Merge branch 'main' into feature/google-signin-signup-integration

2026-01-10 07:58:15 -05:00 · 2023-05-29 18:00:43 +08:00
parent d4f65e23c7 7562e7d667
commit 7f4db518cc
14 changed files with 143 additions and 89 deletions
--- a/.github/resources/docker-compose.be-test.yml
+++ b/.github/resources/docker-compose.be-test.yml
@@ -13,6 +13,7 @@ services:
      - MONGO_URL=mongodb://test:example@mongo:27017/?authSource=admin
      - MONGO_USERNAME=test
      - MONGO_PASSWORD=example
+      - ENCRYPTION_KEY=a984ecdf82ec779e55dbcc21303a900f
    networks:
      - infisical-test

--- a/.infisicalignore
+++ b/.infisicalignore
@@ -0,0 +1 @@
+.github/resources/docker-compose.be-test.yml:generic-api-key:16
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,5 +0,0 @@
-repos:
-  - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.16.3
-    hooks:
-      - id: gitleaks
--- a/.pre-commit-hooks.yaml
+++ b/.pre-commit-hooks.yaml
@@ -1,6 +0,0 @@
- id: infisical-scan
-  name: Scan for hardcoded secrets
-  description: Will scan for hardcoded secrets using Infisical CLI
-  entry: infisical scan git-changes --verbose --redact --staged
-  language: golang
-  pass_filenames: false
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -29,6 +29,7 @@
        "crypto-js": "^4.1.1",
        "dotenv": "^16.0.1",
        "express": "^4.18.1",
+        "express-async-errors": "^3.1.1",
        "express-rate-limit": "^6.7.0",
        "express-validator": "^6.14.2",
        "handlebars": "^4.7.7",
@@ -5145,6 +5146,14 @@
        "node": ">= 0.10.0"
      }
    },
+    "node_modules/express-async-errors": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/express-async-errors/-/express-async-errors-3.1.1.tgz",
+      "integrity": "sha512-h6aK1da4tpqWSbyCa3FxB/V6Ehd4EEB15zyQq9qe75OZBp0krinNKuH4rAY+S/U/2I36vdLAUFSjQJ+TFmODng==",
+      "peerDependencies": {
+        "express": "^4.16.2"
+      }
+    },
    "node_modules/express-rate-limit": {
      "version": "6.7.0",
      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
@@ -16221,6 +16230,12 @@
        }
      }
    },
+    "express-async-errors": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/express-async-errors/-/express-async-errors-3.1.1.tgz",
+      "integrity": "sha512-h6aK1da4tpqWSbyCa3FxB/V6Ehd4EEB15zyQq9qe75OZBp0krinNKuH4rAY+S/U/2I36vdLAUFSjQJ+TFmODng==",
+      "requires": {}
+    },
    "express-rate-limit": {
      "version": "6.7.0",
      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@@ -20,6 +20,7 @@
    "crypto-js": "^4.1.1",
    "dotenv": "^16.0.1",
    "express": "^4.18.1",
+    "express-async-errors": "^3.1.1",
    "express-rate-limit": "^6.7.0",
    "express-validator": "^6.14.2",
    "handlebars": "^4.7.7",
--- a/backend/src/helpers/auth.ts
+++ b/backend/src/helpers/auth.ts
@@ -44,7 +44,7 @@ const validateAuthMode = ({
 }) => {
 	const apiKey = headers['x-api-key'];
 	const authHeader = headers['authorization'];
-
+	
 	let authMode, authTokenValue;
 	if (apiKey === undefined && authHeader === undefined) {
 		// case: no auth or X-API-KEY header present
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -1,6 +1,8 @@
 import dotenv from "dotenv";
 dotenv.config();
 import express from 'express';
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+require('express-async-errors');
 import helmet from 'helmet';
 import cors from 'cors';
 import { DatabaseService } from './services';
--- a/backend/src/middleware/requestErrorHandler.ts
+++ b/backend/src/middleware/requestErrorHandler.ts
@@ -7,11 +7,6 @@ import { getNodeEnv } from '../config';

 export const requestErrorHandler: ErrorRequestHandler = async (error: RequestError | Error, req, res, next) => {
    if (res.headersSent) return next();
-    if ((await getNodeEnv()) !== "production") {
-        /* eslint-disable no-console */
-        console.log(error)
-        /* eslint-enable no-console */
-    }

