anonymous localstack

Author: cnuss

.openapis

@@ -6,5 +6,5 @@
 # This file is *safe* to add to source control and will increase the speed of builds
 ---
 - serviceName: auth-sls-rest-api
-  version: 1.0.1-5
+  version: 1.0.1-6
 

package.json

@@ -26,6 +26,7 @@
     "@types/dotenv": "^8.2.0",
     "@types/express": "^4.17.11",
     "@types/node": "14",
+    "@types/seedrandom": "^3.0.2",
     "@typescript-eslint/eslint-plugin": "^4.29.3",
     "@typescript-eslint/parser": "^4.29.3",
     "cross-env": "^7.0.3",
@@ -58,7 +59,8 @@
     "joi": "^17.4.0",
     "joi-to-typescript": "^1.12.0",
     "moment": "^2.29.1",
+    "seedrandom": "^3.0.5",
     "tsoa": "^3.8.0",
     "ulid": "^2.3.0"
   }
-}
+}

src/services/GithubService.ts

@@ -4,6 +4,7 @@ import { TerraformError } from '../interfaces/errors';
 import { Identity } from '../models/interfaces';
 import crypto from 'crypto';
 import { IdentityModel } from '../models/IdentityModel';
+import seedrandom from 'seedrandom';
 
 export type IdentityWithToken = Identity & {
   token: string;
@@ -44,6 +45,12 @@ export class GithubService {
     const decoded = Buffer.from(token, 'base64').toString('utf8');
 
     const [username, password] = decoded.split(':');
+
+    // Unauthenticated state storage for localstack
+    if (username === 'localstack' && password === 'localstack') {
+      return this.inferLocalstackIdentity();
+    }
+
     let owner: string | undefined;
     let repo: string | undefined;
     let workspace: string | undefined;
@@ -205,4 +212,33 @@ export class GithubService {
       `Unable to determine owner and/or repository from token privileges. Ensure \`username\` is in the format of \`{owner}/{repository}\`, and the provided \`password\` (a GitHub token) has access to that repository.`,
     );
   };
+
+  // TODO: support 'who' from State Lock Request
+  private inferLocalstackIdentity = (who = 'unknown@unknown'): IdentityWithToken => {
+    const tokenSha = crypto.createHash('sha256').update(who).digest().toString('base64');
+
+    const [username, host] = who.split('@');
+    if (!username || !host) {
+      throw new Error(`Invalid format for \`Who\` on state lock request`);
+    }
+
+    // Set IDs as negative so they're clearly out of valid range
+    const ownerId = seedrandom(host).int32() * -1;
+    const repoId = seedrandom(username).int32() * -1;
+
+    return {
+      pk: IdentityModel.prefix('pk', tokenSha),
+      sk: IdentityModel.prefix('sk'),
+      owner: host,
+      ownerId,
+      repo: username,
+      repoId,
+      token: who,
+      tokenSha: tokenSha,
+      workspace: 'default',
+      meta: {
+        name: 'localstack',
+      },
+    };
+  };
 }

src/services/StateService.ts

@@ -83,12 +83,6 @@ export class StateService {
   };
 
   public getState = async (identity: IdentityWithToken): Promise<any> => {
-    console.log(`!!! pk search`, StateModel.prefix('pk', identity.ownerId));
-    console.log(
-      `!!! sk search`,
-      StateModel.prefix('sk', `${identity.repoId}_${identity.workspace}`),
-    );
-
     const state = await this.stateModel.model.get(
       StateModel.prefix('pk', identity.ownerId),
       StateModel.prefix('sk', `${identity.repoId}_${identity.workspace}`),
@@ -111,8 +105,6 @@ export class StateService {
     const s3 = await S3();
     const download = await s3.getObject({ Bucket: s3Meta.bucket, Key: s3Meta.key }).promise();
 
-    console.log(`!!! download`, download);
-
     const { Body } = download;
 
     if (!Body) {

yarn.lock

@@ -2382,6 +2382,11 @@
   resolved "https://registry.yarnpkg.com/@types/retry/-/retry-0.12.1.tgz#d8f1c0d0dc23afad6dc16a9e993a0865774b4065"
   integrity sha512-xoDlM2S4ortawSWORYqsdU+2rxdh4LRW9ytc3zmT37RIKQh6IHyKwwtKhKis9ah8ol07DCkZxPt8BBvPjC6v4g==
 
+"@types/seedrandom@^3.0.2":
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/@types/seedrandom/-/seedrandom-3.0.2.tgz#7f30db28221067a90b02e73ffd46b6685b18df1a"
+  integrity sha512-YPLqEOo0/X8JU3rdiq+RgUKtQhQtrppE766y7vMTu8dGML7TVtZNiiiaC/hhU9Zqw9UYopXxhuWWENclMVBwKQ==
+
 "@types/serve-static@*":
   version "1.13.10"
   resolved "https://registry.yarnpkg.com/@types/serve-static/-/serve-static-1.13.10.tgz#f5e0ce8797d2d7cc5ebeda48a52c96c4fa47a8d9"
@@ -10634,6 +10639,11 @@ schema-utils@^3.0.0:
     ajv "^6.12.5"
     ajv-keywords "^3.5.2"
 
+seedrandom@^3.0.5:
+  version "3.0.5"
+  resolved "https://registry.yarnpkg.com/seedrandom/-/seedrandom-3.0.5.tgz#54edc85c95222525b0c7a6f6b3543d8e0b3aa0a7"
+  integrity sha512-8OwmbklUNzwezjGInmZ+2clQmExQPvomqjL7LFqOYqtmuxRgQYqOD3mHaU+MvZn5FLUeVxVfQjwLZW/n/JFuqg==
+
 seek-bzip@^1.0.5:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/seek-bzip/-/seek-bzip-1.0.6.tgz#35c4171f55a680916b52a07859ecf3b5857f21c4"