Snapshots: Store dashboard data encrypted in the database (#28129)

* end 2 end * fix import * refactor * introduce securedata * check err * use testify instead of convey * cleanup test * cleanup test * blob time * rename funcs

Snapshots: Store dashboard data encrypted in the database (#28129)
* end 2 end * fix import * refactor * introduce securedata * check err * use testify instead of convey * cleanup test * cleanup test * blob time * rename funcs
ef22ff73 · Will Browne · GitHub · 87d6f90a · ef22ff73 · ef22ff73
Commit ef22ff73 authored Oct 13, 2020 by Will Browne Committed by GitHub Oct 13, 2020
8 changed files
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -438,7 +438,7 @@ func (hs *HTTPServer) registerRoutes() {
 	// Snapshots
 	r.Post("/api/snapshots/", reqSnapshotPublicModeOrSignedIn, bind(models.CreateDashboardSnapshotCommand{}), CreateDashboardSnapshot)
 	r.Get("/api/snapshot/shared-options/", reqSignedIn, GetSharingOptions)
-	r.Get("/api/snapshots/:key", GetDashboardSnapshot)
+	r.Get("/api/snapshots/:key", Wrap(GetDashboardSnapshot))
 	r.Get("/api/snapshots-delete/:deleteKey", reqSnapshotPublicModeOrSignedIn, Wrap(DeleteDashboardSnapshotByDeleteKey))
 	r.Delete("/api/snapshots/:key", reqEditorRole, Wrap(DeleteDashboardSnapshot))


--- a/pkg/api/dashboard_snapshot.go
+++ b/pkg/api/dashboard_snapshot.go
@@ -86,7 +86,7 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna

 		response, err := createExternalDashboardSnapshot(cmd)
 		if err != nil {
-			c.JsonApiErr(500, "Failed to create external snaphost", err)
+			c.JsonApiErr(500, "Failed to create external snapshot", err)
 			return
 		}

@@ -123,7 +123,7 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna
 	}

 	if err := bus.Dispatch(&cmd); err != nil {
-		c.JsonApiErr(500, "Failed to create snaphost", err)
+		c.JsonApiErr(500, "Failed to create snapshot", err)
 		return
 	}

@@ -136,26 +136,29 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna
 }

 // GET /api/snapshots/:key
-func GetDashboardSnapshot(c *models.ReqContext) {
+func GetDashboardSnapshot(c *models.ReqContext) Response {
 	key := c.Params(":key")
 	query := &models.GetDashboardSnapshotQuery{Key: key}

 	err := bus.Dispatch(query)
 	if err != nil {
-		c.JsonApiErr(500, "Failed to get dashboard snapshot", err)
-		return
+		return Error(500, "Failed to get dashboard snapshot", err)
 	}

 	snapshot := query.Result

 	// expired snapshots should also be removed from db
 	if snapshot.Expires.Before(time.Now()) {
-		c.JsonApiErr(404, "Dashboard snapshot not found", err)
-		return
+		return Error(404, "Dashboard snapshot not found", err)
+	}
+
+	dashboard, err := snapshot.DashboardJSON()
+	if err != nil {
+		return Error(500, "Failed to get dashboard data for dashboard snapshot", err)
 	}

 	dto := dtos.DashboardFullWithMeta{
-		Dashboard: snapshot.Dashboard,
+		Dashboard: dashboard,
 		Meta: dtos.DashboardMeta{
 			Type:       models.DashTypeSnapshot,
 			IsSnapshot: true,
@@ -166,8 +169,7 @@ func GetDashboardSnapshot(c *models.ReqContext) {

 	metrics.MApiDashboardSnapshotGet.Inc()

-	c.Resp.Header().Set("Cache-Control", "public, max-age=3600")
-	c.JSON(200, dto)
+	return JSON(200, dto).Header("Cache-Control", "public, max-age=3600")
 }

 func deleteExternalDashboardSnapshot(externalUrl string) error {
@@ -238,7 +240,10 @@ func DeleteDashboardSnapshot(c *models.ReqContext) Response {
 	if query.Result == nil {
 		return Error(404, "Failed to get dashboard snapshot", nil)
 	}
-	dashboard := query.Result.Dashboard
+	dashboard, err := query.Result.DashboardJSON()
+	if err != nil {
+		return Error(500, "Failed to get dashboard data for dashboard snapshot", err)
+	}
 	dashboardID := dashboard.Get("id").MustInt64()

 	guardian := guardian.New(dashboardID, c.OrgId, c.SignedInUser)

