feat: implements config loader to enable remote or external configs

fix: config loader clone command issue

fix: adds input validation, uses array arguments, prevented shell spawn

Author: dcoric

.gitignore

@@ -117,6 +117,9 @@ dist
 # Stores VSCode versions used for testing VSCode extensions
 .vscode-test
 
+# Jetbrains
+.idea
+
 # yarn v2
 
 .yarn/cache
@@ -212,6 +215,9 @@ dist
 # https://nextjs.org/blog/next-9-1#public-directory-support
 # public
 
+# git-config-cache
+.git-config-cache
+
 # vuepress build output
 .vuepress/dist
 

config.schema.json

@@ -5,6 +5,18 @@
   "description": "Configuration for customizing git-proxy",
   "type": "object",
   "properties": {
+    "configurationSources": {
+      "enabled": { "type": "boolean" },
+      "reloadIntervalSeconds": { "type": "number" },
+      "merge": { "type": "boolean" },
+      "sources": {
+        "type": "array",
+        "items": {
+          "type": "object",
+          "description": "Configuration source"
+        }
+      }
+    },
     "proxyUrl": { "type": "string" },
     "cookieSecret": { "type": "string" },
     "sessionMaxAgeHours": { "type": "number" },

packages/git-proxy-cli/index.js

@@ -306,6 +306,29 @@ async function logout() {
   console.log('Logout: OK');
 }
 
+/**
+ * Reloads the GitProxy configuration without restarting the process
+ */
+async function reloadConfig() {
+  if (!fs.existsSync(GIT_PROXY_COOKIE_FILE)) {
+    console.error('Error: Reload config: Authentication required');
+    process.exitCode = 1;
+    return;
+  }
+
+  try {
+    const cookies = JSON.parse(fs.readFileSync(GIT_PROXY_COOKIE_FILE, 'utf8'));
+
+    await axios.post(`${baseUrl}/api/v1/admin/reload-config`, {}, { headers: { Cookie: cookies } });
+
+    console.log('Configuration reloaded successfully');
+  } catch (error) {
+    const errorMessage = `Error: Reload config: '${error.message}'`;
+    process.exitCode = 2;
+    console.error(errorMessage);
+  }
+}
+
 // Parsing command line arguments
 yargs(hideBin(process.argv))
   .command({
@@ -436,6 +459,11 @@ yargs(hideBin(process.argv))
       rejectGitPush(argv.id);
     },
   })
+  .command({
+    command: 'reload-config',
+    description: 'Reload GitProxy configuration without restarting',
+    action: reloadConfig,
+  })
   .demandCommand(1, 'You need at least one command before moving on')
   .strict()
   .help().argv;

proxy.config.json

@@ -2,17 +2,44 @@
   "proxyUrl": "https://github.com",
   "cookieSecret": "cookie secret",
   "sessionMaxAgeHours": 12,
+  "configurationSources": {
+    "enabled": false,
+    "reloadIntervalSeconds": 60,
+    "merge": false,
+    "sources": [
+      {
+        "type": "file",
+        "enabled": false,
+        "path": "./external-config.json"
+      },
+      {
+        "type": "http",
+        "enabled": false,
+        "url": "http://config-service/git-proxy-config",
+        "headers": {},
+        "auth": {
+          "type": "bearer",
+          "token": ""
+        }
+      },
+      {
+        "type": "git",
+        "enabled": false,
+        "repository": "https://git-server.com/project/git-proxy-config",
+        "branch": "main",
+        "path": "git-proxy/config.json",
+        "auth": {
+          "type": "ssh",
+          "privateKeyPath": "/path/to/.ssh/id_rsa"
+        }
+      }
+    ]
+  },
   "tempPassword": {
     "sendEmail": false,
     "emailConfig": {}
   },
-  "authorisedList": [
-    {
-      "project": "finos",
-      "name": "git-proxy",
-      "url": "https://github.com/finos/git-proxy.git"
-    }
-  ],
+  "authorisedList": [],
   "sink": [
     {
       "type": "fs",

