Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: private key formats #59

Merged
merged 3 commits into from
Sep 9, 2024
Merged

feat: private key formats #59

merged 3 commits into from
Sep 9, 2024

Conversation

rndquu
Copy link
Contributor

@rndquu rndquu commented Sep 6, 2024

Related to ubiquity-os/ubiquity-os-kernel#104

Right now there is an issue when a malicious partner can copy other partner's encrypted private key and use it in its own organization.

This PR introduces 3 private key formats:

  1. PRIVATE_KEY
  2. PRIVATE_KEY:GITHUB_ORGANIZATION_ID
  3. PRIVATE_KEY:GITHUB_ORGANIZATION_ID:GITHUB_REPOSITORY_ID

You may read how they're supposed to be used here.

The next step is to validate organization and repository in the https://github.com/ubiquibot/conversation-rewards plugin if they are allowed to be used in the organization/repository where original issue was called from.

@rndquu rndquu marked this pull request as ready for review September 6, 2024 21:52
0x4007
0x4007 requested changes Sep 7, 2024
View reviewed changes
src/handlers/generate-erc20-permit.ts Outdated Show resolved Hide resolved
src/utils/keys.ts Outdated Show resolved Hide resolved
Keyrxng
Keyrxng approved these changes Sep 7, 2024
View reviewed changes
Copy link
Contributor

@Keyrxng Keyrxng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this might be good to have in the SDK as any plugin which needs access to funds will need it.

It makes it easier for plugin devs to be bad actors, swap out prod workers for malicious ones and logging PKs etc but that's a partner's choice to use unofficial plugins I guess isn't it

src/handlers/generate-erc20-permit.ts Show resolved Hide resolved
@rndquu rndquu requested a review from 0x4007 September 7, 2024 07:52
@Keyrxng Keyrxng mentioned this pull request Sep 7, 2024
Closed
whilefoo
whilefoo suggested changes Sep 8, 2024
View reviewed changes
Copy link
Contributor

@whilefoo whilefoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The decrypt functions should be exported in src/index.ts if we want to use it in conversation-rewards

@rndquu
Copy link
Contributor Author

rndquu commented Sep 9, 2024

The decrypt functions should be exported in src/index.ts if we want to use it in conversation-rewards

Fixed 114a9cf

@rndquu rndquu requested a review from whilefoo September 9, 2024 07:03
@rndquu rndquu merged commit 1744cd0 into ubiquity-os:development Sep 9, 2024
2 checks passed
@rndquu rndquu deleted the feat/pk-format branch September 9, 2024 11:21
This was referenced Sep 12, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Keyrxng Keyrxng Keyrxng approved these changes

@whilefoo whilefoo whilefoo approved these changes

@gentlementlegen gentlementlegen Awaiting requested review from gentlementlegen

@0x4007 0x4007 Awaiting requested review from 0x4007

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rndquu @0x4007 @Keyrxng @whilefoo