[BACK-43] jellyfish updates based on reuse of legacy _id for migration

lib/misc.js

@@ -1,15 +1,15 @@
 /*
  * == BSD2 LICENSE ==
  * Copyright (c) 2014, Tidepool Project
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the associated License, which is identical to the BSD 2-Clause
  * License as published by the Open Source Initiative at opensource.org.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE. See the License for more details.
- * 
+ *
  * You should have received a copy of the License along with this program; if
  * not, you can obtain one from Tidepool Project at tidepool.org.
  * == BSD2 LICENSE ==
@@ -18,7 +18,7 @@
 'use strict';
 
 var crypto = require('crypto');
-
+var fs = require('fs');
 var amoeba = require('amoeba');
 var base32hex = amoeba.base32hex;
 var except = amoeba.except;
@@ -45,7 +45,7 @@ var except = amoeba.except;
  * @param fields an array of values to be concatenated together into a unique string
  * @returns {string} the base32 encoded hash of the delimited-concatenation of the provided fields (also known as a "unique" id)
  */
-exports.generateId = function(fields) {
+exports.generateId = function (fields) {
   var hasher = crypto.createHash('sha1');
 
   for (var i = 0; i < fields.length; ++i) {
@@ -65,3 +65,35 @@ exports.generateId = function(fields) {
   return base32hex.encodeBuffer(hasher.digest(), { paddingChar: '-' });
 };
 
+exports.encryptArrayToFile = function (dataArray, filePath, env, serverSecret) {
+  var iv = `${env}-environment`.substring(0, 16);
+  var key = serverSecret.substring(0, 32);
+  var algorithm = 'aes-256-cbc';
+
+  var encryptedArray = dataArray.map((item) => {
+    var cipher = crypto.createCipheriv(algorithm, key, iv);
+    let encrypted = cipher.update(item, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    return encrypted;
+  });
+  fs.writeFileSync(filePath, JSON.stringify(encryptedArray));
+};
+
+exports.decryptArrayFromFile = function (filePath, env, serverSecret) {
+  if (!fs.existsSync(filePath)) {
+    throw new Error(`Missing required file ${filePath}`);
+  }
+  var iv = `${env}-environment`.substring(0, 16);
+  var key = serverSecret.substring(0, 32);
+  var algorithm = 'aes-256-cbc';
+  var encryptedArray = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+
+  var decryptedArray = encryptedArray.map((item) => {
+    var decipher = crypto.createDecipheriv(algorithm, key, iv);
+    let decrypted = decipher.update(item, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+  });
+
+  return decryptedArray;
+};

lib/schema/qa3_user_ids.json

@@ -0,0 +1 @@
+[]

lib/schema/schemaEnv.js

@@ -18,7 +18,19 @@
 'use strict';
 
 var config = require('amoeba').config;
-var schema = require('./schema.js');
+var misc = require('../misc.js');
+
+function loadEnvironmentUserIds() {
+  const environment = config.fromEnvironment('POD_NAMESPACE', 'local');
+  const serverSecret = config.fromEnvironment('TIDEPOOL_SERVER_SECRET');
+  const environmentUserIdsFile = `${__dirname}/../${environment}_user_ids.json`;
+
+  return misc.decryptArrayFromFile(
+    environmentUserIdsFile,
+    environment,
+    serverSecret
+  );
+}
 
 module.exports = (function () {
   var schemaEnv = {};
@@ -32,14 +44,6 @@ module.exports = (function () {
 
   schemaEnv.authRealm = config.fromEnvironment('KEYCLOAK_AUTH_REALM', null);
   schemaEnv.authUrl = config.fromEnvironment('KEYCLOAK_AUTH_URL', null);
-  var usersStr = config.fromEnvironment('UPLOADER_PLATFORM_USER_IDS', null);
-  var platformUsers = [];
-  if (usersStr) {
-    platformUsers = usersStr
-      .split(',')
-      .map((item) => item.toLowerCase().trim());
-  }
-  schemaEnv.platformUserIds = platformUsers;
-
+  schemaEnv.platformUserIds = loadEnvironmentUserIds();
   return schemaEnv;
 })();