HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
366941feb176b2206636fe9dec1c6e920d9b3496
ForgeBucket/internal/models/secret.go
T
erangel1 edf3c9824e Phase 3C — Commit Summary 
feat: workspaces — collaborative repo namespaces
Backend
- internal/models/workspace.go — Workspace (handle, displayName,
  description, createdBy) + WorkspaceMember (workspaceId, userId,
  username, role: owner/admin/member)
- internal/models/repo.go — added nullable workspace_id column; existing
  user repos unaffected
- internal/models/migrations/011_workspaces.go — syncs both tables +
  adds column to repository
- internal/api/handlers/workspace.go — ListWorkspaces, CreateWorkspace,
  GetWorkspace, UpdateWorkspace, DeleteWorkspace (blocks if repos
  remain), ListRepos, ListMembers, AddMember, UpdateMember, RemoveMember
- internal/api/handlers/repos.go — lookupRepo resolves workspace
  handles; Create accepts workspace field; List includes workspace
  member repos; withOwnerName uses workspace handle for workspace-owned
  repos
- internal/api/handlers/dashboard.go — recentRuns + repo list include
  workspace repos the user is a member of
- internal/api/router.go — /workspaces, /workspaces/:handle/* routes
  Workspace rules enforced:
- Handle globally unique across usernames + workspace handles (409 on
  collision)
- Creator auto-assigned owner role
- Delete blocked if repos exist
- Last owner cannot be demoted/removed
  ---
  feat: secret management hierarchy (Global → Workspace → Repo → Env)
  Backend
- internal/models/secret.go — Secret struct +
  EncryptSecret/DecryptSecret with AES-256-GCM (key = SHA-256 of
  SESSION_SECRET); values never serialised to JSON
- internal/models/migrations/012_secrets.go — syncs secret table
- internal/api/handlers/secret.go — List/Upsert/Delete for all four
  scopes; ResolveSecretsForRun builds merged env map for CI
- internal/domain/ci/executor.go — JobContext.Secrets field; secrets
  injected as --env KEY=VALUE into docker run; buildJobContext calls
  resolveSecrets(Global < Workspace < Repo < Env)
- internal/domain/ci/runner_manager.go — passes cfg.SessionSecret to
  buildJobContext
- internal/api/router.go — /repos/:owner/:repo/secrets,
  /environments/:envName/secrets, /workspaces/:handle/secrets,
  /admin/secrets
  ---
  feat: workspace + secret management UI
  Frontend
- types/api.ts — Workspace, WorkspaceWithMeta, WorkspaceMember,
  SecretListItem types
- api/queries/workspaces.ts — full CRUD hooks + WorkspaceRepo type
- api/queries/secrets.ts — repo/env/workspace secret hooks
- pages/WorkspacesPage.tsx — list + create modal
- pages/WorkspacePage.tsx — workspace dashboard with repo list
- pages/WorkspaceSettingsPage.tsx — general settings, members CRUD,
  workspace secrets, danger zone
- pages/RepoSecretsPage.tsx — repo secrets + per-environment secret
  sections with priority hierarchy callout
- pages/CreateRepoPage.tsx — ?workspace= query param pre-fills owner
  selector; only admin/owner workspaces shown
- components/layout/Sidebar.tsx — "Workspaces" global nav item +
  workspace quick-links; "Secrets" in RepoSubNav; new SecretsIcon,
  WorkspaceIcon
- App.tsx — routes for /workspaces, /workspaces/:handle,
  /workspaces/:handle/settings, /repos/:owner/:repo/secrets
2026-05-11 23:34:46 +02:00

91 lines
3.1 KiB
Go
Raw Blame History

package models
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"fmt"
"time"
)
// SecretScope controls which resources a secret is visible to.
type SecretScope string
const (
SecretScopeGlobal SecretScope = "global" // admin-only; available to all repos
SecretScopeWorkspace SecretScope = "workspace" // available to all repos in a workspace
SecretScopeRepo SecretScope = "repo" // specific repository
SecretScopeEnv SecretScope = "env" // specific environment (highest priority)
)
// Secret stores an AES-256-GCM encrypted key/value pair.
// Values are write-only: the API never returns the plaintext after creation.
// Uniqueness: (scope, scope_id, name) must be unique.
type Secret struct {
ID int64 `xorm:"'id' pk autoincr" json:"id"`
Scope SecretScope `xorm:"'scope' varchar(20) notnull" json:"scope"`
ScopeID int64 `xorm:"'scope_id'" json:"scopeId"` // 0 for global
Name string `xorm:"'name' varchar(255) notnull" json:"name"`
EncryptedValue string `xorm:"'encrypted_value' text notnull" json:"-"` // never serialised
CreatedAt time.Time `xorm:"'created_at' created" json:"createdAt"`
UpdatedAt time.Time `xorm:"'updated_at' updated" json:"updatedAt"`
}
// ── Encryption helpers ────────────────────────────────────────────────────────
// deriveKey produces a 32-byte AES key from the session secret via SHA-256.
func deriveKey(sessionSecret string) []byte {
h := sha256.Sum256([]byte(sessionSecret))
return h[:]
}
// EncryptSecret encrypts plaintext with AES-256-GCM and returns a base64 string
// of the form: base64(nonce || ciphertext).
func EncryptSecret(plaintext, sessionSecret string) (string, error) {
key := deriveKey(sessionSecret)
block, err := aes.NewCipher(key)
if err != nil {
return "", fmt.Errorf("aes cipher: %w", err)
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", fmt.Errorf("gcm: %w", err)
}
nonce := make([]byte, gcm.NonceSize())
if _, err := rand.Read(nonce); err != nil {
return "", fmt.Errorf("nonce: %w", err)
}
sealed := gcm.Seal(nonce, nonce, []byte(plaintext), nil)
return base64.StdEncoding.EncodeToString(sealed), nil
}
// DecryptSecret reverses EncryptSecret.
func DecryptSecret(encrypted, sessionSecret string) (string, error) {
data, err := base64.StdEncoding.DecodeString(encrypted)
if err != nil {
return "", fmt.Errorf("base64: %w", err)
}
key := deriveKey(sessionSecret)
block, err := aes.NewCipher(key)
if err != nil {
return "", fmt.Errorf("aes cipher: %w", err)
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", fmt.Errorf("gcm: %w", err)
}
if len(data) < gcm.NonceSize() {
return "", fmt.Errorf("ciphertext too short")
}
nonce, ct := data[:gcm.NonceSize()], data[gcm.NonceSize():]
pt, err := gcm.Open(nil, nonce, ct, nil)
if err != nil {
return "", fmt.Errorf("decrypt: %w", err)
}
return string(pt), nil
}
Reference in New Issue View Git Blame Copy Permalink