feat(cli): read secrets from env, add dotenv

2025-04-06 15:30:30 +08:00 · 2020-11-12 14:20:36 +02:00 · 2020-11-12 14:20:36 +02:00 · 6b9bd63e6f
commit 6b9bd63e6f
parent 6478d266a4
9 changed files with 144 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,6 +6,7 @@
 **/coverage/*
 **/.lowdefy/*
 **/lowdefy.yaml
+**/.env

 .DS_Store

--- a/.pnp.js
+++ b/.pnp.js
@ -3716,6 +3716,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
            ["css-loader", "virtual:1e43113c7dc84a5d03308bf7ffaf00574d351ca16282af6c6c0b9576804fb03914bdf2200961292f439926b2e537dce172d7529f79013ce51b9f2d56e9cd836b#npm:5.0.1"],
            ["decompress", "npm:4.2.1"],
            ["decompress-targz", "npm:4.1.1"],
+            ["dotenv", "npm:8.2.0"],
            ["express", "npm:4.17.1"],
            ["graphql", "npm:15.4.0"],
            ["html-webpack-plugin", "virtual:1e43113c7dc84a5d03308bf7ffaf00574d351ca16282af6c6c0b9576804fb03914bdf2200961292f439926b2e537dce172d7529f79013ce51b9f2d56e9cd836b#npm:4.5.0"],
@ -10365,6 +10366,15 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) {
          "linkType": "HARD",
        }]
      ]],
+      ["dotenv", [
+        ["npm:8.2.0", {
+          "packageLocation": "./.yarn/cache/dotenv-npm-8.2.0-6b21df4d37-16cb89cbd7.zip/node_modules/dotenv/",
+          "packageDependencies": [
+            ["dotenv", "npm:8.2.0"]
+          ],
+          "linkType": "HARD",
+        }]
+      ]],
      ["duplexer", [
        ["npm:0.1.2", {
          "packageLocation": "./.yarn/cache/duplexer-npm-0.1.2-952c810235-5c2ccea7c8.zip/node_modules/duplexer/",
--- a/.yarn/cache/dotenv-npm-8.2.0-6b21df4d37-16cb89cbd7.zip
+++ b/.yarn/cache/dotenv-npm-8.2.0-6b21df4d37-16cb89cbd7.zip
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -54,6 +54,7 @@
    "commander": "6.2.0",
    "decompress": "4.2.1",
    "decompress-targz": "4.1.1",
+    "dotenv": "8.2.0",
    "express": "4.17.1",
    "graphql": "15.4.0",
    "inquirer": "7.3.3",
--- a/packages/cli/src/commands/dev/createGetSecretsFromEnv.js
+++ b/packages/cli/src/commands/dev/createGetSecretsFromEnv.js
@ -0,0 +1,29 @@
+/*
+  Copyright 2020 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+function createGetSecretsFromEnv() {
+  const secrets = {};
+
+  Object.keys(process.env).forEach((key) => {
+    if (key.startsWith('LOWDEFY_SECRET_')) {
+      secrets[key.replace('LOWDEFY_SECRET_', '')] = process.env[key];
+    }
+  });
+  Object.freeze(secrets);
+  return () => secrets;
+}
+
+export default createGetSecretsFromEnv;
--- a/packages/cli/src/commands/dev/createGetSecretsFromEnv.test.js
+++ b/packages/cli/src/commands/dev/createGetSecretsFromEnv.test.js
@ -0,0 +1,90 @@
+/*
+  Copyright 2020 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import createGetSecretsFromEnv from './createGetSecretsFromEnv';
+
+const realEnv = process.env;
+
+afterEach(() => {
+  process.env = realEnv;
+});
+
+test('Get secret from env', () => {
+  process.env = {
+    LOWDEFY_SECRET_TEST: 'supersecret',
+  };
+  const getSecrets = createGetSecretsFromEnv();
+  expect(getSecrets()).toEqual({
+    TEST: 'supersecret',
+  });
+});
+
+test('Get multiple secrets from env, ignore other env variable', () => {
+  process.env = {
+    LOWDEFY_SECRET_TEST_1: 'supersecret1',
+    LOWDEFY_SECRET_TEST_2: 'supersecret2',
+    OTHER_VAR: 'other',
+    ANOTHER_VAR: 'another',
+    ASDF_GHJK: 'asdfghjk',
+  };
+  const getSecrets = createGetSecretsFromEnv();
+  expect(getSecrets()).toEqual({
+    TEST_1: 'supersecret1',
+    TEST_2: 'supersecret2',
+  });
+});
+
+test('Only replace first occurrence of "LOWDEFY_SECRET_"', () => {
+  process.env = {
+    LOWDEFY_SECRET_LOWDEFY_SECRET_TEST: 'supersecret',
+  };
+  const getSecrets = createGetSecretsFromEnv();
+  expect(getSecrets()).toEqual({
+    LOWDEFY_SECRET_TEST: 'supersecret',
+  });
+});
+
+test('Return an empty object if no secrets', () => {
+  process.env = {
+    OTHER_VAR: 'other',
+    ANOTHER_VAR: 'another',
+    ASDF_GHJK: 'asdfghjk',
+  };
+  const getSecrets = createGetSecretsFromEnv();
+  expect(getSecrets()).toEqual({});
+});
+
+test('Return the same object', () => {
+  process.env = {
+    LOWDEFY_SECRET_TEST: 'supersecret',
+  };
+  const getSecrets = createGetSecretsFromEnv();
+  expect(getSecrets()).toBe(getSecrets());
+});
+
+test('Secrets are immutable', () => {
+  process.env = {
+    LOWDEFY_SECRET_TEST: 'supersecret',
+  };
+  const getSecrets = createGetSecretsFromEnv();
+  const secrets = getSecrets();
+  expect(secrets).toEqual({
+    TEST: 'supersecret',
+  });
+  expect(() => {
+    secrets.test = 'changed';
+  }).toThrow(TypeError);
+});
--- a/packages/cli/src/commands/dev/dev.js
+++ b/packages/cli/src/commands/dev/dev.js
@ -25,6 +25,7 @@ import BatchChanges from '../../utils/BatchChanges';
 import createContext from '../../utils/context';
 import getBuildScript from '../build/getBuildScript';
 import getGraphql from './getGraphql';
+import createGetSecretsFromEnv from './createGetSecretsFromEnv';
 import { outputDirectoryPath } from '../../utils/directories';

