authorizer/server/env/persist_env.go

package env

import (
	"encoding/json"
	"log"
	"os"
	"strconv"
	"strings"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/envstore"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/google/uuid"
)

// PersistEnv persists the environment variables to the database
func PersistEnv() error {
	env, err := db.Mgr.GetEnv()
	// config not found in db
	if err != nil {
		// AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid
		hash := uuid.New().String()[:36-4]
		envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, hash)
		encodedHash := utils.EncryptB64(hash)

		configData, err := json.Marshal(envstore.EnvInMemoryStoreObj.GetEnvStoreClone())
		if err != nil {
			return err
		}

		encryptedConfig, err := utils.EncryptAES(configData)
		if err != nil {
			return err
		}

		env = db.Env{
			Hash:    encodedHash,
			EnvData: encryptedConfig,
		}

		db.Mgr.AddEnv(env)
	} else {
		// decrypt the config data from db
		// decryption can be done using the hash stored in db
		encryptionKey := env.Hash
		decryptedEncryptionKey, err := utils.DecryptB64(encryptionKey)
		if err != nil {
			return err
		}

		envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, decryptedEncryptionKey)
		decryptedConfigs, err := utils.DecryptAES(env.EnvData)
		if err != nil {
			return err
		}

		// temp store variable
		var storeData envstore.Store

		err = json.Unmarshal(decryptedConfigs, &storeData)
		if err != nil {
			return err
		}

		// if env is changed via env file or OS env
		// give that higher preference and update db, but we don't recommend it

		hasChanged := false

		for key, value := range storeData.StringEnv {
			if key != constants.EnvKeyEncryptionKey {
				// check only for derivative keys
				// No need to check for ENCRYPTION_KEY which special key we use for encrypting config data
				// as we have removed it from json
				envValue := strings.TrimSpace(os.Getenv(key))

				// env is not empty
				if envValue != "" {
					if value != envValue {
						storeData.StringEnv[key] = envValue
						hasChanged = true
					}
				}
			}
		}

		for key, value := range storeData.BoolEnv {
			envValue := strings.TrimSpace(os.Getenv(key))
			// env is not empty
			if envValue != "" {
				envValueBool, _ := strconv.ParseBool(envValue)
				if value != envValueBool {
					storeData.BoolEnv[key] = envValueBool
					hasChanged = true
				}
			}
		}

		for key, value := range storeData.SliceEnv {
			envValue := strings.TrimSpace(os.Getenv(key))
			// env is not empty
			if envValue != "" {
				envStringArr := strings.Split(envValue, ",")
				if !utils.IsStringArrayEqual(value, envStringArr) {
					storeData.SliceEnv[key] = envStringArr
					hasChanged = true
				}
			}
		}

		// handle derivative cases like disabling email verification & magic login
		// in case SMTP is off but env is set to true
		if storeData.StringEnv[constants.EnvKeySmtpHost] == "" || storeData.StringEnv[constants.EnvKeySmtpUsername] == "" || storeData.StringEnv[constants.EnvKeySmtpPassword] == "" || storeData.StringEnv[constants.EnvKeySenderEmail] == "" && storeData.StringEnv[constants.EnvKeySmtpPort] == "" {
			if !storeData.BoolEnv[constants.EnvKeyDisableEmailVerification] {
				storeData.BoolEnv[constants.EnvKeyDisableEmailVerification] = true
				hasChanged = true
			}

			if !storeData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] {
				storeData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
				hasChanged = true
			}
		}

		envstore.EnvInMemoryStoreObj.UpdateEnvStore(storeData)
		if hasChanged {
			encryptedConfig, err := utils.EncryptEnvData(storeData)
			if err != nil {
				return err
			}

			env.EnvData = encryptedConfig
			_, err = db.Mgr.UpdateEnv(env)
			if err != nil {
				log.Println("error updating config:", err)
				return err
			}
		}

	}

	return nil
}
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`package env`

			`import (`
			`"encoding/json"`
			`"log"`
			`"os"`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`"strconv"`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`"strings"`

