fix: encrypt decrypt

apps/api/prisma/seed.js

@@ -105,12 +105,8 @@ async function reEncryptSecrets() {
 	if (version) {
 		backupfile = `/app/db/prod.db_${version}_${date}`;
 	}
-	console.log(`Backup database to ${backupfile}.`);
-	await execaCommand(`cp /app/db/prod.db ${backupfile}`, { shell: true });
-	await execaCommand('env | grep COOLIFY > .env', { shell: true });
 	const secretOld = process.env['COOLIFY_SECRET_KEY'];
 	let secretNew = process.env['COOLIFY_SECRET_KEY_BETTER'];
-
 	if (!secretNew) {
 		console.log('No COOLIFY_SECRET_KEY_BETTER found... Generating new one...');
 		const { stdout: newKey } = await execaCommand(
@@ -120,6 +116,8 @@ async function reEncryptSecrets() {
 		secretNew = newKey;
 	}
 	if (secretOld !== secretNew) {
+		console.log(`Backup database to ${backupfile}.`);
+		await execaCommand(`cp /app/db/prod.db ${backupfile}`, { shell: true });
 		console.log(
 			'Secrets (COOLIFY_SECRET_KEY & COOLIFY_SECRET_KEY_BETTER) are different, so re-encrypting everything...'
 		);
@@ -132,11 +130,11 @@ async function reEncryptSecrets() {
 		await execaCommand(`echo "COOLIFY_SECRET_KEY_OLD_${date}=${secretOld}" >> .env`, {
 			shell: true
 		});
-
 		const transactions = [];
 		const secrets = await prisma.secret.findMany();
 		if (secrets.length > 0) {
 			for (const secret of secrets) {
+				try {
 					const value = decrypt(secret.value, secretOld);
 					const newValue = encrypt(value, secretNew);
 					transactions.push(
@@ -145,11 +143,15 @@ async function reEncryptSecrets() {
 							data: { value: newValue }
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const serviceSecrets = await prisma.serviceSecret.findMany();
 		if (serviceSecrets.length > 0) {
 			for (const secret of serviceSecrets) {
+				try {
 					const value = decrypt(secret.value, secretOld);
 					const newValue = encrypt(value, secretNew);
 					transactions.push(
@@ -158,11 +160,15 @@ async function reEncryptSecrets() {
 							data: { value: newValue }
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const gitlabApps = await prisma.gitlabApp.findMany();
 		if (gitlabApps.length > 0) {
 			for (const gitlabApp of gitlabApps) {
+				try {
 					const value = decrypt(gitlabApp.privateSshKey, secretOld);
 					const newValue = encrypt(value, secretNew);
 					const appSecret = decrypt(gitlabApp.appSecret, secretOld);
@@ -173,11 +179,15 @@ async function reEncryptSecrets() {
 							data: { privateSshKey: newValue, appSecret: newAppSecret }
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const githubApps = await prisma.githubApp.findMany();
 		if (githubApps.length > 0) {
 			for (const githubApp of githubApps) {
+				try {
 					const clientSecret = decrypt(githubApp.clientSecret, secretOld);
 					const newClientSecret = encrypt(clientSecret, secretNew);
 					const webhookSecret = decrypt(githubApp.webhookSecret, secretOld);
@@ -195,11 +205,15 @@ async function reEncryptSecrets() {
 							}
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const databases = await prisma.database.findMany();
 		if (databases.length > 0) {
 			for (const database of databases) {
+				try {
 					const dbUserPassword = decrypt(database.dbUserPassword, secretOld);
 					const newDbUserPassword = encrypt(dbUserPassword, secretNew);
 					const rootUserPassword = decrypt(database.rootUserPassword, secretOld);
@@ -213,11 +227,15 @@ async function reEncryptSecrets() {
 							}
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const databaseSecrets = await prisma.databaseSecret.findMany();
 		if (databaseSecrets.length > 0) {
 			for (const databaseSecret of databaseSecrets) {
+				try {
 					const value = decrypt(databaseSecret.value, secretOld);
 					const newValue = encrypt(value, secretNew);
 					transactions.push(
@@ -226,11 +244,15 @@ async function reEncryptSecrets() {
 							data: { value: newValue }
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const wordpresses = await prisma.wordpress.findMany();
 		if (wordpresses.length > 0) {
 			for (const wordpress of wordpresses) {
+				try {
 					const value = decrypt(wordpress.ftpHostKey, secretOld);
 					const newValue = encrypt(value, secretNew);
 					const ftpHostKeyPrivate = decrypt(wordpress.ftpHostKeyPrivate, secretOld);
@@ -251,11 +273,15 @@ async function reEncryptSecrets() {
 							}
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const sshKeys = await prisma.sshKey.findMany();
 		if (sshKeys.length > 0) {
 			for (const key of sshKeys) {
+				try {
 					const value = decrypt(key.privateKey, secretOld);
 					const newValue = encrypt(value, secretNew);
 					transactions.push(
@@ -266,11 +292,15 @@ async function reEncryptSecrets() {
 							}
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const dockerRegistries = await prisma.dockerRegistry.findMany();
 		if (dockerRegistries.length > 0) {
 			for (const registry of dockerRegistries) {
+				try {
 					const value = decrypt(registry.password, secretOld);
 					const newValue = encrypt(value, secretNew);
 					transactions.push(
@@ -281,11 +311,15 @@ async function reEncryptSecrets() {
 							}
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		const certificates = await prisma.certificate.findMany();
 		if (certificates.length > 0) {
 			for (const certificate of certificates) {
+				try {
 					const value = decrypt(certificate.key, secretOld);
 					const newValue = encrypt(value, secretNew);
 					transactions.push(
@@ -296,6 +330,9 @@ async function reEncryptSecrets() {
 							}
 						})
 					);
+				} catch (e) {
+					console.log(e);
+				}
 			}
 		}
 		await prisma.$transaction(transactions);
@@ -317,29 +354,27 @@ const encrypt = (text, secret) => {
 };
 const decrypt = (hashString, secret) => {
 	if (hashString && secret) {
-		try {
 		const hash = JSON.parse(hashString);
 		const decipher = crypto.createDecipheriv(algorithm, secret, Buffer.from(hash.iv, 'hex'));
 		const decrpyted = Buffer.concat([
 			decipher.update(Buffer.from(hash.content, 'hex')),
 			decipher.final()
 		]);
-			return decrpyted.toString();
+		if (/<2F>/.test(decrpyted.toString())) {
-		} catch (error) {
+			throw new Error('Invalid secret. Skipping...');
-			console.log({ decryptionError: error.message });
-			return hashString;
 		}
+		return decrpyted.toString();
 	}
 };
 
