Fixed Support Profiles + Added encryption to env

Author: ItsRiprod

DeskThingServer/electron-builder.env.js

@@ -1,19 +1,46 @@
-// Builds environment variables into production .env file
-import { writeFileSync } from 'fs'
+import { writeFileSync, readFileSync } from 'fs'
 import path from 'path'
+import crypto from 'crypto'
 import { config } from 'dotenv'
 import { fileURLToPath } from 'url'
 
 config()
 
-const appConfig = {
-  discordWebhookUrl: process.env.DISCORD_WEBHOOK_URL || ''
-}
-
-// Write env file
+// Read package.json for app metadata
 const _filename = fileURLToPath(import.meta.url)
 const __dirname = path.dirname(_filename)
+const packageJson = JSON.parse(readFileSync(path.resolve(__dirname, 'package.json'), 'utf8'))
+
+// Create encryption key from app metadata
+const keyMaterial = `${packageJson.version}-deskthing-secrets`
+const encryptionKey = crypto.scryptSync(keyMaterial, 'dt-salt-v1', 32)
+
+function encryptSecret(secret) {
+  if (!secret) return ''
+
+  const iv = crypto.randomBytes(16)
+  const cipher = crypto.createCipheriv('aes-256-cbc', encryptionKey, iv)
+
+  let encrypted = cipher.update(secret, 'utf8', 'hex')
+  encrypted += cipher.final('hex')
+
+  return iv.toString('hex') + ':' + encrypted
+}
+
+const buildConfig = {
+  // Encrypted secrets from GitHub Actions
+  secrets: {
+    DISCORD_WEBHOOK_URL: encryptSecret(process.env.DISCORD_WEBHOOK_URL),
+    BUYMEACOFFEE_TOKEN: encryptSecret(process.env.BUYMEACOFFEE_TOKEN)
+  },
+
+  meta: {
+    hasSecrets: Boolean(process.env.DISCORD_WEBHOOK_URL || process.env.BUYMEACOFFEE_TOKEN)
+  }
+}
+
 const configPath = path.resolve(__dirname, 'src/main/config.json')
+writeFileSync(configPath, JSON.stringify(buildConfig, null, 2))
 
-writeFileSync(configPath, JSON.stringify(appConfig, null, 2))
-console.log(`Config file written to ${configPath}`)
+console.log(`✅ Build config written to ${configPath}`)
+console.log(`📦 Secrets included: ${buildConfig.meta.hasSecrets}`)

DeskThingServer/src/main/index.ts

@@ -24,6 +24,7 @@ import { initializationCheck } from './services/initialize'
 
 // Initialize environment variables
 import './utils/environment'
+import { loadConfig } from './utils/envBuilder'
 
 // Ensure single instance
 if (!setupSingleInstance()) {
@@ -39,6 +40,9 @@ if (!setupSingleInstance()) {
       // Clears any old installs
       await initializationCheck()
 
+      // build the environment variables
+      loadConfig()
+
       // Initialize app lifecycle (which will handle the rest of the startup)
       await initializeAppLifecycle()
     })

DeskThingServer/src/main/services/feedbackService.ts

@@ -3,24 +3,7 @@ import { storeProvider } from '@server/stores/storeProvider'
 import { handleError } from '@server/utils/errorHandler'
 import logger from '@server/utils/logger'
 import { DiscordWebhookData, FeedbackReport, FeedbackResult, FeedbackType, SystemInfo } from '@shared/types'
-import { readFileSync } from 'fs'
 import os from 'os'
-import { join } from 'path'
-
-let appConfig: { discordWebhookUrl: string }
-try {
-  // In development
-  if (process.env.NODE_ENV === 'development') {
-    appConfig = { discordWebhookUrl: process.env.DISCORD_WEBHOOK_URL || '' }
-  } else {
-    // In production - read from bundled config
-    const configPath = join(process.resourcesPath, 'config.json')
-    appConfig = JSON.parse(readFileSync(configPath, 'utf8'))
-  }
-} catch (error) {
-  logger.error('Failed to load config:', { source: 'feedbackService', error: error as Error })
-  appConfig = { discordWebhookUrl: '' }
-}
 
