chore: 🔧 env vars in yaml config (apotdevin#194)

Author: apotdevin

.env

@@ -30,6 +30,10 @@
 # Account Configs
 # -----------
 # ACCOUNT_CONFIG_PATH='/path/to/config/thubConfig.yaml'
+# YML_ENV_1=''
+# YML_ENV_2=''
+# YML_ENV_3=''
+# YML_ENV_4=''
 
 # -----------
 # SSO Account Configs

README.md

@@ -213,6 +213,22 @@ accounts:
 
 Notice you can specify either `macaroonPath` and `certificatePath` or `macaroon` and `certificate`.
 
+#### Account with environment variables
+
+It's possible to set different parts of the accounts based on environment variables.
+
+You can use the following environment variables: `YML_ENV_1`, `YML_ENV_2`, `YML_ENV_3`, `YML_ENV_4` and fill your accounts in the following way:
+
+```yaml
+accounts:
+  - name: '{YML_ENV_1}'
+    serverUrl: '{YML_ENV_2}'
+    macaroon: 'macaroonforthisaccount'
+    certificate: '{YML_ENV_4}'
+```
+
+ThunderHub will take care of replacing the fields with the correct environment variables. The `{YML_ENV_[1-4]}` can only be used for fields inside the accounts. So for example using it for the `masterPassword` will not work.
+
 #### Account with LND directory
 
 You can also specify the main LND directory and ThunderHub will look for the certificate and the macaroon in the default folders (based on the network).

next.config.js

@@ -3,22 +3,42 @@ const withBundleAnalyzer = require('@next/bundle-analyzer')({
   enabled: process.env.ANALYZE === 'true',
 });
 
+const ymlEnv = {
+  YML_ENV_1: process.env.YML_ENV_1 || '',
+  YML_ENV_2: process.env.YML_ENV_2 || '',
+  YML_ENV_3: process.env.YML_ENV_3 || '',
+  YML_ENV_4: process.env.YML_ENV_4 || '',
+};
+
+const ssoEnv = {
+  cookiePath: process.env.COOKIE_PATH || '',
+  lnServerUrl: process.env.SSO_SERVER_URL || '',
+  lnCertPath: process.env.SSO_CERT_PATH || '',
+  macaroonPath: process.env.SSO_MACAROON_PATH || '',
+  dangerousNoSSOAuth:
+    process.env.DANGEROUS_NO_SSO_AUTH === 'true' ? true : false,
+};
+
+const sslEnv = {
+  publicUrl: process.env.PUBLIC_URL || '',
+  sslPort: process.env.SSL_PORT || '',
+  sslSave: process.env.SSL_SAVE || '',
+};
+
+const accountConfig = {
+  accountConfigPath: process.env.ACCOUNT_CONFIG_PATH || '',
+};
+
 module.exports = withBundleAnalyzer({
   poweredByHeader: false,
   basePath: process.env.BASE_PATH || '',
   serverRuntimeConfig: {
     nodeEnv: process.env.NODE_ENV || 'development',
     logLevel: process.env.LOG_LEVEL || 'info',
-    cookiePath: process.env.COOKIE_PATH || '',
-    lnServerUrl: process.env.SSO_SERVER_URL || '',
-    lnCertPath: process.env.SSO_CERT_PATH || '',
-    macaroonPath: process.env.SSO_MACAROON_PATH || '',
-    accountConfigPath: process.env.ACCOUNT_CONFIG_PATH || '',
-    publicUrl: process.env.PUBLIC_URL || '',
-    sslPort: process.env.SSL_PORT || '',
-    sslSave: process.env.SSL_SAVE || '',
-    dangerousNoSSOAuth:
-      process.env.DANGEROUS_NO_SSO_AUTH === 'true' ? true : false,
+    ...ssoEnv,
+    ...accountConfig,
+    ...sslEnv,
+    ...ymlEnv,
   },
   publicRuntimeConfig: {
     nodeEnv: process.env.NODE_ENV || 'development',

