Hartmut/Nexus
1
0
Fork 0
Code Issues 11 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor(runtime): prefer env-backed secrets at runtime

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 19:17:32 +02:00
parent 4f5d410b94
commit fed7aa5b61
13 changed files with 532 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/lib/anonymization.ts
+12 -7
View File
@@ -1,5 +1,6 @@
import { createHash } from "node:crypto";
import type { PrismaClient } from "@capakraken/db";
import { resolveSystemSettingsRuntime } from "./system-settings-runtime.js";
const DEFAULT_ANONYMIZATION_DOMAIN = "superhartmut.de";
const DEFAULT_ANONYMIZATION_SEED = "capakraken-superhartmut-global";
@@ -639,10 +640,12 @@ export async function getAnonymizationConfig(
},
});
const runtimeSettings = resolveSystemSettingsRuntime(settings);
return {
enabled: settings?.anonymizationEnabled ?? false,
domain: settings?.anonymizationDomain?.trim() || DEFAULT_ANONYMIZATION_DOMAIN,
seed: settings?.anonymizationSeed?.trim() || DEFAULT_ANONYMIZATION_SEED,
enabled: runtimeSettings.anonymizationEnabled ?? false,
domain: runtimeSettings.anonymizationDomain?.trim() || DEFAULT_ANONYMIZATION_DOMAIN,
seed: runtimeSettings.anonymizationSeed?.trim() || DEFAULT_ANONYMIZATION_SEED,
mode: "global",
};
}
@@ -665,10 +668,12 @@ export async function getAnonymizationDirectory(
},
});
const runtimeSettings = resolveSystemSettingsRuntime(settings);
const config: AnonymizationConfig = {
enabled: settings?.anonymizationEnabled ?? false,
domain: settings?.anonymizationDomain?.trim() || DEFAULT_ANONYMIZATION_DOMAIN,
seed: settings?.anonymizationSeed?.trim() || DEFAULT_ANONYMIZATION_SEED,
enabled: runtimeSettings.anonymizationEnabled ?? false,
domain: runtimeSettings.anonymizationDomain?.trim() || DEFAULT_ANONYMIZATION_DOMAIN,
seed: runtimeSettings.anonymizationSeed?.trim() || DEFAULT_ANONYMIZATION_SEED,
mode: "global",
};
@@ -680,7 +685,7 @@ export async function getAnonymizationDirectory(
const usedSlugs = new Set<string>();
const byResourceId = new Map<string, ResourceAlias>();
const byAliasEid = new Map<string, string>();
const storedAliases = parseStoredAliases(settings?.anonymizationAliases);
const storedAliases = parseStoredAliases(runtimeSettings.anonymizationAliases);
let aliasesChanged = false;
for (const [resourceId, storedAlias] of Object.entries(storedAliases)) {