Fixes #396: add default values to environment variables

[Silvyre]

Issue This PR Addresses

Fixes #396

Type of Change

• Bugfix: Change which fixes an issue
• New Feature: Change which adds functionality
• Documentation Update: Change which improves documentation
• UI: Change which improves UI

Description

Ensures that every process.env call within the code base is provided with a default value (as specified in #396) to ensure that they have some value on CI, and thus do not cause unwanted behaviour during CI testing.

The default value provided to each process.env is either one specified within env.example (if one exists), or null.

Checklist

• Quality: This PR builds and passes our npm test and works locally
• Tests: This PR includes thorough tests or an explanation of why it does not
• Screenshots: This PR includes screenshots or GIFs of the changes made or an explanation of why it does not (if applicable)
• Documentation: This PR includes updated/added documentation to user exposed functionality or configuration variables are added/changed or an explanation of why it does not(if applicable)

[cindyorangis]

Looks good

[humphd]

These nulls are probably not a good idea.

Also, can you add some code to src/backend/lib/config.js where we load the env using dotenv: we can check to see if it worked or not (i.e., if there is an .env file): https://www.npmjs.com/package/dotenv#config

If we get back result.error, we should probably either warn (like you did with redis) or perhaps throw and let the app crash now vs. fail later with random missing data. I think we should warn, so we don't have to mess with CI too much at this point.

[Silvyre]

Also, can you add some code to src/backend/lib/config.js where we load the env using dotenv: we can check to see if it worked or not (i.e., if there is an .env file): https://www.npmjs.com/package/dotenv#config

If we get back result.error, we should probably either warn (like you did with redis) or perhaps throw and let the app crash now vs. fail later with random missing data. I think we should warn, so we don't have to mess with CI too much at this point.

@humphd How's this?

telescope/src/backend/lib/config.js

Lines 1 to 12 in 1074030

	const dotenv = require('dotenv');
	const { logger } = require('../utils/logger');
	const result = dotenv.config();
	if (result.error && logger) {
	logger.error(
	'\n\n\t💡 It appears that you have not yet configured a .env file.',
	'\n\t Please refer to our documentation regarding environment configuration:',
	'\n\t https://github.com/Seneca-CDOT/telescope/blob/master/docs/CONTRIBUTING.md\n'
	);
	}

Because src/backend/utils/logger.js and src/backend/lib/config.js currently require each other, I added the && logger condition to ensure that logger.error() doesn't get called before logger is defined.

Also, it is worth mentioning that src/backend/lib/config.js is imported by a dozen other modules, which will result in a dozen warning messages being logged if .env is missing. I am not sure how we might ensure that only one warning message is logged in this case... Any suggestions?

[manekenpix]

👍

[humphd]

I don't think this is a good idea. Let's revert the changes in this file. We don't want to hide a missing value by having a proper but empty string get passed in.

[Silvyre]

Sure, done: e4c5a12

Currently, env.example assigns an empty string to be the value of SAML2_BASE_URI:

telescope/env.example

Lines 28 to 29 in 08c55d4

	# SAML2 = BASE URL e.g. http://localhost:8080/simplesaml/saml2/idp/SSOService.php - This is pointing to the authentication service. e.g. What happens when you try to login to Seneca's site.
	SAML2_BASE_URI=""

Let me know if you'd like me to remove this value, as well.

[humphd]

I don't understand this change. We need to set one of debug or info. What is the first part of this doing? If process.env.NODE_ENV is undefined, the original code will return 'debug' already. I think you can revert this unless I'm missing something.

[Silvyre]

If process.env.NODE_ENV is undefined, the original code will return 'debug' already.

Sorry, Dave, but my understanding is that, since undefined === 'development' evaluates to false, the enclosing ternary operation would return 'info'. However, I did also assume that CI would want to utilize a more verbose log level, and may be wrong about this. Let me know.

[humphd]

This is probably wise, since this URL doesn't change very often (if ever). But could you add a log that says we're doing this? Something like:

let ur = process.env.FEED_URL;
if(!url) {
  url = 'https://wiki.cdot.senecacollege.ca/wiki/Planet_CDOT_Feed_List'
  logger.debug('No value found for FEED_URL in env, using default ${url} instead');
}

This will help us debug things later, if we can't figure out why it's always loading a URL we don't intend.

[Silvyre]

Great idea! Done: e4c5a12

[humphd]

This seems like a security issue. Let's not provide any default fallback if we're missing a secret. We should fail loudly if we are.

[Silvyre]

For sure... done: e4c5a12

Currently, env.example mentions secret to be the default value of SAML2_CLIENT_SECRET:

telescope/env.example

Line 34 in 08c55d4

# SAML2_CLIENT_SECRET = CLIENT SECRET obtained from SAML Strategy, default : secret;

Let me know if you'd like me to remove this piece of information, as well.

I'll also ask if you'd like me to do the same for SAML2_CLIENT_ID—its default value is likewise mentioned:

telescope/env.example

Line 31 in 08c55d4

# SAML2_CLIENT_ID = CLIENT ID obtained from SAML Strategy default: saml-poc

[humphd]

This needs a rebase, but looks good otherwise.

[Silvyre]

Rebase completed and ready for final review; thank you everyone for your help!

[humphd]

Tested locally, works great. Well done.

[manekenpix]

👍