    //TODO: Find better way to type check for error. In current setting you need to cast type to get the functions and variables from RequestError
    if (!(error instanceof RequestError)) {
--- a/backend/src/utils/patchAsyncRoutes.js
+++ b/backend/src/utils/patchAsyncRoutes.js
@@ -1,69 +0,0 @@
-/*
-Original work Copyright (c) 2016, Nikolay Nemshilov <nemshilov@gmail.com>
-Modified work Copyright (c) 2016, David Banham <david@banham.id.au>
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
-TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
-THIS SOFTWARE.
-
-*/
-
-/* eslint-disable @typescript-eslint/no-var-requires */
-/* eslint-env node */
-const Layer = require('express/lib/router/layer');
-const Router = require('express/lib/router');
-
-const last = (arr = []) => arr[arr.length - 1];
-const noop = Function.prototype;
-
-function copyFnProps(oldFn, newFn) {
-  Object.keys(oldFn).forEach((key) => {
-    newFn[key] = oldFn[key];
-  });
-  return newFn;
-}
-
-function wrap(fn) {
-  const newFn = function newFn(...args) {
-    const ret = fn.apply(this, args);
-    const next = (args.length === 5 ? args[2] : last(args)) || noop;
-    if (ret && ret.catch) ret.catch(err => next(err));
-    return ret;
-  };
-  Object.defineProperty(newFn, 'length', {
-    value: fn.length,
-    writable: false,
-  });
-  return copyFnProps(fn, newFn);
-}
-
-function patchRouterParam() {
-  const originalParam = Router.prototype.constructor.param;
-  Router.prototype.constructor.param = function param(name, fn) {
-    fn = wrap(fn);
-    return originalParam.call(this, name, fn);
-  };
-}
-
-Object.defineProperty(Layer.prototype, 'handle', {
-  enumerable: true,
-  get() {
-    return this.__handle;
-  },
-  set(fn) {
-    fn = wrap(fn);
-    this.__handle = fn;
-  },
-});
-
-module.exports = {
-  patchRouterParam
-};
--- a/backend/src/utils/setup/index.ts
+++ b/backend/src/utils/setup/index.ts
@@ -4,8 +4,6 @@ import { setTransporter } from '../../helpers/nodemailer';
 import { EELicenseService } from '../../ee/services';
 import { initSmtp } from '../../services/smtp';
 import { createTestUserForDevelopment } from '../addDevelopmentUser'
-// eslint-disable-next-line @typescript-eslint/no-var-requires
-const { patchRouterParam } = require('../patchAsyncRoutes');
 import {
    validateEncryptionKeysConfig
 } from './validateConfig';
@@ -37,7 +35,6 @@ import { initializePassport } from '../auth';
 * - Re-encrypting data
 */
 export const setup = async () => {
-    patchRouterParam();
    await validateEncryptionKeysConfig();
    await TelemetryService.logTelemetryMessage();