-// main()
+main()
-// 	.catch((e) => {
+	.catch((e) => {
-// 		console.error(e);
+		console.error(e);
-// 		process.exit(1);
+		process.exit(1);
-// 	})
+	})
-// 	.finally(async () => {
+	.finally(async () => {
-// 		await prisma.$disconnect();
+		await prisma.$disconnect();
-// 	});
+	});
 reEncryptSecrets()
 	.catch((e) => {
 		console.error(e);

apps/api/src/index.ts

@@ -412,7 +412,7 @@ async function autoUpdater() {
 							await executeCommand({ command: `docker pull ${image}` });
 						}
 
-						await executeCommand({ shell: true, command: `ls .env || env | grep COOLIFY > .env` });
+						await executeCommand({ shell: true, command: `ls .env || env | grep "^COOLIFY" | sort > .env` });
 						await executeCommand({
 							command: `sed -i '/COOLIFY_AUTO_UPDATE=/cCOOLIFY_AUTO_UPDATE=${isAutoUpdateEnabled}' .env`
 						});

apps/api/src/routes/api/v1/handlers.ts

@@ -162,7 +162,7 @@ export async function update(request: FastifyRequest<Update>) {
 				await executeCommand({ command: `docker pull ${image}` });
 			}
 
-			await executeCommand({ shell: true, command: `ls .env || env | grep COOLIFY > .env` });
+			await executeCommand({ shell: true, command: `ls .env || env | grep "^COOLIFY" | sort > .env` });
 			await executeCommand({
 				command: `sed -i '/COOLIFY_AUTO_UPDATE=/cCOOLIFY_AUTO_UPDATE=${isAutoUpdateEnabled}' .env`
 			});