feat: add keystore package #2756
Conversation
| CREATE TYPE entity_types AS ENUM ( | ||
| 'session', | ||
| 'connection', | ||
| 'environment' |
There was a problem hiding this comment.
we might eventually want to use this package to handle environment private keys.
| { displayName, entityType, entityId, ttlInMs }: Pick<PrivateKey, 'displayName' | 'entityType' | 'entityId'> & { ttlInMs?: number } | ||
| ): Promise<Result<string, PrivateKeyError>> { | ||
| const now = new Date(); | ||
| const prefix = entityType.slice(0, 4); |
There was a problem hiding this comment.
adding a prefix to make it easier to debug
| ): Promise<Result<string, PrivateKeyError>> { | ||
| const now = new Date(); | ||
| const prefix = entityType.slice(0, 4); | ||
| const random = crypto.randomBytes(32).toString('hex'); |
There was a problem hiding this comment.
I picked a size of 32 bytes but I am happy to reconsider
TBonnin
force-pushed
the
tbonnin/nan-1758/keystore
branch
from
b428a28 to
2463280
Compare
| await trx.raw(` | ||
| CREATE TABLE IF NOT EXISTS ${PRIVATE_KEYS_TABLE} ( | ||
| id SERIAL PRIMARY KEY, | ||
| display_name VARCHAR(255) NOT NULL, |
There was a problem hiding this comment.
missing env_id and/or account_id to be able to quickly select / delete all of them. Especially if we have a put environment keys inside
packages/keystore/lib/db/migrations/20240920184658_initial_keystore_model.ts
Outdated
Show resolved
Hide resolved
packages/keystore/lib/db/migrations/20240920184658_initial_keystore_model.ts
Outdated
Show resolved
Hide resolved
packages/keystore/lib/db/migrations/20240920184658_initial_keystore_model.ts
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,32 @@ | |||
| import path from 'node:path'; | |||
There was a problem hiding this comment.
I understand why you created a dedicated file, however, it's going to create two lock tables for each package that uses this pattern. I don't have a strong opinion because it's definitely handy to split everything, just not sure it's worth it imo
There was a problem hiding this comment.
It is true the package could assume the tables exist and have a single place that ensure the database is in the correct state. The cost is two extra lock tables, the advantage if we ever use the package in another service is that we don't have to worry about order of deployment/migration since it is embedded in keystore package.
It also make testing easier, the package can just run the keystore related migrations without having to setup the entire db.
btw we are also creating extra migrations tables for the scheduler.
What if the migrations tables were in their own migrations schema?
There was a problem hiding this comment.
Yeah, the main difference is that it's not in the same schema. Let's discuss tomorrow
TBonnin
force-pushed
the
tbonnin/nan-1758/keystore
branch
from
969ecca to
c27c146
Compare
|
@bodinsamuel thank you very much for the review. I think I have addressed all your comments. |
TBonnin
force-pushed
the
tbonnin/nan-1758/keystore
branch
from
c27c146 to
659eca6
Compare
TBonnin
force-pushed
the
tbonnin/nan-1758/keystore
branch
2 times, most recently
from
acc49ea to
67f8eb9
Compare
keystore package contains logic to create, store, retrieve and delete private keys
TBonnin
force-pushed
the
tbonnin/nan-1758/keystore
branch
from
67f8eb9 to
3b7ea4e
Compare
## Describe your changes A new keystore package containing logic to create, store, retrieve and delete private keys. I decided to make it an independant package instead of adding it to `server` so it can be self-contained and reusable. It means the table migrations are different (which creates new migrations table) but also means the package can be used independently. The db client must be provided though so it can use the same as the one used by the service importing `keystore`. In this PR I added keystore to `server`. In next PR I will add the endpoint used in the new auth flow to create and check session token ## Issue ticket number and link https://linear.app/nango/issue/NAN-1758/implement-keystore-package ## Checklist before requesting a review (skip if just adding/editing APIs & templates) - [x] I added tests, otherwise the reason is: - [x] I added observability, otherwise the reason is: - [ ] I added analytics, otherwise the reason is:
Describe your changes
A new keystore package containing logic to create, store, retrieve and delete private keys.
I decided to make it an independant package instead of adding it to
serverso it can be self-contained and reusable. It means the table migrations are different (which creates new migrations table) but also means the package can be used independently.The db client must be provided though so it can use the same as the one used by the service importing
keystore.In this PR I added keystore to
server. In next PR I will add the endpoint used in the new auth flow to create and check session tokenIssue ticket number and link
https://linear.app/nango/issue/NAN-1758/implement-keystore-package
Checklist before requesting a review (skip if just adding/editing APIs & templates)