fix: persistent server keys between updates - fixes #476 (#481)

* fix: persistent server keys between updates - fixes #476

* fix: env vars for ci

.env.sample

@@ -7,7 +7,6 @@ DB_PORT=3306
 DB_USERNAME=std_notes_user
 DB_PASSWORD=changeme123
 DB_DATABASE=standard_notes_db
-DB_DEBUG_LEVEL=all
 
 #########
 # CACHE #
@@ -15,3 +14,11 @@ DB_DEBUG_LEVEL=all
 
 REDIS_PORT=6379
 REDIS_HOST=cache
+
+########
+# KEYS #
+########
+
+AUTH_JWT_SECRET=
+AUTH_SERVER_ENCRYPTION_SERVER_KEY=
+VALET_TOKEN_SECRET=

.github/ci.env

@@ -3,6 +3,7 @@ DB_HOST=db
 DB_USERNAME=std_notes_user
 DB_PASSWORD=changeme123
 DB_DATABASE=standard_notes_db
+DB_PORT=3306
 REDIS_PORT=6379
 REDIS_HOST=cache
 AUTH_SERVER_ACCESS_TOKEN_AGE=4
@@ -19,3 +20,7 @@ MYSQL_DATABASE=standard_notes_db
 MYSQL_USER=std_notes_user
 MYSQL_PASSWORD=changeme123
 MYSQL_ROOT_PASSWORD=changeme123
+
+AUTH_JWT_SECRET=f95259c5e441f5a4646d76422cfb3df4c4488842901aa50b6c51b8be2e0040e9
+AUTH_SERVER_ENCRYPTION_SERVER_KEY=1087415dfde3093797f9a7ca93a49e7d7aa1861735eb0d32aae9c303b8c3d060
+VALET_TOKEN_SECRET=4b886819ebe1e908077c6cae96311b48a8416bd60cc91c03060e15bdf6b30d1f

docker/docker-entrypoint.sh

@@ -27,19 +27,24 @@ fi
 ######
 
 if [ -z "$DB_HOST" ]; then
-  export DB_HOST="db"
+  echo "DB_HOST is not set. Please set it in your .env file."
+  exit 1
 fi
 if [ -z "$DB_PORT" ]; then
-  export DB_PORT="3306"
+  echo "DB_PORT is not set. Please set it in your .env file."
+  exit 1
 fi
 if [ -z "$DB_USERNAME" ]; then
-  export DB_USERNAME="std_notes_user"
+  echo "DB_USERNAME is not set. Please set it in your .env file."
+  exit 1
 fi
 if [ -z "$DB_PASSWORD" ]; then
-  export DB_PASSWORD=$(openssl rand -hex 32)
+  echo "DB_PASSWORD is not set. Please set it in your .env file."
+  exit 1
 fi
 if [ -z "$DB_DATABASE" ]; then
-  export DB_DATABASE="standard_notes_db"
+  echo "DB_DATABASE is not set. Please set it in your .env file."
+  exit 1
 fi
 if [ -z "$DB_DEBUG_LEVEL" ]; then
   export DB_DEBUG_LEVEL="all"
@@ -51,11 +56,13 @@ export DB_MIGRATIONS_PATH="dist/migrations/*.js"
 #########
 
 if [ -z "$REDIS_PORT" ]; then
-  export REDIS_PORT=6379
+  echo "REDIS_PORT is not set. Please set it in your .env file."
+  exit 1
 fi
 
 if [ -z "$REDIS_HOST" ]; then
-  export REDIS_HOST="cache"
+  echo "REDIS_HOST is not set. Please set it in your .env file."
+  exit 1
 fi
 
 if [ -z "$REDIS_URL" ]; then
@@ -67,11 +74,13 @@ fi
 ##########
 
 if [ -z "$AUTH_JWT_SECRET" ]; then
-  export AUTH_JWT_SECRET=$(openssl rand -hex 32)
+  echo "AUTH_JWT_SECRET is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string."
+  exit 1
 fi
 
 if [ -z "$VALET_TOKEN_SECRET" ]; then
-  export VALET_TOKEN_SECRET=$(openssl rand -base64 32)
+  echo "VALET_TOKEN_SECRET is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string."
+  exit 1
 fi
 
 ########
@@ -122,7 +131,8 @@ if [ -z "$AUTH_SERVER_EPHEMERAL_SESSION_AGE" ]; then
 fi
 
 if [ -z "$AUTH_SERVER_ENCRYPTION_SERVER_KEY" ]; then
-  export AUTH_SERVER_ENCRYPTION_SERVER_KEY=$(openssl rand -hex 32)
+  echo "AUTH_SERVER_ENCRYPTION_SERVER_KEY is not set. Please set it in your .env file. You can run 'openssl rand -hex 32' to generate a random string."
+  exit 1
 fi
 
 export AUTH_SERVER_SYNCING_SERVER_URL=http://localhost:$SYNCING_SERVER_PORT