feat(database): connect postgres via socket and read config from env _FILE secrets (#2061)

* feat(database): connect postgres via socket * feat(config): read env var secrets from file * docs: explain env var secrets * refactor: generate postgres dsn
2025-07-23 00:39:13 +00:00 · 2025-05-05 21:15:24 +02:00 · 2025-05-05 21:15:24 +02:00 · fe4f385a22
commit fe4f385a22
parent 24648e45f7
9 changed files with 345 additions and 76 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -24,6 +24,8 @@ import (
 	"github.com/spf13/viper"
 )

+var EnvVarPrefix = "AUTOBRR__"
+
 var configTemplate = `# config.toml

 # Hostname / IP
@ -281,6 +283,7 @@ func (c *AppConfig) defaults() {
 		CustomDefinitions:     "",
 		CheckForUpdates:       true,
 		DatabaseType:          "sqlite",
+		DatabaseDSN:           "",
 		PostgresHost:          "",
 		PostgresPort:          0,
 		PostgresDatabase:      "",
@ -288,6 +291,7 @@ func (c *AppConfig) defaults() {
 		PostgresPass:          "",
 		PostgresSSLMode:       "disable",
 		PostgresExtraParams:   "",
+		PostgresSocket:        "",
 		ProfilingEnabled:      false,
 		ProfilingHost:         "127.0.0.1",
 		ProfilingPort:         6060,
@ -300,165 +304,187 @@ func (c *AppConfig) defaults() {
 }

 func (c *AppConfig) loadFromEnv() {
-	prefix := "AUTOBRR__"
-
-	if v := os.Getenv(prefix + "HOST"); v != "" {
+	if v := GetEnvStr("HOST"); v != "" {
 		c.Config.Host = v
 	}

-	if v := os.Getenv(prefix + "PORT"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.Port = int(i)
-		}
+	if v := GetEnvInt("PORT"); v > 0 {
+		c.Config.Port = v
 	}

-	if v := os.Getenv(prefix + "BASE_URL"); v != "" {
+	if v := GetEnvStr("BASE_URL"); v != "" {
 		c.Config.BaseURL = v
 	}

-	if v := os.Getenv(prefix + "BASE_URL_MODE_LEGACY"); v != "" {
+	if v := GetEnvStr("BASE_URL_MODE_LEGACY"); v != "" {
 		c.Config.BaseURLModeLegacy = strings.EqualFold(strings.ToLower(v), "true")
 	}

-	if v := os.Getenv(prefix + "LOG_LEVEL"); v != "" {
+	if v := GetEnvStr("LOG_LEVEL"); v != "" {
 		c.Config.LogLevel = v
 	}

-	if v := os.Getenv(prefix + "LOG_PATH"); v != "" {
+	if v := GetEnvStr("LOG_PATH"); v != "" {
 		c.Config.LogPath = v
 	}

-	if v := os.Getenv(prefix + "LOG_MAX_SIZE"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.LogMaxSize = int(i)
-		}
+	if v := GetEnvInt("LOG_MAX_SIZE"); v > 0 {
+		c.Config.LogMaxSize = v
 	}

-	if v := os.Getenv(prefix + "LOG_MAX_BACKUPS"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.LogMaxBackups = int(i)
-		}
+	if v := GetEnvInt("LOG_MAX_BACKUPS"); v > 0 {
+		c.Config.LogMaxBackups = v
 	}

-	if v := os.Getenv(prefix + "SESSION_SECRET"); v != "" {
+	if v := GetEnvStr("SESSION_SECRET"); v != "" {
 		c.Config.SessionSecret = v
 	}

-	if v := os.Getenv(prefix + "CUSTOM_DEFINITIONS"); v != "" {
+	if v := GetEnvStr("CUSTOM_DEFINITIONS"); v != "" {
 		c.Config.CustomDefinitions = v
 	}

-	if v := os.Getenv(prefix + "CHECK_FOR_UPDATES"); v != "" {
+	if v := GetEnvStr("CHECK_FOR_UPDATES"); v != "" {
 		c.Config.CheckForUpdates = strings.EqualFold(strings.ToLower(v), "true")
 	}

-	if v := os.Getenv(prefix + "DATABASE_TYPE"); v != "" {
+	if v := GetEnvStr("DATABASE_DSN"); v != "" {
+		c.Config.DatabaseDSN = v
+	}
+
+	if v := GetEnvStr("DATABASE_TYPE"); v != "" {
 		if validDatabaseType(v) {
 			c.Config.DatabaseType = v
 		}
 	}

-	if v := os.Getenv(prefix + "DATABASE_MAX_BACKUPS"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.DatabaseMaxBackups = int(i)
-		}
+	if v := GetEnvInt("DATABASE_MAX_BACKUPS"); v > 0 {
+		c.Config.DatabaseMaxBackups = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_HOST"); v != "" {
+	if v := GetEnvStr("POSTGRES_HOST"); v != "" {
 		c.Config.PostgresHost = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_PORT"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.PostgresPort = int(i)
-		}
+	if v := GetEnvInt("POSTGRES_PORT"); v > 0 {
+		c.Config.PostgresPort = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_DATABASE"); v != "" {
+	if v := GetEnvStr("POSTGRES_DATABASE"); v != "" {
 		c.Config.PostgresDatabase = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_USER"); v != "" {
+	if v := GetEnvStr("POSTGRES_DB"); v != "" {
+		c.Config.PostgresDatabase = v
+	}
+
+	if v := GetEnvStr("POSTGRES_USER"); v != "" {
 		c.Config.PostgresUser = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_PASS"); v != "" {
+	if v := GetEnvStr("POSTGRES_PASS"); v != "" {
 		c.Config.PostgresPass = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_SSLMODE"); v != "" {
+	if v := GetEnvStr("POSTGRES_PASSWORD"); v != "" {
+		c.Config.PostgresPass = v
+	}
+
+	if v := GetEnvStr("POSTGRES_SSLMODE"); v != "" {
 		c.Config.PostgresSSLMode = v
 	}

