Add turnstileSiteKey config

sillsdev · Jul 18, 2024 · cef2a5e · cef2a5e
1 parent 18cf48c
commit cef2a5e
Show file tree

Hide file tree

Showing 10 changed files with 35 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -142,9 +142,9 @@ A rapid word collection tool. See the [User Guide](https://sillsdev.github.io/Th
 
 ### Prepare the Environment
 
-1. If you want the email services to work you will need to set the following environment variables. These values must be
-   kept secret, so ask your email administrator to supply them. Set them in your `.profile` (Linux or Mac 10.14-), your
-   `.zprofile` (Mac 10.15+), or the _System_ app (Windows).
+1. _(Optional)_ If you want the email services to work you will need to set the following environment variables. These
+   values must be kept secret, so ask your email administrator to supply them. Set them in your `.profile` (Linux or Mac
+   10.14-), your `.zprofile` (Mac 10.15+), or the _System_ app (Windows).
 
    - `COMBINE_SMTP_SERVER`
    - `COMBINE_SMTP_PORT`
@@ -685,7 +685,12 @@ Notes:
 
 ### Setup Environment Variables
 
-_Note: This is optional for Development Environments._
+Before installing _The Combine_ in Kubernetes, you need to set the following environment variables:
+`COMBINE_JWT_SECRET_KEY`, `TURNSTILE_SECRET_KEY`. For development environments, you can use the values defined in
+`Backend/Properties/launchSettings.json`. Set them in your `.profile` (Linux or Mac 10.14-), your `.zprofile` (Mac
+10.15+), or the _System_ app (Windows).
+
+_Note: The following is optional for Development Environments._
 
 In addition to the environment variables defined in [Prepare the Environment](#prepare-the-environment), you may setup
 the following environment variables:
@@ -695,15 +700,13 @@ the following environment variables:
 - `AWS_ACCESS_KEY_ID`
 - `AWS_SECRET_ACCESS_KEY`
 
-These variables will allow the Combine to:
+These variables will allow _The Combine_ to:
 
 - pull released and QA software images from AWS Elastic Container Registry (ECR);
 - create backups and push them to AWS S3 storage; and
 - restore _The Combine's_ database and backend files from a backup stored in AWS S3 storage.
 
-The Combine application will function in a local cluster without these variables set.
-
-These can be set in your `.profile` (Linux or Mac 10.14-), your `.zprofile` (Mac 10.15+), or the _System_ app (Windows).
+The Combine application will function in a local cluster without these `AWS_` variables set.
 
 ### Install/Update _The Combine_
 

diff --git a/deploy/helm/thecombine/charts/frontend/templates/deployment-frontend.yaml b/deploy/helm/thecombine/charts/frontend/templates/deployment-frontend.yaml
@@ -39,6 +39,11 @@ spec:
                 configMapKeyRef:
                   key: CONFIG_TURNSTILE_REQUIRED
                   name: env-frontend
+            - name: CONFIG_TURNSTILE_SITE_KEY
+              valueFrom:
+                configMapKeyRef:
+                  key: CONFIG_TURNSTILE_SITE_KEY
+                  name: env-frontend
             - name: CONFIG_USE_CONNECTION_URL
               valueFrom:
                 configMapKeyRef:

diff --git a/deploy/helm/thecombine/charts/frontend/templates/env-frontend-configmap.yaml b/deploy/helm/thecombine/charts/frontend/templates/env-frontend-configmap.yaml
@@ -9,6 +9,7 @@ data:
   CERT_ADDL_DOMAINS: {{ .Values.combineAddlDomainList | quote }}
   CONFIG_USE_CONNECTION_URL: "true"
   CONFIG_TURNSTILE_REQUIRED: {{ .Values.configTurnstileRequired | quote }}
+  CONFIG_TURNSTILE_SITE_KEY: {{ .Values.configTurnstileSiteKey | quote }}
   CONFIG_OFFLINE: {{ .Values.configOffline | quote }}
   CONFIG_EMAIL_ENABLED: {{ and .Values.configEmailEnabled (empty .Values.global.combineSmtpUsername | not) | quote }}
   CONFIG_SHOW_CERT_EXPIRATION: {{ .Values.configShowCertExpiration | quote }}

diff --git a/deploy/helm/thecombine/charts/frontend/values.yaml b/deploy/helm/thecombine/charts/frontend/values.yaml
@@ -19,6 +19,7 @@ imageName: combine_frontend
 # The additional domain list is a space-separated string list of domains
 combineAddlDomainList: ""
 configTurnstileRequired: "false"
+configTurnstileSiteKey: "None - from frontend chart"
 configOffline: "false"
 configEmailEnabled: "true"
 configShowCertExpiration: "false"

diff --git a/deploy/helm/thecombine/values.yaml b/deploy/helm/thecombine/values.yaml
@@ -57,6 +57,7 @@ frontend:
   configShowCertExpiration: false
   configAnalyticsWriteKey: ""
   configTurnstileRequired: false
+  configTurnstileSiteKey: "None"
 
