Skip to content

Commit bbde79c

Browse files
a60814billya60814billy
authored
Merge pull request #325 from SISheogorath/feature/addSecrets
Add basics for secret management by Docker 1.13
2 parents 0bea4da + 48592d6 commit bbde79c

1 file changed

Lines changed: 31 additions & 26 deletions

File tree

lib/config.js

Lines changed: 31 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,16 @@
11
// external modules
22
var fs = require('fs');
33
var path = require('path');
4+
var fs = require('fs');
45

56
// configs
67
var env = process.env.NODE_ENV || 'development';
78
var config = require(path.join(__dirname, '..', 'config.json'))[env];
89
var debug = process.env.DEBUG ? (process.env.DEBUG === 'true') : ((typeof config.debug === 'boolean') ? config.debug : (env === 'development'));
910

11+
// Create function that reads docker secrets but fails fast in case of a non docker environment
12+
var handleDockerSecret = fs.existsSync('/run/secrets/') ? function(secret){return fs.existsSync('/run/secrets/' + secret) ? fs.readFileSync('/run/secrets/' + secret) : null;)} : function () {return null}
13+
1014
// url
1115
var domain = process.env.DOMAIN || process.env.HMD_DOMAIN || config.domain || '';
1216
var urlpath = process.env.URL_PATH || process.env.HMD_URL_PATH || config.urlpath || '';
@@ -37,10 +41,10 @@ var dburl = process.env.HMD_DB_URL || process.env.DATABASE_URL || config.dburl;
3741
var db = config.db || {};
3842

3943
// ssl path
40-
var sslkeypath = config.sslkeypath || '';
41-
var sslcertpath = config.sslcertpath || '';
42-
var sslcapath = config.sslcapath || '';
43-
var dhparampath = config.dhparampath || '';
44+
var sslkeypath = (fs.existsSync('/run/secrets/key.pem') ? '/run/secrets/key.pem' : null) || config.sslkeypath || '';
45+
var sslcertpath = (fs.existsSync('/run/secrets/cert.pem') ? '/run/secrets/cert.pem' : null) || config.sslcertpath || '';
46+
var sslcapath = (fs.existsSync('/run/secrets/ca.pem') ? '/run/secrets/ca.pem' : null) || config.sslcapath || '';
47+
var dhparampath = (fs.existsSync('/run/secrets/dhparam.pem') ? '/run/secrets/dhparam.pem' : null) || config.dhparampath || '';
4448

4549
// other path
4650
var tmppath = config.tmppath || './tmp';
@@ -54,7 +58,7 @@ var slidepath = config.slidepath || './public/views/slide.ejs';
5458

5559
// session
5660
var sessionname = config.sessionname || 'connect.sid';
57-
var sessionsecret = config.sessionsecret || 'secret';
61+
var sessionsecret = handleDockerSecret('sessionsecret') || config.sessionsecret || 'secret';
5862
var sessionlife = config.sessionlife || 14 * 24 * 60 * 60 * 1000; //14 days
5963

6064
// static files
@@ -72,37 +76,38 @@ var imageUploadType = process.env.HMD_IMAGE_UPLOAD_TYPE || config.imageUploadTyp
7276

7377
config.s3 = config.s3 || {};
7478
var s3 = {
75-
accessKeyId: process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
76-
secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
79+
accessKeyId: handleDockerSecret('s3_acccessKeyId') || process.env.HMD_S3_ACCESS_KEY_ID || config.s3.accessKeyId,
80+
secretAccessKey: handleDockerSecret('s3_secretAccessKey') || process.env.HMD_S3_SECRET_ACCESS_KEY || config.s3.secretAccessKey,
7781
region: process.env.HMD_S3_REGION || config.s3.region
7882
}
7983
var s3bucket = process.env.HMD_S3_BUCKET || config.s3.bucket;
8084

