Obscuring api key when called from webapp (#59)

* obscuring api key when called from webapp

* changes suggested and fix wellsaid apikey return

* hope this works?

* Apikey obscure unobscure Aws Apikey

* handle edge case for short key strings

Co-authored-by: kitajchuk <bk@kitajchuk.com>
This commit is contained in:
Lê Hàn Minh Khang
2022-09-22 11:37:33 -04:00
committed by GitHub
parent 05c46c5f39
commit b6e6f6dd94
+33 -7
View File
@@ -15,6 +15,16 @@ const {
testWellSaidTts
} = require('../../utils/speech-utils');
const obscureKey = (key) => {
const key_spoiler_length = 6;
const key_spoiler_char = 'X';
if (key.length <= key_spoiler_length) {
return key;
}
return `${key.slice(0, key_spoiler_length)}${key_spoiler_char.repeat(key.length - key_spoiler_length)}`;
};
const encryptCredential = (obj) => {
const {
@@ -110,24 +120,30 @@ router.get('/', async(req, res) => {
res.status(200).json(creds.map((c) => {
const {credential, ...obj} = c;
if ('google' === obj.vendor) {
obj.service_key = JSON.parse(decrypt(credential));
const o = JSON.parse(decrypt(credential));
const key_header = '-----BEGIN PRIVATE KEY-----\n';
const obscured = {
...o,
private_key: `${key_header}${obscureKey(o.private_key.slice(key_header.length, o.private_key.length))}`
};
obj.service_key = obscured;
}
else if ('aws' === obj.vendor) {
const o = JSON.parse(decrypt(credential));
obj.access_key_id = o.access_key_id;
obj.secret_access_key = o.secret_access_key;
obj.secret_access_key = obscureKey(o.secret_access_key);
obj.aws_region = o.aws_region;
logger.info({obj, o}, 'retrieving aws speech credential');
}
else if ('microsoft' === obj.vendor) {
const o = JSON.parse(decrypt(credential));
obj.api_key = o.api_key;
obj.api_key = obscureKey(o.api_key);
obj.region = o.region;
logger.info({obj, o}, 'retrieving azure speech credential');
}
else if ('wellsaid' === obj.vendor) {
const o = JSON.parse(decrypt(credential));
obj.api_key = o.api_key;
obj.api_key = obscureKey(o.api_key);
}
return obj;
}));
@@ -147,19 +163,29 @@ router.get('/:sid', async(req, res) => {
if (0 === cred.length) return res.sendStatus(404);
const {credential, ...obj} = cred[0];
if ('google' === obj.vendor) {
obj.service_key = decrypt(credential);
const o = JSON.parse(decrypt(credential));
const key_header = '-----BEGIN PRIVATE KEY-----\n';
const obscured = {
...o,
private_key: `${key_header}${obscureKey(o.private_key.slice(key_header.length, o.private_key.length))}`
};
obj.service_key = JSON.stringify(obscured);
}
else if ('aws' === obj.vendor) {
const o = JSON.parse(decrypt(credential));
obj.access_key_id = o.access_key_id;
obj.secret_access_key = o.secret_access_key;
obj.secret_access_key = obscureKey(o.secret_access_key);
obj.aws_region = o.aws_region;
}
else if ('microsoft' === obj.vendor) {
const o = JSON.parse(decrypt(credential));
obj.api_key = o.api_key;
obj.api_key = obscureKey(o.api_key);
obj.region = o.region;
}
else if ('wellsaid' === obj.vendor) {
const o = JSON.parse(decrypt(credential));
obj.api_key = obscureKey(o.api_key);
}
res.status(200).json(obj);
} catch (err) {
sysError(logger, res, err);