From 0fa0f3c0a1a9d4745397051f6640120b168281cc Mon Sep 17 00:00:00 2001
From: Julian <julian@aternos.org>
Date: Thu, 4 May 2023 17:15:10 +0200
Subject: [PATCH] Support passing google cloud credentials as base64 encoded
 JSON when using environment variables

---
 CONFIGURATION.md  |  4 ++++
 src/bot/Config.js | 17 +++++++++++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/CONFIGURATION.md b/CONFIGURATION.md
index 7d5b1b7dc..53e443892 100644
--- a/CONFIGURATION.md
+++ b/CONFIGURATION.md
@@ -84,6 +84,10 @@ These credentials are used for the following apis if you enabled them in the con
 - Cloud Vision
 - Cloud Logging
 
+### Base64 Encoded
+If you're using environment variables it is recommended to base64 encode the credentials JSON object and set them in the
+environment variable `MODBOT_GOOGLE_CLOUD_CREDENTIALS`. If this variable is set ModBot will ignore the other variables.
+
 #### Client Email
 | type   | config file                            | environment                                    |
 |--------|----------------------------------------|------------------------------------------------|
diff --git a/src/bot/Config.js b/src/bot/Config.js
index 50329a9a5..64c460108 100644
--- a/src/bot/Config.js
+++ b/src/bot/Config.js
@@ -87,6 +87,18 @@ export class Config {
 
     async load() {
         if (process.env.MODBOT_USE_ENV) {
+            let googleCloudCredentials = process.env.MODBOT_GOOGLE_CLOUD_CREDENTIALS;
+            if (googleCloudCredentials) {
+                googleCloudCredentials = JSON.parse((new Buffer(googleCloudCredentials, 'base64')).toString('ascii'));
+            }
+            else {
+                googleCloudCredentials = {
+                    client_email: process.env.MODBOT_GOOGLE_CLOUD_CREDENTIALS_CLIENT_EMAIL,
+                    private_key: process.env.MODBOT_GOOGLE_CLOUD_CREDENTIALS_PRIVATE_KEY?.replaceAll('\\n', '\n'),
+                };
+            }
+
+
             // load settings from env
             this.#data = {
                 authToken: process.env.MODBOT_AUTH_TOKEN,
@@ -99,10 +111,7 @@ export class Config {
                 },
                 googleApiKey:  process.env.MODBOT_GOOGLE_API_KEY,
                 googleCloud: {
-                    credentials: {
-                        client_email: process.env.MODBOT_GOOGLE_CLOUD_CREDENTIALS_CLIENT_EMAIL,
-                        private_key: process.env.MODBOT_GOOGLE_CLOUD_CREDENTIALS_PRIVATE_KEY
-                    },
+                    credentials: googleCloudCredentials,
                     vision: {
                         enabled: this.#parseBooleanFromEnv(process.env.MODBOT_GOOGLE_CLOUD_VISION_ENABLED)
                     },