--- a/pkg/api/dashboard_snapshot_test.go
+++ b/pkg/api/dashboard_snapshot_test.go
@@ -7,9 +7,12 @@ import (
 	"testing"
 	"time"

+	"github.com/grafana/grafana/pkg/components/securedata"
+
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/components/simplejson"
 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/setting"

 	. "github.com/smartystreets/goconvey/convey"
 )
@@ -198,6 +201,62 @@ func TestDashboardSnapshotApiEndpoint(t *testing.T) {
 					So(sc.resp.Code, ShouldEqual, 500)
 				})
 			})
+
+			Convey("Should be able to read a snapshot's un-encrypted data", func() {
+				loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/snapshots/12345", "/api/snapshots/:key", models.ROLE_EDITOR, func(sc *scenarioContext) {
+					sc.handlerFunc = GetDashboardSnapshot
+					sc.fakeReqWithParams("GET", sc.url, map[string]string{"key": "12345"}).exec()
+
+					So(sc.resp.Code, ShouldEqual, 200)
+					respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
+					So(err, ShouldBeNil)
+
+					dashboard := respJSON.Get("dashboard")
+					id := dashboard.Get("id")
+
+					So(id.MustInt64(), ShouldEqual, 100)
+				})
+			})
+
+			Convey("Should be able to read a snapshot's encrypted data", func() {
+				origSecret := setting.SecretKey
+				setting.SecretKey = "dashboard_snapshot_api_test"
+				t.Cleanup(func() {
+					setting.SecretKey = origSecret
+				})
+
+				dashboardId := 123
+				jsonModel, err := simplejson.NewJson([]byte(fmt.Sprintf(`{"id":%d}`, dashboardId)))
+				So(err, ShouldBeNil)
+
+				jsonModelEncoded, err := jsonModel.Encode()
+				So(err, ShouldBeNil)
+
+				encrypted, err := securedata.Encrypt(jsonModelEncoded)
+				So(err, ShouldBeNil)
+
+				// mock snapshot with encrypted dashboard info
+				mockSnapshotResult := &models.DashboardSnapshot{
+					Key:                "12345",
+					DashboardEncrypted: encrypted,
+					Expires:            time.Now().Add(time.Duration(1000) * time.Second),
+				}
+
+				bus.AddHandler("test", func(query *models.GetDashboardSnapshotQuery) error {
+					query.Result = mockSnapshotResult
+					return nil
+				})
+
+				loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/snapshots/12345", "/api/snapshots/:key", models.ROLE_EDITOR, func(sc *scenarioContext) {
+					sc.handlerFunc = GetDashboardSnapshot
+					sc.fakeReqWithParams("GET", sc.url, map[string]string{"key": "12345"}).exec()
+
+					So(sc.resp.Code, ShouldEqual, 200)
+					respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
+					So(err, ShouldBeNil)
+					So(respJSON.Get("dashboard").Get("id").MustInt64(), ShouldEqual, dashboardId)
+				})
+			})
 		})
 	})
 }
--- a/pkg/components/securedata/securedata.go
+++ b/pkg/components/securedata/securedata.go
+package securedata
+
+import (
+	"github.com/grafana/grafana/pkg/setting"
+	"github.com/grafana/grafana/pkg/util"
+)
+
+type SecureData []byte
+
+func Encrypt(data []byte) (SecureData, error) {
+	return util.Encrypt(data, setting.SecretKey)
+}
+
+func (s SecureData) Decrypt() ([]byte, error) {
+	return util.Decrypt(s, setting.SecretKey)
+}
--- a/pkg/models/dashboard_snapshot.go
+++ b/pkg/models/dashboard_snapshot.go
@@ -3,6 +3,7 @@ package models
 import (
 	"time"

+	"github.com/grafana/grafana/pkg/components/securedata"
 	"github.com/grafana/grafana/pkg/components/simplejson"
 )

