Fix/decryption section for workflows #577
Conversation
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- Added comprehensive WorkflowPayloadDecryptor class - Included AES-GCM decryption implementation - Added ASP.NET Core controller example - Included configuration management examples - Added proper error handling and data models
…n-key.mdx Delete from this PR
New topic - accidentally deleted
|
Warning Rate limit exceeded@clairekinde11 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 19 minutes and 29 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
WalkthroughReplaces the previous "Workflow encryption key" documentation with a new page Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Client as Workflow Client
participant Kinde as Kinde Workflows
participant Service as Backend Service
rect rgb(236,248,255)
Note over Client,Kinde: Client uses secureFetch (encryption enabled)
Client->>Kinde: secureFetch(payload)
Kinde->>Kinde: Encrypt body (AES‑GCM: nonce|tag|ciphertext) → Base64
Kinde->>Service: POST encrypted payload
end
rect rgb(240,255,240)
Service->>Service: Decode Base64, extract nonce/tag/ciphertext, decrypt with active key
alt Decryption succeeds
Service-->>Kinde: 2xx response
Kinde-->>Client: Success
else Decryption fails
Service-->>Kinde: 4xx/5xx error
Kinde-->>Client: Error
end
end
Note over Kinde: Keys can be added/updated/activated/deactivated/deleted via Workflows UI
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying kinde-docs-preview with
|
| Latest commit: |
2432a1b
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://9dfea226.kinde-docs-preview.pages.dev |
| Branch Preview URL: | https://fix-decryption-section-for-w.kinde-docs-preview.pages.dev |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
src/content/docs/workflows/manage-workflows/encrypt-decrypt-workflows.mdx(1 hunks)src/content/docs/workflows/manage-workflows/workflow-encryption-key.mdx(0 hunks)
💤 Files with no reviewable changes (1)
- src/content/docs/workflows/manage-workflows/workflow-encryption-key.mdx
src/content/docs/workflows/manage-workflows/encrypt-decrypt-workflows.mdx
Show resolved
Hide resolved
src/content/docs/workflows/manage-workflows/encrypt-decrypt-workflows.mdx
Outdated
Show resolved
Hide resolved
| using System; | ||
| using System.Security.Cryptography; | ||
| using System.Text; | ||
| using System.Text.Json; | ||
|
|
||
| public class WorkflowPayloadDecryptor | ||
| { | ||
| private readonly byte[] _encryptionKey; | ||
|
|
||
| public WorkflowPayloadDecryptor(string base64EncryptionKey) | ||
| { | ||
| _encryptionKey = Convert.FromBase64String(base64EncryptionKey); | ||
| } | ||
|
|
||
| public string DecryptPayload(string encryptedPayload) | ||
| { | ||
| try | ||
| { | ||
| // Step 1: Base64 decode the incoming payload | ||
| byte[] encryptedData = Convert.FromBase64String(encryptedPayload); | ||
|
|
||
| // Step 2: Parse the payload structure | ||
| // The payload contains: nonce (12 bytes) + tag (16 bytes) + ciphertext | ||
| const int nonceLength = 12; | ||
| const int tagLength = 16; | ||
|
|
||
| if (encryptedData.Length < nonceLength + tagLength) | ||
| { | ||
| throw new ArgumentException("Invalid encrypted payload structure"); | ||
| } | ||
|
|
||
| // Extract components | ||
| byte[] nonce = new byte[nonceLength]; | ||
| byte[] tag = new byte[tagLength]; | ||
| byte[] ciphertext = new byte[encryptedData.Length - nonceLength - tagLength]; | ||
|
|
||
| Array.Copy(encryptedData, 0, nonce, 0, nonceLength); | ||
| Array.Copy(encryptedData, nonceLength, tag, 0, tagLength); | ||
| Array.Copy(encryptedData, nonceLength + tagLength, ciphertext, 0, ciphertext.Length); | ||
|
|
||
| // Step 3: Decrypt using AES-GCM | ||
| using (var aesGcm = new AesGcm(_encryptionKey)) | ||
| { | ||
| byte[] decryptedBytes = new byte[ciphertext.Length]; | ||
| aesGcm.Decrypt(nonce, ciphertext, tag, decryptedBytes); | ||
|
|
||
| // Convert decrypted bytes to string | ||
| return Encoding.UTF8.GetString(decryptedBytes); | ||
| } | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| throw new InvalidOperationException("Failed to decrypt workflow payload", ex); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| // Example usage in an ASP.NET Core controller | ||
| [ApiController] | ||
| [Route("api/[controller]")] | ||
| public class WorkflowController : ControllerBase | ||
| { | ||
| private readonly WorkflowPayloadDecryptor _decryptor; | ||
|
|
||
| public WorkflowController(IConfiguration configuration) | ||
| { | ||
| // Get the encryption key from configuration | ||
| string encryptionKey = configuration["KindeWorkflowEncryptionKey"]; | ||
| _decryptor = new WorkflowPayloadDecryptor(encryptionKey); | ||
| } | ||
|
|
||
| [HttpPost("webhook")] | ||
| public async Task<IActionResult> HandleWorkflowWebhook() | ||
| { | ||
| try | ||
| { | ||
| // Read the encrypted payload from the request body | ||
| using var reader = new StreamReader(Request.Body); | ||
| string encryptedPayload = await reader.ReadToEndAsync(); | ||
|
|
||
| // Decrypt the payload | ||
| string decryptedJson = _decryptor.DecryptPayload(encryptedPayload); | ||
|
|
||
| // Parse the decrypted JSON | ||
| var workflowData = JsonSerializer.Deserialize<WorkflowData>(decryptedJson); | ||
|
|
||
| // Process the decrypted data | ||
| // ... your business logic here ... | ||
|
|
||
| return Ok(new { message = "Workflow payload processed successfully" }); | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| return BadRequest(new { error = "Failed to process workflow payload", details = ex.Message }); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| // Example data model for the decrypted payload | ||
| public class WorkflowData | ||
| { | ||
| public string UserId { get; set; } | ||
| public string EventType { get; set; } | ||
| public Dictionary<string, object> Data { get; set; } | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Add the missing using directives so the sample compiles.
The C# snippet references StreamReader, ControllerBase, IConfiguration, Task<IActionResult>, and Dictionary<string, object>, but the code block only imports core namespaces. Without the matching using statements (System.IO, System.Collections.Generic, System.Threading.Tasks, Microsoft.AspNetCore.Mvc, Microsoft.Extensions.Configuration), readers copying the sample will hit compile errors. Please prepend the snippet with the full set of namespaces (or annotate them inline) so the example builds cleanly.
🤖 Prompt for AI Agents
In src/content/docs/workflows/manage-workflows/encrypt-decrypt-workflows.mdx
around lines 67 to 172, the C# sample is missing required using directives which
cause compile errors for StreamReader, Dictionary, Task<IActionResult>,
ControllerBase and IConfiguration; prepend the file’s code block with the
following usings: System.IO, System.Collections.Generic, System.Threading.Tasks,
Microsoft.AspNetCore.Mvc, and Microsoft.Extensions.Configuration (keeping the
existing System, System.Security.Cryptography, System.Text, and System.Text.Json
lines) so the sample compiles cleanly.
New code snippet and decrypt section for workflows.
Summary by CodeRabbit