Fix possibility of Rails secret key not being set from config file.

Basically, after the changes in c65ea2f, this accidentally broke some other ordering issues when reading the config, so that if `cached_random_config_values.yml` contained a Rails secret token, and any other cached values were being generated, then the cached values would always take precedent. This fixes it by ensuring that any existing config should always take precedent over the cached config that's being generated. 18F/api.data.gov#437
NREL · Apr 12, 2018 · f88a2c0 · f88a2c0
1 parent d8e96be
commit f88a2c0
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 9 deletions.
diff --git a/src/api-umbrella/cli/read_config.lua b/src/api-umbrella/cli/read_config.lua
@@ -1,5 +1,6 @@
 local array_includes = require "api-umbrella.utils.array_includes"
 local array_last = require "api-umbrella.utils.array_last"
+local deep_defaults = require "api-umbrella.utils.deep_defaults"
 local deep_merge_overwrite_arrays = require "api-umbrella.utils.deep_merge_overwrite_arrays"
 local dir = require "pl.dir"
 local file = require "pl.file"
@@ -376,28 +377,31 @@ local function set_cached_random_tokens()
     local cached = {}
     if content then
       cached = lyaml.load(content)
-      deep_merge_overwrite_arrays(config, cached)
+      deep_defaults(config, cached)
     end
 
     -- If the tokens haven't already been written to the cache, generate them.
     if not config["web"]["rails_secret_token"] or not config["static_site"]["api_key"] then
       if not config["web"]["rails_secret_token"] then
-        cached["web"] = {
-          rails_secret_token = random_token(128),
-        }
+        deep_defaults(cached, {
+          web = {
+            rails_secret_token = random_token(128),
+          },
+        })
       end
 
       if not config["static_site"]["api_key"] then
-        cached["static_site"] = {
-          api_key = random_token(40),
-        }
+        deep_defaults(cached, {
+          static_site = {
+            api_key = random_token(40),
+          },
+        })
       end
 
       -- Persist the cached tokens.
       dir.makepath(config["run_dir"])
       file.write(cached_path, lyaml.dump({ cached }))
-
-      deep_merge_overwrite_arrays(config, cached)
+      deep_defaults(config, cached)
     end
   end
 end

diff --git a/src/api-umbrella/utils/deep_defaults.lua b/src/api-umbrella/utils/deep_defaults.lua
@@ -0,0 +1,28 @@
+local is_array = require "api-umbrella.utils.is_array"
+
+-- Like deep_merge_overwrite_arrays, but only assigns values from the source to
+-- the destination if the destination is nil. So any existing values on the
+-- destination object will be retained.
+local function deep_defaults(dest, src)
+  if not src then return dest end
+
+  for key, value in pairs(src) do
+    if type(value) == "table" and type(dest[key]) == "table" then
+      if is_array(value) or is_array(dest[key]) then
+        if dest[key] == nil then
+          dest[key] = value
+        end
+      else
+        deep_defaults(dest[key], src[key])
+      end
+    else
+      if dest[key] == nil then
+        dest[key] = value
+      end
+    end
+  end
+
+  return dest
+end
+
+return deep_defaults