enable lazy initialization of aes cipher key
This commit is contained in:
		
							parent
							
								
									1a42430b8f
								
							
						
					
					
						commit
						bece314c34
					
				
							
								
								
									
										54
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										54
									
								
								README.md
									
									
									
									
									
								
							| @ -50,7 +50,7 @@ var opts = { | ||||
| sqlite.create(opts).then(function (db) { | ||||
|   // same api as new sqlite3.Database(options.filename) | ||||
| 
 | ||||
|   client.run("SELECT ?", ['Hello World!'], function (err) { | ||||
|   db.run("SELECT ?", ['Hello World!'], function (err) { | ||||
|     if (err) { | ||||
|       console.error('[ERROR]', cluster.isMaster && '0' || cluster.worker.id); | ||||
|       console.error(err); | ||||
| @ -75,6 +75,58 @@ If you wish to always use clustering, even on a single core system, see `test-cl | ||||
| 
 | ||||
| Likewise, if you wish to use standalone mode in a particular worker process see `test-standalone.js`. | ||||
| 
 | ||||
| SQLCipher Considerations | ||||
| ======================== | ||||
| 
 | ||||
| In (hopefully) most cases your AES key won't be available at the time that you want your service | ||||
| to start listening. (And if it is you might be using a form of | ||||
| "[encraption](https://twitter.com/nmacdona/status/532677876685217795)" | ||||
| where you were intending to use a form of "encryption" and should | ||||
| look into that before going any further.) | ||||
| 
 | ||||
| To account for this you can pass the `bits` option on `create` and then call `init({ key: key })` | ||||
| when you receive your key from user input, the key server, etc. | ||||
| 
 | ||||
| Calling any normal methods will result in an error until `init` is called. | ||||
| 
 | ||||
| **NOTE:** Because the server process (the master) will use `node-sqlite3` directly, | ||||
| without any wrapper to protect it, *you* must make sure that it doesn't | ||||
| make any calls before the key is supplied with `init`. | ||||
| For this reason it is recommended to not use your master process as an http server, etc. | ||||
| 
 | ||||
| ```js | ||||
| var cluster = require('cluster'); | ||||
| var sqlite = require('sqlite3-cluster'); | ||||
| var numCores = require('os').cpus().length; | ||||
| 
 | ||||
| var opts = { | ||||
|   filename: '/tmp/mydb.sqlcipher' | ||||
| 
 | ||||
| , key: null | ||||
| , bits: 128 | ||||
| }; | ||||
| 
 | ||||
| sqlite.create(opts).then(function (db) { | ||||
|   // same api as new sqlite3.Database(options.filename) | ||||
| 
 | ||||
|   db.init({ | ||||
|     bits: 128 | ||||
|   , key: '00000000000000000000000000000000' | ||||
|   }).then(function (db) { | ||||
|     db.run("SELECT ?", ['Hello World!'], function (err) { | ||||
|       if (err) { | ||||
|         console.error('[ERROR]', cluster.isMaster && '0' || cluster.worker.id); | ||||
|         console.error(err); | ||||
|         return; | ||||
|       } | ||||
| 
 | ||||
|       console.log('[this]', cluster.isMaster && '0' || cluster.worker.id); | ||||
|       console.log(this); | ||||
|     }); | ||||
|   }); | ||||
| }); | ||||
| ``` | ||||
| 
 | ||||
| API | ||||
| === | ||||
| 
 | ||||
|  | ||||
							
								
								
									
										64
									
								
								client.js
									
									
									
									
									
								
							
							
						
						
									
										64
									
								
								client.js
									
									
									
