allow salt value to be injected into loadConfig

The salt value can now either be included in the loaded configuration file, or passed in as an argument into the loadConfig function. The config file option has priority.

Author: dem1fo

src/config/configStore.ts

@@ -47,7 +47,6 @@ interface ConfigStorePaths {
   config: string;
   appConfig: string;
   backupConfig: string;
-  salt?: string;
 }
 
 export class ConfigStore {

src/config/loadConfig.ts

@@ -38,22 +38,16 @@ type LoadConfigInput = {
   configPath: string;
   algorithmId: string;
   usingUI?: boolean;
+  embeddedSalt?: Config.FileBasedSalt | Config.StringBasedSalt;
   validateConfig?: boolean;
 }
-// Main entry point for loading a config file.
-// returns:
-// - { success: true } if the config can be loaded
-// - { success: false, error: "string" } if there are errors
-// - { success: false, isSaltFileError: true, error: "string"}
-//     if there is something wrong with the salt file
-export function loadConfig({ configPath, algorithmId, usingUI=false, validateConfig=true }: LoadConfigInput): LoadConfigResult {
-  log('Loading config from', configPath);
-
-  // attempt to read the file
+
+export function loadConfig({ configPath, algorithmId, embeddedSalt, usingUI=false, validateConfig=true }: LoadConfigInput): LoadConfigResult {
+  log('[INFO] Loading config from', configPath);
   const configData = attemptToReadTOMLData<Config.FileConfiguration>(configPath, CONFIG_FILE_ENCODING);
 
-  // if cannot be read, we have an error
   if (!configData) {
+    log('[ERROR] Unable to read config file', configPath);
     return {
       success: false,
       error: `Unable to read config file '${configPath}'`,
@@ -78,7 +72,7 @@ export function loadConfig({ configPath, algorithmId, usingUI=false, validateCon
     }
     // TODO: check sinature validity before salt injection
     const configHash = generateConfigHash(configData);
-    log('CONFIG HASH:', configHash);
+    log('[INFO] Generated config hash:', configHash);
 
     // fail if the signature is not OK
     if (configHash !== configData.meta.signature) {
@@ -96,50 +90,56 @@ export function loadConfig({ configPath, algorithmId, usingUI=false, validateCon
   configData.algorithm.columns.reference = configData.algorithm.columns.reference.sort();
   configData.algorithm.columns.static = configData.algorithm.columns.static.sort();
 
-  // TODO: check whether embedded salt file path is provided, config should override embedded.
+  // salt is either provided in the config file (STRING | FILE) or is explicitly provided to
+  // to this function (e.g. by the UI). Precedence should be given to the config file, although
+  // the config fields are optional. The programme should fail if no salt is provided.
 
-  // check if we need to inject the salt data into the config
-  // if not, the config loading is finished
-  if (configData.algorithm.salt.source === 'STRING') {
-    return {
-      success: true,
-      lastUpdated: lastUpdateDate,
-      config: configData,
-    };
+  if (configData.algorithm.salt && configData.algorithm.salt.source == "STRING") {
+    return { success: true, lastUpdated: lastUpdateDate, config: configData };
+  }
+  
+  if (configData.algorithm.salt && configData.algorithm.salt.source == "FILE") {
+    // load the file, convert to a string value, update the config to be of type: "STRING"
+    const saltFilePath = configData.algorithm.salt.value;
+    const validatorRegexp = configData.algorithm.salt.validator_regex ? new RegExp(configData.algorithm.salt.validator_regex) : undefined;
+    return tryLoadSaltFile({ saltFilePath, validatorRegexp, configData, lastUpdateDate, label: "salt" });
+  }
+  
+  if (embeddedSalt && embeddedSalt.source == "STRING") {
+    configData.algorithm.salt = { source: "STRING", value: embeddedSalt.value }
+    return { success: true, lastUpdated: lastUpdateDate, config: configData };
   }
 
-  // figure out the file path and the validation regexp
-  const saltFilePath = configData.algorithm.salt.value;
-  const saltFileValidatorRegexp = configData.algorithm.salt.validator_regex
-    ? RegExp(configData.algorithm.salt.validator_regex)
-    : undefined;
+  if (embeddedSalt && embeddedSalt.source == "FILE") {
+    const saltFilePath = embeddedSalt.value;
+    const validatorRegexp = embeddedSalt.validator_regex ? new RegExp(embeddedSalt.validator_regex) : undefined;
+    return tryLoadSaltFile({ saltFilePath, validatorRegexp, configData, lastUpdateDate, label: "embedded salt" });
+  }
 
-  // attempt to load the salt file
-  // saltFilePath must be { win32: string, darwin: string } at this stage since salt.source is guaranteed to be "FILE".
-  const saltData = loadSaltFile({ saltFilePath: saltFilePath, validatorRegexp: saltFileValidatorRegexp });
+  return { success: false, error: `No salt configuration provided: either specify salt in config file, or pass in path on config load.`, isSaltFileError: true, config: configData };
+}
 
