Load encryption file dynamically

2026-01-28 22:00:51 +00:00 · 2025-10-15 17:14:24 -07:00
parent 216ded3034
commit ef32f3ed5a
3 changed files with 51 additions and 25 deletions
--- a/server/private/lib/certificates.ts
+++ b/server/private/lib/certificates.ts
@@ -19,17 +19,25 @@ import * as fs from "fs";
 import NodeCache from "node-cache";
 import logger from "@server/logger";

-const encryptionKeyPath =
-    config.getRawPrivateConfig().server.encryption_key_path;
+let encryptionKeyPath = "";
+let encryptionKeyHex = "";
+let encryptionKey: Buffer;
+function loadEncryptData() {
+    if (encryptionKey) {
+        return; // already loaded
+    }

-if (!fs.existsSync(encryptionKeyPath)) {
+    encryptionKeyPath = config.getRawPrivateConfig().server.encryption_key_path;
+
+    if (!fs.existsSync(encryptionKeyPath)) {
        throw new Error(
            "Encryption key file not found. Please generate one first."
        );
-}
+    }

-const encryptionKeyHex = fs.readFileSync(encryptionKeyPath, "utf8").trim();
-const encryptionKey = Buffer.from(encryptionKeyHex, "hex");
+    encryptionKeyHex = fs.readFileSync(encryptionKeyPath, "utf8").trim();
+    encryptionKey = Buffer.from(encryptionKeyHex, "hex");
+}

 // Define the return type for clarity and type safety
 export type CertificateResult = {
@@ -50,6 +58,9 @@ export async function getValidCertificatesForDomains(
    domains: Set<string>,
    useCache: boolean = true
 ): Promise<Array<CertificateResult>> {
+
+    loadEncryptData(); // Ensure encryption key is loaded
+
    const finalResults: CertificateResult[] = [];
    const domainsToQuery = new Set<string>();

@@ -151,7 +162,9 @@ export async function getValidCertificatesForDomains(

        // If a certificate was found, format it, add to results, and cache it
        if (foundCert) {
-            logger.debug(`Creating result cert for ${domain} using cert from ${foundCert.domain}`);
+            logger.debug(
+                `Creating result cert for ${domain} using cert from ${foundCert.domain}`
+            );
            const resultCert: CertificateResult = {
                id: foundCert.certId,
                domain: foundCert.domain, // The actual domain of the cert record
@@ -172,7 +185,6 @@ export async function getValidCertificatesForDomains(
        }
    }

-
    const decryptedResults = decryptFinalResults(finalResults);
    return decryptedResults;
 }
--- a/server/private/lib/readConfigFile.ts
+++ b/server/private/lib/readConfigFile.ts
@@ -172,6 +172,12 @@ export function readPrivateConfigFile() {
        return {};
    }

+    // test if the config file is there
+    if (!fs.existsSync(privateConfigFilePath1)) {
+        // load the default values of the zod schema and return those
+        return privateConfigSchema.parse({});
+    }
+
    const loadConfig = (configPath: string) => {
        try {
            const yamlContent = fs.readFileSync(configPath, "utf8");
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -292,11 +292,33 @@ hybridRouter.get(
    }
 );

+let encryptionKeyPath = "";
+let encryptionKeyHex = "";
+let encryptionKey: Buffer;
+function loadEncryptData() {
+    if (encryptionKey) {
+        return; // already loaded
+    }
+
+    encryptionKeyPath = privateConfig.getRawPrivateConfig().server.encryption_key_path;
+
+    if (!fs.existsSync(encryptionKeyPath)) {
+        throw new Error(
+            "Encryption key file not found. Please generate one first."
+        );
+    }
+
+    encryptionKeyHex = fs.readFileSync(encryptionKeyPath, "utf8").trim();
+    encryptionKey = Buffer.from(encryptionKeyHex, "hex");
+}
+
 // Get valid certificates for given domains (supports wildcard certs)
 hybridRouter.get(
    "/certificates/domains",
    async (req: Request, res: Response, next: NextFunction) => {
        try {
+            loadEncryptData(); // Ensure encryption key is loaded
+
            const parsed = getCertificatesByDomainsQuerySchema.safeParse(
                req.query
            );
@@ -425,20 +447,6 @@ hybridRouter.get(
                filtered.push(cert);
            }

-            const encryptionKeyPath =
-                privateConfig.getRawPrivateConfig().server.encryption_key_path;
-
-            if (!fs.existsSync(encryptionKeyPath)) {
-                throw new Error(
-                    "Encryption key file not found. Please generate one first."
-                );
-            }
-
-            const encryptionKeyHex = fs
-                .readFileSync(encryptionKeyPath, "utf8")
-                .trim();
-            const encryptionKey = Buffer.from(encryptionKeyHex, "hex");
-
            const result = filtered.map((cert) => {
                // Decrypt and save certificate file
                const decryptedCert = decryptData(