Move secrets to env (#53)

Author: mmvpm

bot/src/main/scala/com/github/mmvpm/bot/Main.scala

@@ -8,8 +8,8 @@ import com.github.mmvpm.bot.manager.ofs.{OfsManager, OfsManagerImpl}
 import com.github.mmvpm.bot.model.MessageID
 import com.github.mmvpm.bot.render.{Renderer, RendererImpl}
 import com.github.mmvpm.bot.state.{State, StateManager, StateManagerImpl, StorageImpl}
-import com.github.mmvpm.bot.util.ResourceUtils
 import com.github.mmvpm.model.Session
+import com.github.mmvpm.secret.{SecretService, SecretServiceImpl}
 import com.github.mmvpm.util.ConfigUtils.configByStage
 import org.asynchttpclient.Dsl.asyncHttpClient
 import pureconfig.ConfigSource
@@ -22,7 +22,9 @@ object Main extends IOApp {
     for {
       random <- Random.scalaUtilRandom[IO]
 
-      token = ResourceUtils.readTelegramToken()
+      secrets: SecretService[IO] = new SecretServiceImpl[IO]
+      token <- secrets.telegramToken.map(_.get)
+
       config = ConfigSource.resources(configByStage(args)).loadOrThrow[Config]
 
       sttpBackend = AsyncHttpClientCatsBackend.usingClient[IO](asyncHttpClient)

bot/src/main/scala/com/github/mmvpm/bot/util/ResourceUtils.scala

@@ -0,0 +1,7 @@
+package com.github.mmvpm.secret
+
+trait SecretService[F[_]] {
+  def telegramToken: F[Option[String]]
+  def redisPassword: F[Option[String]]
+  def postgresPassword: F[Option[String]]
+}

common/src/main/scala/com/github/mmvpm/secret/SecretService.scala

@@ -0,0 +1,22 @@
+package com.github.mmvpm.secret
+
+import cats.effect.std.Env
+import com.github.mmvpm.secret.SecretServiceImpl._
+
+class SecretServiceImpl[F[_]: Env] extends SecretService[F] {
+
+  def telegramToken: F[Option[String]] =
+    Env[F].get(TelegramToken)
+
+  def redisPassword: F[Option[String]] =
+    Env[F].get(RedisPassword)
+
+  def postgresPassword: F[Option[String]] =
+    Env[F].get(PostgresPassword)
+}
+
+object SecretServiceImpl {
+  private val TelegramToken = "TELEGRAM_TOKEN"
+  private val RedisPassword = "REDIS_PASSWORD"
+  private val PostgresPassword = "POSTGRES_PASSWORD"
+}

common/src/main/scala/com/github/mmvpm/secret/SecretServiceImpl.scala

@@ -1,7 +1,6 @@
 redis {
     host = "c-c9qhoa8bt19q7df1o5qi.rw.mdb.yandexcloud.net"
     port = 6379
-    password = "redis111"
 }
 
 ofs {

parsing/src/main/resources/application.conf

@@ -14,6 +14,7 @@ import com.github.mmvpm.parsing.producer.catalog.{CatalogConverter, CatalogConve
 import com.github.mmvpm.parsing.producer.query.{QueryGenerator, QueryGeneratorFromSeq}
 import com.github.mmvpm.parsing.producer.{PageProducer, PageProducerImpl}
 import com.github.mmvpm.parsing.util.ResourcesUtils.unsafeReadLines
+import com.github.mmvpm.secret.{SecretService, SecretServiceImpl}
 import com.github.mmvpm.util.ConfigUtils.configByStage
 import com.github.mmvpm.util.Logging
 import net.ruippeixotog.scalascraper.browser._
@@ -33,7 +34,10 @@ object Main extends IOApp with Logging {
     for {
       random <- Random.scalaUtilRandom[IO]
       browser = JsoupBrowser()
-      redisFactory = new RedisClientFactory(config.redis)
+
+      secrets: SecretService[IO] = new SecretServiceImpl[IO]
+      redisPassword <- secrets.redisPassword
+      redisFactory = new RedisClientFactory(config.redis.copy(password = redisPassword))
 
       // separate redis client for each dao
       pageVisitedDao: PageVisitedDao[IO] = new PageVisitedDaoRedis[IO](redisFactory)

parsing/src/main/scala/com/github/mmvpm/parsing/Main.scala

@@ -6,7 +6,6 @@ server {
 postgresql {
     url = "jdbc:postgresql://rc1b-1zlmvzg3tj866pea.mdb.yandexcloud.net:6432/postgres1?targetServerType=master&ssl=true&sslmode=verify-full"
     user = "postgres1"
-    password = "postgres1"
     pool-size = 2
 }
 
