diff --git a/.env.local.example b/.env.local.example index 7a33a22e..02220c9d 100644 --- a/.env.local.example +++ b/.env.local.example @@ -1,14 +1,30 @@ -# rename to .env.local +# rename to .env +export FORCE_SSL=false +export JEMALLOC_ENABLED=true export NODE_ENV=development +export NPM_CONFIG_LOGLEVEL=error +export NODE_MODULES_CACHE=true +export NODE_VERBOSE=false +export RACK_TIMEOUT_SERVICE_TIMEOUT=60 +export RACK_TIMEOUT_WAIT_TIMEOUT=60 export RAILS_ENV=development export RAILS_MASTER_KEY= export RAILS_ASSET_HOST= -export OCCSON_ACCESS_TOKEN= -export OCCSON_PASSPHRASE= +export RAILS_SERVE_STATIC_FILES=true +export REDIS_URL= +export RUBY_GC_HEAP_GROWTH_FACTOR=1.1 +export RUBY_GC_MALLOC_LIMIT=4000100 +export RUBY_GC_MALLOC_LIMIT_GROWTH_FACTOR=1.1 +export RUBY_GC_MALLOC_LIMIT_MAX=16000100 +export RUBY_GC_OLDMALLOC_LIMIT=16000100 +export RUBY_GC_OLDMALLOC_LIMIT_MAX=16000100 export TZ= +export USE_YARN_CACHE=true +export VITE_RUBY_SKIP_ASSETS_PRECOMPILE_EXTENSION=true + #============================ -# OCCSON ENV VARS +# RAILS CREDENTIALS #============================ # ABOUT_ME=About me # ANILIST_CLIENT_ID= @@ -24,7 +40,6 @@ export TZ= # DISCORD_SERVER_ID= # DISCORD_USER_ID= # FORCE_SSL=false -# JEMALLOC_ENABLED=true # LASTFM_API_KEY= # LASTFM_API_SECRET= # LASTFM_USERNAME= @@ -34,27 +49,14 @@ export TZ= # MONGO_DB= # MONGO_INITDB_ROOT_USERNAME= # MONGO_INITDB_ROOT_PASSWORD= -# NPM_CONFIG_LOGLEVEL=error -# NODE_MODULES_CACHE=true -# NODE_VERBOSE=false -# RACK_TIMEOUT_SERVICE_TIMEOUT=60 -# RACK_TIMEOUT_WAIT_TIMEOUT=60 # RAILS_HOST= # RAILS_SERVE_STATIC_FILES=enabled # RECAPTCHA_SECRET_KEY= # RECAPTCHA_SITE_KEY= # REDIS_TLS_URL= # REDIS_URL= -# RUBY_GC_HEAP_GROWTH_FACTOR=1.1 -# RUBY_GC_MALLOC_LIMIT=4000100 -# RUBY_GC_MALLOC_LIMIT_GROWTH_FACTOR=1.1 -# RUBY_GC_MALLOC_LIMIT_MAX=16000100 -# RUBY_GC_OLDMALLOC_LIMIT=16000100 -# RUBY_GC_OLDMALLOC_LIMIT_MAX=16000100 # SHOKO_BASE_URL= # SHOKO_API_KEY= # SPOTIFY_CLIENT_ID= # SPOTIFY_CLIENT_SECRET= # SPOTIFY_REFRESH_TOKEN= -# USE_YARN_CACHE=true -# VITE_RUBY_SKIP_ASSETS_PRECOMPILE_EXTENSION=true diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 478d3c0c..e035839f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -46,8 +46,6 @@ jobs: TZ=${{ secrets.TZ }} RAILS_ENV=${{ secrets.RAILS_ENV }} NODE_ENV=${{ secrets.NODE_ENV }} - OCCSON_ACCESS_TOKEN=${{ secrets.OCCSON_ACCESS_TOKEN }} - OCCSON_PASSPHRASE=${{ secrets.OCCSON_PASSPHRASE }} RAILS_MASTER_KEY=${{ secrets.RAILS_MASTER_KEY }} RAILS_ASSET_HOST=${{ secrets.RAILS_ASSET_HOST }} diff --git a/Dockerfile b/Dockerfile index 300e5418..e87b599b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,8 +45,6 @@ COPY config.ru . RUN --mount=type=secret,id=TZ \ --mount=type=secret,id=RAILS_ENV \ --mount=type=secret,id=NODE_ENV \ - --mount=type=secret,id=OCCSON_ACCESS_TOKEN \ - --mount=type=secret,id=OCCSON_PASSPHRASE \ --mount=type=secret,id=RAILS_MASTER_KEY \ --mount=type=secret,id=RAILS_ASSET_HOST \ chmod -R 755 ./bin/* \ diff --git a/Gemfile b/Gemfile index b5cf6951..423fcd31 100644 --- a/Gemfile +++ b/Gemfile @@ -87,7 +87,6 @@ gem "rack-cors", "~> 2.0", require: "rack/cors" gem "addressable", "~> 2.8" -gem "occson", "~> 4.2" gem "jwt", "~> 2.8" diff --git a/Gemfile.lock b/Gemfile.lock index 3f33ba4a..77072d62 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -221,7 +221,6 @@ GEM nio4r (2.7.1) nokogiri (1.16.4-x86_64-linux) racc (~> 1.4) - occson (4.2.0) opus-ruby (1.0.1) ffi orm_adapter (0.5.0) @@ -453,7 +452,6 @@ DEPENDENCIES lograge (~> 0.14.0) logstash-event (~> 1.2) mongoid (~> 9.0) - occson (~> 4.2) persistent_httparty (~> 0.1.2) puma (~> 6.4) rack (~> 2) diff --git a/build.sh b/build.sh index 4e9a9121..a75410e4 100755 --- a/build.sh +++ b/build.sh @@ -6,15 +6,11 @@ set -x TZ=$(cat /run/secrets/TZ) RAILS_ENV=$(cat /run/secrets/RAILS_ENV) NODE_ENV=$(cat /run/secrets/NODE_ENV) -OCCSON_ACCESS_TOKEN=$(cat /run/secrets/OCCSON_ACCESS_TOKEN) -OCCSON_PASSPHRASE=$(cat /run/secrets/OCCSON_PASSPHRASE) RAILS_MASTER_KEY=$(cat /run/secrets/RAILS_MASTER_KEY) RAILS_ASSET_HOST=$(cat /run/secrets/RAILS_ASSET_HOST) export TZ export RAILS_ENV export NODE_ENV -export OCCSON_ACCESS_TOKEN -export OCCSON_PASSPHRASE export RAILS_MASTER_KEY export RAILS_ASSET_HOST diff --git a/config/application.rb b/config/application.rb index 49bfa6fc..7ae4835b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -9,7 +9,6 @@ require "active_job/railtie" rescue LoadError require "action_cable/engine" rescue LoadError require "rails/test_unit/railtie" rescue LoadError -require "occson" # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. @@ -20,24 +19,16 @@ class Application < Rails::Application # Use the responders controller from the responders gem config.app_generators.scaffold_controller :responders_controller - # get env variables from occson + # get env variables from credentials config.before_configuration do - source = Rails.env.production? ? "occson://0.1.0/.env.prod" : "occson://0.1.0/.env.dev" - access_token = ENV.fetch("OCCSON_ACCESS_TOKEN") - passphrase = ENV.fetch("OCCSON_PASSPHRASE") - - document = Occson::Document.new(source, access_token, passphrase).download - - document&.split("\n")&.each do |line| - key, value = line.split("=", 2) - - ENV.store(key, value) + Rails.application.credentials.config.each do |key, value| + ENV.store(key.to_s, value.to_s) end end # Initialize configuration defaults for originally generated Rails version. config.load_defaults 7.0 config.time_zone = "Singapore" - config.x.feature.lograge = ENV.fetch("LOGRAGE", "false") == "true" + config.x.feature.lograge = Rails.application.credentials.config.dig(:LOGRAGE) == "true" config.middleware.use Rack::Deflater config.middleware.use Rack::Brotli config.action_controller.forgery_protection_origin_check = false diff --git a/config/credentials/development.yml.enc b/config/credentials/development.yml.enc new file mode 100644 index 00000000..94767429 --- /dev/null +++ b/config/credentials/development.yml.enc @@ -0,0 +1 @@ +TgI4fG8SDE7q5TCyFSVdGA2fPqnLdaBCMiwhush49ceN2Mpyp2gTV28/yn1tLfsHfvixGsSUQkWHNzGyJYZ93DKqPhpt69nq/kmtWIAuE5Sg4n/fgd0fkgmZwsxc16tOVxL4k2MpyxmRp7GCR61TGt9XvTS3KX2QANGndu+28VhRIBJhStfILWbrXSwA13qV6Cp2OoUhk/GlH6/nhV+4G61KgdBZ5zX4g+WSSPKSoWG9X9DeVoaYj+0Yceqjd9TvVRP21y2lYjjuSnLsRu+upk5jpZZMBshEZCsEgtMXh11iT2qQmgi2KR2zwwQn4Tg8XJEv2f80ZzsBC/Vkm6WdDW8WtZYitiR3BqGVAPeL8IvjRU40D4X0EiiPpW1ZT1YmjiqmA6MsgsgCSHn0BfOUhKNpiB4OABGDbwYhXQnANvLetjQTGSlBGJ9/agBeluiBh4yIBWcQCOXChhTywxzJ5Ie529+srRC91WivHmDTbCmEB5EVuPnP9LQgI7/953e/b9IBOCHaySR01QQoLmgoFN2nLomH/63nT6Kuj4c5axbR5St0z1O+HTrIb9ukuCf9fmFZ7FsaGvy2cR6kBmIX6MsplNJv3ETEvEDC2vOFD1XtFvALsW8ZtI6INi6CFnE0u0mtGjhrV/a1+JDzgfKV8t1cLI7uvozbndCiJNp6xuW40R+udPpG6KqApZ9kK+EDHQ8sX796T9udg7gNajCfPewNs3yCe4KW70Bc1ayUMMKP/PEfGDGrtkIgqaXQeymkJctIpDZj+2Av4Y0SNvvlftZTwm8Ed9PNIqbQn6YUrVa71zjPIlxVpogcndhScowq1RExdx4xFO9la9SHXMRp+TccJtyKgM+FRT9jcAFfqw1aMtU9NZn5r5doAuWZldjsf7GaLT92KTqOzMipSNJa5pQz21kA4/m4ly/rru5a6JM3+e7RzU3wSnIfhzpwicMEAYpKmompZKJ6Xos