Remove hardcoded secrets (#914)

* build(backend): hoist dotenvy dep

* build(config): add new dep

* feat(config): remove card coded api tokens

* ci: add env variables as arg

* ci: add new build args

* ci: add new env variables

* feat(config): add default loaders for mal credentials

Signed-off-by: Diptesh Choudhuri <ignisda2001@gmail.com>

* feat(config): add config params for music tracking

* docs: add link for backup

* docs: change order of sections

* feat(backend): discogs stuff

* feat(*): remove all discogs and music stuff

* ci: change order of args

* fix(frontend): change key location

* refactor(frontend): change response signature

* chore(frontend): remove root layout

* feat(frontend): add error boundary to dashboard layout

* perf(backend): reduce duplicate queries

* feat(frontend): add note about drag and drop

* fix(frontend): better logic for next entry

* feat(backend): store episode name in calendar event

* Revert "feat(backend): store episode name in calendar event"

This reverts commit e8e4be8.

* feat(backend): return episode name for upcoming

* feat(frontend): display correct name

* feat(frontend): display tooltip if episode

* chore(docs): better grammar

* chore(backend): remove location of deps

* feat(backend): add attribute to struct

* chore(frontend): add new list item to errors

* feat(backend): move auth providers to resolver level

* feat(backend): correctly classify as mutations

* feat(frontend): add btn to reload page

* feat(frontend): display error message in boundary

* feat(backend): get access to db in auth handler

* chore(backend): remove useless code check

---------

Signed-off-by: Diptesh Choudhuri <ignisda2001@gmail.com>

Author: IgnisDa

.github/workflows/release.yml

@@ -130,6 +130,8 @@ jobs:
           tags: ${{ steps.required_args.outputs.image_names }}
           build-args: |
             APP_VERSION=${{ steps.required_args.outputs.APP_VERSION }}
+            DEFAULT_TMDB_ACCESS_TOKEN=${{ secrets.DEFAULT_TMDB_ACCESS_TOKEN }}
+            DEFAULT_MAL_CLIENT_ID=${{ secrets.DEFAULT_MAL_CLIENT_ID }}
 
   upload-kodi-plugin:
     runs-on: ubuntu-20.04

Cargo.lock

@@ -11,6 +11,7 @@ async-graphql = { version = "=7.0.6", features = [
     "tracing",
 ] }
 chrono = "=0.4.38"
+dotenvy_macro = "=0.15.7"
 nanoid = "=0.4.0"
 schematic = { version = "=0.16.4", features = [
     "config",

Cargo.toml

@@ -31,22 +31,30 @@ COPY . .
 RUN cargo chef prepare --recipe-path recipe.json
 
 FROM backend-chef AS backend-builder
+# build specific
 ARG TARGETARCH
-ARG APP_VERSION
 ARG BUILD_PROFILE=release
+# application specific
+ARG APP_VERSION
+ARG DEFAULT_TMDB_ACCESS_TOKEN
+ARG DEFAULT_MAL_CLIENT_ID
+RUN test -n "$APP_VERSION" && \
+    test -n "$DEFAULT_TMDB_ACCESS_TOKEN" && \
+    test -n "$DEFAULT_MAL_CLIENT_ID"
 ENV RUST_TARGET_TRIPLE_arm64="aarch64-unknown-linux-gnu"
 ENV RUST_TARGET_TRIPLE_amd64="x86_64-unknown-linux-gnu"
 ENV TARGET_CC="clang"
 ENV TARGET_AR="llvm-ar"
 ENV CFLAGS_aarch64_unknown_linux_gnu="--sysroot=/usr/aarch64-linux-gnu"
 ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
-ENV APP_VERSION=$APP_VERSION
-RUN test -n "$APP_VERSION"
 COPY --from=backend-planner /app/recipe.json recipe.json
 RUN rustup target add $(eval "echo \$RUST_TARGET_TRIPLE_$TARGETARCH")
 RUN cargo chef cook --profile $BUILD_PROFILE --target $(eval "echo \$RUST_TARGET_TRIPLE_$TARGETARCH") --recipe-path recipe.json
 COPY . .
-RUN ./apps/backend/ci/build-app.sh
+RUN APP_VERSION=$APP_VERSION \
+    DEFAULT_TMDB_ACCESS_TOKEN=$DEFAULT_TMDB_ACCESS_TOKEN \
+    DEFAULT_MAL_CLIENT_ID=$DEFAULT_MAL_CLIENT_ID \
+    ./apps/backend/ci/build-app.sh
 
