chore(secrets): load API key, connection strings, and AuthBlocks via CredentialTools across all three hosts; strip secret placeholders from appsettings.json
This commit is contained in:
@@ -9,11 +9,15 @@ using DeepDrftContent.Services.FileDatabase.Services;
|
||||
using DeepDrftContent.Services.Processors;
|
||||
using DeepDrftCli.Services;
|
||||
using DeepDrftCli.Models;
|
||||
using NetBlocks.Utilities.Environment;
|
||||
|
||||
var builder = Host.CreateApplicationBuilder(args);
|
||||
|
||||
// Load configuration from environment/config.json
|
||||
builder.Configuration.AddJsonFile($"{AppDomain.CurrentDomain.BaseDirectory}environment/connections.json", optional: false, reloadOnChange: true);
|
||||
var connectionsPath = CredentialTools.ResolvePathOrThrow(
|
||||
"connections",
|
||||
Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "environment", "connections.json"));
|
||||
builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false);
|
||||
var cliSettings = builder.Configuration.GetSection(nameof(CliSettings)).Get<CliSettings>();
|
||||
if (cliSettings is null) { throw new Exception("CLI settings are not configured"); }
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ using DeepDrftContent.Services.FileDatabase.Services;
|
||||
using DeepDrftContent.Middleware;
|
||||
using DeepDrftContent.Models;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using NetBlocks.Utilities.Environment;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
@@ -31,8 +32,9 @@ builder.Services.AddCors(options =>
|
||||
});
|
||||
});
|
||||
|
||||
// Load API key configuration
|
||||
builder.Configuration.AddJsonFile("environment/apikey.json", optional: false, reloadOnChange: true);
|
||||
// Load API key via CredentialTools (dev: environment/apikey.json; prod: CREDENTIALS_DIRECTORY/apikey)
|
||||
var apiKeyPath = CredentialTools.ResolvePathOrThrow("apikey", "environment/apikey.json");
|
||||
builder.Configuration.AddJsonFile(apiKeyPath, optional: false, reloadOnChange: false);
|
||||
var apiKeySettings = builder.Configuration.GetSection(nameof(ApiKeySettings)).Get<ApiKeySettings>();
|
||||
if (apiKeySettings is null) { throw new Exception("API key settings are not configured"); }
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ using DeepDrftContent.Services.FileDatabase.Services;
|
||||
using DeepDrftContent.Services.Processors;
|
||||
using DeepDrftContent.Models;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using NetBlocks.Utilities.Environment;
|
||||
|
||||
namespace DeepDrftContent
|
||||
{
|
||||
@@ -19,7 +20,8 @@ namespace DeepDrftContent
|
||||
builder.Services.AddSingleton<TrackService>();
|
||||
|
||||
// File Database
|
||||
builder.Configuration.AddJsonFile("environment/filedatabase.json", optional: false, reloadOnChange: true);
|
||||
var fileDatabasePath = CredentialTools.ResolvePathOrThrow("filedatabase", "environment/filedatabase.json");
|
||||
builder.Configuration.AddJsonFile(fileDatabasePath, optional: false, reloadOnChange: false);
|
||||
var fileDatabaseSettings = builder.Configuration.GetSection(nameof(FileDatabaseSettings)).Get<FileDatabaseSettings>();
|
||||
if (fileDatabaseSettings is null) { throw new Exception("File database settings are not configured"); }
|
||||
|
||||
|
||||
+15
-5
@@ -5,6 +5,7 @@ using DeepDrftWeb;
|
||||
using MudBlazor.Services;
|
||||
using DeepDrftWeb.Components;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using NetBlocks.Utilities.Environment;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
@@ -13,11 +14,20 @@ builder.Services.AddMudServices();
|
||||
|
||||
builder.Services.AddCmsServices();
|
||||
|
||||
// CMS → DeepDrftContent calls require the DeepDrftContent ApiKey. Loaded from a
|
||||
// gitignored environment file, same shape as DeepDrftContent/environment/apikey.json.
|
||||
// Optional so the file's absence in non-CMS dev does not fail boot; missing key is
|
||||
// surfaced when Startup.ConfigureDomainServices binds the CMS HttpClient.
|
||||
builder.Configuration.AddJsonFile("environment/apikey.json", optional: true, reloadOnChange: true);
|
||||
// Required credential files — must exist before the app will start.
|
||||
// In dev: create the three files under DeepDrftWeb/environment/ (gitignored).
|
||||
// In prod: systemd CREDENTIALS_DIRECTORY points to encrypted credential blobs.
|
||||
// - environment/apikey.json: { "DeepDrftContent": { "ApiKey": "..." } }
|
||||
// - environment/connections.json: { "ConnectionStrings": { "DefaultConnection": "...", "Auth": "..." } }
|
||||
// - environment/authblocks.json: { "AuthBlocks": { "Jwt": {...}, "Email": {...}, "Admin": {...} } }
|
||||
var apiKeyPath = CredentialTools.ResolvePathOrThrow("apikey", "environment/apikey.json");
|
||||
builder.Configuration.AddJsonFile(apiKeyPath, optional: false, reloadOnChange: false);
|
||||
|
||||
var connectionsPath = CredentialTools.ResolvePathOrThrow("connections", "environment/connections.json");
|
||||
builder.Configuration.AddJsonFile(connectionsPath, optional: false, reloadOnChange: false);
|
||||
|
||||
var authBlocksPath = CredentialTools.ResolvePathOrThrow("authblocks", "environment/authblocks.json");
|
||||
builder.Configuration.AddJsonFile(authBlocksPath, optional: false, reloadOnChange: false);
|
||||
|
||||
var baseUrl = builder.GetKestrelUrl();
|
||||
var contentApiUrl = builder.Configuration["ApiUrls:ContentApi"] ?? throw new Exception("Content API URL is not configured");
|
||||
|
||||
@@ -6,15 +6,9 @@
|
||||
}
|
||||
},
|
||||
"AllowedHosts": "*",
|
||||
"ConnectionStrings": {
|
||||
"DefaultConnection": "Host=localhost;Port=5433;Database=postgres;Username=postgres;Password=REPLACE_IN_ENV"
|
||||
},
|
||||
"ApiUrls": {
|
||||
"ContentApi": "http://localhost:12777/"
|
||||
},
|
||||
"DeepDrftContent": {
|
||||
"ApiKey": "REPLACE_IN_ENV"
|
||||
},
|
||||
"ForwardedHeaders": {
|
||||
"DisableHttpsRedirection": "true"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user