Handle RSA token handling in Rust (#915)

* Split out queue and cache config

* Update usages of cache config,

* Update default

* Cleanup

* Make queue optional.

* config updates.

* changelog

* update spec config

* Update tests

* tweak import

* Update default config.

* fixup test

* Update config.sample.yml

Co-authored-by: Andrew Ferrazzutti <[email protected]>
Signed-off-by: Will Hunt <[email protected]>

* Update encryption.md

Signed-off-by: Will Hunt <[email protected]>

* Clear up worker config

Signed-off-by: Will Hunt <[email protected]>

* Update src/config/Config.ts

Co-authored-by: Andrew Ferrazzutti <[email protected]>
Signed-off-by: Will Hunt <[email protected]>

* update helm config

* move UserTokenStore.ts

* Port all the imports to new path.

* Port RSA handling to rust.

* Add tests.

* linting

* lint rust

* Remove unwraps / panics

* fix build script

* Ensure we store and check with algorithm and key was used.

* quieten false deadcode warnings

* changelog

* fix test imports

* lazy mock out UTS

* Refactor so that UserTokenStore is initiated by the time Bridge is created.

* update defaults

* replace if with match

* Use the magic of ?

* fmt

---------

Signed-off-by: Will Hunt <[email protected]>
Co-authored-by: Andrew Ferrazzutti <[email protected]>

Author: Half-Shot

Cargo.lock

@@ -22,6 +22,7 @@ atom_syndication = "0.12"
 ruma = { version = "0.9", features = ["events", "html"] }
 reqwest = "0.11"
 rand = "0.8.5"
-
+rsa = "0.9.6"
+base64ct = { version = "1.6.0", features = ["alloc"] }
 [build-dependencies]
 napi-build = "2"

Cargo.toml

@@ -0,0 +1 @@
+Track which key was used to encrypt secrets in storage, and encrypt/decrypt secrets in Rust.

changelog.d/915.misc

@@ -10,7 +10,7 @@ bridge:
 passFile:
   # A passkey used to encrypt tokens stored inside the bridge.
   # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
-  passkey.pem
+  ./passkey.pem
 logging:
   # Logging settings. You can have a severity debug,info,warn,error
   level: info

config.sample.yml

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # exit when any command fails
 set -e

scripts/build-app.sh

@@ -19,12 +19,12 @@ describe('Basic test setup', () => {
         const user = testEnv.getUser('user');
         const roomId = await user.createRoom({ name: 'Test room', invite:[testEnv.botMxid] });
         await user.waitForRoomJoin({sender: testEnv.botMxid, roomId });
-        await user.sendText(roomId, "!hookshot help");
-        const msg = await user.waitForRoomEvent<MessageEventContent>({
+        const msg = user.waitForRoomEvent<MessageEventContent>({
             eventType: 'm.room.message', sender: testEnv.botMxid, roomId
         });
+        await user.sendText(roomId, "!hookshot help");
         // Expect help text.
-        expect(msg.data.content.body).to.include('!hookshot help` - This help text\n');
+        expect((await msg).data.content.body).to.include('!hookshot help` - This help text\n');
     });
 
     // TODO: Move test to it's own generic connections file.

spec/basic.spec.ts

@@ -16,7 +16,7 @@ import { Intent } from "matrix-bot-sdk";
 import { JiraBotCommands } from "./jira/AdminCommands";
 import { NotifFilter, NotificationFilterStateContent } from "./NotificationFilters";
 import { ProjectsListResponseData } from "./github/Types";
-import { UserTokenStore } from "./UserTokenStore";
+import { UserTokenStore } from "./tokens/UserTokenStore";
 import { Logger } from "matrix-appservice-bridge";
 import markdown from "markdown-it";
 type ProjectsListForRepoResponseData = Endpoints["GET /repos/{owner}/{repo}/projects"]["response"];

src/AdminRoom.ts

@@ -1,7 +1,7 @@
 import EventEmitter from "events";
 import { Intent } from "matrix-bot-sdk";
 import { BridgeConfig } from "./config/Config";
-import { UserTokenStore } from "./UserTokenStore";
+import { UserTokenStore } from "./tokens/UserTokenStore";
 
 
 export enum Category {

src/AdminRoomCommandHandler.ts

@@ -9,6 +9,7 @@ import { getAppservice } from "../appservice";
 import BotUsersManager from "../Managers/BotUsersManager";
 import * as Sentry from '@sentry/node';
 import { GenericHookConnection } from "../Connections";
+import { UserTokenStore } from "../tokens/UserTokenStore";
 
 Logger.configure({console: "info"});
 const log = new Logger("App");
@@ -50,7 +51,8 @@ export async function start(config: BridgeConfig, registration: IAppserviceRegis
 
     const botUsersManager = new BotUsersManager(config, appservice);
 
-    const bridgeApp = new Bridge(config, listener, appservice, storage, botUsersManager);
+    const tokenStore = await UserTokenStore.fromKeyPath(config.passFile , appservice.botIntent, config);
+    const bridgeApp = new Bridge(config, tokenStore, listener, appservice, storage, botUsersManager);
 
     process.once("SIGTERM", () => {
         log.error("Got SIGTERM");