Switch to util.Seal and util.Unseal

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
2023-08-19 14:39:16 +00:00 · 2023-08-19 14:39:16 +00:00 · 4d1acdcaab
commit 4d1acdcaab
parent d700b790ac
4 changed files with 12 additions and 12 deletions
--- a/database/sql/enterprise.go
+++ b/database/sql/enterprise.go
@ -17,7 +17,7 @@ func (s *sqlDatabase) CreateEnterprise(ctx context.Context, name, credentialsNam
 	if webhookSecret == "" {
 		return params.Enterprise{}, errors.New("creating enterprise: missing secret")
 	}
-	secret, err := util.Aes256EncodeString(webhookSecret, s.cfg.Passphrase)
+	secret, err := util.Seal([]byte(webhookSecret), []byte(s.cfg.Passphrase))
 	if err != nil {
 		return params.Enterprise{}, errors.Wrap(err, "encoding secret")
 	}
@ -110,7 +110,7 @@ func (s *sqlDatabase) UpdateEnterprise(ctx context.Context, enterpriseID string,
 	}

 	if param.WebhookSecret != "" {
-		secret, err := util.Aes256EncodeString(param.WebhookSecret, s.cfg.Passphrase)
+		secret, err := util.Seal([]byte(param.WebhookSecret), []byte(s.cfg.Passphrase))
 		if err != nil {
 			return params.Enterprise{}, errors.Wrap(err, "encoding secret")
 		}
--- a/database/sql/organizations.go
+++ b/database/sql/organizations.go
@ -32,7 +32,7 @@ func (s *sqlDatabase) CreateOrganization(ctx context.Context, name, credentialsN
 	if webhookSecret == "" {
 		return params.Organization{}, errors.New("creating org: missing secret")
 	}
-	secret, err := util.Aes256EncodeString(webhookSecret, s.cfg.Passphrase)
+	secret, err := util.Seal([]byte(webhookSecret), []byte(s.cfg.Passphrase))
 	if err != nil {
 		return params.Organization{}, fmt.Errorf("failed to encrypt string")
 	}
@ -114,7 +114,7 @@ func (s *sqlDatabase) UpdateOrganization(ctx context.Context, orgID string, para
 	}

 	if param.WebhookSecret != "" {
-		secret, err := util.Aes256EncodeString(param.WebhookSecret, s.cfg.Passphrase)
+		secret, err := util.Seal([]byte(param.WebhookSecret), []byte(s.cfg.Passphrase))
 		if err != nil {
 			return params.Organization{}, fmt.Errorf("saving org: failed to encrypt string: %w", err)
 		}
--- a/database/sql/repositories.go
+++ b/database/sql/repositories.go
@ -32,7 +32,7 @@ func (s *sqlDatabase) CreateRepository(ctx context.Context, owner, name, credent
 	if webhookSecret == "" {
 		return params.Repository{}, errors.New("creating repo: missing secret")
 	}
-	secret, err := util.Aes256EncodeString(webhookSecret, s.cfg.Passphrase)
+	secret, err := util.Seal([]byte(webhookSecret), []byte(s.cfg.Passphrase))
 	if err != nil {
 		return params.Repository{}, fmt.Errorf("failed to encrypt string")
 	}
@ -114,7 +114,7 @@ func (s *sqlDatabase) UpdateRepository(ctx context.Context, repoID string, param
 	}

 	if param.WebhookSecret != "" {
-		secret, err := util.Aes256EncodeString(param.WebhookSecret, s.cfg.Passphrase)
+		secret, err := util.Seal([]byte(param.WebhookSecret), []byte(s.cfg.Passphrase))
 		if err != nil {
 			return params.Repository{}, fmt.Errorf("saving repo: failed to encrypt string: %w", err)
 		}
--- a/database/sql/util.go
+++ b/database/sql/util.go
@ -93,7 +93,7 @@ func (s *sqlDatabase) sqlToCommonOrganization(org Organization) (params.Organiza
 	if len(org.WebhookSecret) == 0 {
 		return params.Organization{}, errors.New("missing secret")
 	}
-	secret, err := util.Aes256DecodeString(org.WebhookSecret, s.cfg.Passphrase)
+	secret, err := util.Unseal(org.WebhookSecret, []byte(s.cfg.Passphrase))
 	if err != nil {
 		return params.Organization{}, errors.Wrap(err, "decrypting secret")
 	}
@ -103,7 +103,7 @@ func (s *sqlDatabase) sqlToCommonOrganization(org Organization) (params.Organiza
 		Name:            org.Name,
 		CredentialsName: org.CredentialsName,
 		Pools:           make([]params.Pool, len(org.Pools)),
-		WebhookSecret:   secret,
+		WebhookSecret:   string(secret),
 	}

 	for idx, pool := range org.Pools {
@ -120,7 +120,7 @@ func (s *sqlDatabase) sqlToCommonEnterprise(enterprise Enterprise) (params.Enter
 	if len(enterprise.WebhookSecret) == 0 {
 		return params.Enterprise{}, errors.New("missing secret")
 	}
-	secret, err := util.Aes256DecodeString(enterprise.WebhookSecret, s.cfg.Passphrase)
+	secret, err := util.Unseal(enterprise.WebhookSecret, []byte(s.cfg.Passphrase))
 	if err != nil {
 		return params.Enterprise{}, errors.Wrap(err, "decrypting secret")
 	}
@ -130,7 +130,7 @@ func (s *sqlDatabase) sqlToCommonEnterprise(enterprise Enterprise) (params.Enter
 		Name:            enterprise.Name,
 		CredentialsName: enterprise.CredentialsName,
 		Pools:           make([]params.Pool, len(enterprise.Pools)),
-		WebhookSecret:   secret,
+		WebhookSecret:   string(secret),
 	}

 	for idx, pool := range enterprise.Pools {
@ -207,7 +207,7 @@ func (s *sqlDatabase) sqlToCommonRepository(repo Repository) (params.Repository,
 	if len(repo.WebhookSecret) == 0 {
 		return params.Repository{}, errors.New("missing secret")
 	}
-	secret, err := util.Aes256DecodeString(repo.WebhookSecret, s.cfg.Passphrase)
+	secret, err := util.Unseal(repo.WebhookSecret, []byte(s.cfg.Passphrase))
 	if err != nil {
 		return params.Repository{}, errors.Wrap(err, "decrypting secret")
 	}
@ -218,7 +218,7 @@ func (s *sqlDatabase) sqlToCommonRepository(repo Repository) (params.Repository,
 		Owner:           repo.Owner,
 		CredentialsName: repo.CredentialsName,
 		Pools:           make([]params.Pool, len(repo.Pools)),
-		WebhookSecret:   secret,
+		WebhookSecret:   string(secret),
 	}

 	for idx, pool := range repo.Pools {