 async function dev(options) {
@ -38,15 +39,9 @@ async function dev(options) {

  //Graphql
  const config = {
-    DEPLOYMENT_ID: 'DEPLOYMENT_ID',
-    DEPLOYMENT_NAME: 'DEPLOYMENT_NAME',
-    DOMAIN_NAME: 'DOMAIN_NAME',
    CONFIGURATION_BASE_PATH: path.resolve(process.cwd(), './.lowdefy/build'),
    logger: console,
-    getHeadersFromInput: ({ req }) => req.headers,
-    getSecrets: () => ({
-      CONNECTION_SECRETS: {},
-    }),
+    getSecrets: createGetSecretsFromEnv(),
  };
  const { typeDefs, resolvers, createContext: createGqlContext } = context.graphql;
  const gqlContext = createGqlContext(config);
--- a/packages/cli/src/index.js
+++ b/packages/cli/src/index.js
@ -14,6 +14,7 @@
  limitations under the License.
 */

+import dotenv from 'dotenv';
 import program from 'commander';
 import packageJson from '../package.json';
 import build from './commands/build/build.js';
@ -21,6 +22,8 @@ import cleanCache from './commands/cleanCache/cleanCache.js';
 import dev from './commands/dev/dev.js';
 import errorHandler from './utils/errorHandler';

+dotenv.config({ silent: true });
+
 const { description, version } = packageJson;

 program.description(description).version(version, '-v, --version');
--- a/yarn.lock
+++ b/yarn.lock
@ -2877,6 +2877,7 @@ __metadata:
    css-loader: 5.0.1
    decompress: 4.2.1
    decompress-targz: 4.1.1
+    dotenv: 8.2.0
    express: 4.17.1
    graphql: 15.4.0
    html-webpack-plugin: 4.5.0
@ -8086,6 +8087,13 @@ __metadata:
  languageName: node
  linkType: hard

+"dotenv@npm:8.2.0":
+  version: 8.2.0
+  resolution: "dotenv@npm:8.2.0"
+  checksum: 16cb89cbd7b98b053899b8aba8c5044c8fb61a2db8a81fe70360b75035fce5fed53bd7a34d772be717d0880c0321122a4c09423f518025e1b52d96791521b1a7
+  languageName: node
+  linkType: hard
+
 "duplexer3@npm:^0.1.4":
  version: 0.1.4
  resolution: "duplexer3@npm:0.1.4"