fix: dont expose bip38 password in process monitor (#74)

spkjp · faustbrian · commit ee92b54cc334 · 2018-10-28T05:29:37.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - A new npm dependency `dotenv` has been added. When updating from a previous  
 version it is necessary to install it by executing `sudo npm install -g dotenv`  
 followed by `npm link dotenv` inside the commander directory.
+- When using `bip38` the password is no longer exposed in the process monitor.
+- Starting the relay/forger/explorer manually is now easier:
+    Relay:
+    `pm2 start --only ark-core-relay`
+    Forger without bip38 encryption:
+    `pm2 start --only ark-core-forger`
+    Forger with bip38 encryption:
+    `pm2 start --only ark-core-forger -- --password ark`
+    Explorer:
+    `pm2 start --only ark-core-explorer`
 
 ### Removed
 - Redis
diff --git a/actions/apps/forger.sh b/actions/apps/forger.sh
@@ -140,11 +140,8 @@ __forger_configure_bip38 ()
 
 __forger_start_with_bip38 ()
 {
-    local bip38=$(jq -r '.bip38' "$CORE_CONFIG/delegates.json")
-
     read -sp "Please enter your bip38 password: " password
-
-    pm2 start $commander_ecosystem --only ark-core-forger -- --bip38 "$bip38" --password "$password" >> "$commander_log" 2>&1
+    pm2 start $commander_ecosystem --only ark-core-forger -- --password "$password" >> "$commander_log" 2>&1
 }
 
 __forger_start_without_bip38 ()
diff --git a/ecosystem.config.js b/ecosystem.config.js
@@ -1,12 +1,14 @@
 require('dotenv').config({ path: `${process.env.HOME}/.commander` })
 
-const parseArg = (key) => {
-    const index = process.argv.indexOf(key)
+const delegates = require(`${process.env.CORE_CONFIG}/delegates.json`)
+
+const getPasswordFromArgs = () => {
+    const index = process.argv.indexOf('--password')
     if (index !== -1) {
-        return `${key} ${process.argv[index + 1]}`
+        return process.argv[index + 1]
     }
 
-    return ''
+    return undefined
 }
 
 module.exports = {
@@ -25,11 +27,13 @@ module.exports = {
     args: `forger --data ${process.env.CORE_DATA}
                   --config ${process.env.CORE_CONFIG}
                   --token ${process.env.CORE_TOKEN}
-                  --network ${process.env.CORE_NETWORK}
-                  ${parseArg('--bip38')}
-                  ${parseArg('--password')}`,
+                  --network ${process.env.CORE_NETWORK}`,
     max_restarts: 5,
-    min_uptime: '5m'
+    min_uptime: '5m',
+    env: {
+        ARK_FORGER_BIP38: delegates.bip38,
+        ARK_FORGER_PASSWORD: getPasswordFromArgs()
+    }
   }, {
     name: 'ark-explorer',
     script: `${process.env.EXPLORER_DIR}/express-server.js`,

Original file line number	Diff line number	Diff line change
`@@ -140,11 +140,8 @@ __forger_configure_bip38 ()`
`140`	`140`
`141`	`141`	`__forger_start_with_bip38 ()`
`142`	`142`	`{`
`143`		`- local bip38=$(jq -r '.bip38' "$CORE_CONFIG/delegates.json")`
`144`		`-`
`145`	`143`	`read -sp "Please enter your bip38 password: " password`
`146`		`-`
`147`		`- pm2 start $commander_ecosystem --only ark-core-forger -- --bip38 "$bip38" --password "$password" >> "$commander_log" 2>&1`
	`144`	`+ pm2 start $commander_ecosystem --only ark-core-forger -- --password "$password" >> "$commander_log" 2>&1`
`148`	`145`	`}`
`149`	`146`
`150`	`147`	`__forger_start_without_bip38 ()`