Refactor server config: single --config flag replaces --secrets/--mail-perms
- New server/config.mjs loads config.json, resolves secrets path relative to config dir, returns users/smtp/mail_perms_path/bind/port - server/secrets.mjs removed (logic absorbed into config.mjs) - smtp moves from secrets.json to config.json - secrets.json now contains only users (pure credentials) - config.example.json added as reference template - .gitignore/.npmignore updated to cover config.json and mail-perms.json - README updated with new setup and flags Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
56
server/config.mjs
Normal file
56
server/config.mjs
Normal file
@@ -0,0 +1,56 @@
|
||||
import { readFileSync } from 'fs';
|
||||
import { resolve } from 'path';
|
||||
|
||||
export function load_config(file_path) {
|
||||
if (!file_path) {
|
||||
throw new Error('--config <path> is required');
|
||||
}
|
||||
let raw;
|
||||
try {
|
||||
raw = readFileSync(file_path, 'utf8');
|
||||
} catch (err) {
|
||||
throw new Error(`Cannot read config file at ${file_path}: ${err.message}`);
|
||||
}
|
||||
let parsed;
|
||||
try {
|
||||
parsed = JSON.parse(raw);
|
||||
} catch (err) {
|
||||
throw new Error(`Config file is not valid JSON: ${err.message}`);
|
||||
}
|
||||
|
||||
if (!parsed.secrets) {
|
||||
throw new Error("Config file must have a 'secrets' field pointing to the secrets file");
|
||||
}
|
||||
|
||||
// Resolve secrets path relative to the config file's directory
|
||||
const config_dir = resolve(file_path, '..');
|
||||
const secrets_path = resolve(config_dir, parsed.secrets);
|
||||
|
||||
let secrets_raw;
|
||||
try {
|
||||
secrets_raw = readFileSync(secrets_path, 'utf8');
|
||||
} catch (err) {
|
||||
throw new Error(`Cannot read secrets file at ${secrets_path}: ${err.message}`);
|
||||
}
|
||||
let secrets;
|
||||
try {
|
||||
secrets = JSON.parse(secrets_raw);
|
||||
} catch (err) {
|
||||
throw new Error(`Secrets file is not valid JSON: ${err.message}`);
|
||||
}
|
||||
if (!secrets.users || typeof secrets.users !== 'object') {
|
||||
throw new Error("Secrets file must have a top-level 'users' object");
|
||||
}
|
||||
|
||||
const mail_perms_path = parsed.mail_perms
|
||||
? resolve(config_dir, parsed.mail_perms)
|
||||
: null;
|
||||
|
||||
return {
|
||||
users: secrets.users,
|
||||
smtp: parsed.smtp ?? null,
|
||||
mail_perms_path,
|
||||
bind: parsed.bind ?? null,
|
||||
port: parsed.port ?? null,
|
||||
};
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
import express from 'express';
|
||||
import { actions } from './actions.mjs';
|
||||
import { enqueue, get_entry, list_pending, resolve } from './queue.mjs';
|
||||
import { load_secrets } from './secrets.mjs';
|
||||
import { load_config } from './config.mjs';
|
||||
import { create_auth_middleware, check_can_approve } from './auth.mjs';
|
||||
import { create_mailer } from './mailer.mjs';
|
||||
import { exec as real_exec } from './helpers.mjs';
|
||||
@@ -16,22 +16,22 @@ function ts() {
|
||||
return new Date().toLocaleTimeString();
|
||||
}
|
||||
|
||||
const PORT = process.env.CONDUIT_PORT || 3015;
|
||||
const BIND = get_arg(process.argv, '--bind') || process.env.CONDUIT_BIND || '127.0.0.1';
|
||||
const VERBOSE = process.argv.includes('--verbose');
|
||||
const DRY_RUN = process.argv.includes('--dry-run');
|
||||
|
||||
const secrets_path = get_arg(process.argv, '--secrets');
|
||||
const mail_perms_path = get_arg(process.argv, '--mail-perms') || process.env.CONDUIT_MAIL_PERMS || null;
|
||||
const config_path = get_arg(process.argv, '--config') || process.env.CONDUIT_CONFIG;
|
||||
|
||||
let secrets;
|
||||
let cfg;
|
||||
try {
|
||||
secrets = load_secrets(secrets_path);
|
||||
cfg = load_config(config_path);
|
||||
} catch (err) {
|
||||
console.error(`Fatal: ${err.message}`);
|
||||
process.exit(1);
|
||||
}
|
||||
const { users, smtp } = secrets;
|
||||
|
||||
const { users, smtp, mail_perms_path } = cfg;
|
||||
const PORT = process.env.CONDUIT_PORT || cfg.port || 3015;
|
||||
const BIND = process.env.CONDUIT_BIND || cfg.bind || '127.0.0.1';
|
||||
|
||||
let mail_perm_store;
|
||||
try {
|
||||
@@ -42,7 +42,7 @@ try {
|
||||
}
|
||||
|
||||
if (!mail_perms_path) {
|
||||
console.warn('Warning: --mail-perms not set; mail permissions will not persist across restarts');
|
||||
console.warn('Warning: mail_perms not set in config; mail permissions will not persist across restarts');
|
||||
}
|
||||
|
||||
const real_mailer_send = create_mailer(smtp);
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
import { readFileSync } from "fs";
|
||||
|
||||
export function load_secrets(file_path) {
|
||||
if (!file_path) {
|
||||
throw new Error("--secrets <path> is required");
|
||||
}
|
||||
let raw;
|
||||
try {
|
||||
raw = readFileSync(file_path, "utf8");
|
||||
} catch (err) {
|
||||
throw new Error(`Cannot read secrets file at ${file_path}: ${err.message}`);
|
||||
}
|
||||
let parsed;
|
||||
try {
|
||||
parsed = JSON.parse(raw);
|
||||
} catch (err) {
|
||||
throw new Error(`Secrets file is not valid JSON: ${err.message}`);
|
||||
}
|
||||
if (!parsed.users || typeof parsed.users !== 'object') {
|
||||
throw new Error("Secrets file must have a top-level 'users' object");
|
||||
}
|
||||
return parsed; // callers destructure { users, smtp }
|
||||
}
|
||||
Reference in New Issue
Block a user