5FXx+NOeeZn5IEeQt4G29Lkd9HGHBKxVOa9MH3z7Di0vtwg7PEAhBhT29C5Gol3mJkuMTsK29qtNVyGpTS54EIm3sdSqzmd4we5+ZckKi7ceyUzAfCxJpqti/f3e9TkRh8gswLVxhPUqeJYxAYhIemul7iHdfKokFt42iLyfIn2OpnPmcW5fAe7RirZixafyJU4uhdsyUQ3CMhWH7sce5C+QF61dhFD7ZjfdcJiYsGJ2iiciLIZaD5/lo1avCOjg/O+9c7r5MvmeYkjx1lb2CJHIYC7kcgGCsPCc74tRrsAkK9YRUMJAOuAdGw5bZuQPo4ppraNPE7vdf9iGP/3t5NhzRIYsfMNKOAnV7pbf1l/BMuh6KNQg3+2WHfRiJd5sePWpzTZDVMrHDrP8TYWYEsiTW37rpsKJjO4cVF8M5kSLSqXd6w74gBMcFij5WC5TRaXjQ1Dsv+8EPM4hsBchCaHMSZI0XMCLOTUkm8FCNcXJlBVZCyMtZW5TDUkGUf0PlSFU+gVGZEnpwFSz49GKjZAuuFtcJdPsj85M2xLS+pGDu9ABWXoFliNEk5362HKtBEoAZSTS4zOKdEmEN3zetL6QaNIRV+1dFc61SuvUDnWGbJdNPKaxI4ImM02nH2YirMsFeLn6vBgGvURwzc8gT/brRkvxf1/ePwYOTC96r5HWo4+SESwatv3OfhjKEY620megzqbJniNSWH8nLZHuNsXPSt2gdBn4PDiedraNpxoKTTcUbWgu6YjfWNIISPWL/2t60CbjzmcAGRrgPjdvphsdkF4535nFcQSyXn/vLqyg2yBUN/dSCo2ZeO5OhnMCBBlb7yw0FH2Zi7zhTkDMKzGP9XqqIX/mzusKcrQoV9oBT9wDNiD7iHLDTwFKUg8Ng1roKUAiYjcW1kntEYdmRmbuuzVSR1fjEtn1riIzrfQDGSYCzSxZqQxcwwABEyEotwDGXDso54M5xrxxEg2FSkCUXGIDWK6Jq9q8/nk/QaUYqiBjBK2aUU1iuaplGxexnDzGxXB3PvrlciPXzdT+7jT105kiPsGpZcO3F45hSj+7R7ES5vIx2T9fR1zrbginFY+p7hZfBcxoCcXZulpy2urJe53u7tc6KPJzwY+jIfu9lrxLATMUisqIua/8Ob8BiFRvS4p31fJ4etNGtsAjgRIvnLhsQJxa6XvodDIi0TNw263atrgHvLfv6ekAXG34/unfcy4VVs7/k4ENWhO+yVFvBYYGqO2vDBHy4cLsgp9sCya5m1VWg/zgBM9ulXK0LHFGY/Sup9EJhNnrpo3AysNBw74QgE76n/Uq1DAk+HoXKttGGSd5BFs6SG8891gY721f1XHtlvJ2BqPeNMY/FGgZcmwdrTP4pv0opG9poOLS8aREyYKaE38RdvWEsVtpyHdzz4mqnhnjZq526+0eZ5XHqU/mxYnHpBRNr9o2Z2VA7GJPar3BNpCEjkcfA0k5JrTOtrKvv7DLLeQPYxrLhH81VCW8L6mz9CpvXXNsakZzdCLf8LfCSVEKJKnT26GyvI44Q/c8gDgkxOHsD+2o3jFFdKwH0PHn/iuP7hO4KHCIBwexFS4ZgLP9O5aDkZPo6m97PUGCwkAoOtKUY6Txxf+IMSIW1RLxT9VcRr26ZhTqXvIG19rNlxa2LvZXFowdKKN97B/uhXEL/HmYcE/WGLDZ5maab2R052qBgBL3JVoPanWG5pexForhBLrUPSzcQG4R5D9S2rh26f628j/zX7S6T5CkVs/n4jnX9IwP8aH6il7xCAz0Ag+WR667fI/J80gOgOWE7QMyaVUlr57V5kG97IZqZP/ak72rhp7+B40ZnK60KLoNw+gDTGU07ZnnCAy3imE8JhdRVfBpEJciWPrFX3woEQo335j38Dpy19MOPg57hvFNSMZU1AUdpnQZoJHyjE9V1oi4lRp2kU4NeyFPVB5E9v4qkL51fQQO+IUkwqnbm1kSDHKKhRy4yLhqNo51mKw/LoNC1F4vAZREgqEjddyTMzXuFCPQ5y6ad1P9ao37rilfEDszzp/2t21LyUEhMym+tgB7PiI0p8KnCBzTrVFPKv4YU6XCGTCBP5pHbFqIbD3Pf0MMR2nxkCnVQiEgni1VRGoS0AhB/4rY31YiacPJcTQz9UwXfVFKeGqDnaVIGz2L5QfuwBYnqMqyqAlNZ0rOAU4f0b1BqVaudvGH8vw6IM/FbT1Rm4A8+EOfGwy/ID47UT80JdVd7Tg4j7WZzgAcpWZkXkyhu/TLAMYG8+voJUVWZwJRUgaSyorHoHZKxKpBaDXEjenAZYGk0w9bKpzcIfxCpYHLqIBnFXTtkQAz+nKS+INju6R3g1ktB6pJA9Bn6qugo01oFf9xfy+UKuEYvJuw5PxW8B18xpXlMtP5ps6twaJUT+kefg+zxCviOnVmRVg4PN2Zql8VVdANH0iz1azMumSEVqAiTJqHxc5GuE8bY9VudoZNFhpD1xULT7rES++Kpcg7m7tHly0ttmpI7P5Oy18/Pi376fOrjOlJKQhzPgPuB/MohBvMd2TxvvNVgJFGffXgGSdu96pFJP06gJrroXFSPiSh0JPZBB2EKdzsqr26VB5Wz1djlEmSpptMxj1oSIxa4zBjQgOkGKWfHaJuHdZSHD7Oz2BRig5VFqg7hYI5hQK+6ehvATxSO7r2ug5+rKnAjO45K+PO+AEejh8jFsy7Gzxg6BY0YiSIcFYg/V80KXTM7u2bhie+5XG4HeEy0hlzCAUCqWEJIIlU3czYQ349bo2183ItNHNocL7XhxgOX7eLCV9ONc1XWfp0k2dODD53IB9eisuro3pf2+UBfr2iXTktIjUXdYKff7Zf3GeUZ4QQXpUNGCLolKGNUyjfWqpeSTUrk2qbylrQLZyb9qi42TegHyjXdye55VJIiim1NRgDIz4lA2Wn3tNQdxrpTuKNU8NKQ1kacd1TN1fV0c4CWF7QIT5EQELej1cqWTKV4i6RpiCOeohj/fTNJ4H6ubomaChcu4f3UOh1jaC75sV+btNb8mwyEOVtacK9+Ru/gyRlgCSZSfhLV8qIdUjJA5BmtoFgDRJNCGrCirKKG3LdQaPzHINTZRUsolefo4DaRbPgbCx/+28FMWRggr+hlrSn1DSH7NtIfxTBPgIvJL1cocezEU4cB1mZKqgVob+DjxZ1lzjZ5kpnDixKCmpPFaKZ1f5huwUK3hLBaFbOlC9Brmd13Zj0mIMOluT/nDEAqphCGgQ/Uqt8nNDJQMbRIG2nbKkG71Q1npR5wUJjHvoj+dzOc6tYIoAVwIoWVEk+5UqDAMOKoKjSt9D6v9FQNFbSVCqcGfARcCDspzNOA2h3bwgd62PTIYt3wD6PouvlMgGc7DKRLdy4gAFP6mkfvhPdR+5MsAlSTehtJwprOc2J6rS3lE/uGlruWSfRvKF/dTjD4UmjlSFlO+Qad5LLwcjURbatkKlAe7EsF1baH56YwVVFn5Bh/EDd/H0hgJ0gxCxC4Y2Osh4qXBnMafrSxLiDqVD6/lp8RXpg04rf4120U+XeMa8j8--Qafylpxp6arUZmQS--x76K9XNIDZ/innCkykkSPw== \ No newline at end of file diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc new file mode 100644 index 00000000..12088850 --- /dev/null +++ b/config/credentials/production.yml.enc @@ -0,0 +1 @@ +2nmT7Z6Mk89q5oi1zgNGsrnEVIuFNmTimhSrWplamTkqMeo3E4k61YlNLsxMP5ynZpgcQGgQXzmBqQ1yBcVX5rWsOWrijGAbiqr/Xk6cfbLUTkvDpgCtjsr8aZhWXpwipWZSk+G/XXT0r/1TJuZIbesUH5iMhxQY2Z6RadhzgqoCblnW98IaqlYVBgZQxMvkNCDIrkCFvjWWTTOXdPuNvLVRT+d2IDvdKEWA7ENiqkGJkBmqqEHh8GXCRSxjFNgNHj905OWco6JQSbtnZthvqwHq6YurCt+85bQm3f9qFHIn38K9NsdZXiZGCziDnf18HXmvj4xQOEHVX4fdDiz6cGHJLz7apR6aXA7hDhmjIBzrgKVVz/Hx7y1Rvvz8ndWSl1CM3XgZEq9h8rjGO/+ACpIR7aBAk40A4u28LPrjSiPe/cWLQnfjd8dSX/gRRXdNr7nQTDacp59gbIH3XrLD8tU1Zthe7BZcojxqNCvI5ll+UVTS/gYpqeihPgehsPCuHWAKbl9yI8M6O9eic/wm3yljhWaqmFbj+w8A2o+DuD11IVKV9ECIiklJ5Q0QcbrO1u1g6/suMFPyFgn+3J53wLetcX3WF5ybauOz8XsJzYbvv6tVlX6AlokZ4TjqndOTQNsmXZt0UfiVsibJr8RegtbEF2Plbdqq+ckaR/jcMay7rjI3RSqsNHCH9wL+dmsEfp2qys7vSB2epuMSkpwy0xJkT2Anifgx8GtiKBVzCCj3qgp5o+B3WlkRWz/A9IWZX24sNC4nSIimR+kIfxbrlnen0cqDlhfr+7MmGlnxdj2yaOIGEYSG5uOYIf/tYVaCW3zxSkYcOSmGh3NvK3Vlo/z7wNF/3Wfi2JxZSFlMXYFJviVKu2hClqPjDztlzzY3dULKxGWmF4K9LPvZXSEuxVdybRD6ljWlAWLcHQWG1pE35YGiQ+51EKERYdeKTBVVy6VE6dlF5P5xlodjKzQHX5x1yvOJSL3bkxWG838YxTGqZ7Dt65RngDB9hqplzQNG72P7GPzuH8nAO6cl2zHyYvu+Y/Ll3jfUO4KH+1Pv7No/qdXmAKbJV0M+oP15j4L17awCHjLZyJ8sh3atQ6jRqS1TwylWXVK9LBulzRizuGcmvF3NDBwLe8P5IM0YyDfMDnZb3yDhq8qgcPIHiIGdM2uoJVDk1mAGBlDlJgd7JFy2hDS+JYf6utYdJzZldwgwVE5hLD2LrZBnUIbXXV+qSOSBbBFY9wwpzleSRPh67dD1k+MrfUiVctv+Goivo02CrUywdF4ebgj5r+Zz7V4q8BPXyF/9P6c16kR22OXCLi6D5pk2mYcCjDFZh1As1/z+UyfrvIIRfZYli+wTJnkHFNIfV2Cu2CgCKraSQFV/CcdcyCdN4/MpdTTl1Cnq3NQumSm4WKbtFpVz5CyTQQSMy2jd2uDSDnHwBkPmqSN7QGFMuVL8ME4eqqP3AHVX9oOYooJ2PVMDpipbEndBG3KBJ0o908y/0SojR/1vnyymXVoysB47G+2cW0e6wgpt6yN1LuWeWTwuP+4izNI8c/JvkDf1NyXTnAOE6uLlJblcnfNBnZPoFQc0/XQoBF9LgV72l0BJEkuwEWAKUIG25X2ECpOWV44OBy1mJCgebXDnnI8E31pUqTs6T2m1UseQDK3BFAyykcecTeGSNk1QO+RoFK/BJjju2ZwWO03bvDjxiQKw8FtD/4/kIqGbj2vmfKyyRK63fFQqsboq8OPf6rbq0XtYkZ2mqLLjNS6zOd0KZ6p/gGdq2RkjRgTEKjj4NsSsHAXrkQ1G/JBVieh0qhMY6waId8hadeWd54ex/uzBn9PH7FXIETs034HT+OTBXaTnnLJ1VSN53rMwonQJ+9OX/5EApv0WZmgsuI+4iPVnlCbN4qWXAYvIU7Sy7+IK0xa3q9lR3G9mXJLm9qy58B7Zd/eyx3JKITPvcIpvbuLk0COj8lYj+dzPrkdqgTV4+TtQWrnAogfAergrRm21Rk1p9HuI8fAQtbisl6412XxTtJZkxDdGzOBXYUCMcd1VmSnfidtkwQtx4f7c9QT9Q5wISiZk+coaDaLdMPkU7vQjgg9FGJ/LhEsxXiTHm+mwHL9+PtUlOv9LiC5veIn7RHvfRgZ2fFhAEwXsvrz+ZPnqN9/0GaKQU8ZI3LlyzkfQBpOK/mMaMDqTRLFu/ER/Zlt8sAPZyqgmK2SZ8cElI9tJNsmIEmOS33OH212Krt4JDqKfmKSfvocF3p4p5ZITox5LlINTW09QQrVcQeDzOjFT51wPQ9dbjfKHAN2LL6vYU+HRDqBrEQC510vTyYPxldCcJLJoY+LXUfxszwxtsj8esT2CleoMCFwIuGB801IrjWp0HNqwDu+YAIY+tMrSaQTT3XQ0pmyIaxMPW1W3HLzjBY8W2Ow4T6Qf3QDZ0SnlASyBIyacyiAuvJynLCwGv9DjvJQsyRA0pvwUzeAs8gX1YfT6WY7QZnaiY4icQ9pRYbJHBkRmkx5W6Gu8DNrsx86LwQ7jPhL+sW1wP7LLYYVUHWA9ouTWuT7kyelUzsyBBFeGCMlsjVi4Qf7YBiY1iwRTu9Leh4P/xq9F38dOctxslThWTmOBqAMpHHeZBCTfXPf1X+lSnS2rgaDNpJ2R42xzwsKuxyv4im0wxVjjbdz+aQaOSHaVbd0ipd7D8PgSnmU7DrpcYvMwQAtxTPXIABziMc47JYPd8DNTjVm0cO0oFo/ji7Cr7xWPBpJszI9imoBEck421UjDIpFrGXiSLsPK+40wC0/2vKRvze5tRjCnrAgZgCavmDWJHkzVg+yFQkhdWWWppccR8JyX+/zeEcFSFCZ2lH7YVitJMDxN5aV+auibLLISGqDhKi31JsY4faE5hbflIBcjgMMLOQmIvTEyxSsYb8eFSqIFRreoBX7G/2/qlHGIGtG0/RzRuiuB3KCDB37E2hGkITRTDxj/gL7hmAnpTdxo0ToJRXs1YsTaek8bf3+oG1WWl+mWlzN8Yr+9QKSMeKxw7g2TYv9xvsv6PQL8IIbNcdEQsAklaAzBxNyAjwna+PdbKcDY2IFVHEGfj4OHjBp1uoYsFxuzgZS259mQ/jo8PSwHuLO3tBGQERUe/1TBrPqibQVMVrWx+make87/xo+2/kEkvcyF5