@@ -15,5 +14,4 @@ session.expiration = 3 hours
 redis {
     host = "c-c9qhoa8bt19q7df1o5qi.rw.mdb.yandexcloud.net"
     port = 6379
-    password = "redis111"
 }

service/src/main/resources/application.conf

@@ -4,7 +4,9 @@ import cats.data.EitherT
 import cats.effect.std.Random
 import cats.effect.{ExitCode, IO, IOApp}
 import com.comcast.ip4s.{Host, Port}
+import com.github.mmvpm.secret.{SecretService, SecretServiceImpl}
 import com.github.mmvpm.service.api.{AuthHandler, OfferHandler, UserHandler}
+import com.github.mmvpm.service.config.{Config, ConfigLoader}
 import com.github.mmvpm.service.dao.offer.{OfferDao, OfferDaoPostgresql}
 import com.github.mmvpm.service.dao.session.{SessionDao, SessionDaoRedis}
 import com.github.mmvpm.service.dao.user.{UserDao, UserDaoPostgresql}
@@ -19,24 +21,27 @@ import doobie.Transactor
 import org.http4s.HttpRoutes
 import org.http4s.ember.server.EmberServerBuilder
 import org.http4s.server.Router
-import pureconfig.ConfigSource
-import pureconfig.generic.auto._
 import sttp.tapir.server.ServerEndpoint
 import sttp.tapir.server.http4s.Http4sServerInterpreter
 import sttp.tapir.swagger.bundle.SwaggerInterpreter
 
 object Main extends IOApp {
 
   override def run(args: List[String]): IO[ExitCode] = {
-    val config = ConfigSource.resources(configByStage(args)).loadOrThrow[Config]
-    makeTransactor[IO](config.postgresql).use(runServer(config)(_))
+    val secrets = new SecretServiceImpl[IO]
+    val configLoader = ConfigLoader.impl[IO](secrets)
+    for {
+      config <- configLoader.load(configByStage(args))
+      exitCode <- makeTransactor[IO](config.postgresql).use(runServer(config, secrets)(_))
+    } yield exitCode
   }
 
-  private def runServer(config: Config)(implicit xa: Transactor[IO]): IO[ExitCode] =
+  private def runServer(config: Config, secrets: SecretService[IO])(implicit xa: Transactor[IO]): IO[ExitCode] =
     for {
       random <- Random.scalaUtilRandom[IO]
 
-      redis = new RedisClient(config.redis.host, config.redis.port, secret = config.redis.password)
+      redisPassword <- secrets.redisPassword
+      redis = new RedisClient(config.redis.host, config.redis.port, secret = redisPassword)
 
       offerDao: OfferDao[IO] = new OfferDaoPostgresql[IO]
       sessionDao: SessionDao[IO] = new SessionDaoRedis[IO](redis, config.session.expiration.toSeconds)

service/src/main/scala/com/github/mmvpm/service/Main.scala

@@ -1,12 +1,12 @@
-package com.github.mmvpm.service
+package com.github.mmvpm.service.config
 
 import scala.concurrent.duration.FiniteDuration
 
 case class Config(server: ServerConfig, session: SessionConfig, postgresql: PostgresqlConfig, redis: RedisConfig)
 
 case class ServerConfig(host: String, port: Int)
 
-case class PostgresqlConfig(url: String, user: String, password: String, poolSize: Int)
+case class PostgresqlConfig(url: String, user: String, password: Option[String], poolSize: Int)
 
 case class SessionConfig(expiration: FiniteDuration)
 

service/src/main/scala/com/github/mmvpm/service/Config.scala renamed to service/src/main/scala/com/github/mmvpm/service/config/Config.scala

