Add env vars parser to avoid leaking secrets

This commit is contained in:
zigotica 2024-01-15 18:45:40 +01:00
parent d77c188a7e
commit 19da2ec829
4 changed files with 66 additions and 43 deletions

84
.env
View File

@ -1,40 +1,44 @@
# Store environmental variables here. All variables are optional.
# Lines beginning in '#' are ignored.
# Can be either development, production or test
# NODE_ENV=production
# The port to expose the running application on
# PORT=4000
# If you've proved SSL certs, then can set HTTPS port
# SSL_PORT=4001
# The host that Dashy is running on, domain or IP
# HOST=localhost
# The default base path for serving up static assets
# BASE_URL=./
# Optionally, specify the path of SSL private + public keys
# SSL_PRIV_KEY_PATH=/etc/ssl/certs/dashy-priv.key
# SSL_PUB_KEY_PATH=/etc/ssl/certs/dashy-pub.pem
# If SSL enabled, choose whether or not to redirect http to https
# Defaults to true
# REDIRECT_HTTPS=true
# Usually the same as BASE_URL, but accessible in frontend
# VUE_APP_DOMAIN=https://dashy.to
# Should enable SRI for build script and link resources
# INTEGRITY=true
# Computed automatically on build. Indicates if running in container
# IS_DOCKER=true
# Again, set automatically using package.json during build time
# VUE_APP_VERSION=2.0.0
# Directory for conf.yml backups
# BACKUP_DIR=./public/
# Store environmental variables here. All variables are optional.
# Lines beginning in '#' are ignored.
# Can be either development, production or test
# NODE_ENV=production
# The port to expose the running application on
# PORT=4000
# If you've proved SSL certs, then can set HTTPS port
# SSL_PORT=4001
# The host that Dashy is running on, domain or IP
# HOST=localhost
# The default base path for serving up static assets
# BASE_URL=./
# Optionally, specify the path of SSL private + public keys
# SSL_PRIV_KEY_PATH=/etc/ssl/certs/dashy-priv.key
# SSL_PUB_KEY_PATH=/etc/ssl/certs/dashy-pub.pem
# If SSL enabled, choose whether or not to redirect http to https
# Defaults to true
# REDIRECT_HTTPS=true
# Usually the same as BASE_URL, but accessible in frontend
# VUE_APP_DOMAIN=https://dashy.to
# Should enable SRI for build script and link resources
# INTEGRITY=true
# Computed automatically on build. Indicates if running in container
# IS_DOCKER=true
# Again, set automatically using package.json during build time
# VUE_APP_VERSION=2.0.0
# Directory for conf.yml backups
# BACKUP_DIR=./public/
# Setup any other user defined vars by prepending VUE_APP_ to the var name
# VUE_APP_pihole_ip=http://your.pihole.ip
# VUE_APP_pihole_key=your_pihole_secret_key

View File

@ -1551,6 +1551,19 @@ Displays the number of queries blocked by [Pi-Hole](https://pi-hole.net/).
apiKey: xxxxxxxxxxxxxxxxxxxxxxx
```
> [!TIP]
> In order to avoid leaking secret data, both `hostname` and `apiKey` can leverage environment variables. Simply pass the name of the variable, which MUST start with `VUE_APP_`.
```yaml
- type: pi-hole-stats
options:
hostname: VUE_APP_pihole_ip
apiKey: VUE_APP_pihole_key
```
> [!IMPORTANT]
> You will need to restart the server (or the docker image) if adding/editing an env var for this to be refreshed.
#### Info
- **CORS**: 🟢 Enabled

View File

@ -36,13 +36,14 @@ export default {
computed: {
/* Let user select which comic to display: random, latest or a specific number */
hostname() {
const usersChoice = this.options.hostname;
const usersChoice = this.parseAsEnvVar(this.options.hostname);
if (!usersChoice) this.error('You must specify the hostname for your Pi-Hole server');
return usersChoice || 'http://pi.hole';
},
apiKey() {
if (!this.options.apiKey) this.error('API Key is required, please see the docs');
return this.options.apiKey;
const usersChoice = this.parseAsEnvVar(this.options.apiKey);
if (!usersChoice) this.error('API Key is required, please see the docs');
return usersChoice;
},
endpoint() {
return `${this.hostname}/admin/api.php?summary&auth=${this.apiKey}`;

View File

@ -131,6 +131,11 @@ const WidgetMixin = {
});
});
},
/* Check if a value is an environment variable, return its value if so. */
parseAsEnvVar(str) {
if (str.includes('VUE_APP_')) return process.env[str];
return str;
},
},
};