8185
// auth
82-
var facebook = (process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET) ? {
83-
clientID: process.env.HMD_FACEBOOK_CLIENTID,
84-
clientSecret: process.env.HMD_FACEBOOK_CLIENTSECRET
86+
var facebook = (process.env.HMD_FACEBOOK_CLIENTID && process.env.HMD_FACEBOOK_CLIENTSECRET || fs.existsSync('/run/secrets/facebook_clientID') && fs.existsSync('/run/secrets/facebook_clientSecret')) ? {
87+
clientID: handleDockerSecret('facebook_clientID') || process.env.HMD_FACEBOOK_CLIENTID,
88+
clientSecret: handleDockerSecret('facebook_clientSecret') || process.env.HMD_FACEBOOK_CLIENTSECRET
8589
} : config.facebook || false;
86-
var twitter = (process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET) ? {
87-
consumerKey: process.env.HMD_TWITTER_CONSUMERKEY,
88-
consumerSecret: process.env.HMD_TWITTER_CONSUMERSECRET
90+
var twitter = (process.env.HMD_TWITTER_CONSUMERKEY && process.env.HMD_TWITTER_CONSUMERSECRET || fs.existsSync('/run/secrets/twitter_consumerKey') && fs.existsSync('/run/secrets/twitter_consumerSecret')) ? {
91+
consumerKey: handleDockerSecret('twitter_consumerKey') || process.env.HMD_TWITTER_CONSUMERKEY,
92+
consumerSecret: handleDockerSecret('twitter_consumerSecret') || process.env.HMD_TWITTER_CONSUMERSECRET
8993
} : config.twitter || false;
90-
var github = (process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET) ? {
91-
clientID: process.env.HMD_GITHUB_CLIENTID,
92-
clientSecret: process.env.HMD_GITHUB_CLIENTSECRET
94+
var github = (process.env.HMD_GITHUB_CLIENTID && process.env.HMD_GITHUB_CLIENTSECRET || fs.existsSync('/run/secrets/github_clientID') && fs.existsSync('/run/secrets/github_clientSecret')) ? {
95+
clientID: handleDockerSecret('github_clientID') || process.env.HMD_GITHUB_CLIENTID,
96+
clientSecret: handleDockerSecret('github_clientSecret') || process.env.HMD_GITHUB_CLIENTSECRET
9397
} : config.github || false;
94-
var gitlab = (process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET) ? {
98+
var gitlab = (process.env.HMD_GITLAB_CLIENTID && process.env.HMD_GITLAB_CLIENTSECRET || fs.existsSync('/run/secrets/gitlab_clientID') && fs.existsSync('/run/secrets/gitlab_clientSecret')) ? {
9599
baseURL: process.env.HMD_GITLAB_BASEURL,
96-
clientID: process.env.HMD_GITLAB_CLIENTID,
97-
clientSecret: process.env.HMD_GITLAB_CLIENTSECRET
100+
clientID: handleDockerSecret('gitlab_clientID') || process.env.HMD_GITLAB_CLIENTID,
101+
clientSecret: handleDockerSecret('gitlab_clientSecret') || process.env.HMD_GITLAB_CLIENTSECRET
98102
} : config.gitlab || false;
99-
var dropbox = (process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) ? {
100-
clientID: process.env.HMD_DROPBOX_CLIENTID,
101-
clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET
103+
var dropbox = ((process.env.HMD_DROPBOX_CLIENTID && process.env.HMD_DROPBOX_CLIENTSECRET) || (fs.existsSync('/run/secrets/dropbox_clientID') && fs.existsSync('/run/secrets/dropbox_clientSecret'))) ? {
104+
clientID: handleDockerSecret('dropbox_clientID') || process.env.HMD_DROPBOX_CLIENTID,
105+
clientSecret: handleDockerSecret('dropbox_clientSecret') || process.env.HMD_DROPBOX_CLIENTSECRET
102106
} : (config.dropbox && config.dropbox.clientID && config.dropbox.clientSecret && config.dropbox) || false;
103-
var google = (process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET) ? {
104-
clientID: process.env.HMD_GOOGLE_CLIENTID,
105-
clientSecret: process.env.HMD_GOOGLE_CLIENTSECRET
107+
var google = ((process.env.HMD_GOOGLE_CLIENTID && process.env.HMD_GOOGLE_CLIENTSECRET)
108+
|| (fs.existsSync('/run/secrets/google_clientID') && fs.existsSync('/run/secrets/google_clientSecret'))) ? {
109+
clientID: handleDockerSecret('google_clientID') || process.env.HMD_GOOGLE_CLIENTID,
110+
clientSecret: handleDockerSecret('google_clientSecret') || process.env.HMD_GOOGLE_CLIENTSECRET
106111
} : (config.google && config.google.clientID && config.google.clientSecret && config.google) || false;
107112
var ldap = config.ldap || ((
108113
process.env.HMD_LDAP_URL ||
@@ -146,7 +151,7 @@ if (process.env.HMD_LDAP_TLS_CA) {
146151
if (process.env.HMD_LDAP_PROVIDERNAME) {
147152
ldap.providerName = process.env.HMD_LDAP_PROVIDERNAME;
148153
}
149-
var imgur = process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
154+
var imgur = handleDockerSecret('imgur_clientid') || process.env.HMD_IMGUR_CLIENTID || config.imgur || false;
150155
var email = process.env.HMD_EMAIL ? (process.env.HMD_EMAIL === 'true') : !!config.email;
151156
var allowemailregister = process.env.HMD_ALLOW_EMAIL_REGISTER ? (process.env.HMD_ALLOW_EMAIL_REGISTER === 'true') : ((typeof config.allowemailregister === 'boolean') ? config.allowemailregister : true);
152157

0 commit comments

Comments
 (0)