--- a/docs/changelog/overview.mdx
+++ b/docs/changelog/overview.mdx
@@ -0,0 +1,110 @@
+---
+title: "Changelog"
+---
+
+The changelog below reflects new product developments and updates on a monthly basis; it will be updated later this quarter to include issues-addressed on a weekly basis.
+
+## May 2023
+
+- Released secret scanning capability for the CLI.
+- Released customer / license service to manage customer billing information, cloud plans, and self-hosted enterprise licenses; all instances of Infisicals now fetch/relay information from this service.
+- Completed penetration test.
+- Released new landing page.
+- Started SOC 2 (Type II) compliance certification preparation.
+
+More coming soon.
+
+## April 2023
+
+- Upgraded secret-handling to include blind-indexing (can be thought of as a fingerprint).
+- Added Node SDK support for working with individual secrets.
+- Released preliminary Python SDK.
+- Released service accounts, a client type capable of accessing multiple projects.
+- Added native Supabase integration.
+- Added native Railway integration.
+- Improved dashboard speed / performance.
+- Released the Secrets Overview page for users to view and identify missing environment secrets within one dashboard.
+- Updated documentation to include quickstarts and guides; also updated `README.md`.
+
+## March 2023
+
+- Added support for global configs to the Kubernetes operator.
+- Added support for self-hosted deployments to operate without any attached email service / SMTP configuration.
+- Added native Azure Key Vault integration.
+- Released one-click AWS EC2 deployment method.
+- Released preliminary Node SDK.
+
+## Feb 2023
+
+- Upgraded private key encryption/decryption mechanism to use Argon2id and 256-bit protected keys.
+- Added preliminary emai-based 2FA capability
+- Added suspicious login alerting if user logs in via new device or IP address.
+- Added documentation for PM2 integration.
+- Added secret backups support for the CLI; it now fetches and caches secrets locally to be used in the event of future failed fetch.
+- Added support for comparing secret values across environments on each secret.
+- Added native AWS Parameter Store integration.
+- Added native AWS Secret Manager integration.
+- Added native GitLab integration.
+- Added native CircleCI integration.
+- Added native Travis CI integration.
+- Added secret tagging capability for enhanced organizational structure/grouping.
+- Released new dashboard design allowing more actions to be performed within the dashboard itself.
+- Added capability to generate `.env.example` file.
+
+## Jan 2023
+
+- Added preliminary audit logging capability covering CRUD secret operations.
+- Added secret overriding capability for team members to have their own branch of a secret.
+- Added secret versioning capability.
+- Added secret snapshot and point-in-time recovery capabilities to track and roll back the full state of a project.
+- Added native Vercel integration.
+- Added native Netlify integration.
+- Added native GitHub Actions integration.
+- Added custom environment names.
+- Added auto-redeployment capability to the Kubernetes operator.
+- (Service Token 2.0) Shortened the length of service tokens
+- Added a public-facing API
+- Added preliminary access control capability for users to be provisioned read/write access to environments
+- Performed various web UI optimizations.
+
+## Nov 2022
+
+- Infisical is open sourced.
+- Added Infisical CLI support for Docker and Docker Compose.
+- Rewrote the Infisical CLI in Golang to be platform-agnostic.
+- Rewrote the documentation.
+
+## Oct 2022
+
+- Added support for organizations; projects now belong to organizations.
+- Improved speed / performance of dashboard by 25x.
+- Added capability to change account password in settings.
+- Added persistence for logging into the organization and project that users left from in their previous session.
+- Added password recovery emergency kit with automatic download enforcement upon account creation.
+- Added capability to copy-to-clipboard capabilities.
+- Released first native integration between Infisical and Heroku; environment variables can now be sent and kept in sync with Heroku.
+
+## Sep 2022
+
+- Added capability to change user roles in projects.
+- Added capabilty to delete projects.
+- Added Stripe.
+- Added default environments (development, staging, production) for new users with example key-pairs.
+- Added loading indicators.
+- Moved from push/pull mode of secret operation to automatically pulling and injecting secrets into processes upon startup.
+- Added drag-and-drop capability for adding new .env files.
+- Improved security measures against common attacks (e.g. XSS, clickjacking, etc.).
+- Added support for personal secrets (later modified to be secret overrides in Jan 2023).
+- Improved account password validation and enforce minimum requirements.
+- Added sorting capability to sort keys by name alphabetically in dashboard.
+- Added downloading secrets back as `.env` file capability.
+
+## August 2022
+
+- Released first version of the Infisical platform with push/pull capability and end-to-end encryption.
+- Improved security handling of authentication tokens by storing refresh tokens in HttpOnly cookies.
+- Added hiding key values on client-side.
+- Added search bar to dashboard to query for keys on client-side.
+- Added capability to rename a project.
+- Added user roles for projects.
+- Added incident contacts.
--- a/docs/documentation/getting-started/introduction.mdx
+++ b/docs/documentation/getting-started/introduction.mdx
@@ -82,6 +82,7 @@ Start syncing environment variables with [Infisical Cloud](https://app.infisical
  <Card
    href="/cli/scanning-overview"
    title="Secret scanning"
+    icon="satellite-dish"
    color="#0285c7"
  >
    Scan and prevent 140+ secret type leaks in your codebase 
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -54,6 +54,11 @@
      "icon": "cloud",
      "url": "api-reference"
    },
+    {
+      "name": "Changelog",
+      "icon": "timer",
+      "url": "changelog"
+    },
    {
      "name": "Contributing",
      "icon": "code",
@@ -318,6 +323,12 @@
        "security/mechanics"
      ]
    },
+    {
+      "group": "Overview",
+      "pages": [
+        "changelog/overview"
+      ]
+    },
    {
      "group": "Contributing",
      "pages": [
				`@@ -0,0 +1 @@`
				`.github/resources/docker-compose.be-test.yml:generic-api-key:16`