From c57cd8afa2b8ca61f6cd834844a351b1b9736e8f Mon Sep 17 00:00:00 2001 From: Huskydog9988 <39809509+Huskydog9988@users.noreply.github.com> Date: Fri, 14 Mar 2025 10:53:37 -0400 Subject: [PATCH] store certs in db --- server/prisma/schema/auth.prisma | 9 ++++ server/server/internal/clients/ca-store.ts | 61 ++++++++++++++++++++++ server/server/plugins/ca.ts | 13 +++-- 3 files changed, 78 insertions(+), 5 deletions(-) diff --git a/server/prisma/schema/auth.prisma b/server/prisma/schema/auth.prisma index bf862ddb..6ebd4e05 100644 --- a/server/prisma/schema/auth.prisma +++ b/server/prisma/schema/auth.prisma @@ -41,3 +41,12 @@ model APIToken { @@index([token]) } + +model Certificate { + id String @id @default(uuid()) + + privateKey String + certificate String + + blacklisted Boolean @default(false) +} diff --git a/server/server/internal/clients/ca-store.ts b/server/server/internal/clients/ca-store.ts index 483108a2..8a2b4963 100644 --- a/server/server/internal/clients/ca-store.ts +++ b/server/server/internal/clients/ca-store.ts @@ -1,6 +1,7 @@ import path from "path"; import fs from "fs"; import { CertificateBundle } from "./ca"; +import prisma from "../db/database"; export type CertificateStore = { store(name: string, data: CertificateBundle): Promise; @@ -33,3 +34,63 @@ export const fsCertificateStore = (base: string) => { }; return store; }; + +export const dbCertificateStore = () => { + const store: CertificateStore = { + async store(name: string, data: CertificateBundle) { + await prisma.certificate.upsert({ + where: { + id: name, + }, + create: { + id: name, + privateKey: data.priv, + certificate: data.cert, + }, + update: { + privateKey: data.priv, + certificate: data.cert, + }, + }); + }, + async fetch(name: string) { + const result = await prisma.certificate.findUnique({ + where: { + id: name, + }, + select: { + privateKey: true, + certificate: true, + }, + }); + if (result === null) return undefined; + return { + priv: result.privateKey, + cert: result.certificate, + }; + }, + async blacklistCertificate(name: string) { + await prisma.certificate.update({ + where: { + id: name, + }, + data: { + blacklisted: true, + }, + }); + }, + async checkBlacklistCertificate(name: string): Promise { + const result = await prisma.certificate.findUnique({ + where: { + id: name, + }, + select: { + blacklisted: true, + }, + }); + if (result === null) return false; + return result.blacklisted; + }, + }; + return store; +}; diff --git a/server/server/plugins/ca.ts b/server/server/plugins/ca.ts index 000764ae..6a90d643 100644 --- a/server/server/plugins/ca.ts +++ b/server/server/plugins/ca.ts @@ -1,6 +1,9 @@ import { CertificateAuthority } from "../internal/clients/ca"; import fs from "fs"; -import { fsCertificateStore } from "../internal/clients/ca-store"; +import { + dbCertificateStore, + fsCertificateStore, +} from "../internal/clients/ca-store"; let ca: CertificateAuthority | undefined; @@ -10,9 +13,9 @@ export const useCertificateAuthority = () => { }; export default defineNitroPlugin(async (nitro) => { - const basePath = process.env.CLIENT_CERTIFICATES ?? "./certs"; - fs.mkdirSync(basePath, { recursive: true }); - const store = fsCertificateStore(basePath); + // const basePath = process.env.CLIENT_CERTIFICATES ?? "./certs"; + // fs.mkdirSync(basePath, { recursive: true }); + // const store = fsCertificateStore(basePath); - ca = await CertificateAuthority.new(store); + ca = await CertificateAuthority.new(dbCertificateStore()); });