@@ -23,6 +24,18 @@ type DashboardSnapshot struct {
 	Updated time.Time

 	Dashboard          *simplejson.Json
+	DashboardEncrypted securedata.SecureData
+}
+
+func (ds *DashboardSnapshot) DashboardJSON() (*simplejson.Json, error) {
+	if ds.DashboardEncrypted != nil {
+		decrypted, err := ds.DashboardEncrypted.Decrypt()
+		if err != nil {
+			return nil, err
+		}
+		return simplejson.NewJson(decrypted)
+	}
+	return ds.Dashboard, nil
 }

 // DashboardSnapshotDTO without dashboard map

--- a/pkg/services/sqlstore/dashboard_snapshot.go
+++ b/pkg/services/sqlstore/dashboard_snapshot.go
@@ -4,6 +4,8 @@ import (
 	"time"

 	"github.com/grafana/grafana/pkg/bus"
+	"github.com/grafana/grafana/pkg/components/securedata"
+	"github.com/grafana/grafana/pkg/components/simplejson"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
 )
@@ -45,6 +47,16 @@ func CreateDashboardSnapshot(cmd *models.CreateDashboardSnapshotCommand) error {
 			expires = time.Now().Add(time.Second * time.Duration(cmd.Expires))
 		}

+		marshalledData, err := cmd.Dashboard.Encode()
+		if err != nil {
+			return err
+		}
+
+		encryptedDashboard, err := securedata.Encrypt(marshalledData)
+		if err != nil {
+			return err
+		}
+
 		snapshot := &models.DashboardSnapshot{
 			Name:               cmd.Name,
 			Key:                cmd.Key,
@@ -54,13 +66,13 @@ func CreateDashboardSnapshot(cmd *models.CreateDashboardSnapshotCommand) error {
 			External:           cmd.External,
 			ExternalUrl:        cmd.ExternalUrl,
 			ExternalDeleteUrl:  cmd.ExternalDeleteUrl,
-			Dashboard:         cmd.Dashboard,
+			Dashboard:          simplejson.New(),
+			DashboardEncrypted: encryptedDashboard,
 			Expires:            expires,
 			Created:            time.Now(),
 			Updated:            time.Now(),
 		}
-
-		_, err := sess.Insert(snapshot)
+		_, err = sess.Insert(snapshot)
 		cmd.Result = snapshot

 		return err

--- a/pkg/services/sqlstore/dashboard_snapshot_test.go
+++ b/pkg/services/sqlstore/dashboard_snapshot_test.go
@@ -4,7 +4,8 @@ import (
 	"testing"
 	"time"

-	. "github.com/smartystreets/goconvey/convey"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"

 	"github.com/grafana/grafana/pkg/components/simplejson"
 	"github.com/grafana/grafana/pkg/models"
@@ -12,10 +13,15 @@ import (
 )

 func TestDashboardSnapshotDBAccess(t *testing.T) {
-	Convey("Testing DashboardSnapshot data access", t, func() {
 	InitTestDB(t)

-		Convey("Given saved snapshot", func() {
+	origSecret := setting.SecretKey
+	setting.SecretKey = "dashboard_snapshot_testing"
+	t.Cleanup(func() {
+		setting.SecretKey = origSecret
+	})
+
+	t.Run("Given saved snapshot", func(t *testing.T) {
 		cmd := models.CreateDashboardSnapshotCommand{
 			Key: "hej",
 			Dashboard: simplejson.NewFromAny(map[string]interface{}{
@@ -25,60 +31,63 @@ func TestDashboardSnapshotDBAccess(t *testing.T) {
 			OrgId:  1,
 		}
 		err := CreateDashboardSnapshot(&cmd)
-			So(err, ShouldBeNil)
+		require.NoError(t, err)

-			Convey("Should be able to get snapshot by key", func() {
+		t.Run("Should be able to get snapshot by key", func(t *testing.T) {
 			query := models.GetDashboardSnapshotQuery{Key: "hej"}
-				err = GetDashboardSnapshot(&query)
-				So(err, ShouldBeNil)
+			err := GetDashboardSnapshot(&query)
+			require.NoError(t, err)
+
+			assert.NotNil(t, query.Result)

