ce0ddf93fc
This is a reworking of #3410 based on some feedback @calebcartwright left on that PR. The goals of injecting the secrets are threefold: 1. Simplify testing 2. Be consistent with all of the other config (which is injected) 3. Encapsulate the sensitive auth-related code in one place so it can be studied and tested thoroughly - Rather than add more code to BaseService to handle authorization logic, it delegates that to an AuthHelper class. - When the server starts, it fetches the credentials from `config` and injects them into `BaseService.register()` which passes them to `invoke()`. - In `invoke()` the service's auth configuration is checked (`static get auth()`, much like `static get route()`). - If the auth config is present, an AuthHelper instance is created and attached to the new instance. - Then within the service, the password, basic auth config, or bearer authentication can be accessed via e.g. `this.authHelper.basicAuth` and passed to `this._requestJson()` and friends. - Everything is being done very explicitly, so it should be very clear where and how the configured secrets are being used. - Testing different configurations of services can now be done by injecting the config into `invoke()` in `.spec` files instead of mocking global state in the service tests as was done before. See the new Jira spec files for a good example of this. Ref #3393
44 lines
1.1 KiB
JavaScript
44 lines
1.1 KiB
JavaScript
'use strict'
|
|
/* eslint-disable import/order */
|
|
|
|
const fs = require('fs')
|
|
const path = require('path')
|
|
|
|
require('dotenv').config()
|
|
|
|
// Set up Sentry reporting as early in the process as possible.
|
|
const config = require('config').util.toObject()
|
|
const Raven = require('raven')
|
|
Raven.config(process.env.SENTRY_DSN || config.private.sentry_dsn).install()
|
|
Raven.disableConsoleAlerts()
|
|
|
|
if (+process.argv[2]) {
|
|
config.public.bind.port = +process.argv[2]
|
|
}
|
|
if (process.argv[3]) {
|
|
config.public.bind.address = process.argv[3]
|
|
}
|
|
|
|
console.log('Configuration:')
|
|
console.dir(config.public, { depth: null })
|
|
|
|
const legacySecretsPath = path.join(__dirname, 'private', 'secret.json')
|
|
if (fs.existsSync(legacySecretsPath)) {
|
|
console.error(
|
|
`Legacy secrets file found at ${legacySecretsPath}. It should be deleted and secrets replaced with environment variables or config/local.yml`
|
|
)
|
|
process.exit(1)
|
|
}
|
|
|
|
const Server = require('./core/server/server')
|
|
const server = (module.exports = new Server(config))
|
|
|
|
;(async () => {
|
|
try {
|
|
await server.start()
|
|
} catch (e) {
|
|
console.error(e)
|
|
process.exit(1)
|
|
}
|
|
})()
|