Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubero V3 refactoring #619

Draft
wants to merge 72 commits into
base: main
Choose a base branch
from
Draft

Kubero V3 refactoring #619

wants to merge 72 commits into from
+24,233 −120

Conversation

mms-gianni
Copy link
Member

@mms-gianni mms-gianni commented Jan 31, 2025
edited
Loading

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Template (non-breaking change which adds a template)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • I've built the image and tested it on a kubernetes cluster

Test Configuration:

  • Operator Version:
  • Kubernetes Version:
  • Kubero CLI Version (if applicable):

Checklist:

  • I removed unnecessary debug logs
  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I documented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings

Sorry, something went wrong.

@mms-gianni
init kubero v3 refactoring
Loading
Loading status checks…
18e7ce3
@mms-gianni mms-gianni marked this pull request as draft January 31, 2025 13:34
@mms-gianni
Update package.json and main.ts to use port 2000 for compatibility w…
Loading
Loading status checks…
e0a84d3 
…ith kubero v2.
@mms-gianni
serve static client
Loading
Loading status checks…
5ba11dd
@mms-gianni
add and start a websocket
Loading
Loading status checks…
b567546
@mms-gianni
(WIP) add initial auth function
ba31b7e
@mms-gianni
Merge pull request #621 from kubero-dev/refactoring/add-authentication

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
fe1c146 
(WIP) add initial auth function
@mms-gianni
(WIP) add basic swagger config
Loading
Loading status checks…
9a69d4b
@mms-gianni
add swagger Server and Auth
Loading
Loading status checks…
af26235
@mms-gianni
add basic routes
Loading
Loading status checks…
7570649
@mms-gianni
add basic modules
Loading
Loading status checks…
6f413c1
@mms-gianni
init settings module
Loading
Loading status checks…
613d81a
@mms-gianni mms-gianni self-assigned this Feb 3, 2025
@mms-gianni mms-gianni added the in progress working on it label Feb 3, 2025
@mms-gianni mms-gianni linked an issue Feb 3, 2025 that may be closed by this pull request
Announcing Kubero v3 (Refactoring) #623
Open
@mms-gianni
WIP settings module
Loading
Loading status checks…
d27cc36
@mms-gianni
mark migrated types
Loading
Loading status checks…
0d61eae
@mms-gianni
migrate templates, pipeline, apps and kubectl
Loading
Loading status checks…
87fad09
@mms-gianni
improve logging, connect to kubernetes
Loading
Loading status checks…
ba268f8
@mms-gianni
make settings readable
Loading
Loading status checks…
a3a2a29
@mms-gianni
Copy link
Member Author

Progress

image

@mms-gianni
add some settings endpoints
Loading
Loading status checks…
7486575
@mms-gianni
make kubernetes a global module
Loading
Loading status checks…
f7b8693
@mms-gianni
add Addons and Pipeline
Loading
Loading status checks…
c51876e
@mms-gianni
Migrate templates
Loading
Loading status checks…
bbde7be
@mms-gianni
Migrate templates
Loading
Loading status checks…
5e57db1
@mms-gianni
migrate activy view
Loading
Loading status checks…
0b5bf42
@mms-gianni
migrated pipeline form
Loading
Loading status checks…
92ab455
@mms-gianni
migrated notifications and pipelines partialy
Loading
Loading status checks…
f52b808
@mms-gianni
migrated app overview
Loading
Loading status checks…
46fac46
@mms-gianni
Migrate build Jobs
Loading
Loading status checks…
1008ac2
mms-gianni and others added 17 commits February 14, 2025 14:30
@mms-gianni @github-advanced-security
Potential fix for code scanning alert no. 205: Uncontrolled data used…

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
75f71dc 
… in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@mms-gianni
Migrate Metrics
d1b27fc
@mms-gianni
Merge branch 'main-refactored' of github.com:kubero-dev/kubero into m…
Loading
Loading status checks…
aea52ff 
…ain-refactored
@mms-gianni
Migrate auth page
Loading
Loading status checks…
6dfdcef
@mms-gianni
migrate to JWT based authentication
2568c76
@mms-gianni
Migrate to JWT Authentication
Loading
Loading status checks…
908ac4f
@mms-gianni
show error with wrong credentials
Loading
Loading status checks…
fe8199d
@mms-gianni
migrate github authentication
Loading
Loading status checks…
b668fdf
@mms-gianni
rename settings to config
Loading
Loading status checks…
f575299
@mms-gianni
load auth methods dynamicöy
Loading
Loading status checks…
0eb349e
@mms-gianni
Migrate setup
Loading
Loading status checks…
26e69c0
@mms-gianni
add anonymous strategy
Loading
Loading status checks…
826fda0
@mms-gianni
add auth methods
Loading
Loading status checks…
9b99b3c
@mms-gianni
make authentication optional
Loading
Loading status checks…
b3ecd8d
@mms-gianni
some cleanup
Loading
Loading status checks…
87b182d
@mms-gianni
some more cleanup
Loading
Loading status checks…
e764a09
@mms-gianni
Use ENV var for user access
Loading
Loading status checks…
270256c
@mms-gianni
linting
Loading
Loading status checks…
8e5bdae
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 24, 2025
View reviewed changes
server-refactored-v3/src/auth/auth.service.ts

const password = crypto
.createHmac('sha256', process.env.KUBERO_SESSION_KEY)
.update(pass)

Check failure

Code scanning / CodeQL

Use of password hash with insufficient computational effort High

Password from
an access to password
Loading
is hashed insecurely.
Password from
an access to password
Loading
is hashed insecurely.
Password from
an access to password
Loading
is hashed insecurely.

