From 3238fb6d6ea0c49162ddf9c382e28a5609a9cc5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20Da=C3=9Fler?= <chris.dassler@me.com>
Date: Sun, 26 May 2024 16:14:15 +0200
Subject: [PATCH 1/8] feat: Using docker secrets - put file contents to env
 value

---
 .../src/spiffworkflow_backend/config/default.py        | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index e2b926f6..be04cbb2 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -15,6 +15,16 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
         value_from_env = None
 
     value_to_return: str | bool | int | None = value_from_env
+    # using docker secrets - put file contents to env value
+    if variable_name.endswith("_FILE"):
+        value_from_file = default if value_from_env is None else value_from_env
+        if value_from_file.startswith("/run/secrets"):
+            # rewrite variable name: remove _FILE
+            variable_name = variable_name.removesuffix("_FILE")
+            print(variable_name)
+            with open(value_from_file) as f:
+                value_to_return = f.readline()
+
     if value_from_env is not None:
         if isinstance(default, bool):
             if value_from_env.lower() == "true":

From 998e08ee6eabe70346d1cd1fbdf0cc39d7bb4beb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20Da=C3=9Fler?= <chris.dassler@me.com>
Date: Sun, 26 May 2024 16:33:37 +0200
Subject: [PATCH 2/8] fix(): Check if secrets file exists

---
 .../src/spiffworkflow_backend/config/default.py       | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index be04cbb2..4ba38024 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -1,5 +1,5 @@
 import re
-from os import environ
+from os import environ, path
 from typing import Any
 
 from spiffworkflow_backend.config.normalized_environment import normalized_environment
@@ -21,9 +21,12 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
         if value_from_file.startswith("/run/secrets"):
             # rewrite variable name: remove _FILE
             variable_name = variable_name.removesuffix("_FILE")
-            print(variable_name)
-            with open(value_from_file) as f:
-                value_to_return = f.readline()
+
+            if path.exists(value_from_file):
+                with open(value_from_file) as f:
+                    value_to_return = f.readline()
+            else:
+                value_to_return = None
 
     if value_from_env is not None:
         if isinstance(default, bool):

From 84a47e0efdea02f23a9d23daa2ba33c4e4fb7ad7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20Da=C3=9Fler?= <chris.dassler@me.com>
Date: Sun, 26 May 2024 20:19:59 +0200
Subject: [PATCH 3/8] fix(): AttributeError: 'NoneType' object has no attribute
 'startswith'

---
 .../src/spiffworkflow_backend/config/default.py                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index 4ba38024..14ff0502 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -18,7 +18,7 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
     # using docker secrets - put file contents to env value
     if variable_name.endswith("_FILE"):
         value_from_file = default if value_from_env is None else value_from_env
-        if value_from_file.startswith("/run/secrets"):
+        if value_from_file and value_from_file.startswith("/run/secrets"):
             # rewrite variable name: remove _FILE
             variable_name = variable_name.removesuffix("_FILE")
 

From 40f3dfca23547ac91352757090f58a043a537faa Mon Sep 17 00:00:00 2001
From: Sky <36750848+chrda81@users.noreply.github.com>
Date: Sun, 26 May 2024 20:27:47 +0200
Subject: [PATCH 4/8] Update
 spiffworkflow-backend/src/spiffworkflow_backend/config/default.py

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 .../src/spiffworkflow_backend/config/default.py                | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index 14ff0502..1d443be1 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -1,5 +1,6 @@
 import re
-from os import environ, path
+from os import environ
+from os import path
 from typing import Any
 
 from spiffworkflow_backend.config.normalized_environment import normalized_environment

From 6e83494384c3c4543c23aabd0862c98fc0224891 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20Da=C3=9Fler?= <chris.dassler@me.com>
Date: Sun, 26 May 2024 20:50:45 +0200
Subject: [PATCH 5/8] fix(): Ensure secure handling of file paths and improve
 error handling (CodeRabbit suggestion)

---
 .../src/spiffworkflow_backend/config/default.py   | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index 1d443be1..0cf89779 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -3,6 +3,7 @@ from os import environ
 from os import path
 from typing import Any
 
+from flask import current_app
 from spiffworkflow_backend.config.normalized_environment import normalized_environment
 
 # Consider: https://flask.palletsprojects.com/en/2.2.x/config/#configuring-from-environment-variables
@@ -22,12 +23,14 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
         if value_from_file and value_from_file.startswith("/run/secrets"):
             # rewrite variable name: remove _FILE
             variable_name = variable_name.removesuffix("_FILE")
-
-            if path.exists(value_from_file):
-                with open(value_from_file) as f:
-                    value_to_return = f.readline()
-            else:
-                value_to_return = None
+            try:
+                with open(value_from_file, 'r') as file:
+                    value_to_return = file.read().strip()  # Read entire content and strip any extra whitespace
+            except FileNotFoundError:
+                value_to_return = None  # Handle the case where the file does not exist
+            except Exception as e:
+                current_app.logger.error(f"Error reading from {value_from_file}: {str(e)}")
+                value_to_return = None  # Handle other potential errors
 
     if value_from_env is not None:
         if isinstance(default, bool):

