Disable secret creation if no secret key

diggerhq · Aug 2, 2024 · 22f617a · 22f617a
1 parent 890e49b
commit 22f617a
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 20 deletions.
diff --git a/...-pages)/(application-pages)/project/[projectSlug]/(specific-project-pages)/TFVarTable.tsx b/...-pages)/(application-pages)/project/[projectSlug]/(specific-project-pages)/TFVarTable.tsx
@@ -9,13 +9,14 @@ import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@
 import { Separator } from "@/components/ui/separator";
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/components/ui/table";
 import { Textarea } from "@/components/ui/textarea";
+import { getProjectPublicKey } from "@/data/admin/env-vars";
 import { tfvarsOnBulkUpdate, tfvarsOnDelete, tfvarsOnUpdate } from "@/data/user/tfvars";
 import { EnvVar } from "@/types/userTypes";
 import { motion } from 'framer-motion';
 import { Copy, Edit, LockKeyhole, Plus, Save, Trash, Unlock } from 'lucide-react';
 import moment from 'moment';
 import { useRouter } from 'next/navigation';
-import { useState } from 'react';
+import { useEffect, useState } from 'react';
 import { toast } from 'sonner';
 
 type TFVarTableProps = {
@@ -57,8 +58,17 @@ export default function TFVarTable({ projectId, envVars }: TFVarTableProps) {
     const [bulkEditValue, setBulkEditValue] = useState<string>('');
     const [isLoading, setIsLoading] = useState(false);
     const [showAddForm, setShowAddForm] = useState(false);
+    const [canCreateSecrets, setCanCreateSecrets] = useState(true);
     const router = useRouter();
 
+    useEffect(() => {
+        getProjectPublicKey(projectId).then(key => {
+            if (!key) {
+                setCanCreateSecrets(false);
+            }
+        })
+    });
+
     const handleEdit = (envVar: EnvVar) => {
         setEditingVar({
             originalName: envVar.name,
@@ -313,7 +323,7 @@ export default function TFVarTable({ projectId, envVars }: TFVarTableProps) {
                                 </SelectTrigger>
                                 <SelectContent>
                                     <SelectItem value="plain_text">Plain Text</SelectItem>
-                                    <SelectItem value="secret">Secret</SelectItem>
+                                    <SelectItem value="secret" disabled={!canCreateSecrets}>Secret</SelectItem>
                                 </SelectContent>
                             </Select>
                         </div>

diff --git a/...pages)/(application-pages)/project/[projectSlug]/(specific-project-pages)/tfvars/page.tsx b/...pages)/(application-pages)/project/[projectSlug]/(specific-project-pages)/tfvars/page.tsx
@@ -21,13 +21,6 @@ export default async function TFVarsPage({ params }: { params: unknown }) {
     const { projectSlug } = projectSlugParamSchema.parse(params);
     const project = await getSlimProjectBySlug(projectSlug);
 
-    const MASTER_PASSWORD = process.env.MASTER_PASSWORD;
-    const ENCRYPTION_SALT = process.env.ENCRYPTION_SALT;
-
-    if (!MASTER_PASSWORD || !ENCRYPTION_SALT) {
-        throw new Error('MASTER_PASSWORD or ENCRYPTION_SALT is not set');
-    }
-
     const envVars = await getAllEnvVars(project.id);
 
     return (

diff --git a/src/data/admin/env-vars.ts b/src/data/admin/env-vars.ts
@@ -1,3 +1,5 @@
+'use server';
+
 import { supabaseAdminClient } from '@/supabase-clients/admin/supabaseAdminClient';
 import { EnvVar } from '@/types/userTypes';
 import { constants, publicEncrypt } from 'crypto';
@@ -6,17 +8,7 @@ export async function encryptSecretWithPublicKey(
   text: string,
   projectId: string,
 ): Promise<string> {
-  const { data: orgData } = await supabaseAdminClient
-    .from('projects')
-    .select('organization_id')
-    .eq('id', projectId)
-    .single();
-  const { data: publicKeyData } = await supabaseAdminClient
-    .from('organizations')
-    .select('public_key')
-    .eq('id', orgData?.organization_id || '')
-    .single();
-  const publicKey = publicKeyData?.public_key;
+  const publicKey = await getProjectPublicKey(projectId);
   if (!publicKey) {
     console.error('No secrets key in the org');
     throw new Error('No secrets key in the org');
@@ -33,6 +25,26 @@ export async function encryptSecretWithPublicKey(
   return encrypted.toString('base64');
 }
 
+export async function getProjectPublicKey(
+  projectId: string,
+): Promise<string | null> {
+  const { data: orgData } = await supabaseAdminClient
+    .from('projects')
+    .select('organization_id')
+    .eq('id', projectId)
+    .single();
+  const { data: publicKeyData } = await supabaseAdminClient
+    .from('organizations')
+    .select('public_key')
+    .eq('id', orgData?.organization_id || '')
+    .single();
+  if (publicKeyData?.public_key) {
+    return publicKeyData.public_key;
+  } else {
+    return null;
+  }
+}
+
 export async function storeEnvVar(
   projectId: string,
   name: string,