preCheck verifies if current data can be processed correctly
()
| 182 | |
| 183 | // preCheck verifies if current data can be processed correctly |
| 184 | func (cmd *MigrateKeysCommand) preCheck() error { |
| 185 | logrus.Info("Executing pre-check...") |
| 186 | |
| 187 | // Critical check: if enabling encryption (fromKey is empty), ensure data is not already encrypted |
| 188 | if cmd.fromKey == "" && cmd.toKey != "" { |
| 189 | if err := cmd.detectIfAlreadyEncrypted(); err != nil { |
| 190 | return err |
| 191 | } |
| 192 | } |
| 193 | |
| 194 | // Get current encryption service based on parameters only |
| 195 | var currentService encryption.Service |
| 196 | var err error |
| 197 | |
| 198 | if cmd.fromKey != "" { |
| 199 | // Use fromKey to create encryption service for verification |
| 200 | currentService, err = encryption.NewService(cmd.fromKey) |
| 201 | } else { |
| 202 | // Enable encryption scenario: data should be unencrypted |
| 203 | // Use noop service to verify data is not encrypted |
| 204 | currentService, err = encryption.NewService("") |
| 205 | } |
| 206 | |
| 207 | if err != nil { |
| 208 | return fmt.Errorf("failed to create current encryption service: %w", err) |
| 209 | } |
| 210 | |
| 211 | // Check number of keys in database |
| 212 | var totalCount int64 |
| 213 | if err := cmd.db.Model(&models.APIKey{}).Count(&totalCount).Error; err != nil { |
| 214 | return fmt.Errorf("failed to get total key count: %w", err) |
| 215 | } |
| 216 | |
| 217 | if totalCount == 0 { |
| 218 | logrus.Info("No key data in database, skipping pre-check") |
| 219 | return nil |
| 220 | } |
| 221 | |
| 222 | logrus.Infof("Starting validation of %d keys...", totalCount) |
| 223 | |
| 224 | // Batch verify all keys can be decrypted correctly |
| 225 | offset := 0 |
| 226 | failedCount := 0 |
| 227 | |
| 228 | for { |
| 229 | var keys []models.APIKey |
| 230 | if err := cmd.db.Order("id").Offset(offset).Limit(migrationBatchSize).Find(&keys).Error; err != nil { |
| 231 | return fmt.Errorf("failed to get key data: %w", err) |
| 232 | } |
| 233 | |
| 234 | if len(keys) == 0 { |
| 235 | break |
| 236 | } |
| 237 | |
| 238 | for _, key := range keys { |
| 239 | _, err := currentService.Decrypt(key.KeyValue) |
| 240 | if err != nil { |
| 241 | logrus.Errorf("Key ID %d decryption failed: %v", key.ID, err) |
no test coverage detected