From 825fc1a6ea37dd5d4dba3611f73d4bf9f60a90c9 Mon Sep 17 00:00:00 2001 From: siddhantCodes Date: Fri, 27 Oct 2023 02:19:07 +0530 Subject: [PATCH 1/3] .env support - if there's a .env file in CWD, parse it and set env vars from it - create-package should generate a .gitignore file that contains .env file - check if the .env file is checked in, panic and proceed only when FASTN_DANGER_ACCEPT_CHECKED_IN_ENV is set --- Cargo.lock | 7 ++++ fastn-core/src/commands/create_package.rs | 13 ++++--- fastn/Cargo.toml | 1 + fastn/src/main.rs | 41 +++++++++++++++++++++++ 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index eae03eb2a8..a5eb3aa894 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1457,6 +1457,12 @@ dependencies = [ "syn 2.0.38", ] +[[package]] +name = "dotenvy" +version = "0.15.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" + [[package]] name = "dtoa" version = "1.0.9" @@ -1627,6 +1633,7 @@ version = "0.3.78" dependencies = [ "clap", "colored", + "dotenvy", "fastn-cloud", "fastn-core", "fastn-observer", diff --git a/fastn-core/src/commands/create_package.rs b/fastn-core/src/commands/create_package.rs index 12339d28e8..cf87c65ce4 100644 --- a/fastn-core/src/commands/create_package.rs +++ b/fastn-core/src/commands/create_package.rs @@ -1,7 +1,7 @@ async fn template_contents( project_name: &str, download_base_url: Option<&str>, -) -> (String, String) { +) -> (String, String, String) { let ftd = format!( r#"-- import: fastn @@ -14,8 +14,12 @@ async fn template_contents( .unwrap_or_default() ); let index = "-- ftd.text: Hello world".to_string(); + let gitignore = r#".build/ +.env + "# + .to_string(); - (ftd, index) + (ftd, index, gitignore) } pub async fn create_package( @@ -53,12 +57,11 @@ pub async fn create_package( // Create all directories if not present tokio::fs::create_dir_all(final_dir.as_str()).await?; - let tmp_contents = template_contents(name, download_base_url).await; - let tmp_fastn = tmp_contents.0; - let tmp_index = tmp_contents.1; + let (tmp_fastn, tmp_index, tmp_gitignore) = template_contents(name, download_base_url).await; fastn_core::utils::update(&final_dir.join("FASTN.ftd"), tmp_fastn.as_bytes()).await?; fastn_core::utils::update(&final_dir.join("index.ftd"), tmp_index.as_bytes()).await?; + fastn_core::utils::update(&final_dir.join(".gitignore"), tmp_gitignore.as_bytes()).await?; // Note: Not required for now // let sync_message = "Initial sync".to_string(); diff --git a/fastn/Cargo.toml b/fastn/Cargo.toml index b44d74b54a..71b1e671fc 100644 --- a/fastn/Cargo.toml +++ b/fastn/Cargo.toml @@ -20,3 +20,4 @@ thiserror.workspace = true tokio.workspace = true tracing.workspace = true tracing-subscriber.workspace = true +dotenvy = "0.15.7" diff --git a/fastn/src/main.rs b/fastn/src/main.rs index db4d787b91..e56697d623 100644 --- a/fastn/src/main.rs +++ b/fastn/src/main.rs @@ -1,4 +1,5 @@ mod commands; + pub fn main() { fastn_observer::observe(); @@ -27,6 +28,8 @@ pub enum Error { async fn async_main() -> Result<(), Error> { let matches = app(version()).get_matches(); + set_env_vars(); + if cloud_commands(&matches).await? { return Ok(()); } @@ -543,3 +546,41 @@ pub fn version() -> &'static str { } } } + +fn set_env_vars() -> () { + let checked_in = { + if let Ok(status) = std::process::Command::new("git") + .arg("ls-files") + .arg("--error-unmatch") + .arg(".env") + .stdout(std::process::Stdio::null()) + .stderr(std::process::Stdio::null()) + .status() + { + status.success() // .env is checked in + } else { + false + } + }; + + let ignore = { + if let Ok(val) = std::env::var("FASTN_DANGER_ACCEPT_CHECKED_IN_ENV") { + val != "false" + } else { + false + } + }; + + if checked_in && !ignore { + eprintln!( + "ERROR: the .env file is checked in to version control! This is a security risk. +Remove it from your version control system or run fastn again with +FASTN_DANGER_ACCEPT_CHECKED_IN_ENV set" + ); + std::process::exit(1); + } + + if let Ok(_) = dotenvy::dotenv() { + println!("INFO: loaded environment variables from .env file."); + } +} From d620a4042fe111f4d61157df5d5f4d9942ad514e Mon Sep 17 00:00:00 2001 From: siddhantCodes Date: Fri, 27 Oct 2023 02:26:56 +0530 Subject: [PATCH 2/3] fix clippy warnings --- fastn/src/main.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fastn/src/main.rs b/fastn/src/main.rs index e56697d623..2c45d69367 100644 --- a/fastn/src/main.rs +++ b/fastn/src/main.rs @@ -547,7 +547,7 @@ pub fn version() -> &'static str { } } -fn set_env_vars() -> () { +fn set_env_vars() { let checked_in = { if let Ok(status) = std::process::Command::new("git") .arg("ls-files") @@ -580,7 +580,7 @@ FASTN_DANGER_ACCEPT_CHECKED_IN_ENV set" std::process::exit(1); } - if let Ok(_) = dotenvy::dotenv() { + if dotenvy::dotenv().is_ok() { println!("INFO: loaded environment variables from .env file."); } } From 84867793633439ada5c17400f6e9bf346860b6a2 Mon Sep 17 00:00:00 2001 From: siddhantCodes Date: Fri, 27 Oct 2023 19:08:46 +0530 Subject: [PATCH 3/3] issue a warning when FASTN_DANGER_ACCEPT_CHECKED_IN_ENV is used --- fastn/src/main.rs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/fastn/src/main.rs b/fastn/src/main.rs index 2c45d69367..ffc73481d8 100644 --- a/fastn/src/main.rs +++ b/fastn/src/main.rs @@ -578,9 +578,16 @@ Remove it from your version control system or run fastn again with FASTN_DANGER_ACCEPT_CHECKED_IN_ENV set" ); std::process::exit(1); - } + } else { + if checked_in && ignore { + println!( + "WARN: your .env file has been detected in the version control system! This poses a +significant security risk in case the source code becomes public." + ); + } - if dotenvy::dotenv().is_ok() { - println!("INFO: loaded environment variables from .env file."); + if dotenvy::dotenv().is_ok() { + println!("INFO: loaded environment variables from .env file."); + } } }