From 3327e87060ae5d96c4bda3e64c023ab7b697d394 Mon Sep 17 00:00:00 2001 From: seferturan Date: Tue, 11 Feb 2025 22:30:48 +0100 Subject: [PATCH] chore: remove insecurity --- .github/workflows/ci.yml | 2 ++ INFRASTRUCTURE.md | 1 - README.md | 2 -- .../client/.scripts/generate-insecurity.ts | 24 -------------- projects/client/package.json | 3 +- .../lib/features/auth/utils/encrypt.spec.ts | 33 ------------------- .../src/lib/features/auth/utils/encrypt.ts | 16 --------- 7 files changed, 3 insertions(+), 78 deletions(-) delete mode 100644 projects/client/.scripts/generate-insecurity.ts delete mode 100644 projects/client/src/lib/features/auth/utils/encrypt.spec.ts delete mode 100644 projects/client/src/lib/features/auth/utils/encrypt.ts diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d94590c0d..ef7397426 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -94,6 +94,7 @@ jobs: run: 'deno task build:preview' env: TRAKT_CLIENT_ID: ${{ secrets.TRAKT_CLIENT_ID }} + TRAKT_SESSION_SECRET: ${{ secrets.TRAKT_SESSION_SECRET }} - name: Witnessing the Premonition ake Run Preview working-directory: projects/client @@ -163,6 +164,7 @@ jobs: FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }} FIREBASE_MEASUREMENT_ID: ${{ secrets.FIREBASE_MEASUREMENT_ID }} FIREBASE_MESSAGING_SENDER_ID: ${{ secrets.FIREBASE_MESSAGING_SENDER_ID }} + TRAKT_SESSION_SECRET: ${{ secrets.TRAKT_SESSION_SECRET }} - name: Delivering the Goods aka Upload Build if: github.ref == 'refs/heads/main' diff --git a/INFRASTRUCTURE.md b/INFRASTRUCTURE.md index 78bf0a9f9..fa48e1b71 100644 --- a/INFRASTRUCTURE.md +++ b/INFRASTRUCTURE.md @@ -45,7 +45,6 @@ intone the following incantation: # This is required if the secrets are not already set or have changed echo "$TRAKT_CLIENT_ID" | npx wrangler pages secret put TRAKT_CLIENT_ID echo "$TRAKT_CLIENT_SECRET" | npx wrangler pages secret put TRAKT_CLIENT_SECRET -echo "$TRAKT_SESSION_SECRET" | npx wrangler pages secret put TRAKT_SESSION_SECRET # This will build the client and deploy it to Cloudflare Pages [deno|npm|bun] task build && npx wrangler pages deploy diff --git a/README.md b/README.md index 5c4ca99ff..fd82bd894 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,6 @@ properly: - **`TRAKT_CLIENT_ID`:** The client ID for the Trakt API. - **`TRAKT_CLIENT_SECRET`:** The client secret for the Trakt API. - Required for the `playground` project. -- **`TRAKT_SESSION_SECRET`:** The session encryption secret for the Trakt API. - - `deno task insecurity:generate` ### External Contribution - Unleash Your Inner Code Wizard! diff --git a/projects/client/.scripts/generate-insecurity.ts b/projects/client/.scripts/generate-insecurity.ts deleted file mode 100644 index c1a04a6f4..000000000 --- a/projects/client/.scripts/generate-insecurity.ts +++ /dev/null @@ -1,24 +0,0 @@ -/** - * DOCS: https://docs.deno.com/examples/aes_encryption/ - */ -export async function generateKey() { - return await crypto.subtle.generateKey( - { - name: 'AES-GCM', - length: 256, - }, - true, - ['encrypt', 'decrypt'], - ); -} - -async function toBase64(key: CryptoKey) { - const exported = await crypto.subtle.exportKey('raw', key); - return btoa(String.fromCharCode(...new Uint8Array(exported))); -} - -if (import.meta.main) { - const key = await generateKey(); - const base64Key = await toBase64(key); - console.log(`export TRAKT_SESSION_SECRET='${base64Key}'`); -} diff --git a/projects/client/package.json b/projects/client/package.json index a5be89be9..6eea4b4db 100644 --- a/projects/client/package.json +++ b/projects/client/package.json @@ -18,8 +18,7 @@ "i18n:resolve": "deno run --allow-read --allow-write .scripts/resolve-i18n.ts", "i18n:traktify": "deno run --allow-read --allow-write --allow-net --allow-env .scripts/traktify-i18n.ts", "i18n:delete": "deno run --allow-read --allow-write --allow-env .scripts/delete-i18n.ts", - "cloudflare:cleanse": "deno run --allow-env --allow-net .scripts/cleanse-cloudflare.ts", - "insecurity:generate": "deno run .scripts/generate-insecurity.ts" + "cloudflare:cleanse": "deno run --allow-env --allow-net .scripts/cleanse-cloudflare.ts" }, "devDependencies": { "@cucumber/cucumber": "^11.2.0", diff --git a/projects/client/src/lib/features/auth/utils/encrypt.spec.ts b/projects/client/src/lib/features/auth/utils/encrypt.spec.ts deleted file mode 100644 index 78903fb74..000000000 --- a/projects/client/src/lib/features/auth/utils/encrypt.spec.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { AuthMappedMock } from '$mocks/data/auth/AuthMappedMock.ts'; -import { EncryptedAuthMock } from '$mocks/data/auth/EncryptedAuthMock.ts'; -import { encryptionKeyMock } from '$mocks/data/auth/encryptionKeyMock.ts'; -import { describe, expect, it } from 'vitest'; -import { encrypt } from './encrypt.ts'; - -describe('utils: encrypt', () => { - it('should encrypt', async () => { - const testCryptoKey = await encryptionKeyMock(); - const encryptedData = await encrypt(testCryptoKey, AuthMappedMock); - - expect(encryptedData).toEqual(EncryptedAuthMock); - }); - - it('should result in different results for different keys', async () => { - const keys = await Promise.all( - Array.from({ length: 5 }, () => - crypto.subtle.generateKey( - { - name: 'AES-GCM', - length: 256, - }, - true, - ['encrypt'], - )), - ); - - const results = await Promise.all( - keys.map((key) => encrypt(key, EncryptedAuthMock)), - ); - expect(new Set(results).size).toBe(results.length); - }); -}); diff --git a/projects/client/src/lib/features/auth/utils/encrypt.ts b/projects/client/src/lib/features/auth/utils/encrypt.ts deleted file mode 100644 index 7af83a7ed..000000000 --- a/projects/client/src/lib/features/auth/utils/encrypt.ts +++ /dev/null @@ -1,16 +0,0 @@ -export async function encrypt( - key: CryptoKey, - data: T, -): Promise { - const jsonString = JSON.stringify(data); - const encryptedBuffer = await crypto.subtle.encrypt( - { - name: 'AES-GCM', - iv: new Uint8Array(12), - }, - key, - new TextEncoder().encode(jsonString), - ); - - return btoa(String.fromCharCode(...new Uint8Array(encryptedBuffer))); -}