Copilot Autofix AI about 11 hours ago

To fix the problem, we need to replace the current password hashing method with a more secure one, such as bcrypt. This will involve:

  1. Importing the bcrypt library.
  2. Updating the validateUser method to use bcrypt for password comparison.
  3. Ensuring that the bcrypt library is installed as a dependency.
Suggested changeset 1
server-refactored-v3/src/auth/auth.service.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server-refactored-v3/src/auth/auth.service.ts b/server-refactored-v3/src/auth/auth.service.ts
--- a/server-refactored-v3/src/auth/auth.service.ts
+++ b/server-refactored-v3/src/auth/auth.service.ts
@@ -13,3 +13,3 @@
 import { JwtService } from '@nestjs/jwt';
-import * as crypto from 'crypto';
+import * as bcrypt from 'bcrypt';
 
@@ -36,7 +36,4 @@
 
-      const password = crypto
-        .createHmac('sha256', process.env.KUBERO_SESSION_KEY)
-        .update(pass)
-        .digest('hex');
-      if (user.password === password) {
+      const passwordMatch = await bcrypt.compare(pass, user.password);
+      if (passwordMatch) {
         const { password, ...result } = user;
EOF
@@ -13,3 +13,3 @@
import { JwtService } from '@nestjs/jwt';
import * as crypto from 'crypto';
import * as bcrypt from 'bcrypt';

@@ -36,7 +36,4 @@

const password = crypto
.createHmac('sha256', process.env.KUBERO_SESSION_KEY)
.update(pass)
.digest('hex');
if (user.password === password) {
const passwordMatch = await bcrypt.compare(pass, user.password);
if (passwordMatch) {
const { password, ...result } = user;
Copilot is powered by AI and may make mistakes. Always verify output.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.
server-refactored-v3/src/users/users.service.ts
);
password = crypto
.createHmac('sha256', process.env.KUBERO_SESSION_KEY)
.update(password)

Check failure

Code scanning / CodeQL

Use of password hash with insufficient computational effort High

Password from
an access to password
Loading
is hashed insecurely.
Password from
an access to password
Loading
is hashed insecurely.

Copilot Autofix AI 24 days ago

To fix the problem, we should replace the use of crypto.createHmac('sha256', ...) with a more secure password hashing scheme such as bcrypt. This will ensure that the password hashing process requires significant computational effort, making it more resistant to brute-force attacks.

The best way to fix the problem without changing existing functionality is to use the bcrypt library to hash the passwords. We will need to import the bcrypt library, update the password hashing logic to use bcrypt.hashSync, and ensure that the salt is properly generated and used.

Suggested changeset 1
server-refactored-v3/src/users/users.service.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server-refactored-v3/src/users/users.service.ts b/server-refactored-v3/src/users/users.service.ts
--- a/server-refactored-v3/src/users/users.service.ts
+++ b/server-refactored-v3/src/users/users.service.ts
@@ -3,3 +3,3 @@
 dotenv.config();
-import * as crypto from 'crypto';
+import * as bcrypt from 'bcrypt';
 
@@ -45,6 +45,4 @@
           );
-          password = crypto
-            .createHmac('sha256', process.env.KUBERO_SESSION_KEY)
-            .update(password)
-            .digest('hex');
+          const saltRounds = 10;
+          password = bcrypt.hashSync(password, saltRounds);
         }
EOF
@@ -3,3 +3,3 @@
dotenv.config();
import * as crypto from 'crypto';
import * as bcrypt from 'bcrypt';

@@ -45,6 +45,4 @@
);
password = crypto
.createHmac('sha256', process.env.KUBERO_SESSION_KEY)
.update(password)
.digest('hex');
const saltRounds = 10;
password = bcrypt.hashSync(password, saltRounds);
}
Copilot is powered by AI and may make mistakes. Always verify output.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.
@mms-gianni
fix docker image build
Loading
Loading status checks…
838040c
@mms-gianni
remove ENV helper
Loading
Loading status checks…
332c35e
@mms-gianni
add config route
Loading
Loading status checks…
a9c7378
@mms-gianni
Merge branch 'main' into main-refactored
fd3af7f
@mms-gianni
merge version 2.4.7 into v3.0.0
Loading
Loading status checks…
928a93c
@mms-gianni
fix plugin object
Loading
Loading status checks…
dc56935
@mms-gianni
fix kubero UI version
Loading
Loading status checks…
1e4b72d
@mms-gianni
fix version loading
Loading
Loading status checks…
ea15fb4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mms-gianni mms-gianni

Labels
in progress working on it
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Announcing Kubero v3 (Refactoring)
1 participant
@mms-gianni