-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement Activity State Filtering and JavaScript Integration (#5993)
* Add secret scripting integration for JavaScript Introduced a new `Elsa.Secrets.Scripting` module that provides secret management capabilities within JavaScript workflows. This includes configuring the Jint engine to use workflow variables, adding new type and variable definition providers, and integrating with existing secret management features. * Refactor secret name extraction to a separate method Moved the logic for extracting secret names from the main method to a dedicated private method `GetSecretNamesFromExpression`. This improves code readability and maintains the single responsibility principle by delegating secret name extraction to its own method. * Add input evaluation, sensitive input handling, and middleware refactor Introduced methods for evaluating activity input properties and handling inputs marked as sensitive. Refactored `ExecutionLogMiddleware` constructor for consistency. Enhanced `SendHttpRequestBase` to mark authorization inputs as potentially containing secrets. Removed obsolete entries and adjusted persistence logic for clarity. * Refactor IActivityStateProtector interface Remove unused using directives and unnecessary comments. Simplify the definition of the `ProtectedActivityStateContext` record. * Add activity state filtering mechanism Introduce an abstract filter base class, context, and result models to enable filtering of activity state. Implement a default filter manager to run these filters and apply a specific filter for obfuscating HTTP request headers. Update necessary dependencies and extension methods to integrate the new filtering functionality. * Add expired secrets management Implemented services to manage expired secrets by periodically checking and updating their status. Introduced a new hosted service to perform the sweep and configurable options for the sweep interval. Updated related classes and configurations accordingly. * Update SweepInterval in appsettings.json Changed the Secrets Management SweepInterval from 30 seconds to 4 hours. This adjustment aims to reduce the frequency of sweep operations and improve overall system performance. * Update comment to reflect configuring engine with secrets The comment was changed to better describe the handler's function, specifying that it configures the Jint engine with secrets instead of workflow variables. This clarifies the purpose and usage of the handler in the context of the code. * Remove unused inputDescriptors variable This commit removes the inputDescriptors variable, which was declared but never used in DefaultActivityExecutionMapper.cs. This helps in cleaning up the code and potentially reducing memory usage. Ensuring that all declared variables are utilized can improve code readability and maintainability.
- Loading branch information
1 parent
12f947c
commit bbedd61
Showing
48 changed files
with
656 additions
and
179 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
30 changes: 30 additions & 0 deletions
30
src/apps/Elsa.Server.Web/Filters/HttpRequestAuthenticationHeaderFilter.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
using Elsa.Http; | ||
using Elsa.Workflows; | ||
using JetBrains.Annotations; | ||
|
||
namespace Elsa.Server.Web.Filters; | ||
|
||
/// <summary> | ||
/// Mask the value of the input if it is a HttpRequest and the input name is "Authorization". | ||
/// </summary> | ||
[UsedImplicitly] | ||
public class HttpRequestAuthenticationHeaderFilter : ActivityStateFilterBase | ||
{ | ||
protected override ActivityStateFilterResult OnExecute(ActivityStateFilterContext context) | ||
{ | ||
var activityExecutionContext = context.ActivityExecutionContext; | ||
var activity = activityExecutionContext.Activity; | ||
var inputDescriptor = context.InputDescriptor; | ||
|
||
if (activity is not SendHttpRequestBase || inputDescriptor.Name is not nameof(SendHttpRequestBase.Authorization)) | ||
return ActivityStateFilterResult.Pass(); | ||
|
||
var contextValue = context.Value.GetString(); | ||
|
||
if (contextValue == null) | ||
return ActivityStateFilterResult.Pass(); | ||
|
||
var maskedValue = new string('*', contextValue.Length); | ||
return Filtered(maskedValue); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -173,6 +173,11 @@ | |
} | ||
] | ||
}, | ||
"Secrets": { | ||
"Management": { | ||
"SweepInterval": "04:00:00" | ||
} | ||
}, | ||
"Agents": { | ||
"ApiKeys": [ | ||
{ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 6 additions & 0 deletions
6
src/modules/Elsa.Secrets.Management/Contracts/IExpiredSecretsUpdater.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
namespace Elsa.Secrets.Management; | ||
|
||
public interface IExpiredSecretsUpdater | ||
{ | ||
Task UpdateExpiredSecretsAsync(CancellationToken cancellationToken = default); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
54 changes: 54 additions & 0 deletions
54
src/modules/Elsa.Secrets.Management/HostedService/ExpiredSecretsHostedService.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
using JetBrains.Annotations; | ||
using Medallion.Threading; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using Microsoft.Extensions.Hosting; | ||
using Microsoft.Extensions.Logging; | ||
using Microsoft.Extensions.Options; | ||
|
||
namespace Elsa.Secrets.Management.HostedService; | ||
|
||
[UsedImplicitly] | ||
public class ExpiredSecretsHostedService(IOptions<SecretManagementOptions> options, IDistributedLockProvider distributedLockProvider, IServiceScopeFactory scopeFactory, ILogger<ExpiredSecretsHostedService> logger) : BackgroundService | ||
{ | ||
private Timer _timer = default!; | ||
|
||
protected override Task ExecuteAsync(CancellationToken stoppingToken) | ||
{ | ||
// Get the configured sweep interval from the options, and use it to periodically sweep expired secrets. | ||
var sweepInterval = options.Value.SweepInterval; | ||
|
||
// Set up a timer that will sweep expired secrets at the configured interval. | ||
_timer = new Timer(SweepExpiredSecrets, null, sweepInterval, sweepInterval); | ||
|
||
return Task.CompletedTask; | ||
} | ||
|
||
public override Task StopAsync(CancellationToken cancellationToken) | ||
{ | ||
_timer.Change(Timeout.Infinite, 0); | ||
_timer.Dispose(); | ||
return base.StopAsync(cancellationToken); | ||
} | ||
|
||
private async void SweepExpiredSecrets(object? state) | ||
{ | ||
// Acquire a distributed lock to ensure that only one instance of the hosted service is running at any given time. | ||
await using var distributedLock = await distributedLockProvider.TryAcquireLockAsync("expired-secrets-sweep"); | ||
|
||
// If the lock could not be acquired, return a completed task. | ||
if (distributedLock == null) | ||
{ | ||
logger.LogInformation("Another instance of the expired secrets hosted service is already running. Exiting..."); | ||
return; | ||
} | ||
|
||
// Sweep expired secrets here. | ||
logger.LogInformation("Sweeping expired secrets..."); | ||
|
||
using var scope = scopeFactory.CreateScope(); | ||
var updater = scope.ServiceProvider.GetRequiredService<IExpiredSecretsUpdater>(); | ||
await updater.UpdateExpiredSecretsAsync(); | ||
|
||
logger.LogInformation("Expired secrets have been swept."); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
src/modules/Elsa.Secrets.Management/Options/SecretManagementOptions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
namespace Elsa.Secrets.Management; | ||
|
||
public class SecretManagementOptions | ||
{ | ||
/// <summary> | ||
/// The interval at which the background sweep should run for expired secrets. | ||
/// </summary> | ||
public TimeSpan SweepInterval { get; set; } = TimeSpan.FromHours(12); | ||
} |
10 changes: 0 additions & 10 deletions
10
src/modules/Elsa.Secrets.Management/Options/StoreEncryptionKeyProviderOptions.cs
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.