Polykey/src/client/handlers/VaultsSecretsEnv.ts at c8e6dedefaca0f1bea33e74af8d844da81ed7940 · MatrixAI/Polykey · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import type { ContextTimed } from '@matrixai/contexts';
import type { DB } from '@matrixai/db';
import type { JSONValue } from '@matrixai/rpc';
import type {
  ClientRPCRequestParams,
  ClientRPCResponseResult,
  SecretIdentifierMessage,
  SecretContentOrErrorMessage,
} from '../types.js';
import type VaultManager from '../../vaults/VaultManager.js';
import { DuplexHandler } from '@matrixai/rpc';
import * as vaultsUtils from '../../vaults/utils.js';

class VaultsSecretsEnv extends DuplexHandler<
  {
    db: DB;
    vaultManager: VaultManager;
  },
  ClientRPCRequestParams<SecretIdentifierMessage>,
  ClientRPCResponseResult<SecretContentOrErrorMessage>
> {
  public handle = async function* (
    input: AsyncIterableIterator<
      ClientRPCRequestParams<SecretIdentifierMessage>
    >,
    _cancel: (reason?: any) => void,
    _meta: Record<string, JSONValue> | undefined,
    ctx: ContextTimed,
  ): AsyncGenerator<
    ClientRPCResponseResult<SecretContentOrErrorMessage>,
    void,
    void
  > {
    const { db, vaultManager }: { db: DB; vaultManager: VaultManager } =
      this.container;
    return yield* db.withTransactionG(async function* (tran): AsyncGenerator<
      ClientRPCResponseResult<SecretContentOrErrorMessage>,
      void,
      void
    > {
      for await (const secretIdentifierMessage of input) {
        const { nameOrId, secretName } = secretIdentifierMessage;
        const vaultIdFromName = await vaultManager.getVaultId(nameOrId, tran);
        const vaultId = vaultIdFromName ?? vaultsUtils.decodeVaultId(nameOrId);
        if (vaultId == null) {
          yield {
            type: 'ErrorMessage',
            code: 'EINVAL',
            reason: `Vault "${nameOrId}" does not exist`,
            data: { secretName: undefined, nameOrId },
          };
          continue;
        }
        yield* vaultManager.withVaultsG(
          [vaultId],
          async function* (
            vault,
          ): AsyncGenerator<SecretContentOrErrorMessage, void, void> {
            yield* vault.readG(async function* (efs): AsyncGenerator<
              SecretContentOrErrorMessage,
              void,
              void
            > {
              try {
                for await (const filePath of vaultsUtils.walkFs(
                  efs,
                  secretName,
                )) {
                  ctx.signal.throwIfAborted();
                  const fileContents = await efs.readFile(filePath);
                  yield {
                    type: 'SuccessMessage',
                    success: true,
                    nameOrId: nameOrId,
                    secretName: filePath,
                    secretContent: fileContents.toString(),
                  };
                }
              } catch (e) {
                if (e.code === 'ENOENT') {
                  yield {
                    type: 'ErrorMessage',
                    code: e.code,
                    reason: `Secret "${secretName}" does not exist`,
                    data: { secretName, nameOrId },
                  };
                } else {
                  throw e;
                }
              }
            });
          },
          tran,
          ctx,
        );
      }
    });
  };
}

export default VaultsSecretsEnv;