Add secret key for cli_python

hozana · Dec 20, 2024 · 6c5e792 · 6c5e792
1 parent 0499715
commit 6c5e792
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 3 deletions.
diff --git a/compose.yaml b/compose.yaml
@@ -67,7 +67,7 @@ services:
       HOST_ADMIN: admin.openchurch.local
       ELASTIC_PASSWORD: admin
       ELASTICSEARCH_IRI: https://elastic:admin@elasticsearch:9200
-
+      SYNCHRO_SECRET_KEY: "secret"
   python:
     container_name: openchurch_python
     build:
@@ -80,8 +80,8 @@ services:
     environment:
       SQLITE_DATABASE: local.sqlite
       OPENCHURCH_HOST: "https://api.openchurch.local/api"
-      OPENCHURCH_API_TOKEN: "fake_token"
       PYTHONWARNINGS: "ignore:Unverified HTTPS request"
+      SYNCHRO_SECRET_KEY: "secret"
 
 volumes:
   openchurch_db_data: {}

diff --git a/config/services.yaml b/config/services.yaml
@@ -52,6 +52,12 @@ services:
   App\Core\Infrastructure\ElasticSearch\Helper\OfficialElasticSearchHelper:
     arguments:
       $elasticsearchHost: "%env(ELASTICSEARCH_IRI)%"
+  App\Field\Infrastructure\Doctrine\DoctrineFieldListener:
+    arguments:
+      $synchroSecretKey: "%env(SYNCHRO_SECRET_KEY)%"
+  App\Community\Infrastructure\Doctrine\DoctrineCommunityListener:
+    arguments:
+      $synchroSecretKey: "%env(SYNCHRO_SECRET_KEY)%"
 
   App\Core\Infrastructure\Doctrine\FixDoctrineMigrationTableSchema:
     autoconfigure: false

diff --git a/migrations/Version20241220160327.php b/migrations/Version20241220160327.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+use Symfony\Component\Uid\Uuid;
+
+final class Version20241220160327 extends AbstractMigration
+{
+    public function up(Schema $schema): void
+    {
+        $this->addSql(
+            'INSERT INTO agent (id, name, api_key) VALUES (:id, "CLI_SYNCHRO", :syncroSecretKey)',
+            [
+                'id' => Uuid::v7()->toBinary(),
+                'syncroSecretKey' => $_ENV['SYNCHRO_SECRET_KEY'],
+            ],
+        );
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('DELETE FROM agent WHERE name = "CLI_SYNCHRO"');
+    }
+}
diff --git a/scripts/synchro.py b/scripts/synchro.py
@@ -496,7 +496,7 @@ class OpenChurchClient(object):
     urllib3.disable_warnings(category=urllib3.exceptions.InsecureRequestWarning)
     hostname = os.getenv('OPENCHURCH_HOST')
     headers = {
-        'Authorization': 'Bearer ' + os.getenv('OPENCHURCH_API_TOKEN')
+        'Authorization': 'Bearer ' + os.getenv('SYNCHRO_SECRET_KEY')
     }
 
     def create_session(self):

diff --git a/src/Community/Infrastructure/Doctrine/DoctrineCommunityListener.php b/src/Community/Infrastructure/Doctrine/DoctrineCommunityListener.php
@@ -11,17 +11,25 @@
 use App\Shared\Domain\Enum\SearchIndex;
 use Doctrine\Bundle\DoctrineBundle\Attribute\AsEntityListener;
 use Doctrine\ORM\Events;
+use Symfony\Bundle\SecurityBundle\Security;
 
 #[AsEntityListener(event: Events::postPersist, method: 'postPersist', entity: Community::class)]
 final class DoctrineCommunityListener
 {
     public function __construct(
+        private readonly string $synchroSecretKey,
+        private readonly Security $security,
         private readonly SearchHelperInterface $searchHelper,
     ) {
     }
 
     public function postPersist(Community $community): void
     {
+        $agent = $this->security->getUser();
+        if ($agent->apiKey === $this->synchroSecretKey) {
+            return;
+        }
+
         $type = $community->getMostTrustableFieldByName(FieldCommunity::TYPE)?->getValue();
         if ($type === CommunityType::PARISH->value) {
             // A new parish has been inserted

diff --git a/src/Field/Infrastructure/Doctrine/DoctrineFieldListener.php b/src/Field/Infrastructure/Doctrine/DoctrineFieldListener.php
@@ -12,18 +12,26 @@
 use App\Shared\Domain\Enum\SearchIndex;
 use Doctrine\Bundle\DoctrineBundle\Attribute\AsEntityListener;
 use Doctrine\ORM\Events;
+use Symfony\Bundle\SecurityBundle\Security;
 
 #[AsEntityListener(event: Events::postUpdate, method: 'postUpdate', entity: Field::class)]
 final class DoctrineFieldListener
 {
     public function __construct(
+        private readonly string $synchroSecretKey,
+        private readonly Security $security,
         private readonly SearchHelperInterface $searchHelper,
         private readonly CommunityRepositoryInterface $communityRepo,
     ) {
     }
 
     public function postUpdate(Field $field): void
     {
+        $agent = $this->security->getUser();
+        if ($agent->apiKey === $this->synchroSecretKey) {
+            return;
+        }
+
         if ($field->name === FieldCommunity::NAME->value) {
             $this->onFieldNameChange($field);
         }