									
									
								
							| @ -45,7 +45,9 @@ function getConnection(opts) { | ||||
|           return startServer(opts).then(function (client) { | ||||
|             // ws.masterClient = client;
 | ||||
|             resolve({ masterClient: client }); | ||||
|           }, function () { | ||||
|           }, function (err) { | ||||
|             console.error('[ERROR] failed to connect to sqlite3-cluster service. retrying...'); | ||||
|             console.error(err); | ||||
|             retry(); | ||||
|           }); | ||||
|         } | ||||
| @ -102,7 +104,55 @@ function create(opts) { | ||||
|     var proto = sqlite3real.Database.prototype; | ||||
|     var messages = []; | ||||
| 
 | ||||
|     function rpc(fname, args) { | ||||
|     function init(opts) { | ||||
|       return new Promise(function (resolve) { | ||||
|         var id = Math.random(); | ||||
| 
 | ||||
|         ws.send(JSON.stringify({ | ||||
|           type: 'init' | ||||
|         , args: [opts] | ||||
|         , func: 'init' | ||||
|         , filename: opts.filename | ||||
|         , id: id | ||||
|         })); | ||||
| 
 | ||||
|         function onMessage(data) { | ||||
|           var cmd; | ||||
| 
 | ||||
|           try { | ||||
|             cmd = JSON.parse(data.toString('utf8')); | ||||
|           } catch(e) { | ||||
|             console.error('[ERROR] in client, from sql server parse json'); | ||||
|             console.error(e); | ||||
|             console.error(data); | ||||
|             console.error(); | ||||
| 
 | ||||
|             //ws.send(JSON.stringify({ type: 'error', value: { message: e.message, code: "E_PARSE_JSON" } }));
 | ||||
|             return; | ||||
|           } | ||||
| 
 | ||||
|           if (cmd.id !== id) { | ||||
|             return; | ||||
|           } | ||||
| 
 | ||||
|           if (cmd.self) { | ||||
|             cmd.args = [db]; | ||||
|           } | ||||
| 
 | ||||
|           messages.splice(messages.indexOf(onMessage), 1); | ||||
| 
 | ||||
|           if ('error' === cmd.type) { | ||||
|             reject(cmd.args[0]); | ||||
|             return; | ||||
|           } | ||||
|           resolve(cmd.args[0]); | ||||
|         } | ||||
| 
 | ||||
|         messages.push(onMessage); | ||||
|       }); | ||||
|     } | ||||
| 
 | ||||
|     function rpcThunk(fname, args) { | ||||
|       var id; | ||||
|       var cb; | ||||
| 
 | ||||
| @ -142,6 +192,9 @@ function create(opts) { | ||||
|           return; | ||||
|         } | ||||
| 
 | ||||
|         if (cmd.self) { | ||||
|           cmd.args = [db]; | ||||
|         } | ||||
|         cb.apply(cmd.this, cmd.args); | ||||
| 
 | ||||
|         if ('on' !== fname) { | ||||
| @ -156,16 +209,19 @@ function create(opts) { | ||||
|     db.sanitize = require('./wrapper').sanitize; | ||||
|     db.escape = require('./wrapper').escape; | ||||
| 
 | ||||
|     // TODO get methods from server (cluster-store does this)
 | ||||
|     // instead of using the prototype
 | ||||
|     Object.keys(sqlite3real.Database.prototype).forEach(function (key) { | ||||
| 
 | ||||
|       if ('function' === typeof proto[key]) { | ||||
|         db[key] = function () { | ||||
|           rpc(key, Array.prototype.slice.call(arguments)); | ||||
|           rpcThunk(key, Array.prototype.slice.call(arguments)); | ||||
|         }; | ||||
|       } | ||||
| 
 | ||||
|     }); | ||||
| 
 | ||||
|     db.init = init; | ||||
| 
 | ||||
|     ws.on('message', function (data) { | ||||
|       messages.forEach(function (fn) { | ||||
|         try { | ||||
|  | ||||
							
								
								
									
										33
									
								
								server.js
									
									
									
									
									
								
							
							
						
						
									
										33
									
								
								server.js
									
									
									
									
									
