Use env variables during build

Author: aram356

Cargo.lock

@@ -13,7 +13,7 @@ brotli = "3.3"
 chrono = "0.4"
 config = "0.15.11"
 cookie = "0.18.1"
-derive_more = { version = "1.0", features = ["display", "error"] }
+derive_more = { version = "2.0", features = ["display", "error"] }
 error-stack = "0.5"
 fastly = "0.11.5"
 futures = "0.3"
@@ -35,9 +35,10 @@ urlencoding = "2.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.91"
 config = "0.15.11"
-derive_more = { version = "1.0", features = ["display", "error"] }
+derive_more = { version = "2.0", features = ["display", "error"] }
 error-stack = "0.5"
 http = "1.3.1"
+toml = "0.9.0"
 
 [dev-dependencies]
 regex = "1.1.1"

crates/common/Cargo.toml

@@ -6,10 +6,20 @@ mod settings;
 
 use serde_json::Value;
 use std::collections::HashSet;
+use std::fs;
+use std::path::Path;
+
+const TRUSTED_SERVER_INIT_CONFIG_PATH: &str = "../../trusted-server.toml";
+const TRUSTED_SERVER_OUTPUT_CONFIG_PATH: &str = "../../target/trusted-server-out.toml";
 
 fn main() {
-    // Watch the settings.rs file for changes
-    println!("cargo:rerun-if-changed=../../trusted-server.toml");
+    merge_toml();
+    rerun_if_changed();
+}
+
+fn rerun_if_changed() {
+    // Watch the root trusted-server.toml file for changes
+    println!("cargo:rerun-if-changed={}", TRUSTED_SERVER_INIT_CONFIG_PATH);
 
     // Create a default Settings instance and convert to JSON to discover all fields
     let default_settings = settings::Settings::default();
@@ -27,6 +37,26 @@ fn main() {
     }
 }
 
+fn merge_toml() {
+    // Get the OUT_DIR where we'll copy the config file
+    let dest_path = Path::new(TRUSTED_SERVER_OUTPUT_CONFIG_PATH);
+
+    // Read init config
+    let init_config_path = Path::new(TRUSTED_SERVER_INIT_CONFIG_PATH);
+    let toml_content = fs::read_to_string(init_config_path)
+        .unwrap_or_else(|_| panic!("Failed to read {:?}", init_config_path));
+
+    // For build time: use from_toml to parse with environment variables
+    let settings = settings::Settings::from_toml(&toml_content)
+        .expect("Failed to parse settings at build time");
+
+    // Write the merged settings to the output directory as TOML
+    let merged_toml =
+        toml::to_string_pretty(&settings).expect("Failed to serialize settings to TOML");
+
+    fs::write(dest_path, merged_toml).unwrap_or_else(|_| panic!("Failed to write {:?}", dest_path));
+}
+
 fn collect_env_vars(value: &Value, env_vars: &mut HashSet<String>, path: Vec<String>) {
     if let Value::Object(map) = value {
         for (key, val) in map {

crates/common/build.rs

@@ -32,6 +32,7 @@ pub mod prebid;
 pub mod privacy;
 pub mod publisher;
 pub mod settings;
+pub mod settings_data;
 pub mod synthetic;
 pub mod templates;
 pub mod test_support;

crates/common/src/lib.rs

@@ -126,26 +126,6 @@ mod tests {
 
     use crate::test_support::tests::crate_test_settings_str;
 
-    #[test]
-    fn test_settings_new() {
-        // Test that Settings::new() loads successfully
-        let settings = Settings::new();
-        assert!(settings.is_ok(), "Settings should load from embedded TOML");
-
-        let settings = settings.unwrap();
-        // Verify basic structure is loaded
-        assert!(!settings.ad_server.ad_partner_backend.is_empty());
-        assert!(!settings.ad_server.sync_url.is_empty());
-        assert!(!settings.publisher.domain.is_empty());
-        assert!(!settings.publisher.cookie_domain.is_empty());
-        assert!(!settings.publisher.origin_url.is_empty());
-        assert!(!settings.prebid.server_url.is_empty());
-        assert!(!settings.synthetic.counter_store.is_empty());
-        assert!(!settings.synthetic.opid_store.is_empty());
-        assert!(!settings.synthetic.secret_key.is_empty());
-        assert!(!settings.synthetic.template.is_empty());
-    }
-
     #[test]
     fn test_settings_from_valid_toml() {
         let toml_str = crate_test_settings_str();

crates/common/src/settings.rs

@@ -0,0 +1,58 @@
+use core::str;
+use error_stack::{Report, ResultExt};
+
+use crate::error::TrustedServerError;
+use crate::settings::Settings;
+
+const SETTINGS_DATA: &[u8] = include_bytes!("../../../target/trusted-server-out.toml");
+
+/// Creates a new [`Settings`] instance from the embedded configuration file.
+// /
+// / Loads the configuration from the embedded `trusted-server.toml` file
+// / and applies any environment variable overrides.
+// /
+// / # Errors
+// /
+// / - [`TrustedServerError::InvalidUtf8`] if the embedded TOML file contains invalid UTF-8
+// / - [`TrustedServerError::Configuration`] if the configuration is invalid or missing required fields
+// / - [`TrustedServerError::InsecureSecretKey`] if the secret key is set to the default value
+pub fn get_settings() -> Result<Settings, Report<TrustedServerError>> {
+    let toml_bytes = SETTINGS_DATA;
+    let toml_str = str::from_utf8(toml_bytes).change_context(TrustedServerError::InvalidUtf8 {
+        message: "embedded trusted-server.toml file".to_string(),
+    })?;
+
+    let settings = Settings::from_toml(toml_str)?;
+
+    // Validate that the secret key is not the default
+    if settings.synthetic.secret_key == "secret-key" {
+        return Err(Report::new(TrustedServerError::InsecureSecretKey));
+    }
+
+    Ok(settings)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_get_settings() {
+        // Test that Settings::new() loads successfully
+        let settings = get_settings();
+        assert!(settings.is_ok(), "Settings should load from embedded TOML");
+
+        let settings = settings.unwrap();
+        // Verify basic structure is loaded
+        assert!(!settings.ad_server.ad_partner_backend.is_empty());
+        assert!(!settings.ad_server.sync_url.is_empty());
+        assert!(!settings.publisher.domain.is_empty());
+        assert!(!settings.publisher.cookie_domain.is_empty());
+        assert!(!settings.publisher.origin_url.is_empty());
+        assert!(!settings.prebid.server_url.is_empty());
+        assert!(!settings.synthetic.counter_store.is_empty());
+        assert!(!settings.synthetic.opid_store.is_empty());
+        assert!(!settings.synthetic.secret_key.is_empty());
+        assert!(!settings.synthetic.template.is_empty());
+    }
+}

crates/common/src/settings_data.rs

@@ -15,14 +15,15 @@ use trusted_server_common::prebid::handle_prebid_test;
 use trusted_server_common::privacy::handle_privacy_policy;
 use trusted_server_common::publisher::handle_main_page;
 use trusted_server_common::settings::Settings;
+use trusted_server_common::settings_data::get_settings;
 use trusted_server_common::templates::GAM_TEST_TEMPLATE;
 use trusted_server_common::why::handle_why_trusted_server;
 
 #[fastly::main]
 fn main(req: Request) -> Result<Response, Error> {
     init_logger();
 
-    let settings = match Settings::new() {
+    let settings = match get_settings() {
         Ok(s) => s,
         Err(e) => {
             log::error!("Failed to load settings: {:?}", e);