Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(environment): Make SSL variables optional #8843

Merged
merged 1 commit into from
Dec 3, 2024
Merged

fix(environment): Make SSL variables optional #8843

merged 1 commit into from
Dec 3, 2024

Conversation

AMoreaux
Copy link
Contributor

@AMoreaux AMoreaux commented Dec 3, 2024

Previously, SSL_KEY_PATH and SSL_CERT_PATH were required if the SERVER_URL started with 'https'. This change makes these variables optional, allowing greater flexibility in dealing with SSL configurations. This update helps in scenarios where SSL paths are managed differently or not needed.

@AMoreaux
fix(environment): Make SSL variables optional
136a941 
Previously, SSL_KEY_PATH and SSL_CERT_PATH were required if the SERVER_URL started with 'https'. This change makes these variables optional, allowing greater flexibility in dealing with SSL configurations. This update helps in scenarios where SSL paths are managed differently or not needed.
@AMoreaux AMoreaux requested a review from Weiko December 3, 2024 10:04
@AMoreaux AMoreaux self-assigned this Dec 3, 2024
greptile-apps[bot]
greptile-apps bot reviewed Dec 3, 2024
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR modifies the SSL configuration validation in the environment variables, making SSL certificate paths optional rather than required when using HTTPS.

  • Modified environment-variables.ts to make SSL_KEY_PATH and SSL_CERT_PATH optional by removing conditional validation
  • Potential security concern: HTTPS servers could now run without proper SSL certificate validation
  • Change provides more flexibility but removes enforcement of SSL certificates with HTTPS protocol
  • Recommend adding documentation or validation warnings when HTTPS is used without SSL paths specified
  • Consider adding runtime checks to ensure secure HTTPS configuration when certificates are missing

1 file(s) reviewed, 1 comment(s)
Edit PR Review Bot Settings | Greptile

packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Comment on lines 475 to 481
@IsString()
@ValidateIf((env) => env.SERVER_URL.startsWith('https'))
@IsOptional()
SSL_KEY_PATH: string;

@IsString()
@ValidateIf((env) => env.SERVER_URL.startsWith('https'))
@IsOptional()
SSL_CERT_PATH: string;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider adding a warning when SERVER_URL uses HTTPS but SSL paths are not provided

Weiko
Weiko approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@Weiko Weiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Weiko Weiko merged commit 7b2d989 into main Dec 3, 2024
19 checks passed
@Weiko Weiko deleted the fix/validation-ssl-parameters branch December 3, 2024 10:20
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 3, 2024

Fails
🚫

node failed.

Log

�[31mError: �[39m RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID 6407:1701DB:23AD76D:468404D:674EDBA6.
    at /home/runner/work/twenty/twenty/node_modules/�[4m@octokit�[24m/request/dist-node/index.js:86:21
�[90m    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)�[39m {
  status: �[33m403�[39m,
  response: {
    url: �[32m'https://api.github.com/search/issues?q=is%3Apr%20author%3AAMoreaux%20is%3Aclosed%20repo%3Atwentyhq%2Ftwenty&per_page=2&page=1'�[39m,
    status: �[33m403�[39m,
    headers: {
      �[32m'access-control-allow-origin'�[39m: �[32m'*'�[39m,
      �[32m'access-control-expose-headers'�[39m: �[32m'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset'�[39m,
      connection: �[32m'close'�[39m,
      �[32m'content-encoding'�[39m: �[32m'gzip'�[39m,
      �[32m'content-security-policy'�[39m: �[32m"default-src 'none'"�[39m,
      �[32m'content-type'�[39m: �[32m'application/json; charset=utf-8'�[39m,
      date: �[32m'Tue, 03 Dec 2024 10:21:26 GMT'�[39m,
      �[32m'referrer-policy'�[39m: �[32m'origin-when-cross-origin, strict-origin-when-cross-origin'�[39m,
      server: �[32m'github.com'�[39m,
      �[32m'strict-transport-security'�[39m: �[32m'max-age=31536000; includeSubdomains; preload'�[39m,
      �[32m'transfer-encoding'�[39m: �[32m'chunked'�[39m,
      vary: �[32m'Accept-Encoding, Accept, X-Requested-With'�[39m,
      �[32m'x-content-type-options'�[39m: �[32m'nosniff'�[39m,
      �[32m'x-frame-options'�[39m: �[32m'deny'�[39m,
      �[32m'x-github-api-version-selected'�[39m: �[32m'2022-11-28'�[39m,
      �[32m'x-github-media-type'�[39m: �[32m'github.v3; format=json'�[39m,
      �[32m'x-github-request-id'�[39m: �[32m'6407:1701DB:23AD76D:468404D:674EDBA6'�[39m,
      �[32m'x-ratelimit-limit'�[39m: �[32m'30'�[39m,
      �[32m'x-ratelimit-remaining'�[39m: �[32m'30'�[39m,
      �[32m'x-ratelimit-reset'�[39m: �[32m'1733221346'�[39m,
      �[32m'x-ratelimit-resource'�[39m: �[32m'search'�[39m,
      �[32m'x-ratelimit-used'�[39m: �[32m'1'�[39m,
      �[32m'x-xss-protection'�[39m: �[32m'0'�[39m
    },
    data: {
      documentation_url: �[32m'https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits'�[39m,
      message: �[32m'You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID 6407:1701DB:23AD76D:468404D:674EDBA6.'�[39m
    }
  },
  request: {
    method: �[32m'GET'�[39m,
    url: �[32m'https://api.github.com/search/issues?q=is%3Apr%20author%3AAMoreaux%20is%3Aclosed%20repo%3Atwentyhq%2Ftwenty&per_page=2&page=1'�[39m,
    headers: {
      accept: �[32m'application/vnd.github.v3+json'�[39m,
      �[32m'user-agent'�[39m: �[32m'octokit-rest.js/18.12.0 octokit-core.js/3.6.0 Node.js/18.20.5 (linux; x64)'�[39m,
      authorization: �[32m'token [REDACTED]'�[39m
    },
    request: { hook: �[36m[Function: bound bound register]�[39m }
  }
}
danger-results://tmp/danger-results-8c6851c7.json

Generated by 🚫 dangerJS against 136a941

mdrazak2001 pushed a commit to mdrazak2001/twenty that referenced this pull request Dec 4, 2024
@AMoreaux @mdrazak2001
fix(environment): Make SSL variables optional (twentyhq#8843)
dd14675 
Previously, SSL_KEY_PATH and SSL_CERT_PATH were required if the
SERVER_URL started with 'https'. This change makes these variables
optional, allowing greater flexibility in dealing with SSL
configurations. This update helps in scenarios where SSL paths are
managed differently or not needed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@Weiko Weiko Weiko approved these changes

Assignees

@AMoreaux AMoreaux

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AMoreaux @Weiko