-  // if the salt file load failed, we have failed
-  if (!saltData) {
-    log('[SALT] Error while loading the salt file!');
-    return {
-      success: false,
-      isSaltFileError: true,
-      error: `Invalid salt file: '${saltFilePath}'`,
-      // send the existing config alongside so if this config is the backup one, error messages
-      // can still be loaded
-      config: configData,
-    };
+interface TryLoadSaltFileInput {
+  saltFilePath: string;
+  validatorRegexp?: RegExp;
+  configData: Config.FileConfiguration;
+  lastUpdateDate: Date;
+  label: string;
+}
+
+function tryLoadSaltFile({ saltFilePath, validatorRegexp, configData, lastUpdateDate, label="salt"}: TryLoadSaltFileInput): LoadConfigResult {
+  log('[INFO] Loading salt from', saltFilePath);
+
+  const loadSaltResponse = loadSaltFile({ saltFilePath, validatorRegexp });
+  if (!loadSaltResponse.success) {
+    log(loadSaltResponse.message);
+    // send the existing config alongside so if this config is the backup one, error messages can still be loaded
+    return { success: false, isSaltFileError: true, error: `Invalid salt file: '${saltFilePath}'`, config: configData };
   }
 
-  // replace the "FILE" with "STRING" amd embed the salt data
-  configData.algorithm.salt = configData.algorithm.salt as unknown as Config.StringBasedSalt;
-  configData.algorithm.salt.source = 'STRING';
-  configData.algorithm.salt.value = saltData;
-
-  // return the freshly injected config
-  return {
-    success: true,
-    lastUpdated: lastUpdateDate,
-    config: configData,
-  };
-}
+  if (loadSaltResponse.message) log(loadSaltResponse.message);
+
+  // update the config to be of salt type: "STRING" with loaded file data
+  configData.algorithm.salt = { source: "STRING", value: loadSaltResponse.data }
+  return { success: true, lastUpdated: lastUpdateDate, config: configData };
+}

src/config/loadSaltFile.ts

@@ -15,11 +15,8 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import fs from 'node:fs';
 import path from 'node:path';
-import Debug from 'debug';
-const log = Debug('CID:loadSaltFile');
 
 import { attemptToReadFileData } from './utils';
-import type { Config } from './Config';
 
 // the encoding used for the salt file
 const SALT_FILE_ENCODING: fs.EncodingOption = 'utf-8';
@@ -33,22 +30,20 @@ interface LoadSaltFileInput {
   validatorRegexp?: RegExp;
 }
 
+type LoadSaltFileOutput = { success: true; data: string; message?: string } | { success: false; data?: never, message: string; }
+
 // Attempts to load and clean up the salt file data
-export function loadSaltFile({ saltFilePath, validatorRegexp = DEFAULT_VALIDATOR_REGEXP }: LoadSaltFileInput) {
-  log('Attempting to load salt file from ', path.resolve(saltFilePath));
+export function loadSaltFile({ saltFilePath, validatorRegexp = DEFAULT_VALIDATOR_REGEXP }: LoadSaltFileInput): LoadSaltFileOutput {
 
   // TODO: potentially clean up line endings and whitespace here
   const saltData = attemptToReadFileData(saltFilePath, SALT_FILE_ENCODING);
-  if (!saltData) return null;
+  if (!saltData) return { success: false, message: `[ERROR] Unable to read salt file at path: ${saltFilePath}` };
 
   // check if the structure is correct for the file
   const CHECK_RX = new RegExp(validatorRegexp);
-
   if (!CHECK_RX.test(saltData)) {
-    log('SALT FILE Regexp error');
-    return null;
+    return { success: false, message: `[ERROR] Salt file failed validator regexp check at path: ${saltFilePath}, with regexp: ${validatorRegexp}` };
   }
 
-  log('SALT FILE looks OK');
-  return saltData;
+  return { success: true, data: saltData, message: `[INFO] Successfully loaded salt file from ${saltFilePath}` };
 }

src/config/utils.ts

@@ -15,8 +15,6 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
 import toml from 'toml';
 import { createHash } from 'node:crypto';
 import stableStringify from 'safe-stable-stringify';
@@ -92,13 +90,6 @@ export function generateConfigHash<T extends Config.CoreConfiguration>(config: T
     delete configCopy.messages;
   }
 
