alks
Version:
CLI for working with ALKS
57 lines (50 loc) • 1.79 kB
text/typescript
import { Auth } from '../model/auth';
import { Key } from '../model/keys';
import moment from 'moment';
import { isTokenAuth } from './isTokenAuth';
import { each } from 'underscore';
import { decrypt } from './decrypt';
import { getKeysCollection } from './getKeysCollection';
import { getDb } from './db';
export async function getKeys(
auth: Auth,
isIAM: boolean
): Promise<(Key & LokiObj)[]> {
const keys = await getKeysCollection();
const now = moment();
const enc = isTokenAuth(auth) ? auth.token : auth.password;
// first delete any expired keys
keys.removeWhere({ expires: { $lte: now.toDate() } });
const db = await getDb();
return new Promise((resolve, reject) => {
// save the db to prune expired keys, wait for transaction to complete
db.save((err) => {
if (err) {
reject(err);
return;
}
// now get valid keys, decrypt their values and return
const data = keys
.chain()
.find({ isIAM: { $eq: isIAM } })
.simplesort('expires')
.data();
const dataOut: (Key & LokiObj)[] = [];
each(data, (keydata) => {
// try catch here since we upgraded encryption and previously encrypted sessions will fail to decrypt
try {
keydata.accessKey = decrypt(keydata.accessKey, enc);
keydata.secretKey = decrypt(keydata.secretKey, enc);
keydata.sessionToken = decrypt(keydata.sessionToken, enc);
keydata.alksAccount = decrypt(keydata.alksAccount, enc);
keydata.alksRole = decrypt(keydata.alksRole, enc);
keydata.isIAM = isIAM;
dataOut.push(keydata);
} catch (e) {
// console.warn('Error decrypting session data.', e.message);
}
});
resolve(dataOut);
});
});
}