Don't treat numbers larger than the JS max number size as number values in environment variables #6119
Conversation
* Fixes incorrect parsing of the env. file with numeric values that are outside of Number.MAX_SAFE_INTEGER resulting in unwanted behaviour. - Like wrong client_ids for oauth. (tested with discord oauth) * Removed unnecessary multiple "IF" statements since value can only be ether one of the listed values.
Incorrect parsing of numeric values in env.
|
@paescuj Ya sure, I'm fine with that :) *e.g discord allows to set the "prompt" parameter to skip the next authorization without the users need of approving it first. So prolly the parser will need anyway some rework on that part. |
According to grants documentation you can provide additionally custom parameters to supported OAUTH provider with ```custom_params```. This change allows to add them in JSON format and thus adding multiple parameters.
|
@skizer Great, thanks! I've included the check for I'm not sure about your other change regarding JSON values (@rijkvanzanten):
Depending on @rijkvanzanten opinion here, it might be the best to open up a new pull request or issue for this. |
@paescuj You're welcome!
This is fine, since directus soly relies on grant for the OAUTH flow, thus making this implementation working right away. If you're going straight according to the docs this would even be the correct way, it would say you should look up the grant doc and see what options are available and see that the custom_params actually expects this datatype.
Exactly, IMO usually such stuff shouldn't even be configured in the env file due the nature of different types as parameters. Then again there's the pro for me that all your config stuff lives in one location, which speaks for it again :'D
No, since the console will scream at you right when trying to start up directus - misconfigured stuff should always fail, otherwise it leads to unwanted behaviour and in worst case even not noticing when going for production.
Can do that, let's wait for @rijkvanzanten :) |
|
Thanks for your feedback!
So all OAUTH environment variables are (already) getting passed to
Yeah, there are pros and downs... That's why I've raised this question 😄
I agree! |
Could've fooled me! You're a natural at this
Any parameter you set is passed on to Grants configuration object lowercased: Lines 27 to 35 in 792281c That being said, this should be updated to work the same as DB_ and various other prefixes to allow for nested fields (https://docs.directus.io/reference/environment-variables/#type-casting-and-nesting) using directus/api/src/database/index.ts Line 17 in 792281c
I don't think we need it at this point! The
100% agree |
|
Lets consider the nested value support for Grant config a separate PR, makes it a little cleaner in the archiving / release logs etc 🙂 |
|
@skizer The only tip I have for next PR on GitHub is to use a new branch on your fork for the changes. Right now, your |
rijkvanzanten
changed the title
* Add support for _FILE environment variables * Enhance processing of _FILE env vars * Same processing as with other env vars (do not simply treat as string) - tested successfully * Warn if both variables are set (EXAMPLE and EXAMPLE_FILE) * Add comments to make it easier to understand the code * Set newKey only after file read was successful * Don't convert value > MAX_SAFE_INTEGER to number Thanks to @skizer! As stated by @skizer (from #6119): Altho it seems that we do have a numerical value it can happen that its outside of Number.MAX_SAFE_INTEGER thus resulting in a change of the original intended value e.g oauth -> discord -> client_id * Fix recursive logger-env import Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>
-Fixes incorrect parsing of the
env. filewith numeric values that are outside ofNumber.MAX_SAFE_INTEGERresulting in unwanted behaviour. (e.g -> oauth -> discord_client_id)-Removed unnecessary multiple "IF" statements since value can only be ether one of the listed values.
P.S This is my first ever pull request on github, please bare with me when I've missed something out.