From 926e7888e001ae4315208954874d40ff0aa12b1f Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 27 Aug 2020 16:57:39 -0700 Subject: [PATCH] Fixed --recordencryptionrecode when used with NeDB, added mesh record encryption. --- db.js | 17 ++++++++++++++--- meshcentral-config-schema.json | 4 ++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/db.js b/db.js index 11185d74..ae71de12 100644 --- a/db.js +++ b/db.js @@ -244,7 +244,15 @@ module.exports.CreateDB = function (parent, func) { if (err == null) { for (var i in docs) { count++; obj.Set(docs[i]); } } obj.GetAllType('node', function (err, docs) { if (err == null) { for (var i in docs) { count++; obj.Set(docs[i]); } } - func(count); + obj.GetAllType('mesh', function (err, docs) { + if (err == null) { for (var i in docs) { count++; obj.Set(docs[i]); } } + if (obj.databaseType == 1) { // If we are using NeDB, compact the database. + obj.file.persistence.compactDatafile(); + obj.file.on('compaction.done', function () { func(count); }); // It's important to wait for compaction to finish before exit, otherwise NeDB may corrupt. + } else { + func(count); // For all other databases, normal exit. + } + }); }); }); } @@ -257,6 +265,8 @@ module.exports.CreateDB = function (parent, func) { data[i] = performPartialRecordDecrypt(data[i]); } else if ((data[i].type == 'node') && (data[i].intelamt != null)) { data[i].intelamt = performPartialRecordDecrypt(data[i].intelamt); + } else if ((data[i].type == 'mesh') && (data[i].amt != null)) { + data[i].amt = performPartialRecordDecrypt(data[i].amt); } } return data; @@ -267,6 +277,7 @@ module.exports.CreateDB = function (parent, func) { if (obj.dbRecordsEncryptKey == null) return data; if (data.type == 'user') { return performPartialRecordEncrypt(Clone(data), ['otpkeys', 'otphkeys', 'otpsecret', 'salt', 'hash', 'oldpasswords']); } else if ((data.type == 'node') && (data.intelamt != null)) { var xdata = Clone(data); xdata.intelamt = performPartialRecordEncrypt(xdata.intelamt, ['user', 'pass']); return xdata; } + else if ((data.type == 'mesh') && (data.amt != null)) { var xdata = Clone(data); xdata.amt = performPartialRecordEncrypt(xdata.amt, ['password']); return xdata; } return data; } @@ -329,13 +340,13 @@ module.exports.CreateDB = function (parent, func) { // If a DB record encryption key is provided, perform database record encryption if ((typeof parent.args.dbrecordsencryptkey == 'string') && (parent.args.dbrecordsencryptkey.length != 0)) { // Hash the database password into a AES256 key and setup encryption and decryption. - obj.dbRecordsEncryptKey = obj.dbRecordsDecryptKey = parent.crypto.createHash('sha384').update(parent.args.dbrecordsencryptkey).digest("raw").slice(0, 32); + obj.dbRecordsEncryptKey = obj.dbRecordsDecryptKey = parent.crypto.createHash('sha384').update(parent.args.dbrecordsencryptkey).digest('raw').slice(0, 32); } // If a DB record decryption key is provided, perform database record decryption if ((typeof parent.args.dbrecordsdecryptkey == 'string') && (parent.args.dbrecordsdecryptkey.length != 0)) { // Hash the database password into a AES256 key and setup encryption and decryption. - obj.dbRecordsDecryptKey = parent.crypto.createHash('sha384').update(parent.args.dbrecordsdecryptkey).digest("raw").slice(0, 32); + obj.dbRecordsDecryptKey = parent.crypto.createHash('sha384').update(parent.args.dbrecordsdecryptkey).digest('raw').slice(0, 32); } if (parent.args.mariadb || parent.args.mysql) { diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 8d075d8b..8809567f 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -18,8 +18,8 @@ "sessionKey": { "type": "string" }, "sessionSameSite": { "type": "string" }, "dbEncryptKey": { "type": "string" }, - "dbRecordsEncryptKey": { "type": "string" }, - "dbRecordsDecryptKey": { "type": "string" }, + "dbRecordsEncryptKey": { "type": "string", "default": null }, + "dbRecordsDecryptKey": { "type": "string", "default": null }, "dbExpire": { "type": "object", "properties": {