From 7c4c41d24387b8807aa899d5bea062189cfea90a Mon Sep 17 00:00:00 2001
From: Cabecinha84 <valter.cabecinha@gmail.com>
Date: Tue, 14 Jan 2025 12:31:53 +0000
Subject: [PATCH] update checkAppSecrets

---
 ZelBack/src/services/appsService.js     | 26 +++++++++++++++++++------
 ZelBack/src/services/explorerService.js |  2 ++
 ZelBack/src/services/serviceManager.js  |  2 ++
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/ZelBack/src/services/appsService.js b/ZelBack/src/services/appsService.js
index 97482f627..a74728080 100644
--- a/ZelBack/src/services/appsService.js
+++ b/ZelBack/src/services/appsService.js
@@ -4869,10 +4869,11 @@ async function getUserBlockedRepositores() {
 /**
  * Check secrets, if they are being used return exception
  * @param {string} appName App name.
- * @param {object} appSpecs App specifications.
+ * @param {object} appComponentSpecs App specifications.
+ * @param {string} appOwner owner Id of the app.
  * @param {boolean} registration informs if it's an app registration or not.
  */
-async function checkAppSecrets(appName, appComponentSpecs, registration = false) {
+async function checkAppSecrets(appName, appComponentSpecs, appOwner, registration = false) {
   const db = dbHelper.databaseConnection();
   const database = db.db(config.database.appsglobal.database);
   const query = {};
@@ -4900,6 +4901,19 @@ async function checkAppSecrets(appName, appComponentSpecs, registration = false)
   if (!registration && foundSecretsWithDifferentAppName && !foundSecretsWithSameAppName) {
     throw new Error('Provided component(s) secrets are not valid');
   }
+  const appsQuery = { $and: [{ 'appSpecifications.version': 7 }, { 'appSpecifications.nodes': { $exists: true, $ne: [] } }] };
+  const permanentAppMessage = await dbHelper.findInDatabase(database, globalAppsMessages, appsQuery, projection);
+  // eslint-disable-next-line no-restricted-syntax
+  for (const message of permanentAppMessage) {
+    // eslint-disable-next-line no-restricted-syntax
+    for (const component of message.appSpecifications.compose) {
+      if (component.secrets.length > 0
+        && JSON.stringify(component.secrets.replace(/(\r\n|\n|\r)/gm, '').replace(/\\/g, '')) === JSON.stringify(appComponentSpecs.secrets.replace(/(\r\n|\n|\r)/gm, '').replace(/\\/g, ''))
+        && message.appSpecifications.appOwner !== appOwner) {
+        throw new Error(`Provided component ${component.name} secrets are not valid`);
+      }
+    }
+  }
 }
 
 /**
@@ -7342,7 +7356,7 @@ async function registerAppGlobalyApi(req, res) {
         for (const appComponent of appSpecFormatted.compose) {
           if (appComponent.secrets.length > 0) {
             // eslint-disable-next-line no-await-in-loop
-            await checkAppSecrets(appSpecFormatted.name, appComponent, true);
+            await checkAppSecrets(appSpecFormatted.name, appComponent, appSpecFormatted.owner, true);
           }
         }
       }
@@ -7474,7 +7488,7 @@ async function updateAppGlobalyApi(req, res) {
         for (const appComponent of appSpecFormatted.compose) {
           if (appComponent.secrets.length > 0) {
             // eslint-disable-next-line no-await-in-loop
-            await checkAppSecrets(appSpecFormatted.name, appComponent, false);
+            await checkAppSecrets(appSpecFormatted.name, appComponent, appSpecFormatted.owner, false);
           }
         }
       }
@@ -10630,7 +10644,7 @@ async function verifyAppRegistrationParameters(req, res) {
         for (const appComponent of appSpecFormatted.compose) {
           if (appComponent.secrets.length > 0) {
             // eslint-disable-next-line no-await-in-loop
-            await checkAppSecrets(appSpecFormatted.name, appComponent, true);
+            await checkAppSecrets(appSpecFormatted.name, appComponent, appSpecFormatted.owner, true);
           }
         }
       }
@@ -10687,7 +10701,7 @@ async function verifyAppUpdateParameters(req, res) {
         for (const appComponent of appSpecFormatted.compose) {
           if (appComponent.secrets.length > 0) {
             // eslint-disable-next-line no-await-in-loop
-            await checkAppSecrets(appSpecFormatted.name, appComponent, false);
+            await checkAppSecrets(appSpecFormatted.name, appComponent, appSpecFormatted.owner, false);
           }
         }
       }
diff --git a/ZelBack/src/services/explorerService.js b/ZelBack/src/services/explorerService.js
index 4b5b98ee7..606cf5c72 100644
--- a/ZelBack/src/services/explorerService.js
+++ b/ZelBack/src/services/explorerService.js
@@ -793,6 +793,8 @@ async function initiateBlockProcessor(restoreDatabase, deepRestore, reindexOrRes
       await databaseGlobal.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.name': 1 }, { name: 'query for getting app message based on zelapp specs name' });
       await databaseGlobal.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.owner': 1 }, { name: 'query for getting app message based on zelapp specs owner' });
       await databaseGlobal.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.repotag': 1 }, { name: 'query for getting app message based on image' });
+      await databaseGlobal.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.version': 1 }, { name: 'query for getting app message based on version' });
+      await databaseGlobal.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.nodes': 1 }, { name: 'query for getting app message based on nodes' });
       await databaseGlobal.collection(config.database.appsglobal.collections.appsInformation).createIndex({ name: 1 }, { name: 'query for getting zelapp based on zelapp specs name' });
       await databaseGlobal.collection(config.database.appsglobal.collections.appsInformation).createIndex({ owner: 1 }, { name: 'query for getting zelapp based on zelapp specs owner' });
       await databaseGlobal.collection(config.database.appsglobal.collections.appsInformation).createIndex({ repotag: 1 }, { name: 'query for getting zelapp based on image' });
diff --git a/ZelBack/src/services/serviceManager.js b/ZelBack/src/services/serviceManager.js
index b35e1fa12..a40c45f68 100644
--- a/ZelBack/src/services/serviceManager.js
+++ b/ZelBack/src/services/serviceManager.js
@@ -80,6 +80,8 @@ async function startFluxFunctions() {
     log.info('Temporary database prepared');
     log.info('Preparing Flux Apps locations');
     await databaseTemp.collection(config.database.appsglobal.collections.appsMessages).dropIndex({ hash: 1 }, { name: 'query for getting zelapp message based on hash' }).catch(() => { console.log('Welcome to FluxOS'); }); // drop old index or display message for new installations
+    await databaseTemp.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.version': 1 }, { name: 'query for getting app message based on version' });
+    await databaseTemp.collection(config.database.appsglobal.collections.appsMessages).createIndex({ 'appSpecifications.nodes': 1 }, { name: 'query for getting app message based on nodes' });
     // more than 2 hours and 5m. Meaning we have not received status message for a long time. So that node is no longer on a network or app is down.
     await databaseTemp.collection(config.database.appsglobal.collections.appsLocations).createIndex({ broadcastedAt: 1 }, { expireAfterSeconds: 7500 });
     await databaseTemp.collection(config.database.appsglobal.collections.appsLocations).createIndex({ name: 1 }, { name: 'query for getting zelapp location based on zelapp specs name' });