yzZvIxojzhwkWCqTC9LgXMG9LTcufPOpDpaMgNFhAlFWjweyRLiPL/pQxMi7j382Kj9/MjJlYjffXliW5Ki+8+E3DXoqiG+juQrG5QT2H9/jk9wTCdGKbwo9nQAROBuCA4pdzIMHd9AOA1t/MFX3thMDa6HY4g3bqC5DF345zy4X5su63jQE1Z7Ii/H+OXLPdsVj3Sr2tJ0dH29QwEnaL0VjY7hDJXSxbuO6/iqn6ctx26C4JyfG1Yz0XLpkqBCJ8gz6wIBy7yE90m+KhCKqM4tMvealj1opbuU3U68cG7kE1ZzKhwxrBqeKGa1JGsh01Ytrdg6twiwj7wHq6F7jb3dVGEVP5AsgpGUee+XzA1jIJ1zRdN4bh2kq9ZFP03bZ38pmMuZDhfFm1Lwx++SiRCPZrYonHErsfAPqetDAI4uFjat0ufqg362+/s6ju2MblsUZZBwOzcvZnat50lJ1MsaSpeFyG5wnsA8HpVQfyIbA75twPakbhiZ8x7ZJ0lSGleCgGA5Q3tCtpPB3O6uwEdIEsFTsxTnyoelBoxq4z6djzJG47sBsZ6jaLUPF6QRS1fYBhSetfVFKl1KufSStrE+l49AbK/QPPGcHZ8zPRawUOcXC3CTVn5LjRWMngw2yIgJRX1R+7ItN7k+djrlGc/fdZb0IbVysm2eXoX6vx+Q8+5eni6qkfvQzHUzwYx9Tg6lq5N676WNkwvCGMrL8C2R2QxsbpBaa+hz4xkfBi/7QDhgKCMYbrdG7JilwmGb7diUho24lw2/jpLZjkqbbmBURjliN22xvjcebHRtLqVk2gXSaH+KZIqtBbM0Wrm4ik7tyTKvhZfmdcc0qv4Tu5aaDpEIKWVi+9F82DCgTTJayE6dI6x2A03E2l+/dRd3wNZlPgp8g/YHev3oSq7ASZ1RXOCuLm6cEaNFFBYJ5Cvvxn6ib0VgNLOHa5reKs54LNiH83I7YQjEd4cAFrHaBlyBMD5tmNKktjJ/rHB3324ff6il/RBEjAOYgtYWhWOI/z0Si+gVWVEFHScJiCOzn+kgDen23BOsfBuEgrunzCIZlSaEb785Zn4YNUAIKzmX4U2HXDjD2oYxKbv3S8cResCA64tVulEMW4aheMc+5lszpen+zbHodUpsYGzAJC1AFTdNGsstx+q8nDR9DppiPaY7iCDx6FVee2Bx/7BeCNsZWN4nV2cK7KBXE4Fz1i8kTQmxTEH5qt+C97ifTzPzCnUH8Lb0khgzJUXh0WjK5o0be8YIwv14qq4IqPuiUmSDZ3NZQpIT3R8ajC8FczDUj87Ftw6jtkoJ7cBFVhB8zYq3GzBStuFpd0l42KolDIAwZqr7AcJNm11FUrQCacJMH6+15JsTQnyBD3av9PqFELV04Ymfh1PNW0ctHNRARPhj--Tx7wmZuiDtuSuPL2--BWbb7J49T5kQeDTF+zvuHw== \ No newline at end of file diff --git a/config/environments/production.rb b/config/environments/production.rb index 6a58927c..b1f213e0 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -25,14 +25,14 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? || ENV["RENDER"].present? + config.public_file_server.enabled = Rails.application.credentials.config.dig(:RAILS_SERVE_STATIC_FILES).present? config.public_file_server.headers = { "Cache-Control" => "public, max-age=31536000", "Expires" => 1.year.from_now.to_formatted_s(:rfc822) } # Enable serving of images, stylesheets, and JavaScripts from an asset server. - config.asset_host = ENV.fetch("RAILS_ASSET_HOST") + config.asset_host = Rails.application.credentials.config.dig(:RAILS_ASSET_HOST) # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache @@ -47,7 +47,7 @@ # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true if ENV["FORCE_SSL"].present? && ENV["FORCE_SSL"] == "true" + config.force_ssl = true if Rails.application.credentials.config.dig(:FORCE_SSL) == "true" config.ssl_options = { redirect: { exclude: -> request { request.path =~ /ping/ } } } # Include generic and useful information about system operation, but avoid logging too much @@ -58,7 +58,9 @@ config.log_tags = [ :request_id ] # Use a different cache store in production. - config.cache_store = :redis_cache_store, { url: ENV.fetch("REDIS_URL", "redis://localhost:6379/1") } + config.cache_store = :redis_cache_store, { + url: Rails.application.credentials.config.dig(:REDIS_URL) || "redis://localhost:6379/1" + } # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque diff --git a/docker-compose.yml b/docker-compose.yml index d9c02dc6..12d96fd7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,8 +41,6 @@ services: - TZ - RAILS_ENV - NODE_ENV - - OCCSON_ACCESS_TOKEN - - OCCSON_PASSPHRASE - RAILS_MASTER_KEY - RAILS_ASSET_HOST container_name: project-cyan-app @@ -62,8 +60,16 @@ services: - RAILS_ENV - NODE_ENV - RAILS_ASSET_HOST - - OCCSON_ACCESS_TOKEN - - OCCSON_PASSPHRASE + - RACK_TIMEOUT_SERVICE_TIMEOUT=60 + - RACK_TIMEOUT_WAIT_TIMEOUT=60 + - RAILS_SERVE_STATIC_FILES=true + - RUBY_GC_HEAP_GROWTH_FACTOR=1.1 + - RUBY_GC_MALLOC_LIMIT=4000100 + - RUBY_GC_MALLOC_LIMIT_GROWTH_FACTOR=1.1 + - RUBY_GC_MALLOC_LIMIT_MAX=16000100 + - RUBY_GC_OLDMALLOC_LIMIT=16000100 + - RUBY_GC_OLDMALLOC_LIMIT_MAX=16000100 + - VITE_RUBY_SKIP_ASSETS_PRECOMPILE_EXTENSION=true sidekiq: build: *build container_name: project-cyan-sidekiq @@ -90,10 +96,6 @@ secrets: environment: RAILS_ENV NODE_ENV: environment: NODE_ENV - OCCSON_ACCESS_TOKEN: - environment: OCCSON_ACCESS_TOKEN - OCCSON_PASSPHRASE: - environment: OCCSON_PASSPHRASE RAILS_MASTER_KEY: environment: RAILS_MASTER_KEY RAILS_ASSET_HOST: diff --git a/sorbet/rbi/gems/occson@4.2.0.rbi b/sorbet/rbi/gems/occson@4.2.0.rbi deleted file mode 100644 index cd4cac9e..00000000 --- a/sorbet/rbi/gems/occson@4.2.0.rbi +++ /dev/null @@ -1,291 +0,0 @@ -# typed: true - -# DO NOT EDIT MANUALLY -# This is an autogenerated file for types exported from the `occson` gem. -# Please instead update this file by running `bin/tapioca gem occson`. - -# Top level `Occson` namespace. -# -# source://occson//lib/occson/version.rb#3 -module Occson; end - -# source://occson//lib/occson/commands/copy.rb#4 -module Occson::Commands; end - -# The copy command, responsible for copying a target to a destination, performing encryption -# and decryption as necessary. -# -# The target and destinations can be: -# -# - STDIN/STDOUT: a `-` sign is interpreted as these standard streams -# -# - The Occson server: strings beginning with `occson://` or `http(s)://` are interpreted as such -# -# - local files: everything not matching the previous descriptions is assumed to -# be a path on the local system -# -# source://occson//lib/occson/commands/copy.rb#16 -class Occson::Commands::Copy - # Builds an instance of the Copy command. - # - # @param source [String] `-` for STDIN, an URI or a local file path - # @param destination [String] `-` for STDOUT, an URI or a local file path - # @param access_token [String] Occson access token - # @param passphrase [String] Passphrase used for encryption of the document - # @param force [Boolean] Whether to overwrite target document in Occson, if any. Default `false`. - # @return [Copy] a new instance of Copy - # - # source://occson//lib/occson/commands/copy.rb#24 - def initialize(source, destination, access_token, passphrase, force: T.unsafe(nil)); end - - # Performs a transfer between locations - an upload if `@source` is local or STDIN, - # a download if `@source` is an URI. - # - # No guarantees are made about the return values of this method. - # - # source://occson//lib/occson/commands/copy.rb#36 - def call; end - - private - - # source://occson//lib/occson/commands/copy.rb#46 - def download; end - - # @return [Boolean] - # - # source://occson//lib/occson/commands/copy.rb#42 - def download?; end - - # source://occson//lib/occson/commands/copy.rb#53 - def upload; end -end - -# source://occson//lib/occson/commands/run.rb#5 -class Occson::Commands::Run - # @return [Run] a new instance of Run - # - # source://occson//lib/occson/commands/run.rb#6 - def initialize(source, command, arguments, access_token, passphrase); end - - # source://occson//lib/occson/commands/run.rb#14 - def call; end -end - -# Handles client-side decryption for documents. -# -# The decrypter uses AES-256 in CBC mode internally. A salt is -# expected in bytes 8..15, with ciphertext occupying