server/helpers/__tests__/env.test.ts

@@ -0,0 +1,78 @@
+import { resolveEnvVarsInAccount } from '../env';
+import { AccountType, UnresolvedAccountType } from '../fileHelpers';
+
+const vars = {
+  YML_ENV_1: 'firstEnv',
+  YML_ENV_2: 'macaroonString',
+  YML_ENV_3: 'false',
+  YML_ENV_4: 'true',
+};
+
+jest.mock('next/config', () => () => ({
+  serverRuntimeConfig: vars,
+}));
+
+describe('resolveEnvVarsInAccount', () => {
+  it('returns resolved account', () => {
+    const account: UnresolvedAccountType = {
+      name: '{YML_ENV_1}',
+      serverUrl: 'server.url:10009',
+      macaroon: '{YML_ENV_2}',
+    };
+
+    const resolved = resolveEnvVarsInAccount(account);
+
+    const result: AccountType = {
+      name: 'firstEnv',
+      serverUrl: 'server.url:10009',
+      macaroon: 'macaroonString',
+    };
+
+    expect(resolved).toStrictEqual(result);
+  });
+  it('resolves false boolean values', () => {
+    const account: UnresolvedAccountType = {
+      name: '{YML_ENV_1}',
+      serverUrl: 'server.url:10009',
+      encrypted: '{YML_ENV_3}',
+    };
+
+    const resolved = resolveEnvVarsInAccount(account);
+
+    const result: AccountType = {
+      name: 'firstEnv',
+      serverUrl: 'server.url:10009',
+      encrypted: false,
+    };
+
+    expect(resolved).toStrictEqual(result);
+  });
+  it('resolves true boolean values', () => {
+    const account: UnresolvedAccountType = {
+      name: '{YML_ENV_1}',
+      serverUrl: 'server.url:10009',
+      encrypted: '{YML_ENV_4}',
+    };
+
+    const resolved = resolveEnvVarsInAccount(account);
+
+    const result: AccountType = {
+      name: 'firstEnv',
+      serverUrl: 'server.url:10009',
+      encrypted: true,
+    };
+
+    expect(resolved).toStrictEqual(result);
+  });
+  it('does not resolve non existing env vars', () => {
+    const account: UnresolvedAccountType = {
+      macaroon: '{YML_ENV_NONE}',
+    };
+
+    const resolved = resolveEnvVarsInAccount(account);
+
+    expect(resolved).toStrictEqual({
+      macaroon: '{YML_ENV_NONE}',
+    });
+  });
+});

server/helpers/env.ts

@@ -0,0 +1,41 @@
+import getConfig from 'next/config';
+import { AccountType, UnresolvedAccountType } from './fileHelpers';
+
+const { serverRuntimeConfig } = getConfig() || { serverRuntimeConfig: {} };
+const { YML_ENV_1, YML_ENV_2, YML_ENV_3, YML_ENV_4 } = serverRuntimeConfig;
+
+const env: { [key: string]: string } = {
+  YML_ENV_1,
+  YML_ENV_2,
+  YML_ENV_3,
+  YML_ENV_4,
+};
+
+export const resolveEnvVarsInAccount = (
+  account: UnresolvedAccountType
+): AccountType => {
+  const regex = /(?<=\{)(.*?)(?=\})/;
+
+  const resolved = Object.fromEntries(
+    Object.entries(account).map(([k, v]) => {
+      if (typeof v !== 'string') {
+        return [k, v];
+      }
+
+      const match: string | boolean =
+        env[v.toString().match(regex)?.[0] || ''] || v;
+
+      if (match === 'true') {
+        return [k, true];
+      }
+
+      if (match === 'false') {
+        return [k, false];
+      }
+
+      return [k, match];
+    })
+  );
+
+  return resolved;
+};

server/helpers/fileHelpers.ts

@@ -6,6 +6,7 @@ import { logger } from 'server/helpers/logger';
 import yaml from 'js-yaml';
 import { getUUID } from './auth';
 import { hashPassword } from './crypto';
+import { resolveEnvVarsInAccount } from './env';
 
 type EncodingType = 'hex' | 'utf-8';
 type BitcoinNetwork = 'mainnet' | 'regtest' | 'testnet';
@@ -23,6 +24,19 @@ export type AccountType = {
   encrypted?: boolean;
 };
 
+export type UnresolvedAccountType = {
+  name?: string;
+  serverUrl?: string;
+  lndDir?: string;
+  network?: BitcoinNetwork;
+  macaroonPath?: string;
+  certificatePath?: string;
+  password?: string | null;
+  macaroon?: string;
+  certificate?: string;
+  encrypted?: boolean | string;
+};
+
 export type ParsedAccount = {
   name: string;
   id: string;
@@ -228,11 +242,13 @@ export const getAccounts = (filePath: string): ParsedAccount[] => {
 };
 
 export const getParsedAccount = (
-  account: AccountType,
+  account: UnresolvedAccountType,
   index: number,
   masterPassword: string | null,
   defaultNetwork: BitcoinNetwork
 ): ParsedAccount | null => {
+  const resolvedAccount = resolveEnvVarsInAccount(account);
+
   const {
     name,
     serverUrl,
@@ -242,7 +258,7 @@ export const getParsedAccount = (
     macaroon: macaroonValue,
     password,
     encrypted,
-  } = account;
+  } = resolvedAccount;
 
   const missingFields: string[] = [];
   if (!name) missingFields.push('name');
@@ -269,14 +285,14 @@ export const getParsedAccount = (
     return null;
   }
 
-  const cert = getCertificate(account);
+  const cert = getCertificate(resolvedAccount);
   if (!cert) {
     logger.warn(
       `No certificate for account ${name}. Make sure you don't need it to connect.`
     );
   }
 
-  const macaroon = getMacaroon(account, defaultNetwork);
+  const macaroon = getMacaroon(resolvedAccount, defaultNetwork);
   if (!macaroon) {
     logger.error(
       `Account ${name} has neither lnd directory, macaroon nor macaroon path specified.`