								
							| @ -44,15 +44,48 @@ function createApp(server, options) { | ||||
| 
 | ||||
|         switch(cmd.type) { | ||||
|           case 'init': | ||||
|             db[cmd.func].apply(db, cmd.args).then(function () { | ||||
|               var args = Array.prototype.slice.call(arguments); | ||||
|               var myself; | ||||
| 
 | ||||
|               if (args[0] === db) { | ||||
|                 args = []; | ||||
|                 myself = true; | ||||
|               } | ||||
| 
 | ||||
|               ws.send(JSON.stringify({ | ||||
|                 id: cmd.id | ||||
|               , self: myself | ||||
|               , args: args | ||||
|               //, this: this
 | ||||
|               })); | ||||
|             }); | ||||
|             break; | ||||
| 
 | ||||
|           case 'rpc': | ||||
|             if (!db._initialized) { | ||||
|               ws.send(JSON.stringify({ | ||||
|                 type: 'error' | ||||
|               , id: cmd.id | ||||
|               , args: [{ message: 'database has not been initialized' }] | ||||
|               , error: { message: 'database has not been initialized' } | ||||
|               })); | ||||
|               return; | ||||
|             } | ||||
| 
 | ||||
|             cmd.args.push(function () { | ||||
|               var args = Array.prototype.slice.call(arguments); | ||||
|               var myself; | ||||
| 
 | ||||
|               if (args[0] === db) { | ||||
|                 args = []; | ||||
|                 myself = true; | ||||
|               } | ||||
| 
 | ||||
|               ws.send(JSON.stringify({ | ||||
|                 this: this | ||||
|               , args: args | ||||
|               , self: myself | ||||
|               , id: cmd.id | ||||
|               })); | ||||
|             }); | ||||
|  | ||||
| @ -5,19 +5,16 @@ var cluster = require('cluster'); | ||||
| var numCores = require('os').cpus().length; | ||||
| var i; | ||||
| 
 | ||||
| function run() { | ||||
|   var sqlite3 = require('./cluster'); | ||||
| function testSelect(client) { | ||||
|   return client.run('CREATE TABLE IF NOT EXISTS meta (version TEXT)', function (err) { | ||||
|     if (err) { | ||||
|       console.error('[ERROR] create table', cluster.isMaster && '0' || cluster.worker.id); | ||||
|       console.error(err); | ||||
|       return; | ||||
|     } | ||||
| 
 | ||||
|     return client.get("SELECT version FROM meta", [], function (err, result) { | ||||
| 
 | ||||
|   return sqlite3.create({ | ||||
|       key: '00000000000000000000000000000000' | ||||
|     , bits: 128 | ||||
|     , filename: '/tmp/test.cluster.sqlcipher' | ||||
|     , verbose: null | ||||
|     , standalone: null | ||||
|     , serve: null | ||||
|     , connect: null | ||||
|   }).then(function (client) { | ||||
|     client.get("SELECT ?", ['Hello World!'], function (err, result) { | ||||
|       if (err) { | ||||
|         console.error('[ERROR]', cluster.isMaster && '0' || cluster.worker.id); | ||||
|         console.error(err); | ||||
| @ -33,6 +30,43 @@ function run() { | ||||
|   }); | ||||
| } | ||||
| 
 | ||||
| function init() { | ||||
|   var sqlite3 = require('./cluster'); | ||||
| 
 | ||||
|   return sqlite3.create({ | ||||
|       bits: 128 | ||||
|     , filename: '/tmp/test.cluster.sqlcipher' | ||||
|     , verbose: null | ||||
|     , standalone: null | ||||
|     , serve: null | ||||
|     , connect: null | ||||
|   }).then(function (client) { | ||||
|     console.log('[INIT] begin'); | ||||
|     return client.init({ bits: 128, key: '00000000000000000000000000000000' }); | ||||
|   }).then(testSelect, function (err) { | ||||
|     console.error('[ERROR]'); | ||||
|     console.error(err); | ||||
|   }).then(function () { | ||||
|     console.log('success'); | ||||
|   }, function (err) { | ||||
|     console.error('[ERROR 2]'); | ||||
|     console.error(err); | ||||
|   }); | ||||
| } | ||||
| 
 | ||||
| function run() { | ||||
|   var sqlite3 = require('./cluster'); | ||||
| 
 | ||||
|   return sqlite3.create({ | ||||
|       bits: 128 | ||||
|     , filename: '/tmp/test.cluster.sqlcipher' | ||||
|     , verbose: null | ||||
|     , standalone: null | ||||
|     , serve: null | ||||
|     , connect: null | ||||
|   });//.then(testSelect);
 | ||||
| } | ||||
| 
 | ||||
| if (cluster.isMaster) { | ||||
|   // not a bad idea to setup the master before forking the workers
 | ||||
|   run().then(function () { | ||||
| @ -41,7 +75,14 @@ if (cluster.isMaster) { | ||||
|     } | ||||
|   }); | ||||
| } else { | ||||
|   run(); | ||||
|   if (1 === cluster.worker.id) { | ||||
|     init().then(testSelect); | ||||
|     return; | ||||
|   } else { | ||||
|     setTimeout(function () { | ||||
|       run().then(testSelect); | ||||
|     }, 100); | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| // The native Promise implementation ignores errors because... dumbness???
 | ||||
|  | ||||
							