 export class FeedbackService {
   private static readonly SUBMISSION_ID = Math.floor(Math.random() * 900) + 100
@@ -29,7 +12,7 @@ export class FeedbackService {
    * This will be updated later for an actual webhook edge server smth smth fancy instead of directly to the discord channel
    * If you could be a real one and not abuse this, that would be awesome. Thanks!
    */
-  private static readonly WEBHOOK_URL = appConfig.discordWebhookUrl || 'fallback-webhook-url'
+  private static readonly WEBHOOK_URL = process.env.DISCORD_WEBHOOK_URL || 'fallback-webhook-url'
 
   private static readonly TYPE_COLORS: Record<FeedbackType, number> = {
     bug: 0xff0000,

DeskThingServer/src/main/stores/platforms/superbird/adbPlatform.ts

@@ -45,7 +45,6 @@ export class ADBPlatform extends EventEmitter<PlatformEvents> implements Platfor
     connectionState: ConnectionState.Established
   }
 
-
   constructor() {
     super()
     this.adbService = new ADBService()

DeskThingServer/src/main/stores/supporterStore.ts

@@ -1,7 +1,5 @@
 import { CacheableStore } from '@shared/types'
 import logger from '@server/utils/logger'
-import { readFileSync } from 'fs'
-import { join } from 'path'
 import {
   Supporter,
   SupporterAPIResponse,
@@ -19,26 +17,12 @@ type SupporterCachePage = {
 
 type SupporterCache = Record<number, SupporterCachePage>
 
-let appConfig: { buyMeACoffeeToken: string }
-
-try {
-  if (process.env.NODE_ENV === 'development') {
-    appConfig = { buyMeACoffeeToken: process.env.BUYMEACOFFE_TOKEN || '' }
-  } else {
-    const configPath = join(process.resourcesPath, 'config.json')
-    appConfig = JSON.parse(readFileSync(configPath, 'utf8'))
-  }
-} catch (error) {
-  logger.error('Failed to load config:', { source: 'supporterStore', error: error as Error })
-  appConfig = { buyMeACoffeeToken: '' }
-}
-
 export class SupporterStore implements SupporterStoreClass, CacheableStore {
   private cache: SupporterCache | null = null
-  private readonly CACHE_DURATION = 2 * 60 * 60 * 1000 // 2 hours
+  private readonly CACHE_DURATION = 1 * 60 * 60 * 1000 // 1 hour
   private readonly API_URL = 'https://developers.buymeacoffee.com/api/v1/supporters'
   private readonly MEMBERS_API_URL = 'https://developers.buymeacoffee.com/api/v1/subscriptions'
-  private readonly TOKEN = appConfig.buyMeACoffeeToken
+  private readonly TOKEN = process.env.BUYMEACOFFEE_TOKEN
 
   private _initialized: boolean = false
   public get initialized(): boolean {
@@ -68,7 +52,7 @@ export class SupporterStore implements SupporterStoreClass, CacheableStore {
       })
 
       if (!response.ok) {
-        throw new Error(`Failed to fetch supporters: ${response.statusText}`)
+        throw new Error(`Failed to fetch supporters: ${response.status} - ${response.statusText}`)
       }
 
       const data = (await response.json()) as SupporterAPIResponse
@@ -97,7 +81,10 @@ export class SupporterStore implements SupporterStoreClass, CacheableStore {
       })
 
       if (!response.ok) {
-        throw new Error(`Failed to fetch members: ${response.statusText}`)
+        logger.debug(
+          `Failed to fetch members. Token Exists: ${!!this.TOKEN}. Api Url Exists: ${this.MEMBERS_API_URL}`
+        )
+        throw new Error(`Failed to fetch members: ${response.statusText} (${response.status})`)
       }
 
