companion: Secrets From File: Implement Requested Changes

Reverts changes to index.js.
Implements a getSecret function for code deduplication.
Directly addresses environment variables in the documentation.

packages/@uppy/companion/src/server/provider/index.js

@@ -5,7 +5,6 @@
 const config = require('@purest/providers')
 const dropbox = require('./dropbox')
 const drive = require('./drive')
-const fs = require('fs')
 const instagram = require('./instagram')
 const { getURLBuilder } = require('../helpers/utils')
 const logger = require('../logger')
@@ -133,13 +132,7 @@ module.exports.addProviderOptions = (options, grantConfig) => {
     if (grantConfig[authProvider]) {
       // explicitly add providerOptions so users don't override other providerOptions.
       grantConfig[authProvider].key = providerOptions[authProvider].key
-
-      // only read and override a secret from file if such a file is not undefined
-      if (typeof providerOptions[authProvider].secretFile === 'string') {
-        grantConfig[authProvider].secret = fs.readFileSync(providerOptions[authProvider].secretFile).toString()
-      } else {
-        grantConfig[authProvider].secret = providerOptions[authProvider].secret
-      }
+      grantConfig[authProvider].secret = providerOptions[authProvider].secret
 
       // override grant.js redirect uri with uppy's custom redirect url
       if (oauthDomain) {

packages/@uppy/companion/src/standalone/helper.js

@@ -32,19 +32,19 @@ const getConfigFromEnv = () => {
     providerOptions: {
       google: {
         key: process.env.COMPANION_GOOGLE_KEY,
-        secret: typeof process.env.COMPANION_GOOGLE_SECRET_FILE === 'string' ? fs.readFileSync(process.env.COMPANION_GOOGLE_SECRET_FILE).toString() : process.env.COMPANION_GOOGLE_SECRET
+        secret: getSecret('COMPANION_GOOGLE_SECRET')
       },
       dropbox: {
         key: process.env.COMPANION_DROPBOX_KEY,
-        secret: typeof process.env.COMPANION_DROPBOX_SECRET_FILE === 'string' ? fs.readFileSync(process.env.COMPANION_DROPBOX_SECRET_FILE).toString() : process.env.COMPANION_DROPBOX_SECRET
+        secret: getSecret('COMPANION_DROPBOX_SECRET')
       },
       instagram: {
         key: process.env.COMPANION_INSTAGRAM_KEY,
-        secret: typeof process.env.COMPANION_INSTAGRAM_SECRET_FILE === 'string' ? fs.readFileSync(process.env.COMPANION_INSTAGRAM_SECRET_FILE).toString() : process.env.COMPANION_INSTAGRAM_SECRET
+        secret: getSecret('COMPANION_INSTAGRAM_SECRET')
       },
       s3: {
         key: process.env.COMPANION_AWS_KEY,
-        secret: typeof process.env.COMPANION_AWS_SECRET_FILE === 'string' ? fs.readFileSync(process.env.COMPANION_AWS_SECRET_FILE).toString() : process.env.COMPANION_AWS_SECRET,
+        secret: getSecret('COMPANION_AWS_SECRET'),
         bucket: process.env.COMPANION_AWS_BUCKET,
         endpoint: process.env.COMPANION_AWS_ENDPOINT,
         region: process.env.COMPANION_AWS_REGION
@@ -62,7 +62,7 @@ const getConfigFromEnv = () => {
     redisUrl: process.env.COMPANION_REDIS_URL,
     sendSelfEndpoint: process.env.COMPANION_SELF_ENDPOINT,
     uploadUrls: uploadUrls ? uploadUrls.split(',') : null,
-    secret: typeof process.env.COMPANION_SECRET_FILE === 'string' ? fs.readFileSync(process.env.COMPANION_SECRET_FILE).toString() : process.env.COMPANION_SECRET || generateSecret(),
+    secret: getSecret('COMPANION_SECRET') || generateSecret(),
     debug: process.env.NODE_ENV !== 'production',
     // TODO: this is a temporary hack to support distributed systems.
     // it is not documented, because it should be changed soon.
@@ -71,6 +71,20 @@ const getConfigFromEnv = () => {
   }
 }
 
+/**
+ * Tries to read the secret from a file if the according environment variable is set.
+ * Otherwise it falls back to the standard secret environment variable.
+ *
+ * @param {string} baseEnvVar
+ *
+ * @returns {string}
+ */
+const getSecret = (baseEnvVar) => {
+  return `${baseEnvVar}_FILE` in process.env
+    ? fs.readFileSync(process.env[`${baseEnvVar}_FILE`]).toString()
+    : process.env[baseEnvVar]
+}
+
 /**
  * Auto-generates server secret
  *

website/src/docs/companion.md

@@ -121,6 +121,7 @@ To run Companion as a standalone server, you are required to set your Uppy [Opti
 
 # any long set of random characters for the server session
 export COMPANION_SECRET="shh!Issa Secret!"
+# specifying a secret file will override a directly set secret
 export COMPANION_SECRET_FILE="PATH/TO/COMPANION/SECRET/FILE"
 # corresponds to the server.host option
 export COMPANION_DOMAIN="YOUR SERVER DOMAIN"
@@ -152,21 +153,25 @@ export COMPANION_REDIS_URL="REDIS URL"
 # to enable Dropbox
 export COMPANION_DROPBOX_KEY="YOUR DROPBOX KEY"
 export COMPANION_DROPBOX_SECRET="YOUR DROPBOX SECRET"
+# specifying a secret file will override a directly set secret
 export COMPANION_DROPBOX_SECRET_FILE="PATH/TO/DROPBOX/SECRET/FILE"
 
 # to enable Google Drive
 export COMPANION_GOOGLE_KEY="YOUR GOOGLE KEY"
 export COMPANION_GOOGLE_SECRET="YOUR GOOGLE SECRET"
+# specifying a secret file will override a directly set secret
 export COMPANION_GOOGLE_SECRET_FILE="PATH/TO/GOOGLE/SECRET/FILE"
 
 # to enable Instagram
 export COMPANION_INSTAGRAM_KEY="YOUR INSTAGRAM KEY"
 export COMPANION_INSTAGRAM_SECRET="YOUR INSTAGRAM SECRET"
+# specifying a secret file will override a directly set secret
 export COMPANION_INSTAGRAM_SECRET_FILE="PATH/TO/INSTAGRAM/SECRET/FILE"
 
 # to enable S3
 export COMPANION_AWS_KEY="YOUR AWS KEY"
 export COMPANION_AWS_SECRET="YOUR AWS SECRET"
+# specifying a secret file will override a directly set secret
 export COMPANION_AWS_SECRET_FILE="PATH/TO/AWS/SECRET/FILE"
 export COMPANION_AWS_BUCKET="YOUR AWS S3 BUCKET"
 export COMPANION_AWS_REGION="AWS REGION"
@@ -186,8 +191,6 @@ export COMPANION_UPLOAD_URLS="http://master.tus.io/files/,https://master.tus.io/
 
 See [env.example.sh](https://github.com/transloadit/uppy/blob/master/env.example.sh) for an example configuration script.
 
-If a `...SECRET_FILE"` environment variable is defined, the according `secret` will be overridden by the file's content.
-
 ### Options
 
 ```javascript