-	if v := os.Getenv(prefix + "POSTGRES_EXTRA_PARAMS"); v != "" {
+	if v := GetEnvStr("POSTGRES_SOCKET"); v != "" {
+		c.Config.PostgresSocket = v
+	}
+
+	if v := GetEnvStr("POSTGRES_EXTRA_PARAMS"); v != "" {
 		c.Config.PostgresExtraParams = v
 	}

-	if v := os.Getenv(prefix + "PROFILING_ENABLED"); v != "" {
+	if v := GetEnvStr("PROFILING_ENABLED"); v != "" {
 		c.Config.ProfilingEnabled = strings.EqualFold(strings.ToLower(v), "true")
 	}

-	if v := os.Getenv(prefix + "PROFILING_HOST"); v != "" {
+	if v := GetEnvStr("PROFILING_HOST"); v != "" {
 		c.Config.ProfilingHost = v
 	}

-	if v := os.Getenv(prefix + "PROFILING_PORT"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.ProfilingPort = int(i)
-		}
+	if v := GetEnvInt("PROFILING_PORT"); v > 0 {
+		c.Config.ProfilingPort = v
 	}

 	// OIDC Configuration
-	if v := os.Getenv(prefix + "OIDC_ENABLED"); v != "" {
+	if v := GetEnvStr("OIDC_ENABLED"); v != "" {
 		c.Config.OIDCEnabled = strings.EqualFold(strings.ToLower(v), "true")
 	}

-	if v := os.Getenv(prefix + "OIDC_ISSUER"); v != "" {
+	if v := GetEnvStr("OIDC_ISSUER"); v != "" {
 		c.Config.OIDCIssuer = v
 	}

-	if v := os.Getenv(prefix + "OIDC_CLIENT_ID"); v != "" {
+	if v := GetEnvStr("OIDC_CLIENT_ID"); v != "" {
 		c.Config.OIDCClientID = v
 	}

-	if v := os.Getenv(prefix + "OIDC_CLIENT_SECRET"); v != "" {
+	if v := GetEnvStr("OIDC_CLIENT_SECRET"); v != "" {
 		c.Config.OIDCClientSecret = v
 	}

-	if v := os.Getenv(prefix + "OIDC_REDIRECT_URL"); v != "" {
+	if v := GetEnvStr("OIDC_REDIRECT_URL"); v != "" {
 		c.Config.OIDCRedirectURL = v
 	}

-	if v := os.Getenv(prefix + "OIDC_DISABLE_BUILT_IN_LOGIN"); v != "" {
+	if v := GetEnvStr("OIDC_DISABLE_BUILT_IN_LOGIN"); v != "" {
 		c.Config.OIDCDisableBuiltInLogin = strings.EqualFold(strings.ToLower(v), "true")
 	}

-	if v := os.Getenv(prefix + "METRICS_ENABLED"); v != "" {
+	if v := GetEnvStr("METRICS_ENABLED"); v != "" {
 		c.Config.MetricsEnabled = strings.EqualFold(strings.ToLower(v), "true")
 	}

-	if v := os.Getenv(prefix + "METRICS_HOST"); v != "" {
+	if v := GetEnvStr("METRICS_HOST"); v != "" {
 		c.Config.MetricsHost = v
 	}

-	if v := os.Getenv(prefix + "METRICS_PORT"); v != "" {
-		i, _ := strconv.ParseInt(v, 10, 32)
-		if i > 0 {
-			c.Config.MetricsPort = int(i)
-		}
+	if v := GetEnvInt("METRICS_PORT"); v > 0 {
+		c.Config.MetricsPort = v
 	}

-	if v := os.Getenv(prefix + "METRICS_BASIC_AUTH_USERS"); v != "" {
+	if v := GetEnvStr("METRICS_BASIC_AUTH_USERS"); v != "" {
 		c.Config.MetricsBasicAuthUsers = v
 	}
 }

+func GetEnvStr(key string) string {
+	// first check if we have a variable with a _FILE ending
+	// commonly used for docker secrets and similar
+	if filePath := os.Getenv(EnvVarPrefix + key + "_FILE"); filePath != "" {
+		content, err := os.ReadFile(filePath)
+		if err != nil {
+			log.Fatalf("Could not read file: %s err: %q", filePath, err)
+			return ""
+		}
+		return strings.TrimSpace(string(content))
+	}
+
+	if v := os.Getenv(EnvVarPrefix + key); v != "" {
+		return v
+	}
+
+	return ""
+}
+
+func GetEnvInt(key string) int {
+	value := GetEnvStr(key)
+
+	i, err := strconv.ParseInt(value, 10, 32)
+	if err != nil {
+		return 0
+	}
+	return int(i)
+}
+
 func validDatabaseType(v string) bool {
 	valid := []string{"sqlite", "postgres"}
 	for _, s := range valid {