[server] use encryption_key for couchbase env as hash is reserved keyword

server/crypto/aes.go

@@ -4,6 +4,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"fmt"
 	"io"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -56,6 +57,7 @@ func DecryptAES(text string) (string, error) {
 func EncryptAESEnv(text []byte) ([]byte, error) {
 	var res []byte
 	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
+	fmt.Println("=> key:", k)
 	if err != nil {
 		return res, err
 	}

server/db/models/env.go

@@ -4,10 +4,11 @@ package models
 
 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
-	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
-	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	Key           string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID            string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData       string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash          string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs.
+	UpdatedAt     int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt     int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }

server/db/providers/couchbase/env.go

@@ -18,6 +18,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
 	env.CreatedAt = time.Now().Unix()
 	env.UpdatedAt = time.Now().Unix()
 	env.Key = env.ID
+	env.EncryptionKey = env.Hash
 
 	insertOpt := gocb.InsertOptions{
 		Context: ctx,
@@ -32,6 +33,7 @@ func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, erro
 // UpdateEnv to update environment information in database
 func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
 	env.UpdatedAt = time.Now().Unix()
+	env.EncryptionKey = env.Hash
 
 	updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env)
 	_, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{
@@ -50,7 +52,7 @@ func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, e
 func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
 	var env models.Env
 
-	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
+	query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		Context:         ctx,
 		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
@@ -63,5 +65,6 @@ func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
 	if err != nil {
 		return env, err
 	}
+	env.Hash = env.EncryptionKey
 	return env, nil
 }

server/db/providers/couchbase/provider.go

@@ -52,9 +52,9 @@ func NewProvider() (*provider, error) {
 	scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName)
 	v := reflect.ValueOf(models.Collections)
 	for i := 0; i < v.NumField(); i++ {
-		field := v.Field(i)
+		collectionName := v.Field(i)
 		user := gocb.CollectionSpec{
-			Name:      field.String(),
+			Name:      collectionName.String(),
 			ScopeName: scopeName,
 		}
 		collectionOpts := gocb.CreateCollectionOptions{
@@ -64,8 +64,11 @@ func NewProvider() (*provider, error) {
 		if err != nil && !errors.Is(err, gocb.ErrCollectionExists) {
 			return nil, err
 		}
-		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, field.String())
-		scope.Query(indexQuery, nil)
+		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String())
+		_, err = scope.Query(indexQuery, nil)
+		if err != nil {
+			fmt.Println("=> err", err, collectionName.String())
+		}
 	}
 
 	indices := GetIndex(scopeIdentifier)
@@ -85,7 +88,6 @@ func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName st
 	settings := gocb.BucketSettings{
 		Name:            bucketName,
 		RAMQuotaMB:      1000,
-		NumReplicas:     1,
 		BucketType:      gocb.CouchbaseBucketType,
 		EvictionPolicy:  gocb.EvictionPolicyTypeValueOnly,
 		FlushEnabled:    true,

server/env/persist_env.go

@@ -3,6 +3,7 @@ package env
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"os"
 	"reflect"
 	"strconv"
@@ -115,6 +116,7 @@ func PersistEnv() error {
 	if err != nil || env.EnvData == "" {
 		// AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid
 		hash := uuid.New().String()[:36-4]
+		fmt.Println("hash:", hash)
 		err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEncryptionKey, hash)
 		if err != nil {
 			log.Debug("Error while updating encryption env variable: ", err)

server/resolvers/admin_signup.go

@@ -67,6 +67,7 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
 	envData, err := crypto.EncryptEnvData(storeData)
 	if err != nil {
 		log.Debug("Failed to encrypt envstore: ", err)
+		fmt.Println("Failed to encrypt envstore: ", err)
 		return res, err
 	}
 

server/test/admin_signup_test.go

@@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) {
 		_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{
 			AdminSecret: "admin123",
 		})
-
 		assert.Nil(t, err)
 	})
 }