fix(opnsense): switch secrets to api-key key and secret for easier understanding (#3744)

2025-08-08 17:53:03 +02:00
parent 4a07b3f866
commit 7f474683a5
6 changed files with 70 additions and 4 deletions
--- a/packages/db/migrations/custom/0001_opnsense_credentials.ts
+++ b/packages/db/migrations/custom/0001_opnsense_credentials.ts
@@ -0,0 +1,52 @@
+import type { Database } from "../..";
+import { and, eq } from "../..";
+import { integrationSecrets } from "../../schema";
+
+/**
+ * Previously the credentials for OPNsense were stored as username and password.
+ * However it should have been the api key and secret.
+ * For more information see:
+ * https://docs.opnsense.org/development/how-tos/api.html#creating-keys
+ */
+export async function migrateOpnsenseCredentialsAsync(db: Database) {
+  const existingIntegrations = await db.query.integrations.findMany({
+    where: (table, { eq }) => eq(table.kind, "opnsense"),
+    with: {
+      secrets: true,
+    },
+  });
+
+  await Promise.all(
+    existingIntegrations.map(async (integration) => {
+      const username = integration.secrets.find((secret) => secret.kind === "username");
+      if (!username) return;
+      await db
+        .update(integrationSecrets)
+        .set({
+          kind: "opnsenseApiKey",
+        })
+        .where(
+          and(eq(integrationSecrets.integrationId, username.integrationId), eq(integrationSecrets.kind, "username")),
+        );
+    }),
+  );
+
+  await Promise.all(
+    existingIntegrations.map(async (integration) => {
+      const password = integration.secrets.find((secret) => secret.kind === "password");
+      if (!password) return;
+      await db
+        .update(integrationSecrets)
+        .set({
+          kind: "opnsenseApiSecret",
+        })
+        .where(
+          and(eq(integrationSecrets.integrationId, password.integrationId), eq(integrationSecrets.kind, "password")),
+        );
+    }),
+  );
+
+  if (existingIntegrations.length > 0) {
+    console.log(`Migrated OPNsense credentials count="${existingIntegrations.length}"`);
+  }
+}
--- a/packages/db/migrations/custom/index.ts
+++ b/packages/db/migrations/custom/index.ts
@@ -1,6 +1,8 @@
 import type { Database } from "../..";
 import { migrateReleaseWidgetProviderToOptionsAsync } from "./0000_release_widget_provider_to_options";
+import { migrateOpnsenseCredentialsAsync } from "./0001_opnsense_credentials";

 export const applyCustomMigrationsAsync = async (db: Database) => {
  await migrateReleaseWidgetProviderToOptionsAsync(db);
+  await migrateOpnsenseCredentialsAsync(db);
 };