@riocrypto/common-server 1.0.2762 → 1.0.2764

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/build/clients/secret-manager-client.d.ts +1 -0
  2. package/build/clients/secret-manager-client.js +9 -6
  3. package/package.json +2 -2
package/build/clients/secret-manager-client.d.ts CHANGED
@@ -5,6 +5,7 @@ declare class SecretManagerClient {
5
5
  client: SecretManagerServiceClient;
6
6
  projectId: string;
7
7
  private secretCache;
8
+ private envMismatch;
8
9
  private readonly POLL_INTERVAL_MS;
9
10
  constructor(env: RioEnv);
10
11
  /**
package/build/clients/secret-manager-client.js CHANGED
@@ -40,6 +40,7 @@ class SecretManagerClient {
40
40
  constructor(env) {
41
41
  this.env = env;
42
42
  this.secretCache = null;
43
+ this.envMismatch = false;
43
44
  this.POLL_INTERVAL_MS = 60 * 60 * 1000; // 1 hour
44
45
  const secretFilePath = "/etc/secrets/secret-manager/secret-manager-service-account-key.json";
45
46
  if (fs.existsSync(secretFilePath)) {
@@ -67,20 +68,19 @@ class SecretManagerClient {
67
68
  */
68
69
  getSecretValue(secretId) {
69
70
  return __awaiter(this, void 0, void 0, function* () {
70
- // Check if we have a cache and the secret exists
71
+ if (this.envMismatch) {
72
+ throw new Error("Secret access blocked: RIO_ENV mismatch between service and secret file");
73
+ }
71
74
  if (this.secretCache && this.secretCache.secrets[secretId]) {
72
75
  return this.secretCache.secrets[secretId];
73
76
  }
74
- // If not in cache or cache doesn't exist, fetch entire secret file
75
77
  const success = yield this.refreshSecretCache();
76
78
  if (!success) {
77
79
  return null;
78
80
  }
79
- // Check again after refresh
80
81
  if (this.secretCache && this.secretCache.secrets[secretId]) {
81
82
  return this.secretCache.secrets[secretId];
82
83
  }
83
- // Secret not found even after refresh
84
84
  console.error(`Secret ${secretId} not found in secret file`);
85
85
  return null;
86
86
  });
@@ -122,11 +122,14 @@ class SecretManagerClient {
122
122
  throw new Error("No payload data");
123
123
  }
124
124
  const secrets = JSON.parse(version.payload.data.toString());
125
- // Clear existing polling if it exists
125
+ if (secrets.RIO_ENV && secrets.RIO_ENV !== this.env) {
126
+ console.error(`FATAL: Environment mismatch! Service expects "${this.env}" but secret file "${file}" contains RIO_ENV="${secrets.RIO_ENV}"`);
127
+ this.envMismatch = true;
128
+ return false;
129
+ }
126
130
  if ((_c = this.secretCache) === null || _c === void 0 ? void 0 : _c.pollingInterval) {
127
131
  clearInterval(this.secretCache.pollingInterval);
128
132
  }
129
- // Set up new cache with polling
130
133
  this.setupCacheWithPolling(secrets);
131
134
  console.info(`Refreshed ${Object.keys(secrets).length} secrets from ${file}`);
132
135
  return true;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@riocrypto/common-server",
3
- "version": "1.0.2762",
3
+ "version": "1.0.2764",
4
4
  "description": "",
5
5
  "main": "./build/index.js",
6
6
  "types": "./build/index.d.ts",
@@ -24,7 +24,7 @@
24
24
  "@google-cloud/secret-manager": "^5.6.0",
25
25
  "@google-cloud/storage": "^7.19.0",
26
26
  "@hyperdx/node-opentelemetry": "^0.10.3",
27
- "@riocrypto/common": "1.0.2558",
27
+ "@riocrypto/common": "1.0.2560",
28
28
  "@slack/web-api": "^7.15.0",
29
29
  "@types/express": "^4.17.25",
30
30
  "axios": "1.13.6",