ershisan99/coolify
1
0
Fork 0
mirror of https://github.com/ershisan99/coolify.git synced 2025-12-17 12:33:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

testing seeder

Browse Source
This commit is contained in:
Andras Bacsai
2023-07-14 21:30:08 +02:00
parent 0bfcf6b66f
commit c9df812258
2 changed files with 64 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/staging-release.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
ref: "next" ref: "v3"
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Login to ghcr.io - name: Login to ghcr.io

70
apps/api/prisma/seed.js
View File

@@ -12,7 +12,7 @@ async function main() {
await prisma.setting.create({ await prisma.setting.create({
data: { data: {
id: '0', id: '0',
arch: process.arch, arch: process.arch
} }
}); });
} else { } else {
@@ -81,12 +81,42 @@ async function main() {
}); });
} }
// Set new preview secrets // Set new preview secrets
const secrets = await prisma.secret.findMany({ where: { isPRMRSecret: false } }) const secrets = await prisma.secret.findMany({ where: { isPRMRSecret: false } });
if (secrets.length > 0) { if (secrets.length > 0) {
for (const secret of secrets) { for (const secret of secrets) {
const previewSecrets = await prisma.secret.findMany({ where: { applicationId: secret.applicationId, name: secret.name, isPRMRSecret: true } }) const previewSecrets = await prisma.secret.findMany({
where: { applicationId: secret.applicationId, name: secret.name, isPRMRSecret: true }
});
if (previewSecrets.length === 0) { if (previewSecrets.length === 0) {
await prisma.secret.create({ data: { ...secret, id: undefined, isPRMRSecret: true } }) await prisma.secret.create({ data: { ...secret, id: undefined, isPRMRSecret: true } });
}
}
}
}
async function reEncryptSecrets() {
const { execaCommand } = await import('execa');
const oldSecret = process.env['COOLIFY_SECRET_KEY'];
let newSecret = process.env['COOLIFY_SECRET_KEY_BETTER'];
if (!newSecret) {
const { stdout: newKey } = await execaCommand(
'openssl rand -base64 1024 | sha256sum | base64 | head -c 32',
{
shell: true
}
);
await execaCommand(`echo "\nCOOLIFY_SECRET_KEY_BETTER=${newKey}" >> .env`, {
shell: true
});
await execaCommand(`sed -i /COOLIFY_SECRET_KEY=/cCOOLIFY_SECRET_KEY=${newKey} .env`, {
shell: true
});
newSecret = newKey;
const secrets = await prisma.secret.findMany();
if (secrets.length > 0) {
for (const secret of secrets) {
const value = decrypt(secret.value, oldSecret);
const newValue = encrypt(value, newSecret);
console.log({ value: secret.value, newValue });
} }
} }
} }
@@ -100,14 +130,38 @@ main()
await prisma.$disconnect(); await prisma.$disconnect();
}); });
const encrypt = (text) => { const encrypt = (text, secret) => {
if (text) { if (text && secret) {
const iv = crypto.randomBytes(16); const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv(algorithm, process.env['COOLIFY_SECRET_KEY'], iv); const cipher = crypto.createCipheriv(algorithm, secret, iv);
const encrypted = Buffer.concat([cipher.update(text), cipher.final()]); const encrypted = Buffer.concat([cipher.update(text.trim()), cipher.final()]);
return JSON.stringify({ return JSON.stringify({
iv: iv.toString('hex'), iv: iv.toString('hex'),
content: encrypted.toString('hex') content: encrypted.toString('hex')
}); });
} }
}; };
const decrypt = (hashString, secret) => {
if (hashString && secret) {
try {
const hash = JSON.parse(hashString);
const decipher = crypto.createDecipheriv(algorithm, secret, Buffer.from(hash.iv, 'hex'));
const decrpyted = Buffer.concat([
decipher.update(Buffer.from(hash.content, 'hex')),
decipher.final()
]);
return decrpyted.toString();
} catch (error) {
console.log({ decryptionError: error.message });
return hashString;
}
}
};
reEncryptSecrets()
.catch((e) => {
console.error(e);
process.exit(1);
})
.finally(async () => {
await prisma.$disconnect();
});