the -# further bytes. -# -# source://occson//lib/occson/decrypter.rb#9 -class Occson::Decrypter - # Constructs a Decrypter instance with given passphrase and content. - # - # @example - # Occson::Decrypter.new('the content passphrase', content) - # @param passphrase [String] Passphrase for content decryption - # @param content [String] Encrypted document content - # @return [Decrypter] a new instance of Decrypter - # - # source://occson//lib/occson/decrypter.rb#17 - def initialize(passphrase, content); end - - # Performs decryption, returning plaintext if passphrase matched. - # - # @return [String] Plaintext document content - # - # source://occson//lib/occson/decrypter.rb#25 - def call; end - - private - - # source://occson//lib/occson/decrypter.rb#41 - def ciphertext_salt; end - - # source://occson//lib/occson/decrypter.rb#33 - def decryptor; end - - # source://occson//lib/occson/decrypter.rb#45 - def encrypted; end - - # source://occson//lib/occson/decrypter.rb#37 - def openssl_salted_ciphertext; end -end - -# An abstraction for the Document concept. Simplifies building URLs, -# uploading and downloading contents. Abstracts away workspaces due to -# the use of access tokens in constructions. -# -# source://occson//lib/occson/document.rb#7 -class Occson::Document - # Constructs a Document instance from a given URI, access token and passphrase. - # - # @example - # uri = 'occson://path/to/file.yml' - # access_token = 'f30b5450421362c9ca0b' - # passphrase = 'my document passphrase' - # - # Occson::Document.new(uri, access_token, passphrase) - # @param uri [String] Document URI. Accepts `occson://` as shorthand for Occson location. - # @param access_token [String] Occson access token. - # @param passphrase [String] Document passphrase, used in encryption and decryption. - # @return [Document] a new instance of Document - # - # source://occson//lib/occson/document.rb#20 - def initialize(uri, access_token, passphrase); end - - # Downloads the encrypted document at `@uri` and returns the plaintext - # contents (given that `@passphrase` matches). - # - # @example - # plaintext = document.download - # @return [String] Decrypted document contents - # - # source://occson//lib/occson/document.rb#44 - def download; end - - # Uploads the given plaintext `content` to target URI. - # - # @example - # document.upload('My example plaintext.') - # @param content [String] Plaintext to be encrypted and uploaded. - # @param force [Boolean] Whether to overwrite target document in Occson, if any. Default `false`. - # - # source://occson//lib/occson/document.rb#33 - def upload(content, force: T.unsafe(nil)); end - - private - - # source://occson//lib/occson/document.rb#50 - def build_uri(uri); end -end - -# Downloads and decrypts the document at given URI with given access token. -# Decryption occurs using given passphrase. -# -# source://occson//lib/occson/downloader.rb#6 -class Occson::Downloader - # Constructs a Downloader instance from a given URI, access token and passphrase. - # - # @example - # uri = 'occson://path/to/file.yml' - # access_token = 'f30b5450421362c9ca0b' - # passphrase = 'my document passphrase' - # - # Occson::Downloader.new(uri, access_token, passphrase) - # @param uri [String] Document URI. Accepts `occson://` as shorthand for Occson location. - # @param access_token [String] Occson access token. - # @param passphrase [String] Document passphrase, used in encryption and decryption. - # @return [Downloader] a