Generate database tokens for existing projects

Author: MarceloRGonc

packages/server/api/src/app/database/migrations/1763394159990-AddTablesTokenToProject.ts

@@ -0,0 +1,59 @@
+import { authenticateDefaultUserInOpenOpsTables } from '@openops/common';
+import { encryptUtils } from '@openops/server-shared';
+import { MigrationInterface, QueryRunner } from 'typeorm';
+import { openopsTables } from '../../openops-tables';
+
+export class AddTablesDatabaseTokenToProject1763394159990
+  implements MigrationInterface
+{
+  name = 'AddTablesDatabaseTokenToProject1763394159990';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      ALTER TABLE "project"
+      DROP COLUMN IF EXISTS "tablesToken";
+    `);
+
+    await queryRunner.query(`
+      ALTER TABLE "project"
+      ADD COLUMN IF NOT EXISTS "tablesDatabaseToken" jsonb
+    `);
+
+    await createTokensForExistingProjects(queryRunner);
+
+    await queryRunner.query(`
+      ALTER TABLE "project"
+      ALTER COLUMN "tablesDatabaseToken" SET NOT NULL
+    `);
+  }
+
+  public async down(_: QueryRunner): Promise<void> {
+    throw new Error('Rollback not implemented');
+  }
+}
+
+async function createTokensForExistingProjects(
+  queryRunner: QueryRunner,
+): Promise<void> {
+  const projects = await queryRunner.query(
+    'SELECT "id", "tablesWorkspaceId" FROM "project"',
+  );
+
+  if (projects.length === 0) {
+    return;
+  }
+
+  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  for (const record of projects) {
+    const newToken = await openopsTables.createDatabaseToken(
+      record.tablesWorkspaceId,
+      token,
+    );
+    const encryptTablesToken = encryptUtils.encryptString(newToken.key);
+
+    await queryRunner.query(
+      `UPDATE "project" SET "tablesDatabaseToken" = $1 WHERE "id" = $2`,
+      [encryptTablesToken, record.id],
+    );
+  }
+}

packages/server/api/src/app/database/postgres-connection.ts

@@ -37,7 +37,7 @@ import { AddContentTypeToFolder1757331587268 } from './migrations/1757331587268-
 import { MigrateAiConfigToAppConnection1759242268873 } from './migrations/1759242268873-MigrateAiConfigToAppConnection';
 import { AddTestRunActionLimitsToFlowVersion1760429290001 } from './migrations/1760429290001-AddTestRunActionLimitsToFlowVersion';
 import { MoveTablesWorkspaceIdFromOrganizationToProject1760500000000 } from './migrations/1760500000000-MoveTablesWorkspaceIdFromOrganizationToProject';
-import { AddTablesTokenToProject1763131154284 } from './migrations/1763131154284-AddTablesTokenToProject';
+import { AddTablesDatabaseTokenToProject1763394159990 } from './migrations/1763394159990-AddTablesTokenToProject';
 
 const getSslConfig = (): boolean | TlsOptions => {
   const useSsl = system.get(AppSystemProp.POSTGRES_USE_SSL);
@@ -83,7 +83,7 @@ const getMigrations = (): (new () => MigrationInterface)[] => {
     MigrateAiConfigToAppConnection1759242268873,
     AddTestRunActionLimitsToFlowVersion1760429290001,
     MoveTablesWorkspaceIdFromOrganizationToProject1760500000000,
-    AddTablesTokenToProject1763131154284,
+    AddTablesDatabaseTokenToProject1763394159990,
   ];
 };
 

packages/server/api/src/app/database/seeds/seed-admin.ts

@@ -20,12 +20,12 @@ export const upsertAdminUser = async (): Promise<void> => {
 
     const user = await ensureUserExists(email, password);
 
-    const { workspaceId, databaseId } =
+    const { workspaceId, databaseId, databaseToken } =
       await ensureOpenOpsTablesWorkspaceAndDatabaseExist();
 
     await ensureOrganizationExists(user);
 
-    await ensureProjectExists(user, databaseId, workspaceId);
+    await ensureProjectExists(user, databaseId, workspaceId, databaseToken);
   }
 };
 
@@ -77,15 +77,16 @@ async function ensureUserExists(
 }
 
 async function ensureOpenOpsTablesWorkspaceAndDatabaseExist(): Promise<{
+  databaseToken: string;
   workspaceId: number;
   databaseId: number;
 }> {
   const { token } = await authenticateDefaultUserInOpenOpsTables();
 
-  const { workspaceId, databaseId } =
+  const { workspaceId, databaseId, databaseToken } =
     await openopsTables.createDefaultWorkspaceAndDatabase(token);
 
-  if (!workspaceId || !databaseId) {
+  if (!workspaceId || !databaseId || !databaseToken) {
     throw new Error('Failed to create OpenOps Tables workspace or database');
   }
 