From 92229f12f83465c609b6b3a15200dcc7bd8d3804 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Chris=20Da=C3=9Fler?= <chris.dassler@me.com>
Date: Mon, 27 May 2024 14:51:57 +0200
Subject: [PATCH 6/8] chore: Remove unused import

---
 .../src/spiffworkflow_backend/config/default.py                  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index 0cf89779..0e4d0360 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -1,6 +1,5 @@
 import re
 from os import environ
-from os import path
 from typing import Any
 
 from flask import current_app

From 59c697e9bfb3a0a86b63040f1bdb7a595e04cd24 Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Tue, 28 May 2024 16:51:53 -0400
Subject: [PATCH 7/8] lint

---
 .../src/spiffworkflow_backend/config/default.py                | 3 ++-
 .../src/spiffworkflow_backend/models/reference_cache.py        | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index 0e4d0360..63d5a3dc 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -3,6 +3,7 @@ from os import environ
 from typing import Any
 
 from flask import current_app
+
 from spiffworkflow_backend.config.normalized_environment import normalized_environment
 
 # Consider: https://flask.palletsprojects.com/en/2.2.x/config/#configuring-from-environment-variables
@@ -23,7 +24,7 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
             # rewrite variable name: remove _FILE
             variable_name = variable_name.removesuffix("_FILE")
             try:
-                with open(value_from_file, 'r') as file:
+                with open(value_from_file) as file:
                     value_to_return = file.read().strip()  # Read entire content and strip any extra whitespace
             except FileNotFoundError:
                 value_to_return = None  # Handle the case where the file does not exist
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py b/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py
index b6c0512c..97e895ad 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py
@@ -77,7 +77,7 @@ class ReferenceCacheModel(SpiffworkflowBaseDBModel):
     file_name: str = db.Column(db.String(255), nullable=False)
 
     # relative to SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR
-    relative_location: str = db.Column(db.String(255), index=True, nullable=False)
+    relative_location: int = db.Column(db.String(255), index=True, nullable=False)
 
     properties: dict | None = db.Column(db.JSON)
     # has_lanes = db.Column(db.Boolean())

From 7a76ecba5050e90e284f9017be230753709134df Mon Sep 17 00:00:00 2001
From: burnettk <burnettk@users.noreply.github.com>
Date: Tue, 28 May 2024 17:01:09 -0400
Subject: [PATCH 8/8] fix typing issues and fix issue i introduced

---
 .../spiffworkflow_backend/config/default.py   | 23 ++++++++++---------
 .../models/reference_cache.py                 |  2 +-
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
index 63d5a3dc..5accef12 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py
@@ -20,17 +20,18 @@ def config_from_env(variable_name: str, *, default: str | bool | int | None = No
     # using docker secrets - put file contents to env value
     if variable_name.endswith("_FILE"):
         value_from_file = default if value_from_env is None else value_from_env
-        if value_from_file and value_from_file.startswith("/run/secrets"):
-            # rewrite variable name: remove _FILE
-            variable_name = variable_name.removesuffix("_FILE")
-            try:
-                with open(value_from_file) as file:
-                    value_to_return = file.read().strip()  # Read entire content and strip any extra whitespace
-            except FileNotFoundError:
-                value_to_return = None  # Handle the case where the file does not exist
-            except Exception as e:
-                current_app.logger.error(f"Error reading from {value_from_file}: {str(e)}")
-                value_to_return = None  # Handle other potential errors
+        if value_from_file:
+            if isinstance(value_from_file, str) and value_from_file.startswith("/run/secrets"):
+                # rewrite variable name: remove _FILE
+                variable_name = variable_name.removesuffix("_FILE")
+                try:
+                    with open(value_from_file) as file:
+                        value_to_return = file.read().strip()  # Read entire content and strip any extra whitespace
+                except FileNotFoundError:
+                    value_to_return = None  # Handle the case where the file does not exist
+                except Exception as e:
+                    current_app.logger.error(f"Error reading from {value_from_file}: {str(e)}")
+                    value_to_return = None  # Handle other potential errors
 
     if value_from_env is not None:
         if isinstance(default, bool):
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py b/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py
index 97e895ad..b6c0512c 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/models/reference_cache.py
@@ -77,7 +77,7 @@ class ReferenceCacheModel(SpiffworkflowBaseDBModel):
     file_name: str = db.Column(db.String(255), nullable=False)
 
     # relative to SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR
-    relative_location: int = db.Column(db.String(255), index=True, nullable=False)
+    relative_location: str = db.Column(db.String(255), index=True, nullable=False)
 
     properties: dict | None = db.Column(db.JSON)
     # has_lanes = db.Column(db.Boolean())