new instance of Downloader - # - # source://occson//lib/occson/downloader.rb#19 - def initialize(uri, access_token, passphrase); end - - # Performs the download and decryption of document. - # - # @return [String|nil] Decrypted body of the document or `nil` in case the - # server did not respond with a `200` HTTP code. - # - # source://occson//lib/occson/downloader.rb#29 - def call; end - - private - - # source://occson//lib/occson/downloader.rb#53 - def headers; end - - # source://occson//lib/occson/downloader.rb#41 - def http; end - - # source://occson//lib/occson/downloader.rb#47 - def request; end -end - -# Encrypts the given content for transmission. Uses AES-256 in CBC -# mode internally, with salting. -# -# source://occson//lib/occson/encrypter.rb#6 -class Occson::Encrypter - # Constructs an Encrypter instance with given passphrase, content and salt. - # Salt _must_ be exactly 8 characters long. - # - # @example - # passphrase = 'my long document passphrase' - # content = 'very secret content' - # salt = '12345678' - # - # Occson::Encrypter.new(passphrase, content, salt) - # @param passphrase [String] Document passphrase. - # @param content [String] Plaintext content to be encrypted. - # @param salt [String] Salt to reinforce the encryption, included in - # plaintext in the encrypted document. - # @return [Encrypter] a new instance of Encrypter - # - # source://occson//lib/occson/encrypter.rb#21 - def initialize(passphrase, content, salt); end - - # Performs the actual encryption, returning base64-encoded ciphertext. - # - # @return [String] base64-encoded ciphertext - # - # source://occson//lib/occson/encrypter.rb#30 - def call; end - - private - - # source://occson//lib/occson/encrypter.rb#41 - def encryptor; end -end - -# Encrypts and uploads the document to Occson. -# -# source://occson//lib/occson/uploader.rb#5 -class Occson::Uploader - # Constructs an Uploader instance from a given URI, content, access token and passphrase. - # - # @example - # uri = 'occson://path/to/file.yml' - # content = 'my very secret message' - # access_token = 'f30b5450421362c9ca0b' - # passphrase = 'my document passphrase' - # - # Occson::Uploader.new(uri, access_token, passphrase) - # @param uri [String] Document URI. Accepts `occson://` as shorthand for Occson location. - # @param content [String] Plaintext for encryption and upload. - # @param access_token [String] Occson access token. - # @param passphrase [String] Document passphrase, used in encryption and decryption. - # @param force [Boolean] Whether to overwrite target document in Occson, if any. Default `false`. - # @return [Uploader] a new instance of Uploader - # - # source://occson//lib/occson/uploader.rb#21 - def initialize(uri, content, access_token, passphrase, force: T.unsafe(nil)); end - - # Performs the actual upload to server. - # - # @return [Boolean] `true` for a successful upload, `false` otherwise - # - # source://occson//lib/occson/uploader.rb#32 - def call; end - - private - - # source://occson//lib/occson/uploader.rb#58 - def encrypted_content; end - - # source://occson//lib/occson/uploader.rb#51 - def headers; end - - # source://occson//lib/occson/uploader.rb#39 - def http; end - - # source://occson//lib/occson/uploader.rb#45 - def request; end - - # source://occson//lib/occson/uploader.rb#62 - def salt; end -end - -# Occson gem version definition -# -# source://occson//lib/occson/version.rb#5 -Occson::VERSION = T.let(T.unsafe(nil), String)