Skip to content

Commit 439cdc9

Browse files
chore(rails): migrate core settings to Rails credentials
- migrate db, recaptcha, redis, smtp credentials - migrate cache_store from unmaintained redis_store to redis_cache_store
1 parent 00d06d7 commit 439cdc9

13 files changed

Lines changed: 101 additions & 9 deletions

File tree

config/cable.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,5 @@ test:
88

99
production:
1010
adapter: redis
11-
url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
11+
url: redis://:<%= Rails.application.credentials.dig(:redis, :password) %>@<%= ENV['REDIS_HOST'] %>:6379
1212
channel_prefix: application_production

config/database.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ default: &default
66
development:
77
<<: *default
88
database: coursemology
9+
host: localhost
910

1011
# Warning: The database defined as "test" will be erased and
1112
# re-generated from your development database when you run "rake".
@@ -17,3 +18,15 @@ test:
1718
production:
1819
<<: *default
1920
database: coursemology
21+
host: <%= ENV["DB_HOST"] %>
22+
username: <%= Rails.application.credentials.dig(:production_database, :username) %>
23+
password: <%= Rails.application.credentials.dig(:production_database, :password) %>
24+
pool: <%= ENV["RAILS_MAX_THREADS"] || 5 %>
25+
port: <%= ENV["DB_PORT"] || 5432 %>
26+
27+
maintenance:
28+
<<: *default
29+
database: coursemology
30+
host: <%= ENV["DB_HOST"] %>
31+
username: <%= Rails.application.credentials.dig(:maintenance_database, :username) %>
32+
password: <%= Rails.application.credentials.dig(:maintenance_database, :password) %>

config/environments/production.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
# NGINX, varnish or squid.
2727
# config.action_dispatch.rack_cache = true
2828
# We will configure the host from the environment.
29-
config.action_mailer.default_url_options = { host: ENV.fetch('RAILS_HOSTNAME') }
29+
config.action_mailer.default_url_options = { host: ENV['RAILS_HOSTNAME'] }
3030

3131
# Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
3232
# or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
@@ -134,7 +134,7 @@
134134
# config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
135135
# config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
136136
#
137-
config.x.default_host = ENV.fetch('RAILS_HOSTNAME')
137+
config.x.default_host = ENV['RAILS_HOSTNAME']
138138
config.active_job.queue_adapter = :sidekiq
139139

140140
# Rails 6.0.5.1 security patch

config/environments/test.rb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@
2727
# Show full error reports and disable caching.
2828
config.consider_all_requests_local = true
2929
config.action_controller.perform_caching = false
30-
config.cache_store = :null_store
3130

3231
# Raise exceptions instead of rendering exception templates.
3332
config.action_dispatch.show_exceptions = false
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
# frozen_string_literal: true
2+
Rails.application.configure do
3+
config.action_cable.mount_path = '/cable'
4+
# config.action_cable.url = 'ws://example.com:28080'
5+
config.action_cable.allowed_request_origins = [/^(https?:\/\/)?([^.\/]+\.)?#{ENV['RAILS_HOSTNAME']}/]
6+
end

config/initializers/cache_store.rb

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
# frozen_string_literal: true
2+
Rails.application.configure do
3+
config.cache_store = :redis_cache_store, {
4+
host: ENV['REDIS_HOST'],
5+
port: 6379,
6+
db: 0,
7+
password: Rails.application.credentials.dig(:redis, :password),
8+
namespace: 'cache',
9+
expires_in: 90.minutes
10+
}
11+
12+
config.session_store :redis_store,
13+
servers: {
14+
host: ENV['REDIS_HOST'],
15+
port: 6379,
16+
db: 0,
17+
password: Rails.application.credentials.dig(:redis, :password),
18+
namespace: 'session'
19+
},
20+
expire_after: 240.minutes
21+
end
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# frozen_string_literal: true
2+
# Enables rack_mini_profiler for all requests in production
3+
# For use in our own staging environment, where RAILS_ENV=production
4+
5+
Rails.application.config.after_initialize do
6+
ApplicationController.class_eval do
7+
before_action :enable_miniprofiler
8+
9+
def enable_miniprofiler
10+
return unless current_user&.administrator?
11+
12+
Rack::MiniProfiler.authorize_request
13+
end
14+
end
15+
end
Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
11
# frozen_string_literal: true
2-
# TODO: Remove this once fully SPA
3-
Rack::MiniProfiler.config.position = 'top-right'
2+
# Set Redis storage for Rack Mini Profiler.
3+
# https://github.com/MiniProfiler/rack-mini-profiler#storage
4+
5+
Rack::MiniProfiler.config.storage_options = {
6+
host: ENV['REDIS_HOST'],
7+
password: Rails.application.credentials.dig(:redis, :password)
8+
}
9+
Rack::MiniProfiler.config.storage = Rack::MiniProfiler::RedisStore

config/initializers/recaptcha.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
# frozen_string_literal: true
22
Recaptcha.configure do |config|
33
if Rails.env.production?
4-
config.site_key = ENV['GOOGLE_RECAPTCHA_SITE_KEY']
5-
config.secret_key = ENV['GOOGLE_RECAPTCHA_SECRET_KEY']
4+
config.site_key = Rails.application.credentials.dig(:google_recaptcha, :site_key)
5+
config.secret_key = Rails.application.credentials.dig(:google_recaptcha, :secret_key)
66
else
77
# The following keys are for test and development environments only.
88
# You will always get No CAPTCHA and all verification requests will pass.

config/initializers/redis.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22

33
redis_host = ENV['REDIS_HOST']
44
redis_port = 6379
5-
redis_password = ENV['REDIS_PASS']
5+
redis_password = Rails.application.credentials.dig(:redis, :password)
66

77
REDIS = Redis.new(host: redis_host, port: redis_port, password: redis_password, db: 0)

0 commit comments

Comments
 (0)