src/config/ConfigLoader.js

@@ -0,0 +1,167 @@
+const fs = require('fs');
+const path = require('path');
+const axios = require('axios');
+const { execFile } = require('child_process');
+const { promisify } = require('util');
+const execFileAsync = promisify(execFile);
+const EventEmitter = require('events');
+
+class ConfigLoader extends EventEmitter {
+  constructor(initialConfig) {
+    super();
+    this.config = initialConfig;
+    this.reloadTimer = null;
+    this.isReloading = false;
+  }
+
+  async start() {
+    const { configurationSources } = this.config;
+    if (!configurationSources?.enabled) {
+      return;
+    }
+
+    // Start periodic reload if interval is set
+    if (configurationSources.reloadIntervalSeconds > 0) {
+      this.reloadTimer = setInterval(
+        () => this.reloadConfiguration(),
+        configurationSources.reloadIntervalSeconds * 1000,
+      );
+    }
+
+    // Do initial load
+    await this.reloadConfiguration();
+  }
+
+  stop() {
+    if (this.reloadTimer) {
+      clearInterval(this.reloadTimer);
+      this.reloadTimer = null;
+    }
+  }
+
+  async reloadConfiguration() {
+    if (this.isReloading) return;
+    this.isReloading = true;
+
+    try {
+      const { configurationSources } = this.config;
+      if (!configurationSources?.enabled) return;
+
+      const configs = await Promise.all(
+        configurationSources.sources
+          .filter((source) => source.enabled)
+          .map((source) => this.loadFromSource(source)),
+      );
+
+      // Use merge strategy based on configuration
+      const shouldMerge = configurationSources.merge ?? true; // Default to true for backward compatibility
+      const newConfig = shouldMerge
+        ? configs.reduce(
+            (acc, curr) => {
+              return this.deepMerge(acc, curr);
+            },
+            { ...this.config },
+          )
+        : { ...this.config, ...configs[configs.length - 1] }; // Use last config for override
+
+      // Emit change event if config changed
+      if (JSON.stringify(newConfig) !== JSON.stringify(this.config)) {
+        this.config = newConfig;
+        this.emit('configurationChanged', this.config);
+      }
+    } catch (error) {
+      console.error('Error reloading configuration:', error);
+      this.emit('configurationError', error);
+    } finally {
+      this.isReloading = false;
+    }
+  }
+
+  async loadFromSource(source) {
+    switch (source.type) {
+      case 'file':
+        return this.loadFromFile(source);
+      case 'http':
+        return this.loadFromHttp(source);
+      case 'git':
+        return this.loadFromGit(source);
+      default:
+        throw new Error(`Unsupported configuration source type: ${source.type}`);
+    }
+  }
+
+  async loadFromFile(source) {
+    const configPath = path.resolve(process.cwd(), source.path);
+    const content = await fs.promises.readFile(configPath, 'utf8');
+    return JSON.parse(content);
+  }
+
+  async loadFromHttp(source) {
+    const headers = {
+      ...source.headers,
+      ...(source.auth?.type === 'bearer' ? { Authorization: `Bearer ${source.auth.token}` } : {}),
+    };
+
+    const response = await axios.get(source.url, { headers });
+    return response.data;
+  }
+
+  async loadFromGit(source) {
+    // Validate inputs
+    if (!source.repository || typeof source.repository !== 'string') {
+      throw new Error('Invalid repository URL');
+    }
+    if (source.branch && typeof source.branch !== 'string') {
+      throw new Error('Invalid branch name');
+    }
+
+    const tempDir = path.join(process.cwd(), '.git-config-cache');
+    await fs.promises.mkdir(tempDir, { recursive: true });
+
+    const repoDir = path.join(tempDir, Buffer.from(source.repository).toString('base64'));
+
+    // Clone or pull repository
+    if (!fs.existsSync(repoDir)) {
+      if (source.auth?.type === 'ssh') {
+        process.env.GIT_SSH_COMMAND = `ssh -i ${source.auth.privateKeyPath}`;
+      }
+      await execFileAsync('git', ['clone', source.repository, repoDir]);
+    } else {
+      await execFileAsync('git', ['pull'], { cwd: repoDir });
+    }
+
+    // Checkout specific branch if specified
+    if (source.branch) {
+      await execFileAsync('git', ['checkout', source.branch], { cwd: repoDir });
+    }
+
+    // Read and parse config file
+    const configPath = path.join(repoDir, source.path);
+    const content = await fs.promises.readFile(configPath, 'utf8');
+    return JSON.parse(content);
+  }
+
+  deepMerge(target, source) {
+    const output = { ...target };
+    if (isObject(target) && isObject(source)) {
+      Object.keys(source).forEach((key) => {
+        if (isObject(source[key])) {
+          if (!(key in target)) {
+            Object.assign(output, { [key]: source[key] });
+          } else {
+            output[key] = this.deepMerge(target[key], source[key]);
+          }
+        } else {
+          Object.assign(output, { [key]: source[key] });
+        }
+      });
+    }
+    return output;
+  }
+}
+
+function isObject(item) {
+  return item && typeof item === 'object' && !Array.isArray(item);
+}
+
+module.exports = ConfigLoader;