From b3346d4cac910a25c3ef13f55e673b026f00c9d2 Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Fri, 17 Apr 2026 13:53:13 +0200 Subject: [PATCH] fix(update-backend): adjust file permissions and handle environment variables safely - Updated the permission settings for the environment file to 640, ensuring it is readable only by the owner and the deploy group. - Modified the sequelize configuration to safely handle missing environment variables, converting them to strings or setting them to undefined to prevent runtime errors. [force-deploy] --- backend/config/sequelize-cli.cjs | 7 ++++--- update-backend.sh | 7 +++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/backend/config/sequelize-cli.cjs b/backend/config/sequelize-cli.cjs index 1dd96f4..e178e35 100644 --- a/backend/config/sequelize-cli.cjs +++ b/backend/config/sequelize-cli.cjs @@ -14,10 +14,11 @@ if (process.env.DB_SSL === '1' || process.env.PGSSLMODE === 'require') { : true; } +// pg/SCRAM: password muss ein String sein; bei fehlender .env sonst undefined-Fallen vermeiden const shared = { - username: process.env.DB_USER, - password: process.env.DB_PASS || '', - database: process.env.DB_NAME, + username: process.env.DB_USER != null ? String(process.env.DB_USER) : undefined, + password: process.env.DB_PASS != null ? String(process.env.DB_PASS) : '', + database: process.env.DB_NAME != null ? String(process.env.DB_NAME) : undefined, host: process.env.DB_HOST || '127.0.0.1', port: Number.parseInt(process.env.DB_PORT || '5432', 10), dialect: 'postgres', diff --git a/update-backend.sh b/update-backend.sh index 7354ecd..06eef23 100755 --- a/update-backend.sh +++ b/update-backend.sh @@ -33,11 +33,14 @@ echo "Quelle: $SOURCE_ENV" echo "Ziel: $TARGET_ENV" sudo -n ls -l "$SOURCE_ENV" -sudo -n install -m 600 -o yourpart -g yourpart "$SOURCE_ENV" "$TARGET_ENV" +# 640, Owner yourpart, Gruppe = Deploy-User: npm/db:migrate muss .env lesen (dotenv), +# ohne die Datei weltlesbar zu machen. +DEPLOY_GROUP="$(id -gn)" +sudo -n install -m 640 -o yourpart -g "$DEPLOY_GROUP" "$SOURCE_ENV" "$TARGET_ENV" echo "Prüfe kopierte Datei..." ls -l "$TARGET_ENV" -sudo -n head -n 1 "$TARGET_ENV" >/dev/null +head -n 1 "$TARGET_ENV" >/dev/null echo "✓ .env-Datei wurde übernommen"