Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Publish WASM package to enable argon2 support on CLI #691

Merged
merged 16 commits into from
Apr 15, 2024
Merged

Publish WASM package to enable argon2 support on CLI #691

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
99d5178
Expose argon2 in wasm
Hinton Mar 25, 2024
a1d80e7
Change wasm argon2 to use vec
dani-garcia Apr 1, 2024
7d15daf
Build wasm workflow
dani-garcia Apr 1, 2024
f6c6da7
Publish wasm workflow
dani-garcia Apr 1, 2024
c779c32
Merge branch 'main' into ps/argon2-publish
dani-garcia Apr 1, 2024
30881a4
Prettier
dani-garcia Apr 1, 2024
be94ec6
Fix missing files in package.json
dani-garcia Apr 1, 2024
affe24c
Apply review comments
dani-garcia Apr 2, 2024
89d6c83
Merge branch 'main' into ps/argon2-publish
dani-garcia Apr 2, 2024
38fd5a5
Remove redeploy
dani-garcia Apr 3, 2024
1a52120
Remove unused base64
dani-garcia Apr 9, 2024
4ebd280
Merge branch 'main' into ps/argon2-publish
dani-garcia Apr 9, 2024
49f9978
Switch to results
dani-garcia Apr 9, 2024
db5b055
Actually return the value
dani-garcia Apr 9, 2024
92eeea5
Merge branch 'main' into ps/argon2-publish
dani-garcia Apr 9, 2024
1ada3f5
Merge branch 'main' into ps/argon2-publish
dani-garcia Apr 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .github/workflows/build-wasm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
name: Build @bitwarden/sdk-wasm

on:
pull_request:
push:
branches:
- "main"
- "rc"
- "hotfix-rc"
workflow_dispatch:

defaults:
run:
shell: bash
working-directory: crates/bitwarden-wasm

jobs:
build:
name: Building @bitwarden/sdk-wasm
runs-on: ubuntu-22.04

steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: "npm"

- name: Install dependencies
run: npm i -g binaryen

- name: Install rust
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable
with:
toolchain: stable
targets: wasm32-unknown-unknown

- name: Cache cargo registry
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
with:
key: wasm-cargo-cache

- name: Install wasm-bindgen-cli
run: cargo install wasm-bindgen-cli

- name: Build
run: ./build.sh -r

- name: Upload artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: sdk-bitwarden-wasm
path: ${{ github.workspace }}/languages/js/wasm/*
if-no-files-found: error
143 changes: 143 additions & 0 deletions .github/workflows/release-wasm.yml
View file
Open in desktop
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can get rid of the SETUP NPM by using the actions/setup-node action with registry-url per https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry. You can also omit writing the token to disk and just pass it in as an env during the publish command.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm hesitant to change this here as all our other NPM publishing workflows in sdk and clients are doing it this way, so I wouldn't want a single workflow being different than the rest.

I definitely think this is a good improvement over manually creating the file, and we definitely want to switch to it, but I think it would be better for a separate PR to update all workflows at once.

Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
---
name: Release @bitwarden/sdk-wasm
run-name: Release @bitwarden/sdk-wasm ${{ inputs.release_type }}

on:
workflow_dispatch:
inputs:
release_type:
description: "Release Options"
required: true
default: "Initial Release"
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved
type: choice
options:
- Initial Release
- Redeploy
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved
- Dry Run
npm_publish:
description: "Publish to NPM registry"
required: true
default: true
type: boolean

defaults:
run:
shell: bash
working-directory: languages/js/wasm

jobs:
setup:
name: Setup
runs-on: ubuntu-22.04
outputs:
release-version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Branch check
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: |
if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
echo "==================================="
echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
echo "==================================="
exit 1
fi

- name: Check Release Version
id: version
uses: bitwarden/gh-actions/release-version-check@main
with:
release-type: ${{ github.event.inputs.release_type }}
project-type: ts
file: languages/js/wasm/package.json
monorepo: false

- name: Create GitHub deployment
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
id: deployment
with:
token: "${{ secrets.GITHUB_TOKEN }}"
initial-status: "in_progress"
environment: "Bitwarden SDK WASM - Production"
description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}"
task: release

- name: Update deployment status to Success
if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "success"
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