			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/db"`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`"github.com/authorizerdev/authorizer/server/envstore"`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/google/uuid"`
			`)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// PersistEnv persists the environment variables to the database`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`func PersistEnv() error {`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`env, err := db.Mgr.GetEnv()`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`// config not found in db`
			`if err != nil {`
			`// AES encryption needs 32 bit key only, so we chop off last 4 characters from 36 bit uuid`
			`hash := uuid.New().String()[:36-4]`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, hash)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`encodedHash := utils.EncryptB64(hash)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`configData, err := json.Marshal(envstore.EnvInMemoryStoreObj.GetEnvStoreClone())`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if err != nil {`
			`return err`
			`}`
fix(server): env setup 2022-01-19 17:49:20 +00:00
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`encryptedConfig, err := utils.EncryptAES(configData)`
			`if err != nil {`
			`return err`
			`}`

fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`env = db.Env{`
			`Hash: encodedHash,`
			`EnvData: encryptedConfig,`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`

fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`db.Mgr.AddEnv(env)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`} else {`
			`// decrypt the config data from db`
			`// decryption can be done using the hash stored in db`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`encryptionKey := env.Hash`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`decryptedEncryptionKey, err := utils.DecryptB64(encryptionKey)`
			`if err != nil {`
			`return err`
			`}`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`envstore.EnvInMemoryStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEncryptionKey, decryptedEncryptionKey)`
			`decryptedConfigs, err := utils.DecryptAES(env.EnvData)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if err != nil {`
			`return err`
			`}`

fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`// temp store variable`
			`var storeData envstore.Store`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`err = json.Unmarshal(decryptedConfigs, &storeData)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if err != nil {`
			`return err`
			`}`

			`// if env is changed via env file or OS env`
			`// give that higher preference and update db, but we don't recommend it`

			`hasChanged := false`

fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`for key, value := range storeData.StringEnv {`
			`if key != constants.EnvKeyEncryptionKey {`
			`// check only for derivative keys`
			`// No need to check for ENCRYPTION_KEY which special key we use for encrypting config data`
			`// as we have removed it from json`
			`envValue := strings.TrimSpace(os.Getenv(key))`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`// env is not empty`
			`if envValue != "" {`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if value != envValue {`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`storeData.StringEnv[key] = envValue`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`hasChanged = true`
			`}`
			`}`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`}`
			`}`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`for key, value := range storeData.BoolEnv {`
			`envValue := strings.TrimSpace(os.Getenv(key))`
			`// env is not empty`
			`if envValue != "" {`
			`envValueBool, _ := strconv.ParseBool(envValue)`
			`if value != envValueBool {`
			`storeData.BoolEnv[key] = envValueBool`
			`hasChanged = true`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`}`
			`}`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`for key, value := range storeData.SliceEnv {`
			`envValue := strings.TrimSpace(os.Getenv(key))`
			`// env is not empty`
			`if envValue != "" {`
			`envStringArr := strings.Split(envValue, ",")`
			`if !utils.IsStringArrayEqual(value, envStringArr) {`
			`storeData.SliceEnv[key] = envStringArr`
			`hasChanged = true`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`
			`}`
			`}`

			`// handle derivative cases like disabling email verification & magic login`
			`// in case SMTP is off but env is set to true`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`if storeData.StringEnv[constants.EnvKeySmtpHost] == "" \|\| storeData.StringEnv[constants.EnvKeySmtpUsername] == "" \|\| storeData.StringEnv[constants.EnvKeySmtpPassword] == "" \|\| storeData.StringEnv[constants.EnvKeySenderEmail] == "" && storeData.StringEnv[constants.EnvKeySmtpPort] == "" {`
			`if !storeData.BoolEnv[constants.EnvKeyDisableEmailVerification] {`
			`storeData.BoolEnv[constants.EnvKeyDisableEmailVerification] = true`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`hasChanged = true`
			`}`

fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`if !storeData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] {`
			`storeData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`hasChanged = true`
			`}`
			`}`

fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`envstore.EnvInMemoryStoreObj.UpdateEnvStore(storeData)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if hasChanged {`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`encryptedConfig, err := utils.EncryptEnvData(storeData)`
feat: add _update_config mutation 2021-12-31 11:33:37 +00:00			`if err != nil {`
			`return err`
			`}`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`env.EnvData = encryptedConfig`
			`_, err = db.Mgr.UpdateEnv(env)`
feat: add _update_config mutation 2021-12-31 11:33:37 +00:00			`if err != nil {`
			`log.Println("error updating config:", err)`
			`return err`
			`}`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`

			`}`

			`return nil`
			`}`