All required env settings are now checkeda and depricated APP_CONFIG

2025-05-18 18:29:40 +02:00 · 2015-02-27 16:46:52 +02:00 · 2015-02-27 16:46:52 +02:00 · 54b5394196
commit 54b5394196
parent e238760cef
14 changed files with 61 additions and 47 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,7 +10,6 @@ capybara-*.html
 /spec/tmp
 **.orig
 config/initializers/secret_token.rb
 config/application.yml
 config/secrets.yml
 config/database.yml
 /export
@ -25,3 +24,6 @@ config/database.yml
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
 # Ignore application configuration
 /config/application.yml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,8 @@
 27.02.2015
 * Simplified config/application-example.yml, 
  now system will check if all required settings are present in application.yml 
 19.02.2015
 * Cetrificate only enabled, please setup certificates following doc/certificate.md document.
--- a/3
+++ b/3
@ -5,6 +5,9 @@ gem 'rails',        '4.2.0'
 gem 'iso8601',      '~> 0.8.2' # for dates and times
 gem 'hashie_rails', '~> 0.0.1'
 # load env
 gem 'figaro', '~> 1.1.0'
 # model related
 gem 'pg',                        '~> 0.18.0'
 gem 'ransack',                   '~> 1.5.1' # for searching
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -152,6 +152,8 @@ GEM
      i18n (~> 0.5)
    fastercsv (1.5.5)
    ffi (1.9.6)
    figaro (1.1.0)
      thor (~> 0.14)
    flay (2.4.0)
      ruby_parser (~> 3.0)
      sexp_processor (~> 4.0)
@ -459,6 +461,7 @@ DEPENDENCIES
  epp-xml (~> 0.10.4)
  fabrication (~> 2.12.2)
  faker (~> 1.3.0)
  figaro (~> 1.1.0)
  grape (~> 0.10.1)
  guard (~> 2.6.1)
  guard-rails (~> 0.7.0)
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -9,7 +9,7 @@ class Epp::SessionsController < EppController
  # rubocop: disable Metrics/CyclomaticComplexity
  def login
    cert_valid = true
-    if request.ip == APP_CONFIG['webclient_ip']
+    if request.ip == ENV['webclient_ip']
      @api_user = ApiUser.find_by(login_params)
    else
      if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username]
--- a/app/models/api_user_deprecated.rb
+++ b/app/models/api_user_deprecated.rb
@ -32,10 +32,10 @@ class ApiUserDeprecated < ActiveRecord::Base
    csr_file.rewind
    crt_file = Tempfile.new('client_crt')
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
-    -cert #{APP_CONFIG['ca_cert_path']} \
+    -cert #{ENV['ca_cert_path']} \
    -extensions usr_cert -notext -md sha256 \
-    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+    -in #{csr_file.path} -out #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
    if err.match(/Data Base Updated/)
      crt_file.rewind
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@ -33,7 +33,7 @@ class Certificate < ActiveRecord::Base
      @cached_status = EXPIRED
    end
-    crl = OpenSSL::X509::CRL.new(File.open(APP_CONFIG['crl_path']).read)
+    crl = OpenSSL::X509::CRL.new(File.open(ENV['crl_path']).read)
    return @cached_status unless crl.revoked.map(&:serial).include?(parsed_crt.serial)
    @cached_status = REVOKED
@ -45,10 +45,10 @@ class Certificate < ActiveRecord::Base
    csr_file.rewind
    crt_file = Tempfile.new('client_crt')
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
-    -cert #{APP_CONFIG['ca_cert_path']} \
+    -cert #{ENV['ca_cert_path']} \
    -extensions usr_cert -notext -md sha256 \
-    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+    -in #{csr_file.path} -out #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
    if err.match(/Data Base Updated/)
      crt_file.rewind
@ -67,9 +67,9 @@ class Certificate < ActiveRecord::Base
    crt_file.write(crt)
    crt_file.rewind
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
-      -cert #{APP_CONFIG['ca_cert_path']} \
+      -cert #{ENV['ca_cert_path']} \
-      -revoke #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+      -revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
    if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
      save!
