fix(update-backend): adjust file permissions and handle environment variables safely

- Updated the permission settings for the environment file to 640, ensuring it is readable only by the owner and the deploy group. - Modified the sequelize configuration to safely handle missing environment variables, converting them to strings or setting them to undefined to prevent runtime errors. [force-deploy]
2026-04-17 13:53:13 +02:00
parent 1b9d9664b2
commit b3346d4cac
2 changed files with 9 additions and 5 deletions
--- a/backend/config/sequelize-cli.cjs
+++ b/backend/config/sequelize-cli.cjs
@@ -14,10 +14,11 @@ if (process.env.DB_SSL === '1' || process.env.PGSSLMODE === 'require') {
    : true;
 }

+// pg/SCRAM: password muss ein String sein; bei fehlender .env sonst undefined-Fallen vermeiden
 const shared = {
-  username: process.env.DB_USER,
-  password: process.env.DB_PASS || '',
-  database: process.env.DB_NAME,
+  username: process.env.DB_USER != null ? String(process.env.DB_USER) : undefined,
+  password: process.env.DB_PASS != null ? String(process.env.DB_PASS) : '',
+  database: process.env.DB_NAME != null ? String(process.env.DB_NAME) : undefined,
  host: process.env.DB_HOST || '127.0.0.1',
  port: Number.parseInt(process.env.DB_PORT || '5432', 10),
  dialect: 'postgres',
--- a/update-backend.sh
+++ b/update-backend.sh
@@ -33,11 +33,14 @@ echo "Quelle: $SOURCE_ENV"
 echo "Ziel:   $TARGET_ENV"

 sudo -n ls -l "$SOURCE_ENV"
-sudo -n install -m 600 -o yourpart -g yourpart "$SOURCE_ENV" "$TARGET_ENV"
+# 640, Owner yourpart, Gruppe = Deploy-User: npm/db:migrate muss .env lesen (dotenv),
+# ohne die Datei weltlesbar zu machen.
+DEPLOY_GROUP="$(id -gn)"
+sudo -n install -m 640 -o yourpart -g "$DEPLOY_GROUP" "$SOURCE_ENV" "$TARGET_ENV"

 echo "Prüfe kopierte Datei..."
 ls -l "$TARGET_ENV"
-sudo -n head -n 1 "$TARGET_ENV" >/dev/null
+head -n 1 "$TARGET_ENV" >/dev/null

 echo "✓ .env-Datei wurde übernommen"