-				So(query.Result, ShouldNotBeNil)
-				So(query.Result.Dashboard.Get("hello").MustString(), ShouldEqual, "mupp")
+			dashboard, err := query.Result.DashboardJSON()
+			require.NoError(t, err)
+			assert.Equal(t, "mupp", dashboard.Get("hello").MustString())
 		})

-			Convey("And the user has the admin role", func() {
-				Convey("Should return all the snapshots", func() {
+		t.Run("And the user has the admin role", func(t *testing.T) {
 			query := models.GetDashboardSnapshotsQuery{
 				OrgId:        1,
 				SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
 			}
 			err := SearchDashboardSnapshots(&query)
-					So(err, ShouldBeNil)
+			require.NoError(t, err)

-					So(query.Result, ShouldNotBeNil)
-					So(len(query.Result), ShouldEqual, 1)
+			t.Run("Should return all the snapshots", func(t *testing.T) {
+				assert.NotNil(t, query.Result)
+				assert.Len(t, query.Result, 1)
 			})
 		})

-			Convey("And the user has the editor role and has created a snapshot", func() {
-				Convey("Should return all the snapshots", func() {
+		t.Run("And the user has the editor role and has created a snapshot", func(t *testing.T) {
 			query := models.GetDashboardSnapshotsQuery{
 				OrgId:        1,
 				SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, UserId: 1000},
 			}
 			err := SearchDashboardSnapshots(&query)
-					So(err, ShouldBeNil)
+			require.NoError(t, err)

-					So(query.Result, ShouldNotBeNil)
-					So(len(query.Result), ShouldEqual, 1)
+			t.Run("Should return all the snapshots", func(t *testing.T) {
+				require.NotNil(t, query.Result)
+				assert.Len(t, query.Result, 1)
 			})
 		})

-			Convey("And the user has the editor role and has not created any snapshot", func() {
-				Convey("Should not return any snapshots", func() {
+		t.Run("And the user has the editor role and has not created any snapshot", func(t *testing.T) {
 			query := models.GetDashboardSnapshotsQuery{
 				OrgId:        1,
 				SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, UserId: 2},
 			}
 			err := SearchDashboardSnapshots(&query)
-					So(err, ShouldBeNil)
+			require.NoError(t, err)

-					So(query.Result, ShouldNotBeNil)
-					So(len(query.Result), ShouldEqual, 0)
+			t.Run("Should not return any snapshots", func(t *testing.T) {
+				require.NotNil(t, query.Result)
+				assert.Empty(t, query.Result)
 			})
 		})

-			Convey("And the user is anonymous", func() {
+		t.Run("And the user is anonymous", func(t *testing.T) {
 			cmd := models.CreateDashboardSnapshotCommand{
 				Key:       "strangesnapshotwithuserid0",
 				DeleteKey: "adeletekey",
@@ -89,20 +98,29 @@ func TestDashboardSnapshotDBAccess(t *testing.T) {
 				OrgId:  1,
 			}
 			err := CreateDashboardSnapshot(&cmd)
-				So(err, ShouldBeNil)
+			require.NoError(t, err)

-				Convey("Should not return any snapshots", func() {
+			t.Run("Should not return any snapshots", func(t *testing.T) {
 				query := models.GetDashboardSnapshotsQuery{
 					OrgId:        1,
 					SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, IsAnonymous: true, UserId: 0},
 				}
 				err := SearchDashboardSnapshots(&query)
-					So(err, ShouldBeNil)
+				require.NoError(t, err)

-					So(query.Result, ShouldNotBeNil)
-					So(len(query.Result), ShouldEqual, 0)
+				require.NotNil(t, query.Result)
+				assert.Empty(t, query.Result)
 			})
 		})
+
+		t.Run("Should have encrypted dashboard data", func(t *testing.T) {
+			original, err := cmd.Dashboard.Encode()
+			require.NoError(t, err)
+
+			decrypted, err := cmd.Result.DashboardEncrypted.Decrypt()
+			require.NoError(t, err)
+
+			require.Equal(t, decrypted, original)
 		})
 	})
 }
@@ -110,42 +128,42 @@ func TestDashboardSnapshotDBAccess(t *testing.T) {
 func TestDeleteExpiredSnapshots(t *testing.T) {
 	sqlstore := InitTestDB(t)