@@ -0,0 +1,41 @@
+package com.github.mmvpm.service.config
+
+import cats.Monad
+import cats.effect.std.Env
+import com.github.mmvpm.secret.SecretService
+import pureconfig.ConfigSource
+import pureconfig.generic.auto._
+import cats.implicits._
+
+trait ConfigLoader[F[_]] {
+  def load(filename: String): F[Config]
+}
+
+object ConfigLoader {
+
+  def impl[F[_]: Monad: Env](secrets: SecretService[F]): ConfigLoader[F] =
+    new Impl[F](secrets)
+
+  private final class Impl[F[_]: Monad: Env](secrets: SecretService[F]) extends ConfigLoader[F] {
+
+    def load(filename: String): F[Config] =
+      enrichWithSecrets(ConfigSource.resources(filename).loadOrThrow[Config])
+
+    private def enrichWithSecrets(config: Config): F[Config] =
+      for {
+        redisSecret <- secrets.redisPassword
+        redisPassword = redisSecret.orElse(config.redis.password)
+
+        postgresSecret <- secrets.postgresPassword
+        postgresPassword = postgresSecret.orElse(config.postgresql.password)
+
+        redisEnriched = config.redis.copy(password = redisPassword)
+        postgresqlEnriched = config.postgresql.copy(password = postgresPassword)
+
+        enriched = config.copy(
+          redis = redisEnriched,
+          postgresql = postgresqlEnriched
+        )
+      } yield enriched
+  }
+}

service/src/main/scala/com/github/mmvpm/service/config/ConfigLoader.scala

@@ -2,7 +2,7 @@ package com.github.mmvpm.service.dao.util
 
 import cats.effect.Sync
 import cats.syntax.functor._
-import com.github.mmvpm.service.PostgresqlConfig
+import com.github.mmvpm.service.config.PostgresqlConfig
 import org.flywaydb.core.Flyway
 
 object FlywayMigration {
@@ -22,6 +22,6 @@ object FlywayMigration {
       .configure()
       .locations(MigrationDirectory)
       .cleanDisabled(false)
-      .dataSource(config.url, config.user, config.password)
+      .dataSource(config.url, config.user, config.password.get)
       .load()
 }

service/src/main/scala/com/github/mmvpm/service/dao/util/FlywayMigration.scala

@@ -2,24 +2,24 @@ package com.github.mmvpm.service.dao.util
 
 import cats.effect.{Async, Resource}
 import cats.implicits.catsSyntaxOptionId
-import com.github.mmvpm.service.PostgresqlConfig
+import com.github.mmvpm.service.config.PostgresqlConfig
 import doobie.hikari.{Config, HikariTransactor}
 import doobie.util.ExecutionContexts
 
 object Postgresql {
 
-  def makeTransactor[F[_]: Async](conf: PostgresqlConfig): Resource[F, HikariTransactor[F]] = {
+  def makeTransactor[F[_]: Async](config: PostgresqlConfig): Resource[F, HikariTransactor[F]] = {
 
     val hikariConfig = Config(
-      jdbcUrl = conf.url.some,
-      username = conf.user.some,
-      password = conf.password.some,
-      maximumPoolSize = conf.poolSize.some,
+      jdbcUrl = config.url.some,
+      username = config.user.some,
+      password = config.password,
+      maximumPoolSize = config.poolSize.some,
       driverClassName = "org.postgresql.Driver".some
     )
 
     for {
-      ce <- ExecutionContexts.fixedThreadPool[F](conf.poolSize)
+      ce <- ExecutionContexts.fixedThreadPool[F](config.poolSize)
       xa <- HikariTransactor.fromConfig[F](hikariConfig, ce)
     } yield xa
   }

service/src/main/scala/com/github/mmvpm/service/dao/util/Postgresql.scala

@@ -2,7 +2,7 @@ package com.github.mmvpm.service.util
 
 import cats.effect.Sync
 import cats.syntax.functor._
-import com.github.mmvpm.service.PostgresqlConfig
+import com.github.mmvpm.service.config.PostgresqlConfig
 import org.flywaydb.core.Flyway
 
 object FlywayMigration {
@@ -22,6 +22,6 @@ object FlywayMigration {
       .configure()
       .locations(MigrationDirectory)
       .cleanDisabled(false)
-      .dataSource(config.url, config.user, config.password)
+      .dataSource(config.url, config.user, config.password.get)
       .load()
 }

service/src/main/scala/com/github/mmvpm/service/util/FlywayMigration.scala

@@ -2,7 +2,7 @@ package com.github.mmvpm.service.util
 
 import cats.effect.{Async, Resource}
 import cats.implicits.catsSyntaxOptionId
-import com.github.mmvpm.service.PostgresqlConfig
+import com.github.mmvpm.service.config.PostgresqlConfig
 import doobie.hikari.{Config, HikariTransactor}
 import doobie.util.ExecutionContexts
 
@@ -13,7 +13,7 @@ object Postgresql {
     val hikariConfig = Config(
       jdbcUrl = conf.url.some,
       username = conf.user.some,
-      password = conf.password.some,
+      password = conf.password,
       maximumPoolSize = conf.poolSize.some,
       driverClassName = "org.postgresql.Driver".some
     )