PEER-255 Impl .env security fixes

SeeuSim · SeeuSim · commit 6903333756ee · 2024-10-04T15:19:40.000+08:00
Signed-off-by: SeeuSim &lt;seeusimong@gmail.com&gt;
diff --git a/backend/user/.dockerignore b/backend/user/.dockerignore
@@ -1,2 +1,4 @@
 node_modules
-dist/
+dist/
+.git
+.env*
diff --git a/backend/user/.env.local-docker-standalone b/backend/user/.env.local-docker-standalone
@@ -1,15 +1,15 @@
-EXPRESS_ENV="local"
-PEERPREP_UI_HOST="http://localhost:5173"
+EXPRESS_ENV=local
+PEERPREP_UI_HOST=http://localhost:5173
 
 EXPRESS_PORT=9001
 
 # When run with standalone build
-EXPRESS_DB_HOST="host.docker.internal"  
+EXPRESS_DB_HOST=host.docker.internal
 
 EXPRESS_DB_PORT=5431
-POSTGRES_DB="user"
-POSTGRES_USER="peerprep-user-express"
-POSTGRES_PASSWORD="69/X8JxtAVsM+0YHT4RR5D7Ahf7bTobI4EED64FrzIU="
-PGDATA="/data/user-db"
+POSTGRES_DB=user
+POSTGRES_USER=peerprep-user-express
+POSTGRES_PASSWORD=69/X8JxtAVsM+0YHT4RR5D7Ahf7bTobI4EED64FrzIU=
+PGDATA=/data/user-db
 
-EXPRESS_JWT_SECRET_KEY="jd+9qlXA0a3YsmVf2KJgyiJ3SprIR318IAwhRXck4Y8="
+EXPRESS_JWT_SECRET_KEY=jd+9qlXA0a3YsmVf2KJgyiJ3SprIR318IAwhRXck4Y8=
diff --git a/backend/user/README.md b/backend/user/README.md
@@ -5,8 +5,7 @@
 1. Run this command to build:
     ```sh
     docker build \
-      -t user-express-local
-      --build-arg env=local-docker-standalone \
+      -t user-express-local \
       --build-arg port=9001 \
       -f express.Dockerfile .
     ```
@@ -19,7 +18,7 @@
 
 4. Run this command to expose the container:
     ```sh
-    docker run -p 9001:9001 user-express-local
+    docker run -p 9001:9001 --env-file ./.env.local-docker-standalone user-express-local
     ```
 
 ## Running with Docker-Compose (Main config)
diff --git a/backend/user/express.Dockerfile b/backend/user/express.Dockerfile
@@ -1,18 +1,18 @@
 FROM node:lts-alpine AS build
-WORKDIR /data/question-express
+WORKDIR /data/user-express
 COPY package*.json ./
 RUN npm install
 ARG env
 COPY . .
-COPY ".env.${env}" .env
+# COPY ".env.${env}" .env
 RUN npm run build
 
 FROM node:lts-alpine AS production
-WORKDIR /data/question-express
-COPY --from=build /data/question-express/package*.json ./
+WORKDIR /data/user-express
+COPY --from=build /data/user-express/package*.json ./
 RUN npm ci --omit=dev
-COPY --from=build --chown=node:node /data/question-express/dist ./dist
-COPY --from=build /data/question-express/.env .env
+COPY --from=build --chown=node:node /data/user-express/dist ./dist
+# COPY --from=build /data/user-express/.env .env
 
 ARG port
 EXPOSE ${port}
diff --git a/backend/user/package.json b/backend/user/package.json
@@ -4,17 +4,15 @@
   "main": "dist/index.js",
   "scripts": {
     "dev": "env-cmd -f .env.local nodemon src/index.ts | pino-pretty",
-    "build": "env-cmd -f .env tsc && tsc-alias",
-    "start": "env-cmd -f .env node dist/index.js",
+    "build": "tsc && tsc-alias",
+    "start": "node dist/index.js",
     "build:local": "env-cmd -f .env.local tsc && tsc-alias",
     "start:local": "env-cmd -f .env.local node dist/index.js",
-    "build:prod": "env-cmd -f .env.prod tsc && tsc-alias",
-    "start:prod": "env-cmd -f .env.local node dist/index.js",
     "db:generate": "env-cmd -f .env.local drizzle-kit generate",
     "db:migrate": "env-cmd -f .env.local tsx ./src/lib/db/migrate.ts",
     "db:seed": "env-cmd -f .env.local tsx ./src/lib/db/seed.ts",
-    "db:prod:migrate": "env-cmd -f .env tsx ./src/lib/db/migrate.ts",
-    "db:prod:seed": "env-cmd -f .env tsx ./src/lib/db/seed.ts",
+    "db:prod:migrate": "tsx ./src/lib/db/migrate.ts",
+    "db:prod:seed": "tsx ./src/lib/db/seed.ts",
     "db:inspect": "env-cmd -f .env.local drizzle-kit studio",
     "fmt": "prettier --config .prettierrc src --write",
     "test": "echo \"Error: no test specified\" && exit 1"
@@ -27,6 +25,7 @@
     "bcrypt": "^5.1.1",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
     "drizzle-orm": "^0.33.0",
     "env-cmd": "^10.1.0",
     "express": "^4.21.0",
diff --git a/backend/user/src/config.ts b/backend/user/src/config.ts
@@ -1,3 +1,5 @@
+import 'dotenv/config';
+
 export const JWT_SECRET_KEY = process.env.EXPRESS_JWT_SECRET_KEY!;
 
 export const dbConfig = {
diff --git a/backend/user/src/index.ts b/backend/user/src/index.ts
@@ -1,3 +1,5 @@
+import 'dotenv/config';
+
 import app, { dbHealthCheck } from '@/server';
 import { logger } from '@/lib/utils';
 
diff --git a/backend/user/src/server.ts b/backend/user/src/server.ts
@@ -1,6 +1,7 @@
 import { exit } from 'process';
 
 import cors from 'cors';
+import 'dotenv/config';
 import { sql } from 'drizzle-orm';
 import express, { json } from 'express';
 import helmet from 'helmet';
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -67,7 +67,7 @@ services:
       - EXPRESS_DB_HOST=user-db
       - EXPRESS_DB_PORT=5432
     volumes: 
-      - user-service:/data/question-express
+      - user-service:/data/user-express
     depends_on:
       - user-db
     networks:
diff --git a/package-lock.json b/package-lock.json

-Original file line number
+Diff line change
@@ @@ -1,2 +1,4 @@ @@
 node_modules
 -dist/
 +dist/
 +.git
 +.env*
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+import 'dotenv/config';`
	`2`	`+`
`1`	`3`	`export const JWT_SECRET_KEY = process.env.EXPRESS_JWT_SECRET_KEY!;`
`2`	`4`
`3`	`5`	`export const dbConfig = {`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+import 'dotenv/config';`
	`2`	`+`
`1`	`3`	`import app, { dbHealthCheck } from '@/server';`
`2`	`4`	`import { logger } from '@/lib/utils';`
`3`	`5`