add api key code and oidc auto provision code

2025-07-10 14:04:51 +02:00 · 2025-04-28 21:14:09 -04:00 · 2025-04-28 21:14:09 -04:00 · 599d0a52bf
commit 599d0a52bf
parent 4819f410e6
84 changed files with 7021 additions and 151 deletions
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@ -60,6 +60,10 @@ const configSchema = z.object({
            }
        ),
    server: z.object({
+        integration_port: portSchema
+            .optional()
+            .transform(stoi)
+            .pipe(portSchema.optional()),
        external_port: portSchema.optional().transform(stoi).pipe(portSchema),
        internal_port: portSchema.optional().transform(stoi).pipe(portSchema),
        next_port: portSchema.optional().transform(stoi).pipe(portSchema),
@ -96,14 +100,7 @@ const configSchema = z.object({
            .string()
            .optional()
            .transform(getEnvOrYaml("SERVER_SECRET"))
-            .pipe(
-                z
-                    .string()
-                    .min(
-                        32,
-                        "SERVER_SECRET must be at least 32 characters long"
-                    )
-            )
+            .pipe(z.string().min(8))
    }),
    traefik: z.object({
        http_entrypoint: z.string(),
@ -267,6 +264,8 @@ export class Config {
            : "false";
        process.env.DASHBOARD_URL = parsedConfig.data.app.dashboard_url;

+        license.setServerSecret(parsedConfig.data.server.secret);
+
        this.checkKeyStatus();

        this.rawConfig = parsedConfig.data;
@ -274,7 +273,6 @@ export class Config {

    private async checkKeyStatus() {
        const licenseStatus = await license.check();
-        console.log("License status", licenseStatus);
        if (!licenseStatus.isHostLicensed) {
            this.checkSupporterKey();
        }
--- a/server/lib/crypto.ts
+++ b/server/lib/crypto.ts
@ -1,40 +1,12 @@
-import * as crypto from "crypto";
-
-const ALGORITHM = "aes-256-gcm";
+import CryptoJS from "crypto-js";

 export function encrypt(value: string, key: string): string {
-    const iv = crypto.randomBytes(12);
-    const keyBuffer = Buffer.from(key, "base64"); // assuming base64 input
-
-    const cipher = crypto.createCipheriv(ALGORITHM, keyBuffer, iv);
-
-    const encrypted = Buffer.concat([
-        cipher.update(value, "utf8"),
-        cipher.final()
-    ]);
-    const authTag = cipher.getAuthTag();
-
-    return [
-        iv.toString("base64"),
-        encrypted.toString("base64"),
-        authTag.toString("base64")
-    ].join(":");
+    const ciphertext = CryptoJS.AES.encrypt(value, key).toString();
+    return ciphertext;
 }

 export function decrypt(encryptedValue: string, key: string): string {
-    const [ivB64, encryptedB64, authTagB64] = encryptedValue.split(":");
-
-    const iv = Buffer.from(ivB64, "base64");
-    const encrypted = Buffer.from(encryptedB64, "base64");
-    const authTag = Buffer.from(authTagB64, "base64");
-    const keyBuffer = Buffer.from(key, "base64");
-
-    const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv);
-    decipher.setAuthTag(authTag);
-
-    const decrypted = Buffer.concat([
-        decipher.update(encrypted),
-        decipher.final()
-    ]);
-    return decrypted.toString("utf8");
+    const bytes = CryptoJS.AES.decrypt(encryptedValue, key);
+    const originalText = bytes.toString(CryptoJS.enc.Utf8);
+    return originalText;
 }