(options: GetOrCreateStoredSecretOptions)
| 1693 | * Used by initAuthSecrets() for each of the six auth secrets. |
| 1694 | */ |
| 1695 | export const getOrCreateStoredSecret = async (options: GetOrCreateStoredSecretOptions): Promise<string> => { |
| 1696 | const { envKey, fileName, awsSecretIdSuffix, defaultValueForNew, weakDefault } = options |
| 1697 | const envVal = process.env[envKey] |
| 1698 | const useEnv = envVal && envVal.trim() !== '' && (weakDefault === undefined || envVal !== weakDefault) |
| 1699 | if (useEnv) { |
| 1700 | return envVal!.trim() |
| 1701 | } |
| 1702 | |
| 1703 | if (USE_AWS_SECRETS_MANAGER && secretsManagerClient) { |
| 1704 | const prefix = process.env.SECRETKEY_AWS_AUTH_PREFIX || 'Flowise' |
| 1705 | const secretId = prefix + awsSecretIdSuffix |
| 1706 | try { |
| 1707 | const command = new GetSecretValueCommand({ SecretId: secretId }) |
| 1708 | const response = await secretsManagerClient.send(command) |
| 1709 | if (response.SecretString) { |
| 1710 | return response.SecretString |
| 1711 | } |
| 1712 | } catch (error: any) { |
| 1713 | if (error.name === 'ResourceNotFoundException') { |
| 1714 | const newValue = defaultValueForNew !== undefined ? defaultValueForNew : generateAuthSecret() |
| 1715 | const createCommand = new CreateSecretCommand({ |
| 1716 | Name: secretId, |
| 1717 | SecretString: newValue |
| 1718 | }) |
| 1719 | await secretsManagerClient.send(createCommand) |
| 1720 | return newValue |
| 1721 | } |
| 1722 | throw error |
| 1723 | } |
| 1724 | } |
| 1725 | |
| 1726 | const dir = getAuthSecretsDirectory() |
| 1727 | const filePath = path.join(dir, fileName) |
| 1728 | try { |
| 1729 | return await fs.promises.readFile(filePath, 'utf8') |
| 1730 | } catch { |
| 1731 | const value = defaultValueForNew !== undefined ? defaultValueForNew : generateAuthSecret() |
| 1732 | if (!fs.existsSync(dir)) { |
| 1733 | fs.mkdirSync(dir, { recursive: true }) |
| 1734 | } |
| 1735 | await fs.promises.writeFile(filePath, value) |
| 1736 | return value |
| 1737 | } |
| 1738 | } |
| 1739 | |
| 1740 | /** |
| 1741 | * Transform ICredentialBody from req to Credential entity |
no test coverage detected