 FROM $NODE_BASE_IMAGE
 LABEL org.opencontainers.image.source="https://github.com/IgnisDa/ryot"

Dockerfile

@@ -31,7 +31,7 @@ derive_more = { version = "=1.0.0-beta.6", features = [
     "add_assign",
 ], default-features = false }
 dotenvy = "=0.15.7"
-dotenvy_macro = "=0.15.7"
+dotenvy_macro = { workspace = true }
 educe = { version = "=0.6.0", features = ["Debug"], default-features = false }
 enum_meta = "=0.7.0"
 flate2 = "=1.0.30"

apps/backend/Cargo.toml

@@ -29,19 +29,27 @@ struct ExportJob {
 #[derive(Default)]
 pub struct ExporterQuery;
 
+impl AuthProvider for ExporterQuery {}
+
 #[Object]
 impl ExporterQuery {
     /// Get all the export jobs for the current user.
     async fn user_exports(&self, gql_ctx: &Context<'_>) -> Result<Vec<ExportJob>> {
         let service = gql_ctx.data_unchecked::<Arc<ExporterService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.user_exports(user_id).await
     }
 }
 
 #[derive(Default)]
 pub struct ExporterMutation;
 
+impl AuthProvider for ExporterMutation {
+    fn is_mutation(&self) -> bool {
+        true
+    }
+}
+
 #[Object]
 impl ExporterMutation {
     /// Deploy a job to export data for a user.
@@ -51,7 +59,7 @@ impl ExporterMutation {
         to_export: Vec<ExportItem>,
     ) -> Result<bool> {
         let service = gql_ctx.data_unchecked::<Arc<ExporterService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.deploy_export_job(user_id, to_export).await
     }
 }
@@ -63,8 +71,6 @@ pub struct ExporterService {
     exercise_service: Arc<ExerciseService>,
 }
 
-impl AuthProvider for ExporterService {}
-
 impl ExporterService {
     pub fn new(
         config: Arc<config::AppConfig>,

apps/backend/src/exporter.rs

@@ -128,6 +128,8 @@ struct EditCustomExerciseInput {
 #[derive(Default)]
 pub struct ExerciseQuery;
 
+impl AuthProvider for ExerciseQuery {}
+
 #[Object]
 impl ExerciseQuery {
     /// Get all the parameters related to exercises.
@@ -143,7 +145,7 @@ impl ExerciseQuery {
         input: ExercisesListInput,
     ) -> Result<SearchResults<ExerciseListItem>> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.exercises_list(user_id, input).await
     }
 
@@ -154,7 +156,7 @@ impl ExerciseQuery {
         input: SearchInput,
     ) -> Result<SearchResults<WorkoutListItem>> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.user_workout_list(user_id, input).await
     }
 
@@ -175,7 +177,7 @@ impl ExerciseQuery {
         workout_id: String,
     ) -> Result<workout::Model> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.workout_details(&user_id, workout_id).await
     }
 
@@ -186,7 +188,7 @@ impl ExerciseQuery {
         exercise_id: String,
     ) -> Result<UserExerciseDetails> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.user_exercise_details(user_id, exercise_id).await
     }
 
@@ -197,14 +199,20 @@ impl ExerciseQuery {
         input: UserMeasurementsListInput,
     ) -> Result<Vec<user_measurement::Model>> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.user_measurements_list(&user_id, input).await
     }
 }
 
 #[derive(Default)]
 pub struct ExerciseMutation;
 
+impl AuthProvider for ExerciseMutation {
+    fn is_mutation(&self) -> bool {
+        true
+    }
+}
+
 #[Object]
 impl ExerciseMutation {
     /// Create a user measurement.
@@ -214,7 +222,7 @@ impl ExerciseMutation {
         input: user_measurement::Model,
     ) -> Result<DateTimeUtc> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.create_user_measurement(&user_id, input).await
     }
 
