2005 env joi validation (#2014)

* blockchain:Joi env vars validation * temp * blockchain:Finilize Joi validation and config * blockchain:Finilize Joi validation and config * blockchain:Use latest script in dosc generation * email-notofocation-service:Add joi validation * excel-export:Add joi validation to env vars * Add empty() to Joi.Add checking of validation script output * Fix correctly passing env vars to script * Merge main * scripts:Fix issues on startup * scripts:Fix issues on startup * modified envVarsSchema * when value defaults then it is not required --------- Co-authored-by: Peter Baus <peter.baus@accenture.com> Co-authored-by: Samuel Pull <samuel.pull@accenture.com>
openkfw · Oct 28, 2024 · e037bf1 · e037bf1
1 parent a620eb4
commit e037bf1
Show file tree

Hide file tree

Showing 36 changed files with 1,901 additions and 340 deletions.
diff --git a/api/src/envVarsSchema.ts b/api/src/envVarsSchema.ts
@@ -50,6 +50,8 @@ export const envVarsSchema = Joi.object({
       "The protocol used to expose the multichain daemon of your Trubudget blockchain installation(bc). The protocol used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon.",
     ),
   MULTICHAIN_RPC_USER: Joi.string()
+    .allow("")
+    .empty("")
     .default("multichainrpc")
     .note("The user used to connect to the multichain daemon."),
   MULTICHAIN_RPC_PASSWORD: Joi.string()
@@ -100,17 +102,23 @@ export const envVarsSchema = Joi.object({
       "If JWT_ALGORITHM is set to `RS256`, this is required and holds BASE64 encoded PEM encoded public key for RSA.",
     ),
   DOCUMENT_FEATURE_ENABLED: Joi.boolean()
+    .empty("")
     .default(false)
     .note(
       "If true, all uploaded documents are stored using trubudget's storage-service. If false, the document feature of TruBudget is disabled, and trying to upload a document will result in an error.",
     ),
   DOCUMENT_EXTERNAL_LINKS_ENABLED: Joi.boolean()
     .default(false)
+    .empty("")
     .note(
       'If true, it is possible to use external documents links also without TruBudget\'s storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true".',
     ),
   STORAGE_SERVICE_HOST: Joi.string().default("localhost").note("IP of connected storage service"),
-  STORAGE_SERVICE_PORT: Joi.number().default(8090).note("Port of connected storage service"),
+  STORAGE_SERVICE_PORT: Joi.number()
+    .allow("")
+    .empty("")
+    .default(8090)
+    .note("Port of connected storage service"),
   STORAGE_SERVICE_PROTOCOL: Joi.string()
     .default("http")
     .allow("http", "https")
@@ -158,6 +166,7 @@ export const envVarsSchema = Joi.object({
     ),
   AUTHPROXY_ENABLED: Joi.boolean()
     .default(false)
+    .empty("")
     .note("Enables logging in using the authorization token from authentication proxy"),
   AUTHPROXY_JWS_SIGNATURE: Joi.string()
     .allow("")
@@ -168,7 +177,7 @@ export const envVarsSchema = Joi.object({
     })
     .note("secret/public key/certificate for verifying auth proxy token signature"),
   DB_TYPE: Joi.string().default("pg"),
-  SQL_DEBUG: Joi.boolean().default(false),
+  SQL_DEBUG: Joi.boolean().default(false).empty(""),
   API_DB_USER: Joi.string()
     .default("postgres")
     .allow("")
@@ -197,6 +206,8 @@ export const envVarsSchema = Joi.object({
     .default("localhost")
     .note("Database host"),
   API_DB_NAME: Joi.string()
+    .allow("")
+    .empty("")
     .when("REFRESH_TOKEN_STORAGE", {
       is: "db",
       then: Joi.required(),
@@ -222,6 +233,7 @@ export const envVarsSchema = Joi.object({
     .allow("")
     .empty("")
     .default(false)
+    .empty("")
     .note('Database SSL connection. Allowed values: "true" or "false".'),
   API_DB_SCHEMA: Joi.string()
     .when("REFRESH_TOKEN_STORAGE", {