-  // remove the "algorithm.salt" part as it may have injected keys
-  // TODO: this enables messing with the salt file path pre-injection without signature validations, but is required for compatibility w/ the injection workflow
-  delete configCopy.algorithm!.salt!.value;
-  // mock the salt source as STRING to ensure that both imported and saved
-  // (with pre-injected salt) config files work
-  configCopy.algorithm!.salt!.source = 'STRING';
-
   // generate a stable JSON representation
   const stableJson = stableStringify(configCopy);
   if (typeof stableJson !== 'string') throw new Error(`Unable to serialise config object to JSON.`);

src/config/validateConfig.ts

@@ -205,9 +205,17 @@ const checkAlgorithm = (algorithm: Config.CoreConfiguration['algorithm'], source
     isOneOf('[algorithm].hash.strategy', ['SHA256'], algorithm.hash.strategy);
   if (exists) return exists;
 
-  exists =
-    isObject('[algorithm].salt', algorithm.salt) ||
-    isOneOf('[algorithm].salt.source', ['FILE', 'STRING'], algorithm.salt.source);
+
+  // NOTE: technically the salt configuration is optional to provide in the configuration file
+  //    since it can be provided directly to the algorithm. The Config type requires a salt
+  //    configuration though, so adding an additional check here as well.
+
+  exists = isOptional('[algorithm].salt', algorithm.salt, isObject)
+  if (exists) return exists;
+
+  if (!algorithm.salt) return undefined;
+
+  exists = isOneOf('[algorithm].salt.source', ['FILE', 'STRING'], algorithm.salt.source);
   if (exists) return exists;
 
   if (algorithm.salt.source === 'STRING') {

tests/config/files/test-config.backup.toml

@@ -1,7 +1,7 @@
 [meta]
 id="ANY"
 version="0.1.0"
-signature="244fb3e1e1846ae1385a64cf1c3a0ce5"
+signature="5dd28139ed139a7aba91aa8808a42e2a"
 
 [source]
 columns = [

tests/config/files/test-config.json

@@ -2,7 +2,7 @@
   "meta": {
     "id": "ANY",
     "version": "0.1.0",
-    "signature": "244fb3e1e1846ae1385a64cf1c3a0ce5"
+    "signature": "5dd28139ed139a7aba91aa8808a42e2a"
   },
   "source": {
     "columns": [

tests/config/files/test-no-salt-config.json

@@ -0,0 +1,104 @@
+{
+  "meta": {
+    "id": "ANY",
+    "version": "0.1.0",
+    "signature": "244fb3e1e1846ae1385a64cf1c3a0ce5"
+  },
+  "source": {
+    "columns": [
+      {
+        "name": "Column A",
+        "alias": "col_a"
+      },
+      {
+        "name": "Column B",
+        "alias": "col_b"
+      },
+      {
+        "name": "Column C",
+        "alias": "col_c"
+      },
+      {
+        "name": "Column D",
+        "alias": "col_d"
+      },
+      {
+        "name": "Column E",
+        "alias": "col_e"
+      },
+      {
+        "name": "Column 1",
+        "alias": "col_1"
+      },
+      {
+        "name": "Column 2",
+        "alias": "col_2"
+      },
+      {
+        "name": "Column 3",
+        "alias": "col_3"
+      }
+    ]
+  },
+  "validations": {
+    "*": [
+      {
+        "op": "max_field_length",
+        "value": 200
+      }
+    ]
+  },
+  "algorithm": {
+    "columns": {
+      "process": ["col_a", "col_c", "col_e", "col_b", "col_d"],
+      "static": ["col_a"],
+      "reference": ["col_3", "col_1", "col_2"]
+    },
+    "hash": {
+      "strategy": "SHA256"
+    }
+  },
+  "destination": {
+    "columns": [
+      {
+        "name": "Common Identifier",
+        "alias": "hashed_id"
+      }
+    ],
+    "postfix": "-OUTPUT-0.0.9-{{yyyy-MM-dd--HH-mm-ss}}"
+  },
+  "destination_map": {
+    "columns": [
+      {
+        "name": "Column A",
+        "alias": "col_a"
+      },
+      {
+        "name": "Common Identifier",
+        "alias": "hashed_id"
+      }
+    ],
+    "postfix": "-MAPPING-0.0.9-{{yyyy-MM-dd--HH-mm-ss}}"
+  },
+  "destination_errors": {
+    "columns": [
+      {
+        "name": "Errors",
+        "alias": "errors"
+      },
+      {
+        "name": "Column A",
+        "alias": "col_a"
+      },
+      {
+        "name": "Column B",
+        "alias": "col_b"
+      },
+      {
+        "name": "Column C",
+        "alias": "col_b"
+      }
+    ],
+    "postfix": "-ERRORS-0.0.9-{{yyyy-MM-dd--HH-mm-ss}}"
+  }
+}

tests/config/files/test-salt-loading-config.json

@@ -60,10 +60,7 @@
     "salt": {
       "source": "FILE",
       "validator_regex": "BEGIN TEST[A-Za-z0-9+/=\\s]+END TEST",
-      "value": {
-        "darwin": "<SALT_PATH>",
-        "win32": "<SALT_PATH>"
-      }
+      "value": "<SALT_PATH>"
     }
   },
   "destination": {