diff --git a/apps/core/lib/core/services/cloud/scram.ex b/apps/core/lib/core/services/cloud/scram.ex new file mode 100644 index 000000000..2f8694590 --- /dev/null +++ b/apps/core/lib/core/services/cloud/scram.ex @@ -0,0 +1,15 @@ +defmodule Core.Services.Cloud.Scram do + alias Plug.Crypto.KeyGenerator + @salt_size 16 + @digest_len 32 + @iterations 4096 + + def encrypt(pwd) do + salt = :crypto.strong_rand_bytes(@salt_size) + pbkdf = KeyGenerator.generate(pwd, salt, iterations: @iterations, length: @digest_len) + client = :crypto.mac(:hmac, :sha256, pbkdf, "Client Key") + stored = :crypto.hash(:sha256, client) + server = :crypto.mac(:hmac, :sha256, pbkdf, "Server Key") + "SCRAM-SHA-256$#{@iterations}:#{Base.encode64(salt)}$#{Base.encode64(stored)}:#{Base.encode64(server)}" + end +end diff --git a/apps/core/lib/core/services/cloud/workflow/shared.ex b/apps/core/lib/core/services/cloud/workflow/shared.ex index 2732f4416..0d48f93d4 100644 --- a/apps/core/lib/core/services/cloud/workflow/shared.ex +++ b/apps/core/lib/core/services/cloud/workflow/shared.ex @@ -4,7 +4,7 @@ defmodule Core.Services.Cloud.Workflow.Shared do alias Core.Clients.Console alias Core.Services.{Cloud, Users} - alias Core.Services.Cloud.{Poller, Configuration} + alias Core.Services.Cloud.{Poller, Configuration, Scram} alias Core.Schema.{ConsoleInstance, PostgresCluster, User} alias Core.Repo @@ -12,6 +12,17 @@ defmodule Core.Services.Cloud.Workflow.Shared do @behaviour Core.Services.Cloud.Workflow + @table """ + CREATE TABLE IF NOT EXISTS console_users ( + usename VARCHAR(255) NOT NULL PRIMARY KEY, + passwd VARCHAR(500) NOT NULL + ) + """ + + @user_insert """ + INSERT INTO console_users (usename, passwd) values ($1, $2) ON CONFLICT (usename) DO UPDATE SET passwd = EXCLUDED.passwd + """ + def sync(%ConsoleInstance{external_id: id} = instance) when is_binary(id) do instance = Repo.preload(instance, [:cluster, :postgres]) Console.update_service(console(), id, %{ @@ -42,6 +53,8 @@ defmodule Core.Services.Cloud.Workflow.Shared do with {:ok, pid} <- connect(pg), {:ok, _} <- Postgrex.query(pid, "CREATE DATABASE #{conf.database}", []), {:ok, _} <- Postgrex.transaction(pid, fn conn -> + Postgrex.query!(conn, @table, []) + Postgrex.query!(conn, @user_insert, [conf.dbuser, Scram.encrypt(conf.dbpassword)]) Postgrex.query!(conn, "CREATE USER #{conf.dbuser} WITH PASSWORD '#{conf.dbpassword}'", []) Postgrex.query!(conn, "GRANT ALL ON DATABASE #{conf.database} TO #{conf.dbuser}", []) end) do diff --git a/apps/core/mix.exs b/apps/core/mix.exs index ea613ca7d..8def18bed 100644 --- a/apps/core/mix.exs +++ b/apps/core/mix.exs @@ -92,6 +92,7 @@ defmodule Core.MixProject do {:mojito, "~> 0.7.0"}, {:nebulex, "== 2.4.2"}, {:castore, "~> 0.1.7"}, + {:plug_crypto, "~> 1.2"}, {:req, "~> 0.4.14", override: true}, {:mint, "~> 1.4.0", override: true}, {:finch, "~> 0.17.0", override: true}, diff --git a/apps/worker/lib/worker/conduit/subscribers/cloud.ex b/apps/worker/lib/worker/conduit/subscribers/cloud.ex index 12ac4cbed..343fd9117 100644 --- a/apps/worker/lib/worker/conduit/subscribers/cloud.ex +++ b/apps/worker/lib/worker/conduit/subscribers/cloud.ex @@ -2,8 +2,10 @@ defmodule Worker.Conduit.Subscribers.Cloud do use Worker.Conduit.Subscribers.Base alias Core.Services.Cloud.Workflow alias Core.PubSub + require Logger def process(%Conduit.Message{body: body} = msg, _) do + Logger.info "handling #{body.__struct__} for #{body.item.name}" case handle(body) do {:ok, _} -> ack(msg) _ -> nack(msg)