       const data = (await response.json()) as MemberAPIResponse

DeskThingServer/src/main/utils/envBuilder.ts

@@ -0,0 +1,98 @@
+import { app } from 'electron/main'
+import crypto from 'crypto'
+import { join } from 'path'
+import { existsSync, readFileSync } from 'fs'
+import { config } from 'dotenv'
+
+config()
+
+type Secrets = Record<string, string>
+
+interface AppConfig {
+  secrets: Secrets
+  meta?: {
+    hasSecrets?: boolean
+  }
+}
+
+let configuration: AppConfig | null = null
+let decryptedSecrets: Secrets = {}
+
+function createDecryptionKey(): Buffer {
+  // Must match the salt and keyMaterial from electron-builder.env.js
+  const keyMaterial = `${app.getVersion()}-deskthing-secrets`
+  return crypto.scryptSync(keyMaterial, 'dt-salt-v1', 32)
+}
+
+function decrypt(encryptedData: string): string {
+  if (!encryptedData) return ''
+  try {
+    const key = createDecryptionKey()
+    const [ivHex, encrypted] = encryptedData.split(':')
+    const iv = Buffer.from(ivHex, 'hex')
+    const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv)
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8')
+    decrypted += decipher.final('utf8')
+    return decrypted
+  } catch (error) {
+    console.error('Failed to decrypt secret:', error)
+    return ''
+  }
+}
+
+function addSecretsToEnv(): void {
+  if (!configuration || !configuration.secrets) return
+
+  if (!decryptedSecrets) {
+    decryptSecrets()
+  }
+
+  for (const [key, value] of Object.entries(decryptedSecrets)) {
+    process.env[key] = value
+  }
+}
+
+function loadConfig(): void {
+  try {
+    const configPath = join(process.resourcesPath, 'config.json')
+    if (existsSync(configPath)) {
+      const configData = readFileSync(configPath, 'utf8')
+      configuration = JSON.parse(configData) as AppConfig
+      decryptSecrets()
+      addSecretsToEnv()
+    } else {
+      console.warn('No config file found, using empty secrets')
+      configuration = { secrets: {} }
+      decryptedSecrets = {}
+    }
+  } catch (error) {
+    console.error('Failed to load config:', error)
+    configuration = { secrets: {} }
+    decryptedSecrets = {}
+  }
+}
+
+function decryptSecrets(): void {
+  if (!configuration) return
+  decryptedSecrets = {}
+  for (const [key, value] of Object.entries(configuration.secrets)) {
+    decryptedSecrets[key] = decrypt(value)
+  }
+}
+
+function getSecret(key: string): string {
+  return decryptedSecrets[key] || ''
+}
+
+function hasSecret(key: string): boolean {
+  return Boolean(decryptedSecrets[key])
+}
+
+function getConfig(): AppConfig | null {
+  return configuration
+}
+
+// Immediately load config on import
+loadConfig()
+
+export { getSecret, hasSecret, getConfig, loadConfig }

…enderer/public/images/authors/riprod.gif …rer/src/assets/images/authors/riprod.gifDeskThingServer/src/renderer/public/images/authors/riprod.gif renamed to DeskThingServer/src/renderer/src/assets/images/authors/riprod.gif DeskThingServer/src/renderer/public/images/authors/riprod.gif renamed to DeskThingServer/src/renderer/src/assets/images/authors/riprod.gif

@@ -3,6 +3,9 @@ import Button from '@renderer/components/Button'
 import { Member, Supporter } from '@shared/types/supporter'
 import User from '@renderer/components/supporter/User'
 
+import riprodAvatar from '@renderer/assets/images/authors/riprod.gif'
+import thebigloudAvatar from '@renderer/assets/images/authors/thebigloud.webp'
+
 const AboutSettings: React.FC = () => {
   const [supporters, setSupporters] = useState<{ monthly: Member[]; onetime: Supporter[] }>({
     monthly: [],
@@ -48,15 +51,11 @@ const AboutSettings: React.FC = () => {
         <div>
           <h1 className="text-lg">Development Team</h1>
           <User
-            avatar="/images/authors/riprod.gif"
+            avatar={riprodAvatar}
             name="Riprod"
             contribution="Lead Developer & Project Maintainer"
           />
-          <User
-            avatar="/images/authors/thebigloud.webp"
-            name="TheBigLoud"
-            contribution="UI Designer"
-          />
+          <User avatar={thebigloudAvatar} name="TheBigLoud" contribution="UI Designer" />
         </div>
 
         <div className="flex md:flex-row flex-col gap-4">