 # Maintenance configuration items
 maintenance:

diff --git a/deploy/scripts/setup_files/combine_config.yaml b/deploy/scripts/setup_files/combine_config.yaml
@@ -81,6 +81,7 @@ targets:
           serverName: qa-kube.thecombine.app
         frontend:
           configTurnstileRequired: "true"
+          configTurnstileSiteKey: "0x4AAAAAAAe9zmM2ysXGSJk1"
   prod:
     profile: prod
     env_vars_required: true
@@ -91,6 +92,7 @@ targets:
           serverName: thecombine.app
         frontend:
           configTurnstileRequired: "true"
+          configTurnstileSiteKey: "0x4AAAAAAAe9zmM2ysXGSJk1"
 
 # Set of profiles
 # Each key of 'profiles' defines one of the profiles used by the set of targets.

diff --git a/deploy/scripts/setup_files/profiles/dev.yaml b/deploy/scripts/setup_files/profiles/dev.yaml
@@ -12,6 +12,8 @@ charts:
 
     frontend:
       configTurnstileRequired: "true"
+      # https://developers.cloudflare.com/turnstile/troubleshooting/testing/
+      configTurnstileSiteKey: "1x00000000000000000000AA" # visible pass
 
     global:
       imageRegistry: ""

diff --git a/nginx/init/25-combine-runtime-config.sh b/nginx/init/25-combine-runtime-config.sh
@@ -50,6 +50,7 @@ declare -A env_map
 env_map=(
   ["CONFIG_USE_CONNECTION_URL"]="useConnectionBaseUrlForApi"
   ["CONFIG_TURNSTILE_REQUIRED"]="turnstileRequired"
+  ["CONFIG_TURNSTILE_SITE_KEY"]="turnstileSiteKey"
   ["CONFIG_ANALYTICS_WRITE_KEY"]="analyticsWriteKey"
   ["CONFIG_OFFLINE"]="offline"
   ["CONFIG_EMAIL_ENABLED"]="emailServicesEnabled"

diff --git a/src/components/Login/Turnstile.tsx b/src/components/Login/Turnstile.tsx
@@ -24,13 +24,9 @@ export default function Turnstile(props: TurnstileProps): ReactElement {
 
   const siteKey =
     process.env.NODE_ENV === "production"
-      ? "0x4AAAAAAAe9zmM2ysXGSJk1" // the true site key for deployment
+      ? RuntimeConfig.getInstance().turnstileSiteKey()
       : // https://developers.cloudflare.com/turnstile/troubleshooting/testing/
-        //"1x00000000000000000000AA"; // visible pass
-        //"2x00000000000000000000AB"; // visible fail
-        //"1x00000000000000000000BB"; // invisible pass
-        //"2x00000000000000000000BB"; // invisible fail
-        "3x00000000000000000000FF"; // force interactive challenge
+        "1x00000000000000000000AA"; // visible pass
 
   const fail = (): void => {
     setSuccess(false);

diff --git a/src/types/runtimeConfig.ts b/src/types/runtimeConfig.ts
@@ -1,6 +1,7 @@
 interface RuntimeConfigItems {
   baseUrl: string;
   turnstileRequired: boolean;
+  turnstileSiteKey: string;
   offline: boolean;
   emailServicesEnabled: boolean;
   showCertExpiration: boolean;
@@ -16,6 +17,7 @@ declare global {
 const defaultConfig: RuntimeConfigItems = {
   baseUrl: "http://localhost:5000",
   turnstileRequired: true,
+  turnstileSiteKey: "0x4AAAAAAAe9zmM2ysXGSJk1",
   offline: false,
   emailServicesEnabled: true,
   showCertExpiration: true,
@@ -61,6 +63,13 @@ export class RuntimeConfig {
     return defaultConfig.turnstileRequired;
   }
 
+  public turnstileSiteKey(): string {
+    if (window.runtimeConfig.hasOwnProperty("turnstileSiteKey")) {
+      return window.runtimeConfig.turnstileSiteKey;
+    }
+    return defaultConfig.turnstileSiteKey;
+  }
+
   public emailServicesEnabled(): boolean {
     if (RuntimeConfig._instance.isOffline()) {
       return false;