								
								
									
										52
									
								
								wrapper.js
									
									
									
									
									
								
							
							
						
						
									
										52
									
								
								wrapper.js
									
									
									
									
									
								
							| @ -19,43 +19,73 @@ function create(opts) { | ||||
|     sqlite3.verbose(); | ||||
|   } | ||||
| 
 | ||||
|   if (!dbs[opts.filename] || dbs[opts.filename].__key !== opts.key) { | ||||
|   if (!dbs[opts.filename]) { | ||||
|     dbs[opts.filename] = new sqlite3.Database(opts.filename); | ||||
|   } | ||||
| 
 | ||||
|   db = dbs[opts.filename]; | ||||
|   db.sanitize = sanitize; | ||||
|   db.escape = sanitize; | ||||
|   db.__key = opts.key; | ||||
| 
 | ||||
|   db.init = function (newOpts) { | ||||
|     if (!newOpts) { | ||||
|       newOpts = {}; | ||||
|     } | ||||
| 
 | ||||
|     var key = newOpts.key || opts.key; | ||||
|     var bits = newOpts.bits || opts.bits; | ||||
| 
 | ||||
|     return new Promise(function (resolve, reject) { | ||||
|     db.serialize(function() { | ||||
|       console.log('OPTS', opts); | ||||
|       console.log('BITS', bits); | ||||
|       if (db._initialized) { | ||||
|         resolve(db); | ||||
|         return; | ||||
|       } | ||||
| 
 | ||||
|       if (!key) { | ||||
|         if (!bits) { | ||||
|           db._initialized = true; | ||||
|         } | ||||
|         resolve(db); | ||||
|         return; | ||||
|       } | ||||
| 
 | ||||
|       // TODO test key length
 | ||||
| 
 | ||||
|       db._initialized = true; | ||||
|       db.serialize(function () { | ||||
|         var setup = []; | ||||
| 
 | ||||
|       if (opts.key) { | ||||
|         // TODO test key length
 | ||||
|         if (!opts.bits) { | ||||
|           opts.bits = 128; | ||||
|         if (!bits) { | ||||
|           bits = 128; | ||||
|         } | ||||
| 
 | ||||
|         // TODO  db.run(sql, function () { resolve() });
 | ||||
|         setup.push(new Promise(function (resolve, reject) { | ||||
|           db.run("PRAGMA KEY = \"x'" + sanitize(opts.key) + "'\"", [], function (err) { | ||||
|           db.run("PRAGMA KEY = \"x'" + sanitize(key) + "'\"", [], function (err) { | ||||
|             if (err) { reject(err); return; } | ||||
|             resolve(this); | ||||
|           }); | ||||
|         })); | ||||
|         setup.push(new Promise(function (resolve, reject) { | ||||
|           db.run("PRAGMA CIPHER = 'aes-" + sanitize(opts.bits) + "-cbc'", [], function (err) { | ||||
|           //process.nextTick(function () {
 | ||||
|           db.run("PRAGMA CIPHER = 'aes-" + sanitize(bits) + "-cbc'", [], function (err) { | ||||
|             if (err) { reject(err); return; } | ||||
|             resolve(this); | ||||
|           }); | ||||
|          //});
 | ||||
|         })); | ||||
|       } | ||||
| 
 | ||||
|       Promise.all(setup).then(function () { resolve(db); }, reject); | ||||
|         Promise.all(setup).then(function () { | ||||
|           // restore original functions
 | ||||
|           resolve(db); | ||||
|         }, reject); | ||||
|       }); | ||||
|     }); | ||||
|   }; | ||||
| 
 | ||||
|   return db.init(opts); | ||||
| } | ||||
| 
 | ||||
| module.exports.sanitize = sanitize; | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user