ci: generate auth secret in production (#1681)

* ci: generate auth secret in production * refactor: remove no longer needed auth-secret from e2e test * fix: remove static auth secret
2024-12-17 19:10:19 +01:00
parent c050ec4fe9
commit 15d47d0585
6 changed files with 19 additions and 10 deletions
--- a/2
+++ b/2
@@ -67,7 +67,7 @@ COPY --from=builder --chown=nextjs:nodejs /app/apps/nextjs/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/apps/nextjs/.next/static ./apps/nextjs/.next/static
 COPY --from=builder --chown=nextjs:nodejs /app/apps/nextjs/public ./apps/nextjs/public
 COPY --chown=nextjs:nodejs scripts/run.sh ./run.sh
-COPY --chown=nextjs:nodejs scripts/generateEncryptionKey.js ./generateEncryptionKey.js
+COPY --chown=nextjs:nodejs scripts/generateRandomSecureKey.js ./generateRandomSecureKey.js
 COPY --chown=nextjs:nodejs packages/redis/redis.conf /app/redis.conf
 COPY --chown=nextjs:nodejs nginx.conf /etc/nginx/templates/nginx.conf
--- a/development/docker-run.cmd
+++ b/development/docker-run.cmd
@@ -1 +1 @@
-docker run -p 7575:7575 -e AUTH_SECRET='secrets' homarr:latest
+docker run -p 7575:7575 homarr:latest
--- a/e2e/shared/create-homarr-container.ts
+++ b/e2e/shared/create-homarr-container.ts
@@ -6,9 +6,6 @@ export const createHomarrContainer = () => {
  }
  return new GenericContainer("homarr-e2e")
    .withEnvironment({
      AUTH_SECRET: "secret",
    })
    .withExposedPorts(7575)
    .withWaitStrategy(Wait.forHttp("/api/health/ready", 7575));
 };
--- a/packages/auth/configuration.ts
+++ b/packages/auth/configuration.ts
@@ -89,7 +89,6 @@ export const createConfiguration = (
      signIn: createSignInEventHandler(db),
    },
    redirectProxyUrl: createRedirectUri(headers, "/api/auth"),
    secret: "secret-is-not-defined-yet", // TODO: This should be added later
    session: {
      strategy: "database",
      maxAge: env.AUTH_SESSION_EXPIRY_TIME,
--- a/scripts/generateRandomSecureKey.js
+++ b/scripts/generateRandomSecureKey.js
@@ -1,6 +1,6 @@
-// This script generates a random encryption key
+// This script generates a random secure key with a length of 64 characters
-// This key is used to encrypt and decrypt the integration secrets
+// This key is used to encrypt and decrypt the integration secrets for auth.js
-// In production it is generated in run.sh and stored in the environment variable ENCRYPTION_KEY
+// In production it is generated in run.sh and stored in the environment variables ENCRYPTION_KEY / AUTH_SECRET
 // during runtime, it's also stored in a file.
 const crypto = require("crypto");
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -18,11 +18,24 @@ if [ -r /secrets/encryptionKey ]; then
    encryptionKey=$(cat /secrets/encryptionKey)
 else
    echo "Generating encryption key"
-    encryptionKey=$(node ./generateEncryptionKey.js)
+    encryptionKey=$(node ./generateRandomSecureKey.js)
    echo $encryptionKey > /secrets/encryptionKey
 fi
 export ENCRYPTION_KEY=$encryptionKey
 # Generates an auth secret if it doesn't exist and saves it to /secrets/authSecret
 # Also sets the AUTH_SECRET environment variable required for auth.js
 authSecret=""
 if [ -r /secrets/authSecret ]; then
    echo "Auth secret already exists"
    authSecret=$(cat /secrets/authSecret)
 else
    echo "Generating auth secret"
    authSecret=$(node ./generateRandomSecureKey.js)
    echo $authSecret > /secrets/authSecret
 fi
 export AUTH_SECRET=$authSecret
 # Start nginx proxy
 # 1. Replace the HOSTNAME in the nginx template file
 # 2. Create the nginx configuration file from the template
		`@@ -1 +1 @@`
			`docker run -p 7575:7575 -e AUTH_SECRET='secrets' homarr:latest`				`docker run -p 7575:7575 homarr:latest`