@ -81,8 +81,8 @@ class Certificate < ActiveRecord::Base
      return false
    end
-    _out, _err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
+    _out, _err, _st = Open3.capture3("openssl ca -keyfile #{ENV['ca_key_path']} \
-      -cert #{APP_CONFIG['ca_cert_path']} \
+      -cert #{ENV['ca_cert_path']} \
-      -gencrl -out #{APP_CONFIG['crl_path']} -key '#{APP_CONFIG['ca_key_password']}' -batch")
+      -gencrl -out #{ENV['crl_path']} -key '#{ENV['ca_key_password']}' -batch")
  end
 end
--- a/app/models/zonefile_setting.rb
+++ b/app/models/zonefile_setting.rb
@ -18,7 +18,7 @@ class ZonefileSetting < ActiveRecord::Base
      "select generate_zonefile('#{origin}')"
    )[0]['generate_zonefile']
-    File.open("#{APP_CONFIG['zonefile_export_dir']}/#{filename}", 'w') { |f| f.write(zf) }
+    File.open("#{ENV['zonefile_export_dir']}/#{filename}", 'w') { |f| f.write(zf) }
    STDOUT << "#{Time.now.utc} - Successfully generated zonefile #{filename}\n"
  end
--- a/app/views/layouts/application.haml
+++ b/app/views/layouts/application.haml
@ -21,7 +21,7 @@
            %span.icon-bar
            %span.icon-bar
          = link_to admin_dashboard_path, class: 'navbar-brand' do
-            = APP_CONFIG['app_name']
+            = ENV['app_name']
            - if unstable_env.present?
              .text-center
                %small{style: 'color: #0074B3;'}= unstable_env
--- a/config/application-example.yml
+++ b/config/application-example.yml
@ -1,34 +1,23 @@
-defaults: &defaults
+# Application configuration values
  app_name: .EE Registry
  zonefile_export_dir: 'export/zonefiles'
-  # You can use `rake secret` to generate a secure secret key.
+app_name: .EE Registry
-  # Your secret key is used for verifying the integrity of signed cookies.
+zonefile_export_dir: 'export/zonefiles'
  # If you change this key, all old signed cookies will become invalid!
  secret_key_base: please-change-it-you-can-generate-it-with-rake-secret
  devise_secret: please-change-it-you-can-generate-it-with-rake-secret
-  # Used by registry admin server:
+# You can use `rake secret` to generate a secure secret key.
-  crl_path:     '/home/registry/registry/shared/ca/crl/crl.pem'
+# Your secret key is used for verifying the integrity of signed cookies.
-  ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
+# If you change this key, all old signed cookies will become invalid!
-  ca_key_path:  '/home/registry/registry/shared/ca/private/ca.key.pem'
+secret_key_base: please-change-it-you-can-generate-it-with-rake-secret
-  ca_key_password: 'your-root-key-password'
+devise_secret: please-change-it-you-can-generate-it-with-rake-secret
-  # Used by EPP server
+# Used by admin server, you can leave those empty for when running EPP server:
-  webclient_ip: '127.0.0.1'
+crl_path:     '/home/registry/registry/shared/ca/crl/crl.pem'
 ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
 ca_key_path:  '/home/registry/registry/shared/ca/private/ca.key.pem'
 ca_key_password: 'your-root-key-password'
-development:
+# Used only by EPP server, you can leave it empty when running admin server:
-  <<: *defaults
+webclient_ip: '127.0.0.1'
 # autotest config overwrites
 test:
  webclient_ip: '127.0.0.1' # it should match to localhost ip address
  <<: *defaults
 alpha:
  <<: *defaults
 staging:
  <<: *defaults
 production:
  <<: *defaults
--- a/config/initializers/app_config.rb
+++ b/config/initializers/app_config.rb
@ -1,2 +0,0 @@
 APP_CONFIG = YAML.load_file("#{Rails.root}/config/application.yml")[Rails.env]
 Registry::Application.config.secret_token = APP_CONFIG['secret_key_base']
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -4,7 +4,7 @@ Devise.setup do |config|
  # The secret key used by Devise. Devise uses this key to generate
  # random tokens. Changing this key will render invalid all existing
  # confirmation, reset password and unlock tokens in the database.
-  config.secret_key = APP_CONFIG['devise_secret']
+  config.secret_key = ENV['devise_secret']
  # ==> Mailer Configuration
  # Configure the e-mail address which will be shown in Devise::Mailer,
--- a/config/initializers/env_required.rb
+++ b/config/initializers/env_required.rb
@ -0,0 +1,13 @@
 required = %w(
  app_name
  zonefile_export_dir
  secret_key_base
  devise_secret
  crl_path
  ca_cert_path
  ca_key_path
  ca_key_password
  webclient_ip
 )
 Figaro.require_keys(required)
--- a/config/initializers/set_secret.rb
+++ b/config/initializers/set_secret.rb
@ -0,0 +1 @@
 Registry::Application.config.secret_token = ENV['secret_key_base']
		`@ -1,2 +0,0 @@`
			`APP_CONFIG = YAML.load_file("#{Rails.root}/config/application.yml")[Rails.env]`
			`Registry::Application.config.secret_token = APP_CONFIG['secret_key_base']`
		`@ -0,0 +1 @@`
							`Registry::Application.config.secret_token = ENV['secret_key_base']`