diff --git a/blockchain/environment-variables.md b/blockchain/environment-variables.md
diff --git a/blockchain/package-lock.json b/blockchain/package-lock.json
diff --git a/blockchain/package.json b/blockchain/package.json
@@ -26,7 +26,9 @@
     "check-backup": "node check-backup.js",
     "lint": "eslint src",
     "lint:fix": "eslint src --fix",
-    "format": "prettier --write \"src/**/*.+(js|jsx|ts|tsx|yaml|mjs)\""
+    "format": "prettier --write \"src/**/*.+(js|jsx|ts|tsx|yaml|mjs)\"",
+    "validate-env-variables": "node src/scripts/envVarsValidator.js",
+    "generate-env-vars-docs": "node src/scripts/envVarsDocsGenerator.js"
   },
   "nyc": {
     "include": [
@@ -45,6 +47,7 @@
     "chai": "^4.3.9",
     "express": "^4.21.0",
     "ignore": "^5.2.0",
+    "joi": "^17.13.3",
     "js-yaml": "^4.1.0",
     "jsonwebtoken": "^9.0.0",
     "sha256-file": "^1.0.0",

diff --git a/blockchain/scripts/envVarsDocsGenerator.js b/blockchain/scripts/envVarsDocsGenerator.js
@@ -0,0 +1,27 @@
+const { writeFileSync } = require("fs");
+const { generateMarkdownFile } = require("../../scripts/common/envVarsGenerator/dist");
+const { envVarsSchema } = require("../src/envVarsSchema");
+
+function updateReadme() {
+  const mdTable = generateMarkdownFile(envVarsSchema);
+
+  const md = `# Trubudget Blockchain
+
+## Environment Variables
+
+Depending on the Trubudget setup environment variables
+
+${mdTable}
+
+## Connected services
+
+### Email-Service
+
+The email-service can be configured via the following environment variables.
+To get started have a look at dedicated [documentation](../email-notification-service/README.md)
+`;
+
+  writeFileSync("./environment-variables.md", md, "utf-8");
+}
+
+updateReadme();
diff --git a/blockchain/scripts/envVarsValidator.js b/blockchain/scripts/envVarsValidator.js
@@ -0,0 +1,8 @@
+const { envVarsSchema } = require("../src/envVarsSchema");
+
+const { error } = envVarsSchema.validate(process.env, { abortEarly: false });
+if (error) {
+  console.log(`Config validation error: ${error.message}`);
+} else {
+  console.log("Environment variables are valid.");
+}
diff --git a/blockchain/src/config.js b/blockchain/src/config.js
@@ -0,0 +1,55 @@
+const { envVarsSchema } = require("./envVarsSchema");
+
+const { error, value: envVars } = envVarsSchema.validate(process.env);
+if (error) {
+  throw new Error(`Config validation error: ${error.message}`);
+}
+
+const config = {
+  orgazation: envVars.ORGANIZATION,
+  port: envVars.PORT,
+  multichain: {
+    rpcPort: envVars.MULTICHAIN_RPC_PORT,
+    rpcUser: envVars.MULTICHAIN_RPC_USER,
+    rpcPassword: envVars.MULTICHAIN_RPC_PASSWORD,
+    rpcAllowIp: envVars.RPC_ALLOW_IP,
+    dir: envVars.MULTICHAIN_DIR,
+  },
+  api: {
+    protocol: envVars.API_PROTOCOL,
+    host: envVars.API_HOST,
+    port: envVars.API_PORT,
+  },
+  p2p: {
+    host: envVars.P2P_HOST,
+    port: envVars.P2P_PORT,
+  },
+  email: {
+    host: envVars.EMAIL_HOST,
+    port: envVars.EMAIL_PORT,
+    ssl: envVars.EMAIL_SSL,
+    serviceEnabled: envVars.EMAIL_SERVICE_ENABLED,
+    jwtSecret: envVars.JWT_SECRET,
+  },
+  notification: {
+    path: envVars.NOTIFICATION_PATH,
+    maxLifetime: envVars.NOTIFICATION_MAX_LIFETIME,
+    sendInterval: envVars.NOTIFICATION_SEND_INTERVAL,
+  },
+  cert: {
+    path: envVars.CERT_PATH,
+    caPath: envVars.CERT_CA_PATH,
+    keyPath: envVars.CERT_KEY_PATH,
+  },
+  externalIp: envVars.EXTERNAL_IP,
+  autostart: envVars.AUTOSTART,
+  emailServiceEnabled: envVars.EMAIL_SERVICE_ENABLED,
+  multichainFeedEnabled: envVars.MULTICHAIN_FEED_ENABLED,
+  nodeEnv: envVars.NODE_ENV,
+  blocknotifyScript: envVars.BLOCKNOTIFY_SCRIPT,
+  kubeServiceName: envVars.KUBE_SERVICE_NAME,
+  kubeNamespace: envVars.KUBE_NAMESPACE,
+  exposeMc: envVars.EXPOSE_MC,
+};
+
+module.exports = config;