From eaab23ec19e86e550969de8528cd4a401bb3dccf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20S=C3=B3jko?= Date: Thu, 16 Mar 2023 11:02:16 +0100 Subject: [PATCH] fix: persistent server keys between updates - fixes #476 (#481) * fix: persistent server keys between updates - fixes #476 * fix: env vars for ci --- .env.sample | 9 ++++++++- .github/ci.env | 5 +++++ docker/docker-entrypoint.sh | 30 ++++++++++++++++++++---------- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/.env.sample b/.env.sample index 76523ba4b..3544110c6 100644 --- a/.env.sample +++ b/.env.sample @@ -7,7 +7,6 @@ DB_PORT=3306 DB_USERNAME=std_notes_user DB_PASSWORD=changeme123 DB_DATABASE=standard_notes_db -DB_DEBUG_LEVEL=all ######### # CACHE # @@ -15,3 +14,11 @@ DB_DEBUG_LEVEL=all REDIS_PORT=6379 REDIS_HOST=cache + +######## +# KEYS # +######## + +AUTH_JWT_SECRET= +AUTH_SERVER_ENCRYPTION_SERVER_KEY= +VALET_TOKEN_SECRET= diff --git a/.github/ci.env b/.github/ci.env index 5dbcdaa58..ac27b76ac 100644 --- a/.github/ci.env +++ b/.github/ci.env @@ -3,6 +3,7 @@ DB_HOST=db DB_USERNAME=std_notes_user DB_PASSWORD=changeme123 DB_DATABASE=standard_notes_db +DB_PORT=3306 REDIS_PORT=6379 REDIS_HOST=cache AUTH_SERVER_ACCESS_TOKEN_AGE=4 @@ -19,3 +20,7 @@ MYSQL_DATABASE=standard_notes_db MYSQL_USER=std_notes_user MYSQL_PASSWORD=changeme123 MYSQL_ROOT_PASSWORD=changeme123 + +AUTH_JWT_SECRET=f95259c5e441f5a4646d76422cfb3df4c4488842901aa50b6c51b8be2e0040e9 +AUTH_SERVER_ENCRYPTION_SERVER_KEY=1087415dfde3093797f9a7ca93a49e7d7aa1861735eb0d32aae9c303b8c3d060 +VALET_TOKEN_SECRET=4b886819ebe1e908077c6cae96311b48a8416bd60cc91c03060e15bdf6b30d1f diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 1855d021c..cd982848f 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -27,19 +27,24 @@ fi ###### if [ -z "$DB_HOST" ]; then - export DB_HOST="db" + echo "DB_HOST is not set. Please set it in your .env file." + exit 1 fi if [ -z "$DB_PORT" ]; then - export DB_PORT="3306" + echo "DB_PORT is not set. Please set it in your .env file." + exit 1 fi if [ -z "$DB_USERNAME" ]; then - export DB_USERNAME="std_notes_user" + echo "DB_USERNAME is not set. Please set it in your .env file." + exit 1 fi if [ -z "$DB_PASSWORD" ]; then - export DB_PASSWORD=$(openssl rand -hex 32) + echo "DB_PASSWORD is not set. Please set it in your .env file." + exit 1 fi if [ -z "$DB_DATABASE" ]; then - export DB_DATABASE="standard_notes_db" + echo "DB_DATABASE is not set. Please set it in your .env file." + exit 1 fi if [ -z "$DB_DEBUG_LEVEL" ]; then export DB_DEBUG_LEVEL="all" @@ -51,11 +56,13 @@ export DB_MIGRATIONS_PATH="dist/migrations/*.js" ######### if [ -z "$REDIS_PORT" ]; then - export REDIS_PORT=6379 + echo "REDIS_PORT is not set. Please set it in your .env file." + exit 1 fi if [ -z "$REDIS_HOST" ]; then - export REDIS_HOST="cache" + echo "REDIS_HOST is not set. Please set it in your .env file." + exit 1 fi if [ -z "$REDIS_URL" ]; then @@ -67,11 +74,13 @@ fi ########## if [ -z "$AUTH_JWT_SECRET" ]; then - export AUTH_JWT_SECRET=$(openssl rand -hex 32) + echo "AUTH_JWT_SECRET is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string." + exit 1 fi if [ -z "$VALET_TOKEN_SECRET" ]; then - export VALET_TOKEN_SECRET=$(openssl rand -base64 32) + echo "VALET_TOKEN_SECRET is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string." + exit 1 fi ######## @@ -122,7 +131,8 @@ if [ -z "$AUTH_SERVER_EPHEMERAL_SESSION_AGE" ]; then fi if [ -z "$AUTH_SERVER_ENCRYPTION_SERVER_KEY" ]; then - export AUTH_SERVER_ENCRYPTION_SERVER_KEY=$(openssl rand -hex 32) + echo "AUTH_SERVER_ENCRYPTION_SERVER_KEY is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string." + exit 1 fi export AUTH_SERVER_SYNCING_SERVER_URL=http://localhost:$SYNCING_SERVER_PORT