Use random secret for logs channel

2025-05-07 03:18:12 +00:00 · 2015-10-28 20:02:00 -03:00 · 2015-10-28 20:02:00 -03:00 · b08a028d69
commit b08a028d69
parent 605d72cbdc
5 changed files with 26 additions and 22 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,5 @@
 * Use random name for PubNub channel and report to API [Pablo]
 # v1.2.0
 * Don't bind mount (the sometimes non-existent) docker.sock [Pablo]
--- a/src/api.coffee
+++ b/src/api.coffee
@ -13,7 +13,7 @@ module.exports = (application) ->
 	api = express()
 	api.use(bodyParser())
 	api.use (req, res, next) ->
-		utils.getOrGenerateApiSecret()
+		utils.getOrGenerateSecret('apiSecret')
 		.then (secret) ->
 			if req.query.apikey is secret
 				next()
@ -129,9 +129,9 @@ module.exports = (application) ->
 	# Expires the supervisor's API key and generates a new one.
 	# It also communicates the new key to the Resin API.
 	api.post '/v1/regenerate-api-key', (req, res) ->
-		utils.newApiSecret()
+		utils.newSecret('apiSecret')
 		.then (secret) ->
-			device.updateState(apikey: secret)
+			device.updateState(api_secret: secret)
 			res.status(200).send(secret)
 		.catch (err) ->
 			res.status(503).send(err?.message or err or 'Unknown error')
--- a/src/app.coffee
+++ b/src/app.coffee
@ -14,12 +14,12 @@ knex.init.then ->
 	console.log('Starting connectivity check..')
 	utils.connectivityCheck()
-	Promise.join bootstrap.startBootstrapping(), utils.getOrGenerateApiSecret(), (uuid, secret) ->
+	Promise.join bootstrap.startBootstrapping(), utils.getOrGenerateSecret('apiSecret'), utils.getOrGenerateSecret('logsChannel'), (uuid, secret, logsChannel) ->
 		# Persist the uuid in subsequent metrics
 		utils.mixpanelProperties.uuid = uuid
 		api = require './api'
-		application = require('./application')(uuid)
+		application = require('./application')(logsChannel)
 		device = require './device'
 		bootstrap.done
@ -35,6 +35,7 @@ knex.init.then ->
 				provisioning_progress: null
 				provisioning_state: ''
 				download_progress: null
 				logs_channel: logsChannel
 			)
 		console.log('Starting Apps..')
--- a/src/application.coffee
+++ b/src/application.coffee
@ -508,10 +508,10 @@ application.initialize = ->
 		application.poll()
 		application.update()
-module.exports = (uuid) ->
+module.exports = (logsChannel) ->
 	logger.init(
 		dockerSocket: config.dockerSocket
 		pubnub: config.pubnub
-		channel: "device-#{uuid}-logs"
+		channel: "device-#{logsChannel}-logs"
 	)
 	return application
--- a/src/utils.coffee
+++ b/src/utils.coffee
@ -102,27 +102,28 @@ exports.connectivityCheck = _.once ->
 				blink.pattern.start(networkPattern)
-apiSecretPromise = null
+secretPromises = {}
-generateApiSecret = ->
+generateSecret = (name) ->
 	Promise.try ->
-		return config.forceApiSecret ? randomHexString.generate()
+		return config.forceApiSecret if name == 'apiSecret' && config.forceApiSecret?
 		return randomHexString.generate()
 	.then (newSecret) ->
-		secretInDB = { key: 'apiSecret', value: newSecret }
+		secretInDB = { key: name, value: newSecret }
-		knex('config').update(secretInDB).where(key: 'apiSecret')
+		knex('config').update(secretInDB).where(key: name)
 		.then (affectedRows) ->
 			knex('config').insert(secretInDB) if affectedRows == 0
 		.return(newSecret)
-exports.newApiSecret = newApiSecret = ->
+exports.newSecret = newSecret = (name) ->
-	apiSecretPromise ?= Promise.resolve()
+	secretPromises[name] ?= Promise.resolve()
-	apiSecretPromise = apiSecretPromise.then ->
+	secretPromises[name] = secretPromises[name].then ->
-		generateApiSecret()
+		generateSecret(name)
-exports.getOrGenerateApiSecret = ->
+exports.getOrGenerateSecret = (name) ->
-	apiSecretPromise ?= knex('config').select('value').where(key: 'apiSecret').then ([ apiSecret ]) ->
+	secretPromises[name] ?= knex('config').select('value').where(key: name).then ([ secret ]) ->
-		return apiSecret.value if apiSecret?
+		return secret.value if secret?
-		generateApiSecret()
+		generateSecret(name)
-	return apiSecretPromise
+	return secretPromises[name]
 exports.extendEnvVars = (env, uuid) ->
 	host = '127.0.0.1'
@ -131,7 +132,7 @@ exports.extendEnvVars = (env, uuid) ->
 		RESIN_SUPERVISOR_ADDRESS: "http://#{host}:#{config.listenPort}"
 		RESIN_SUPERVISOR_HOST: host
 		RESIN_SUPERVISOR_PORT: config.listenPort
-		RESIN_SUPERVISOR_API_KEY: exports.getOrGenerateApiSecret()
+		RESIN_SUPERVISOR_API_KEY: exports.getOrGenerateSecret('apiSecret')
 		RESIN_SUPERVISOR_VERSION: exports.supervisorVersion
 		RESIN: '1'
 		USER: 'root'