Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token-storing off-server magic vault thing #529

Closed
Undo1 opened this issue Nov 15, 2018 · 7 comments
Closed

Token-storing off-server magic vault thing #529

Undo1 opened this issue Nov 15, 2018 · 7 comments
Labels
area: infrastructure Servers, software, versions, deployments, all of the Stuff that is teward's purview as sysadmin. type: feature request Requests for a new feature.

Comments

@Undo1
Copy link
Member

Undo1 commented Nov 15, 2018

Details to come. @Undo1 write some stuff here in the morning.
@ArtOfCode-
Copy link
Member

I've been vaguely thinking about this. The root of the problem here is that any such system will rely on having a data store/environment that you can insert to, but that you cannot retrieve from. I can't think of any of those off the top of my head.

@thesecretmaster
Copy link
Member

The idea was a lambda + dynamodb IIRC

@Undo1
Copy link
Member Author

Undo1 commented Nov 19, 2018

Whoever runs it will probably be able to access them, but the benefit from moving tokens over would be a much-reduced attack surface. It'd be only a few web routes, no DB access from metasmoke (so no attack surface for database dumps), no automatic deploys, etc. No way for even MS deployers to ever get access, so definitely no way for attackers to get it.

tl;dr - u.api_token is pretty easy for anyone with even a bit of access to run. This wouldn't be.

@ArtOfCode-
Copy link
Member

If whoever's hosting will probably still be able to access them, that makes it significantly easier. Two options come to mind:

  • Lambda + DynamoDB
  • YAUWS (Yet Another Unstable Web Service)

Guess which one's probably the sensible option :)

@ArtOfCode- ArtOfCode- added type: feature request Requests for a new feature. area: infrastructure Servers, software, versions, deployments, all of the Stuff that is teward's purview as sysadmin. labels Nov 27, 2018
@thesecretmaster
Copy link
Member

thesecretmaster commented Nov 28, 2018
edited

I've built a little thing for this. It's got three routes:

  1. /auth, does SE oauth and stores token
  2. /auth/complete, also a part of SE oauth
  3. POST /autoflag, keyed, MS uses this to cast flags (returns the same as the api). Needs account_id, comment, flag_option_id, post_id, post_type, site
  4. GET /autoflag/options, keyed, MS uses this to get flag options (returns the same as the api). Needs account_id, site, post_id, post_type.

I also wasn't sure if we used no_expiry tokens or not, so the ones for this beta do expire.

Beta instance up here: https://btmi925fb2.execute-api.us-east-1.amazonaws.com/default

@Undo1
Copy link
Member Author

Undo1 commented Nov 28, 2018

Wow, that was fast @thesecretmaster. We do use no_expiry (

metasmoke/app/helpers/authentication_helper.rb

Line 11 in 131d242

auth_url('write_access,no_expiry', config['redirect_uri'])
), it makes managing things easier.

@thesecretmaster
Copy link
Member

@Undo1 Do we want to just move over, or think of a neat gradual moving procedure?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: infrastructure Servers, software, versions, deployments, all of the Stuff that is teward's purview as sysadmin. type: feature request Requests for a new feature.
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Undo1 @ArtOfCode- @thesecretmaster