updates

2025-12-17 04:59:30 +00:00 · 2023-07-14 22:30:40 +02:00
parent 6430e7b288
commit 055ff6dbbd
4 changed files with 51 additions and 38 deletions
--- a/apps/api/prisma/seed.js
+++ b/apps/api/prisma/seed.js
@@ -102,14 +102,14 @@ async function reEncryptSecrets() {
 	}
 	if (secretOld !== secretNew) {
 		console.log('secrets are different, so re-encrypting');
-		const secrets = await prisma.secret.findMany();
-		if (secrets.length > 0) {
-			for (const secret of secrets) {
-				const value = decrypt(secret.value, secretOld);
-				const newValue = encrypt(value, secretNew);
-				console.log({ value: secret.value, newValue });
-			}
-		}
+		// const secrets = await prisma.secret.findMany();
+		// if (secrets.length > 0) {
+		// 	for (const secret of secrets) {
+		// 		const value = decrypt(secret.value, secretOld);
+		// 		const newValue = encrypt(value, secretNew);
+		// 		console.log({ value: secret.value, newValue });
+		// 	}
+		// }
 	}
 }
 main()
--- a/apps/api/src/index.ts
+++ b/apps/api/src/index.ts
@@ -38,6 +38,7 @@ declare module 'fastify' {
 		config: {
 			COOLIFY_APP_ID: string;
 			COOLIFY_SECRET_KEY: string;
+			COOLIFY_SECRET_KEY_BETTER: string | null;
 			COOLIFY_DATABASE_URL: string;
 			COOLIFY_IS_ON: string;
 			COOLIFY_WHITE_LABELED: string;
@@ -67,6 +68,10 @@ const host = '0.0.0.0';
 			COOLIFY_SECRET_KEY: {
 				type: 'string'
 			},
+			COOLIFY_SECRET_KEY_BETTER: {
+				type: 'string',
+				default: null
+			},
 			COOLIFY_DATABASE_URL: {
 				type: 'string',
 				default: 'file:../db/dev.db'
@@ -402,7 +407,9 @@ async function autoUpdater() {
 				if (!isDev) {
 					const { isAutoUpdateEnabled } = await prisma.setting.findFirst();
 					if (isAutoUpdateEnabled) {
-						await executeCommand({ command: `docker pull ghcr.io/coollabsio/coolify:${latestVersion}` });
+						await executeCommand({
+							command: `docker pull ghcr.io/coollabsio/coolify:${latestVersion}`
+						});
 						await executeCommand({ shell: true, command: `env | grep '^COOLIFY' > .env` });
 						await executeCommand({
 							command: `sed -i '/COOLIFY_AUTO_UPDATE=/cCOOLIFY_AUTO_UPDATE=${isAutoUpdateEnabled}' .env`
@@ -651,7 +658,7 @@ async function cleanupStorage() {
 		// 	}
 		// } catch (error) {}
 		// if (lowDiskSpace) {
-			// await cleanupDockerStorage(destination.id);
+		// await cleanupDockerStorage(destination.id);
 		// }
 	}
 }
--- a/apps/api/src/lib/common.ts
+++ b/apps/api/src/lib/common.ts
@@ -172,13 +172,19 @@ export const base64Encode = (text: string): string => {
 export const base64Decode = (text: string): string => {
 	return Buffer.from(text, 'base64').toString('ascii');
 };
+export const getSecretKey = () => {
+	if (process.env['COOLIFY_SECRET_KEY_BETTER']) {
+		return process.env['COOLIFY_SECRET_KEY_BETTER'];
+	}
+	return process.env['COOLIFY_SECRET_KEY'];
+};
 export const decrypt = (hashString: string) => {
 	if (hashString) {
 		try {
 			const hash = JSON.parse(hashString);
 			const decipher = crypto.createDecipheriv(
 				algorithm,
-				process.env['COOLIFY_SECRET_KEY'],
+				getSecretKey(),
 				Buffer.from(hash.iv, 'hex')
 			);
 			const decrpyted = Buffer.concat([
@@ -195,7 +201,7 @@ export const decrypt = (hashString: string) => {
 export const encrypt = (text: string) => {
 	if (text) {
 		const iv = crypto.randomBytes(16);
-		const cipher = crypto.createCipheriv(algorithm, process.env['COOLIFY_SECRET_KEY'], iv);
+		const cipher = crypto.createCipheriv(algorithm, getSecretKey(), iv);
 		const encrypted = Buffer.concat([cipher.update(text.trim()), cipher.final()]);
 		return JSON.stringify({
 			iv: iv.toString('hex'),
@@ -841,7 +847,7 @@ export function generateToken() {
 		{
 			nbf: Math.floor(Date.now() / 1000) - 30
 		},
-		process.env['COOLIFY_SECRET_KEY']
+		getSecretKey()
 	);
 }
 export function generatePassword({
--- a/apps/api/src/plugins/jwt.ts
+++ b/apps/api/src/plugins/jwt.ts
@@ -1,33 +1,33 @@
-import fp from 'fastify-plugin'
-import fastifyJwt, { FastifyJWTOptions } from '@fastify/jwt'
+import fp from 'fastify-plugin';
+import fastifyJwt, { FastifyJWTOptions } from '@fastify/jwt';

-declare module "@fastify/jwt" {
-    interface FastifyJWT {
-        user: {
-            userId: string,
-            teamId: string,
-            permission: string,
-            isAdmin: boolean
-        }
-    }
+declare module '@fastify/jwt' {
+	interface FastifyJWT {
+		user: {
+			userId: string;
+			teamId: string;
+			permission: string;
+			isAdmin: boolean;
+		};
+	}
 }

 export default fp<FastifyJWTOptions>(async (fastify, opts) => {
-    fastify.register(fastifyJwt, {
-        secret: fastify.config.COOLIFY_SECRET_KEY
-    })
+	fastify.register(fastifyJwt, {
+		secret: fastify.config.COOLIFY_SECRET_KEY_BETTER ?? fastify.config.COOLIFY_SECRET_KEY
+	});

-    fastify.decorate("authenticate", async function (request, reply) {
-        try {
-            await request.jwtVerify()
-        } catch (err) {
-            reply.send(err)
-        }
-    })
-})
+	fastify.decorate('authenticate', async function (request, reply) {
+		try {
+			await request.jwtVerify();
+		} catch (err) {
+			reply.send(err);
+		}
+	});
+});

 declare module 'fastify' {
-    export interface FastifyInstance {
-        authenticate(): Promise<void>
-    }
+	export interface FastifyInstance {
+		authenticate(): Promise<void>;
+	}
 }