From 3719127cab811e1773eb21c20dae1c001f303561 Mon Sep 17 00:00:00 2001 From: Hexagon Date: Mon, 22 Apr 2024 08:51:12 +0200 Subject: [PATCH] Generate secret before starting main process --- application.meta.ts | 2 +- deno.json | 2 +- docs/src/changelog.md | 4 ++++ lib/cli/main.ts | 27 ++++++++++++++++----------- lib/common/prop.ts | 1 + lib/core/pup.ts | 9 +-------- versions.json | 14 ++++++++++++++ 7 files changed, 38 insertions(+), 21 deletions(-) diff --git a/application.meta.ts b/application.meta.ts index 98db421..46d0a0e 100644 --- a/application.meta.ts +++ b/application.meta.ts @@ -21,7 +21,7 @@ const Application = { name: "pup", - version: "1.0.0-rc.27", + version: "1.0.0-rc.28", url: "jsr:@pup/pup@$VERSION", canary_url: "https://raw.githubusercontent.com/Hexagon/pup/main/pup.ts", deno: null, /* Minimum stable version of Deno required to run Pup (without --unstable-* flags) */ diff --git a/deno.json b/deno.json index d454722..b6e654f 100644 --- a/deno.json +++ b/deno.json @@ -1,6 +1,6 @@ { "name": "@pup/pup", - "version": "1.0.0-rc.27", + "version": "1.0.0-rc.28", "exports": { ".": "./pup.ts", diff --git a/docs/src/changelog.md b/docs/src/changelog.md index aa27c6f..61f5df1 100644 --- a/docs/src/changelog.md +++ b/docs/src/changelog.md @@ -9,6 +9,10 @@ nav_order: 13 All notable changes to this project will be documented in this section. +## [1.0.0-rc.28] - 2023-04-22 + +- fix(core): Generate secret before starting main process. + ## [1.0.0-rc.27] - 2023-04-21 - fix(upgrader): Update upgrader. **If coming from a previous version, you'll have to run upgrade twice to make pup work** diff --git a/lib/cli/main.ts b/lib/cli/main.ts index ccb3487..7c939e6 100644 --- a/lib/cli/main.ts +++ b/lib/cli/main.ts @@ -7,7 +7,7 @@ // Import core dependencies import { Pup } from "../core/pup.ts" -import { type Configuration, DEFAULT_REST_API_HOSTNAME, generateConfiguration, validateConfiguration } from "../core/configuration.ts" +import { type Configuration, DEFAULT_REST_API_HOSTNAME, DEFAULT_SECRET_LENGTH_BYTES, generateConfiguration, validateConfiguration } from "../core/configuration.ts" // Import CLI utilities import { printFlags, printHeader, printUsage } from "./output.ts" @@ -35,6 +35,7 @@ import { RestClient } from "../common/restclient.ts" import { ApiApplicationState } from "../core/api.ts" import { CurrentRuntime, Runtime } from "@cross/runtime" import { Prop } from "../common/prop.ts" +import { encodeBase64 } from "@std/encoding/base64" /** * Define the main entry point of the CLI application @@ -190,18 +191,22 @@ async function main() { // Get secret const secretInstance = new Prop(secretFile) try { - secret = await secretInstance.load() - } catch (_e) { - console.error("Could not connect to instance, secret could not be read.") - return exit(1) - } + // deno-lint-ignore require-await + secret = await secretInstance.loadOrGenerate(async () => { + const secretArray = new Uint8Array(DEFAULT_SECRET_LENGTH_BYTES) + crypto.getRandomValues(secretArray) + return encodeBase64(secretArray) + }) - // Generate a short lived (2 minute) cli token - token = await GenerateToken(secret, { consumer: "cli" }, new Date().getTime() + 120_000) + // Generate a short lived (2 minute) cli token + token = await GenerateToken(secret, { consumer: "cli" }, new Date().getTime() + 120_000) - // Send api request - const apiBaseUrl = `http://${configuration.api?.hostname || DEFAULT_REST_API_HOSTNAME}:${port}` - client = new RestClient(apiBaseUrl, token!) + // Send api request + const apiBaseUrl = `http://${configuration.api?.hostname || DEFAULT_REST_API_HOSTNAME}:${port}` + client = new RestClient(apiBaseUrl, token!) + } catch (_e) { + /* Ignore */ + } } /** diff --git a/lib/common/prop.ts b/lib/common/prop.ts index d060d0d..7174894 100644 --- a/lib/common/prop.ts +++ b/lib/common/prop.ts @@ -46,6 +46,7 @@ export class Prop { */ async generate(generatorFn: PropGenerator): Promise { const resultString = await generatorFn() + this.cache = resultString await writeFile(this.path, resultString, { mode: this.filePermissions }) return resultString } diff --git a/lib/core/pup.ts b/lib/core/pup.ts index 72dc0c7..b1ea62c 100644 --- a/lib/core/pup.ts +++ b/lib/core/pup.ts @@ -9,7 +9,6 @@ import { type Configuration, DEFAULT_INTERNAL_LOG_HOURS, DEFAULT_SECRET_FILE_PERMISSIONS, - DEFAULT_SECRET_LENGTH_BYTES, type GlobalLoggerConfiguration, MAINTENANCE_INTERVAL_MS, type ProcessConfiguration, @@ -27,7 +26,6 @@ import { Prop } from "../common/prop.ts" import { TelemetryData } from "../../telemetry.ts" import { rm } from "@cross/fs" import { findFreePort } from "../common/port.ts" -import { encodeBase64 } from "@std/encoding/base64" interface InstructionResponse { success: boolean @@ -290,12 +288,7 @@ class Pup { * @private */ private api = async () => { - // deno-lint-ignore require-await - const secret = await this.secret?.loadOrGenerate(async () => { - const secretArray = new Uint8Array(DEFAULT_SECRET_LENGTH_BYTES) - crypto.getRandomValues(secretArray) - return encodeBase64(secretArray) - }) + const secret = await this.secret?.load() if (!secret) return const port = await this.port?.loadOrGenerate(async () => { diff --git a/versions.json b/versions.json index 03970ea..733467f 100644 --- a/versions.json +++ b/versions.json @@ -2,6 +2,20 @@ "canary_url": "https://raw.githubusercontent.com/Hexagon/pup/main/pup.ts", "stable": [], "prerelease": [ + { + "version": "1.0.0-rc.28", + "url": "jsr:@pup/pup@1.0.0-rc.28", + "deno": null, + "deno_unstable": "1.42.0", + "default_permissions": [ + "--allow-env", + "--allow-read", + "--allow-write", + "--allow-sys=loadavg,systemMemoryInfo,osUptime,osRelease,uid,gid", + "--allow-net", + "--allow-run" + ] + }, { "version": "1.0.0-rc.27", "url": "jsr:@pup/pup@1.0.0-rc.27",