-	Convey("Testing dashboard snapshots clean up", t, func() {
+	t.Run("Testing dashboard snapshots clean up", func(t *testing.T) {
 		setting.SnapShotRemoveExpired = true

-		notExpiredsnapshot := createTestSnapshot(sqlstore, "key1", 48000)
-		createTestSnapshot(sqlstore, "key2", -1200)
-		createTestSnapshot(sqlstore, "key3", -1200)
+		nonExpiredSnapshot := createTestSnapshot(t, sqlstore, "key1", 48000)
+		createTestSnapshot(t, sqlstore, "key2", -1200)
+		createTestSnapshot(t, sqlstore, "key3", -1200)

 		err := DeleteExpiredSnapshots(&models.DeleteExpiredSnapshotsCommand{})
-		So(err, ShouldBeNil)
+		require.NoError(t, err)

 		query := models.GetDashboardSnapshotsQuery{
 			OrgId:        1,
 			SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
 		}
 		err = SearchDashboardSnapshots(&query)
-		So(err, ShouldBeNil)
+		require.NoError(t, err)

-		So(len(query.Result), ShouldEqual, 1)
-		So(query.Result[0].Key, ShouldEqual, notExpiredsnapshot.Key)
+		assert.Len(t, query.Result, 1)
+		assert.Equal(t, nonExpiredSnapshot.Key, query.Result[0].Key)

 		err = DeleteExpiredSnapshots(&models.DeleteExpiredSnapshotsCommand{})
-		So(err, ShouldBeNil)
+		require.NoError(t, err)

 		query = models.GetDashboardSnapshotsQuery{
 			OrgId:        1,
 			SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
 		}
 		err = SearchDashboardSnapshots(&query)
-		So(err, ShouldBeNil)
+		require.NoError(t, err)

-		So(len(query.Result), ShouldEqual, 1)
-		So(query.Result[0].Key, ShouldEqual, notExpiredsnapshot.Key)
+		require.Len(t, query.Result, 1)
+		require.Equal(t, nonExpiredSnapshot.Key, query.Result[0].Key)
 	})
 }

-func createTestSnapshot(sqlstore *SqlStore, key string, expires int64) *models.DashboardSnapshot {
+func createTestSnapshot(t *testing.T, sqlstore *SqlStore, key string, expires int64) *models.DashboardSnapshot {
 	cmd := models.CreateDashboardSnapshotCommand{
 		Key:       key,
 		DeleteKey: "delete" + key,
@@ -157,13 +175,13 @@ func createTestSnapshot(sqlstore *SqlStore, key string, expires int64) *models.D
 		Expires: expires,
 	}
 	err := CreateDashboardSnapshot(&cmd)
-	So(err, ShouldBeNil)
+	require.NoError(t, err)

 	// Set expiry date manually - to be able to create expired snapshots
 	if expires < 0 {
 		expireDate := time.Now().Add(time.Second * time.Duration(expires))
 		_, err = sqlstore.engine.Exec("UPDATE dashboard_snapshot SET expires = ? WHERE id = ?", expireDate, cmd.Result.Id)
-		So(err, ShouldBeNil)
+		require.NoError(t, err)
 	}

 	return cmd.Result

--- a/pkg/services/sqlstore/migrations/dashboard_snapshot_mig.go
+++ b/pkg/services/sqlstore/migrations/dashboard_snapshot_mig.go
@@ -64,4 +64,8 @@ func addDashboardSnapshotMigrations(mg *Migrator) {
 	mg.AddMigration("Add column external_delete_url to dashboard_snapshots table", NewAddColumnMigration(snapshotV5, &Column{
 		Name: "external_delete_url", Type: DB_NVarchar, Length: 255, Nullable: true,
 	}))
+
+	mg.AddMigration("Add encrypted dashboard json column", NewAddColumnMigration(snapshotV5, &Column{
+		Name: "dashboard_encrypted", Type: DB_Blob, Nullable: true,
+	}))
 }