@@ -94,7 +95,7 @@ async function ensureOpenOpsTablesWorkspaceAndDatabaseExist(): Promise<{
     databaseId,
   });
 
-  return { workspaceId, databaseId };
+  return { workspaceId, databaseId, databaseToken };
 }
 
 async function ensureOrganizationExists(user: User): Promise<void> {
@@ -124,6 +125,7 @@ async function ensureProjectExists(
   user: User,
   databaseId: number,
   workspaceId: number,
+  databaseToken: string,
 ): Promise<void> {
   const project = await projectService.getOneForUser(user);
   if (project) {
@@ -148,6 +150,7 @@ async function ensureProjectExists(
     organizationId: user.organizationId!,
     tablesDatabaseId: databaseId,
     tablesWorkspaceId: workspaceId,
+    tablesDatabaseToken: databaseToken,
   });
 }
 

packages/server/api/src/app/openops-tables/default-workspace-database.ts

@@ -5,12 +5,15 @@ export const OPENOPS_DEFAULT_WORKSPACE_NAME = 'OpenOps Workspace';
 
 export async function createDefaultWorkspaceAndDatabase(
   token: string,
-): Promise<{ workspaceId: number; databaseId: number }> {
+): Promise<{ workspaceId: number; databaseId: number; databaseToken: string }> {
   const workspaceId = await getWorkspaceId(token);
 
   const databaseId = await getDatabaseId(workspaceId, token);
 
+  const databaseToken = await getDatabaseToken(workspaceId, token);
+
   return {
+    databaseToken,
     workspaceId,
     databaseId,
   };
@@ -63,3 +66,31 @@ async function getDatabaseId(
 
   return databaseId;
 }
+
+async function getDatabaseToken(
+  workspaceId: number,
+  token: string,
+): Promise<string> {
+  const databaseTokens = await openopsTables.listDatabaseTokens(
+    workspaceId,
+    token,
+  );
+
+  let tablesToken = '';
+  if (databaseTokens.length > 1) {
+    throw new Error(
+      'The user has multiple databases created in OpenOps Tables.',
+    );
+  } else if (databaseTokens.length === 1) {
+    tablesToken = databaseTokens[0].key;
+  } else {
+    const newToken = await openopsTables.createDatabaseToken(
+      workspaceId,
+      token,
+    );
+
+    tablesToken = newToken.key;
+  }
+
+  return tablesToken;
+}

packages/server/api/src/app/project/project-entity.ts

@@ -9,6 +9,7 @@ import {
 import { EntitySchema } from 'typeorm';
 import {
   BaseColumnSchemaPart,
+  JSONB_COLUMN_TYPE,
   OpenOpsIdSchema,
   TIMESTAMP_COLUMN_TYPE,
 } from '../database/database-common';
@@ -46,6 +47,10 @@ export const ProjectEntity = new EntitySchema<ProjectSchema>({
       type: Number,
       nullable: false,
     },
+    tablesDatabaseToken: {
+      type: JSONB_COLUMN_TYPE,
+      nullable: false,
+    },
   },
   indices: [
     {

packages/server/api/src/app/project/project-service.ts

@@ -1,12 +1,11 @@
-import { rejectedPromiseHandler } from '@openops/server-shared';
+import { encryptUtils, rejectedPromiseHandler } from '@openops/server-shared';
 import {
   ApplicationError,
   assertNotNullOrUndefined,
   ErrorCode,
   isNil,
   openOpsId,
   OpenOpsId,
-  OrganizationRole,
   Project,
   ProjectId,
   spreadIfDefined,
@@ -22,11 +21,17 @@ export const projectRepo = repoFactory(ProjectEntity);
 
 export const projectService = {
   async create(params: CreateParams): Promise<Project> {
+    const encryptTablesToken = encryptUtils.encryptString(
+      params.tablesDatabaseToken,
+    );
     const newProject: NewProject = {
       id: openOpsId(),
       ...params,
+      tablesDatabaseToken: encryptTablesToken,
     };
+
     const savedProject = await projectRepo().save(newProject);
+
     rejectedPromiseHandler(projectHooks.getHooks().postCreate(savedProject));
     return savedProject;
   },
@@ -159,6 +164,7 @@ type CreateParams = {
   externalId?: string;
   tablesDatabaseId: number;
   tablesWorkspaceId: number;
+  tablesDatabaseToken: string;
 };
 
 type AddProjectToOrganizationParams = {

packages/shared/src/lib/project/project.ts

@@ -34,6 +34,10 @@ export const Project = Type.Object({
   organizationId: OpenOpsId,
   tablesDatabaseId: Type.Integer(),
   tablesWorkspaceId: Type.Integer(),
+  tablesDatabaseToken: Type.Object({
+    iv: Type.String(),
+    data: Type.String(),
+  }),
 });
 
 export type Project = Static<typeof Project>;