@@ -225,7 +233,7 @@ impl ExerciseMutation {
         timestamp: DateTimeUtc,
     ) -> Result<bool> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.delete_user_measurement(user_id, timestamp).await
     }
 
@@ -236,7 +244,7 @@ impl ExerciseMutation {
         input: UserWorkoutInput,
     ) -> Result<String> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.create_user_workout(&user_id, input).await
     }
 
@@ -247,14 +255,14 @@ impl ExerciseMutation {
         input: EditUserWorkoutInput,
     ) -> Result<bool> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.edit_user_workout(user_id, input).await
     }
 
     /// Delete a workout and remove all exercise associations.
     async fn delete_user_workout(&self, gql_ctx: &Context<'_>, workout_id: String) -> Result<bool> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.delete_user_workout(user_id, workout_id).await
     }
 
@@ -265,7 +273,7 @@ impl ExerciseMutation {
         input: exercise::Model,
     ) -> Result<String> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.create_custom_exercise(user_id, input).await
     }
 
@@ -276,7 +284,7 @@ impl ExerciseMutation {
         input: EditCustomExerciseInput,
     ) -> Result<bool> {
         let service = gql_ctx.data_unchecked::<Arc<ExerciseService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.edit_custom_exercise(user_id, input).await
     }
 }
@@ -288,8 +296,6 @@ pub struct ExerciseService {
     perform_application_job: MemoryStorage<ApplicationJob>,
 }
 
-impl AuthProvider for ExerciseService {}
-
 impl ExerciseService {
     pub fn new(
         db: &DatabaseConnection,
@@ -298,8 +304,8 @@ impl ExerciseService {
         perform_application_job: &MemoryStorage<ApplicationJob>,
     ) -> Self {
         Self {
-            db: db.clone(),
             config,
+            db: db.clone(),
             file_storage_service,
             perform_application_job: perform_application_job.clone(),
         }

apps/backend/src/fitness/resolver.rs

@@ -181,19 +181,27 @@ pub struct ImportResultResponse {
 #[derive(Default)]
 pub struct ImporterQuery;
 
+impl AuthProvider for ImporterQuery {}
+
 #[Object]
 impl ImporterQuery {
     /// Get all the import jobs deployed by the user.
     async fn import_reports(&self, gql_ctx: &Context<'_>) -> Result<Vec<import_report::Model>> {
         let service = gql_ctx.data_unchecked::<Arc<ImporterService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.import_reports(user_id).await
     }
 }
 
 #[derive(Default)]
 pub struct ImporterMutation;
 
+impl AuthProvider for ImporterMutation {
+    fn is_mutation(&self) -> bool {
+        true
+    }
+}
+
 #[Object]
 impl ImporterMutation {
     /// Add job to import data from various sources.
@@ -203,7 +211,7 @@ impl ImporterMutation {
         input: DeployImportJobInput,
     ) -> Result<bool> {
         let service = gql_ctx.data_unchecked::<Arc<ImporterService>>();
-        let user_id = service.user_id_from_ctx(gql_ctx).await?;
+        let user_id = self.user_id_from_ctx(gql_ctx).await?;
         service.deploy_import_job(user_id, input).await
     }
 }
@@ -214,8 +222,6 @@ pub struct ImporterService {
     timezone: Arc<chrono_tz::Tz>,
 }
 
-impl AuthProvider for ImporterService {}
-
 impl ImporterService {
     pub fn new(
         media_service: Arc<MiscellaneousService>,

apps/backend/src/importer/mod.rs

@@ -2,8 +2,10 @@ use anyhow::Result;
 use chrono::{Duration, Utc};
 use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
 use serde::{Deserialize, Serialize};
+use serde_with::skip_serializing_none;
 use uuid::Uuid;
 
+#[skip_serializing_none]
 #[derive(Debug, Deserialize, Serialize)]
 pub struct Claims {
     pub sub: String,