CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

remove client side encryption for connection strings

Browse Source
This commit is contained in:
Bilal Godil 2025-09-09 13:36:31 -07:00
parent 5a7a0f5a51
commit 4cd96a74ff
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/backend/src/app/api/latest/integrations/neon/projects/connection/route.tsx
View File

@ -47,7 +47,7 @@ export const POST = createSmartRouteHandler({
const uuidConnectionStrings: Record<string, string> = {};
const store = await stackServerApp.getDataVaultStore('neon-connection-strings');
const secret = getEnvVariable('STACK_SERVER_SECRET');
const secret = "no client side encryption";
for (const c of req.body.connection_strings) {
const uuid = generateUuid();
await store.setValue(uuid, c.connection_string, { secret });

2
apps/backend/src/app/api/latest/integrations/neon/projects/provision/route.tsx
View File

@ -41,7 +41,7 @@ export const POST = createSmartRouteHandler({
if (hasNeonConnections) {
const store = await stackServerApp.getDataVaultStore('neon-connection-strings');
const secret = getEnvVariable('STACK_SERVER_SECRET');
const secret = "no client side encryption";
for (const c of req.body.connection_strings!) {
const uuid = generateUuid();

2
apps/backend/src/prisma-client.tsx
View File

@ -55,7 +55,7 @@ async function resolveNeonConnectionString(entry: string): Promise<string> {
return entry;
}
const store = await stackServerApp.getDataVaultStore('neon-connection-strings');
const secret = getEnvVariable('STACK_SERVER_SECRET');
const secret = "no client side encryption";
const value = await store.getValue(entry, { secret });
if (!value) throw new Error('No Neon connection string found for UUID');
return value;

4
apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/provision.test.ts
View File

@ -282,12 +282,12 @@ it("can provision with a Neon connection string when provided via env (optional)
method: "POST",
accessType: "server",
body: {
hashed_key: await hashKey("23-wuNpik0gIW4mruTz25rbIvhuuvZFrLOLtL7J4tyo", sourceOfTruth.connectionStrings.main),
hashed_key: await hashKey("no client side encryption", sourceOfTruth.connectionStrings.main),
},
});
expect(getConnectionResponse.status).toBe(200);
const connectionString = await decryptValue(
"23-wuNpik0gIW4mruTz25rbIvhuuvZFrLOLtL7J4tyo",
"no client side encryption",
sourceOfTruth.connectionStrings.main,
getConnectionResponse.body.encrypted_value
);