feat: add `UPTIME_KUMA_DB_PASSWORD_FILE` and `UPTIME_KUMA_DB_USERNAME_FILE` for docker secrets control (#6629)

Co-authored-by: Frank Elsinga <frank@elsinga.de>
1 month ago · d05303963d
parent 41233b6445
commit d05303963d
1 changed files with 28 additions and 2 deletions
--- a/server/setup-database.js
+++ b/server/setup-database.js
@ -7,6 +7,32 @@ const Database = require("./database");
 const { allowDevAllOrigin } = require("./util-server");
 const mysql = require("mysql2/promise");

+/**
+ * Reads a configuration value from an environment variable or a Docker secrets file.
+ * If both the direct env var and the _FILE variant are set, an error is thrown.
+ * @param {string} envName The base name of the environment variable (e.g., "UPTIME_KUMA_DB_PASSWORD")
+ * @returns {string|undefined} The value from the env var, file contents (trimmed), or undefined if neither is set
+ * @throws {Error} If both the direct env var and the _FILE variant are set
+ */
+function getEnvOrFile(envName) {
+    const directValue = process.env[envName];
+    const fileValue = process.env[envName + "_FILE"];
+
+    if (directValue && fileValue) {
+        throw new Error(`Both ${envName} and ${envName}_FILE are set. Please use only one.`);
+    }
+
+    if (fileValue) {
+        try {
+            return fs.readFileSync(fileValue, "utf8").trim();
+        } catch (err) {
+            throw new Error(`Failed to read ${envName}_FILE at ${fileValue}: ${err.message}`);
+        }
+    }
+
+    return directValue;
+}
+
 /**
 *  A standalone express app that is used to setup a database
 *  It is used when db-config.json and kuma.db are not found or invalid
@ -75,8 +101,8 @@ class SetupDatabase {
            dbConfig.hostname = process.env.UPTIME_KUMA_DB_HOSTNAME;
            dbConfig.port = process.env.UPTIME_KUMA_DB_PORT;
            dbConfig.dbName = process.env.UPTIME_KUMA_DB_NAME;
-            dbConfig.username = process.env.UPTIME_KUMA_DB_USERNAME;
-            dbConfig.password = process.env.UPTIME_KUMA_DB_PASSWORD;
+            dbConfig.username = getEnvOrFile("UPTIME_KUMA_DB_USERNAME");
+            dbConfig.password = getEnvOrFile("UPTIME_KUMA_DB_PASSWORD");
            Database.writeDBConfig(dbConfig);
        }