- name: Update deployment status to Failure
if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
with:
token: "${{ secrets.GITHUB_TOKEN }}"
state: "failure"
deployment-id: ${{ steps.deployment.outputs.deployment_id }}

npm:
name: Publish NPM
runs-on: ubuntu-22.04
needs: setup
if: inputs.npm_publish
env:
_PKG_VERSION: ${{ needs.setup.outputs.release-version }}
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: "npm"

- name: Login to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "npm-api-key"

- name: Download artifacts
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-wasm.yml
path: ${{ github.workspace }}/languages/js/wasm
workflow_conclusion: success
branch: ${{ github.ref_name }}
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved

- name: Dry Run - Download artifacts
if: ${{ github.event.inputs.release_type == 'Dry Run' }}
uses: bitwarden/gh-actions/download-artifacts@main
with:
workflow: build-wasm.yml
path: ${{ github.workspace }}/languages/js/wasm
workflow_conclusion: success
branch: main
michalchecinski marked this conversation as resolved.
Show resolved Hide resolved

- name: Setup NPM
run: |
echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc

echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
env:
NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }}

- name: Publish NPM
if: ${{ github.event.inputs.release_type != 'Dry Run' }}
run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc
2 changes: 2 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 9 additions & 5 deletions crates/bitwarden-wasm/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,15 @@ keywords.workspace = true
crate-type = ["cdylib"]

[dependencies]
argon2 = { version = ">=0.5.0, <0.6", features = [
"alloc",
"zeroize",
], default-features = false }
base64 = ">=0.21.2, <0.22"
dani-garcia marked this conversation as resolved.
Show resolved Hide resolved
bitwarden-json = { path = "../bitwarden-json", features = [
"secrets",
"internal",
] }
console_error_panic_hook = "0.1.7"
console_log = { version = "1.0.0", features = ["color"] }
js-sys = "0.3.68"
Expand All @@ -23,10 +32,5 @@ serde = { version = "1.0.196", features = ["derive"] }
wasm-bindgen = { version = "0.2.91", features = ["serde-serialize"] }
wasm-bindgen-futures = "0.4.41"

bitwarden-json = { path = "../bitwarden-json", features = [
"secrets",
"internal",
] }

[dev-dependencies]
wasm-bindgen-test = "0.3.41"
26 changes: 26 additions & 0 deletions crates/bitwarden-wasm/src/client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
extern crate console_error_panic_hook;
use std::rc::Rc;

use argon2::{Algorithm, Argon2, Params, Version};
use bitwarden_json::client::Client as JsonClient;
use js_sys::Promise;
use log::Level;
Expand Down Expand Up @@ -54,3 +55,28 @@
})
}
}

#[wasm_bindgen]
pub fn argon2(
password: &[u8],
salt: &[u8],
iterations: u32,
memory: u32,
parallelism: u32,
) -> Vec<u8> {
let argon = Argon2::new(
Algorithm::Argon2id,
Version::V0x13,
Params::new(
memory * 1024, // Convert MiB to KiB
iterations,
parallelism,
Some(32),
)
.unwrap(),
Fixed Show fixed Hide fixed
);

let mut hash = [0u8; 32];
argon.hash_password_into(password, salt, &mut hash).unwrap();
Fixed Show fixed Hide fixed
hash.to_vec()
dani-garcia marked this conversation as resolved.
Show resolved Hide resolved
}

Check warning on line 82 in crates/bitwarden-wasm/src/client.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-wasm/src/client.rs#L59-L82 

Added lines #L59 - L82 were not covered by tests
5 changes: 4 additions & 1 deletion languages/js/wasm/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,20 @@
"files": [
"bitwarden_wasm_bg.js",
"bitwarden_wasm_bg.wasm",
"bitwarden_wasm_bg.wasm.d.ts",
"bitwarden_wasm_bg.wasm.js",
dani-garcia marked this conversation as resolved.
Show resolved Hide resolved
"bitwarden_wasm.d.ts",
"bitwarden_wasm.js",
"index.js",
"node/bitwarden_wasm_bg.wasm.d.ts",
"node/bitwarden_wasm_bg.wasm",
"node/bitwarden_wasm_bg.wasm.d.ts",
"node/bitwarden_wasm.d.ts",
"node/bitwarden_wasm.js"
],
"main": "node/bitwarden_wasm.js",
"module": "index.js",
"types": "bitwarden_wasm.d.ts",
"scripts": {},
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't technically required, but npm would output a confusing warning if it wasn't there, so I decided to add it.

"sideEffects": [
"./bitwarden_wasm.js",
"./snippets/*"
Expand Down
Loading