api.ts"
 import { CurrentRuntime, Runtime } from "@cross/runtime"
 import { Prop } from "../common/prop.ts"
+import { encodeBase64 } from "@std/encoding/base64"
 
 /**
  * Define the main entry point of the CLI application
@@ -190,18 +191,22 @@ async function main() {
     // Get secret
     const secretInstance = new Prop(secretFile)
     try {
-      secret = await secretInstance.load()
-    } catch (_e) {
-      console.error("Could not connect to instance, secret could not be read.")
-      return exit(1)
-    }
+      // deno-lint-ignore require-await
+      secret = await secretInstance.loadOrGenerate(async () => {
+        const secretArray = new Uint8Array(DEFAULT_SECRET_LENGTH_BYTES)
+        crypto.getRandomValues(secretArray)
+        return encodeBase64(secretArray)
+      })
 
-    // Generate a short lived (2 minute) cli token
-    token = await GenerateToken(secret, { consumer: "cli" }, new Date().getTime() + 120_000)
+      // Generate a short lived (2 minute) cli token
+      token = await GenerateToken(secret, { consumer: "cli" }, new Date().getTime() + 120_000)
 
-    // Send api request
-    const apiBaseUrl = `http://${configuration.api?.hostname || DEFAULT_REST_API_HOSTNAME}:${port}`
-    client = new RestClient(apiBaseUrl, token!)
+      // Send api request
+      const apiBaseUrl = `http://${configuration.api?.hostname || DEFAULT_REST_API_HOSTNAME}:${port}`
+      client = new RestClient(apiBaseUrl, token!)
+    } catch (_e) {
+      /* Ignore */
+    }
   }
 
   /**

diff --git a/lib/common/prop.ts b/lib/common/prop.ts
@@ -46,6 +46,7 @@ export class Prop {
    */
   async generate(generatorFn: PropGenerator): Promise<string> {
     const resultString = await generatorFn()
+    this.cache = resultString
     await writeFile(this.path, resultString, { mode: this.filePermissions })
     return resultString
   }

diff --git a/lib/core/pup.ts b/lib/core/pup.ts
@@ -9,7 +9,6 @@ import {
   type Configuration,
   DEFAULT_INTERNAL_LOG_HOURS,
   DEFAULT_SECRET_FILE_PERMISSIONS,
-  DEFAULT_SECRET_LENGTH_BYTES,
   type GlobalLoggerConfiguration,
   MAINTENANCE_INTERVAL_MS,
   type ProcessConfiguration,
@@ -27,7 +26,6 @@ import { Prop } from "../common/prop.ts"
 import { TelemetryData } from "../../telemetry.ts"
 import { rm } from "@cross/fs"
 import { findFreePort } from "../common/port.ts"
-import { encodeBase64 } from "@std/encoding/base64"
 
 interface InstructionResponse {
   success: boolean
@@ -290,12 +288,7 @@ class Pup {
    * @private
    */
   private api = async () => {
-    // deno-lint-ignore require-await
-    const secret = await this.secret?.loadOrGenerate(async () => {
-      const secretArray = new Uint8Array(DEFAULT_SECRET_LENGTH_BYTES)
-      crypto.getRandomValues(secretArray)
-      return encodeBase64(secretArray)
-    })
+    const secret = await this.secret?.load()
     if (!secret) return
 
     const port = await this.port?.loadOrGenerate(async () => {

diff --git a/versions.json b/versions.json
@@ -2,6 +2,20 @@
   "canary_url": "https://raw.githubusercontent.com/Hexagon/pup/main/pup.ts",
   "stable": [],
   "prerelease": [
+    {
+      "version": "1.0.0-rc.28",
+      "url": "jsr:@pup/[email protected]",
+      "deno": null,
+      "deno_unstable": "1.42.0",
+      "default_permissions": [
+        "--allow-env",
+        "--allow-read",
+        "--allow-write",
+        "--allow-sys=loadavg,systemMemoryInfo,osUptime,osRelease,uid,gid",
+        "--allow-net",
+        "--allow-run"
+      ]
+    },
     {
       "version": "1.0.0-rc.27",
       "url": "jsr:@pup/[email protected]",