feat: use env variables and secrets

voltrondata · Nov 8, 2023 · 0b58268 · 0b58268
1 parent 004f6b3
commit 0b58268
Show file tree

Hide file tree

Showing 9 changed files with 31 additions and 5 deletions.
diff --git a/.github/workflows/deploy-api.yml b/.github/workflows/deploy-api.yml
@@ -8,6 +8,10 @@ on:
     paths:
       - 'api/**'
 
+env:
+  SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
+  DUCKDB_POOL_SIZE: ${{ variables.DUCKDB_POOL_SIZE }}
+
 jobs:
   deploy:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/deploy-client.yml b/.github/workflows/deploy-client.yml
@@ -8,6 +8,10 @@ on:
     paths:
       - 'client/**'
 
+env:
+  SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
+  DUCKDB_POOL_SIZE: ${{ variables.DUCKDB_POOL_SIZE }}
+
 jobs:
   build:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/test_api.yaml b/.github/workflows/test_api.yaml
@@ -2,6 +2,10 @@ name: Test
 
 on: [push]
 
+env:
+  SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
+  DUCKDB_POOL_SIZE: ${{ variables.DUCKDB_POOL_SIZE }}
+
 jobs:
   Pytest:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/test_client_e2e.yaml b/.github/workflows/test_client_e2e.yaml
@@ -2,6 +2,10 @@ name: Cypress Test
 
 on: [push]
 
+env:
+  SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
+  DUCKDB_POOL_SIZE: ${{ variables.DUCKDB_POOL_SIZE }}
+
 jobs:
   electron-run:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/test_client_unit.yaml b/.github/workflows/test_client_unit.yaml
@@ -2,6 +2,10 @@ name: Vitest
 
 on: [push]
 
+env:
+  SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
+  DUCKDB_POOL_SIZE: ${{ variables.DUCKDB_POOL_SIZE }}
+
 jobs:
   unit-test:
     runs-on: ubuntu-latest

diff --git a/api/components/auth.py b/api/components/auth.py
@@ -1,3 +1,5 @@
+import os
+
 import jwt
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
@@ -9,7 +11,8 @@
 ############################################################
 def verify_token(token: str = Depends(oauth2_scheme)):
     try:
-        payload = jwt.decode(token, "key", algorithms=["HS256"])
+        payload = jwt.decode(token, os.environ.get("SESSION_SECRET"),
+                             algorithms=["HS256"])
         return payload
     except jwt.exceptions.DecodeError:
         raise HTTPException(

diff --git a/api/components/duckdb.py b/api/components/duckdb.py
@@ -1,10 +1,12 @@
+import os
+
 import duckdb
 from fastapi import HTTPException
 from loguru import logger
 
 # Pool size is default at 5 for maintaining 
 # 5 concurrent DuckDB connection objects
-POOL_SIZE = 5
+POOL_SIZE = os.environ.get("DUCKDB_POOL_SIZE")
 
 
 

diff --git a/api/test.py b/api/test.py
@@ -1,4 +1,5 @@
 import json
+import os
 from uuid import uuid4
 
 import jwt
@@ -50,7 +51,7 @@ def test_validate_binary():
 def test_add_schema():
     with TestClient(app) as client:
         payload = {"user_id": str(uuid4()).replace('-', '_')}
-        token = jwt.encode(payload, "key", algorithm="HS256")
+        token = jwt.encode(payload,os.environ.get("SESSION_SECRET"), algorithm="HS256")
         schema = '''
                 {
                 "table": "test",
@@ -80,7 +81,7 @@ def test_add_schema():
 def test_parse_to_substrait():
     with TestClient(app) as client:
         payload = {"user_id": str(uuid4())}
-        token = jwt.encode(payload, "key", algorithm="HS256")
+        token = jwt.encode(payload, os.environ.get("SESSION_SECRET"), algorithm="HS256")
 
         response = client.post(
             "/route/parse/",

diff --git a/client/src/assets/js/shared.js b/client/src/assets/js/shared.js
@@ -70,7 +70,7 @@ async function generateToken(user_id) {
   const payload = {
     user_id: user_id,
   };
-  const secret = new TextEncoder().encode("key");
+  const secret = new TextEncoder().encode(process.env.SESSION_SECRET);
   const token = await new jose.SignJWT(payload)
     .setProtectedHeader({ alg: "HS256" })
     .sign(secret);