From ab925bfbd636b2c070409b39fc5c093dd2ee7095 Mon Sep 17 00:00:00 2001
From: Nikolai B <nikolai-b@users.noreply.github.com>
Date: Wed, 11 Dec 2024 13:50:49 +0000
Subject: [PATCH] Move to rails creds

---
 .gitignore                            |  4 ++++
 config/credentials.yml.enc            |  1 +
 config/credentials/production.yml.enc |  1 +
 config/initializers/devise.rb         | 13 ++-----------
 config/initializers/geocoder.rb       |  7 +------
 config/initializers/rakismet.rb       |  4 ++--
 config/initializers/rollbar.rb        |  6 ++----
 config/initializers/secret_token.rb   | 20 --------------------
 config/mailboxes.example.yml          |  8 --------
 lib/mailbox_processor.rb              | 11 +----------
 lib/tasks/scheduled.rake              |  2 +-
 11 files changed, 15 insertions(+), 62 deletions(-)
 create mode 100644 config/credentials.yml.enc
 create mode 100644 config/credentials/production.yml.enc
 delete mode 100644 config/initializers/secret_token.rb
 delete mode 100644 config/mailboxes.example.yml

diff --git a/.gitignore b/.gitignore
index cbf9367cc..946ca7deb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,7 @@ node_modules/
 *.sql.gz
 .byebug_history
 redesign/.config.js
+
+/config/credentials/production.key
+
+/config/master.key
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
new file mode 100644
index 000000000..aaa95438b
--- /dev/null
+++ b/config/credentials.yml.enc
@@ -0,0 +1 @@
+opShgPYZJxn/pKgYWVLx82VrgeBFlXEo4WnwdjNf5K2xLNklycuf0Myy+r6ftKumk2IvTBE6v2sT6XvRDJy327AE0nNoRR6KYsR1JiLFGmbT3DH7WgGOWFy4oPmeUYt0JXzJVoDIPiXgbAHhI+2kJGdLic1Ho/UbJMTwSEx5at064/nwLi/EBgWe1zYky78YomNNMchpxSiAyja++cPt09FwadWc8zwQTPy3BOC7s9utEEDHrPgMCe/fqqP1+C+dE6K5SImvKVQ++DU68EEuUhjHGmpKwHNLNGUx4bNq87tcqc6/33eOn9IpY8KS8/lNfgjRSpnGzXItUBtGBu/67ZHKjPdTBvK42T5YbuEbrA32HlI/GpK6oRxm6ZhsFpvDQun+f2lfsaoqCwioc81IWvZNnk2OdU/0pvQ2Gs3h0NmqaS85q48V+jGcLqTa3oM1KBl089xkbYAONwepjLMcpbrKNpnpEKF5AmcKR1CkPPKICDfMWQDmumSvrpdFvdoUlVvgqVUNOILQauMN/T07i7Me9gR3pVK78OY1MJNyfaKY2aAw/nYV9jck43+tr9d1E5valOPCVcjahZQnyi8/WYGDGorRqozvF9RmiQ+sp7A9VRh9j1MYeTCxV9ia7mQa/NubxrE+PTJ/AsxPBrFdFHreP0dobw1oS/cS7Phx4EXH2FNTg8FAu/X0Bk+CAqa9hoX5J9ASwyR1uP7th6pKGRE3TJ0ndXotyZs0sU9EUM8Ne8LguY7hf0GAoiM0jrZcsA2RRWq8anl8DC8OiQYaPVJZM9qacKscRAqFi31clWPeDgdeyXL/Iq6xKmMR4FbPqJX3Ra5qEoFNjn+jcBhZNKpQZy8CarM6jl+xOuiOkbEl--bUZ7Vi618jEfrwIo--GNFJZpupxUIg9YVkbIW3Nw==
\ No newline at end of file
diff --git a/config/credentials/production.yml.enc b/config/credentials/production.yml.enc
new file mode 100644
index 000000000..d04a666cf
--- /dev/null
+++ b/config/credentials/production.yml.enc
@@ -0,0 +1 @@
+w6be7UmjIXLG6FlLU7KnvEkIILOSzy1Ptte0P0xCirrPPdWMB6nzfJGDzQ29KjBosX3Bb2Qp3UlYe5G9hYRjyApzZ+dYt86ZXqT3YfoCkc8dFht6iKOrsjs+O0vu4L/yZV86eh1O4f8KQEtCnG3Gh4rr5LejfbNnmBGfZhAfnpvKbBED+873IzRIZUhYhftBQEKbC59YiLOy3VduhjK7llyhu7YLjUVA6TZ17BGjr6+e+Ct3+DqTmilcvA2kPU0FhXvAEsr5HEswAOmDVKmqjHPHesP98EzNJr25PcuXW9nWMF6joioBC73PiQew4hln0T0rkw3WClOIRc4RmIynIskNx1A4BI1fYTb4GkXrbEkYu0tw6zCsSlUQq3AlYJITeRzW7gM0KTDdkRsPaZF6Yyn2Rto6u4Mp4ibyONmoW33l/V37yUwGLKjNOsnJuwIg1DX8JxQjXtluhJZhNCnE8Mtobn5I5u3k+bW6luTTJNRldaYITpyxKcNmD2vQIAVFtXYjD2988WgWbY+lwIziXp1diJwL3TVtghfmOb7Mlr7TAiZ+u8n1C6CW5jM+Lmiw37znRiq6yXX7rVWBfCfsq5JlLYLyNGkNmZniofwLrP81zW+Kxjhw1cEssw7WmNpbhXayhdHW+ZaKx/ic9FWfBhpi1r0EOgof/AG5sdYzUhoeOQ2pSzCy4tbN18iRCTkz011QhumEMQcpJ6eowSmfjQScz5omrXLR98epvlJ4S3GW51Bw8bbJqTCTuv6LxzRNpe8cn4eysDIGlaBI5R1MQBH6ABq6RCTE4Kh51/xwla4a5zczqi5EJ2wmXcIVwPl4t/eRqJHOK2XIKI9CbUGFghQdcKv+De1Y2IfzlXpyp04M7LJmiBWV71YyQEu0ovonYYH81BxpbYqaH5cA2kjY2XFc2nj3biUKWMBnJ+gxZwekv250JfXD2Q5rYJamRKWdlr/6yG5AYztyOArpBleHWWSFB0X0tzCbwluiToYlV5pYJidcGf/LcOvczeJhPFS9TnMorW4R5M4txYPdNV8oGMGT+BnONzCXurldPk5n8YgM3QegRodr8k0pDbTg--7apxrB9V3e7z5hRL--VYv4zYCNJAK38Z0u+EE9ZQ==
\ No newline at end of file
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index f6b91431c..fd86dfc47 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -3,15 +3,6 @@
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 
-def secret(name)
-  file = Rails.root.join("config", name)
-  if Rails.env.test? || Rails.env.development?
-    File.exist?(file) ? File.read(file).strip : ""
-  else
-    File.read(file).strip
-  end
-end
-
 Devise.setup do |config|
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -226,8 +217,8 @@ def secret(name)
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
   # config.omniauth :github, "APP_ID", "APP_SECRET", :scope => "user,public_repo"
-  config.omniauth :facebook, secret("facebook_app_id"), secret("facebook_app_secret")
-  config.omniauth :twitter, secret("twitter_app_id"), secret("twitter_app_secret")
+  config.omniauth :facebook, Rails.application.credentials.facebook.app_id, Rails.application.credentials.facebook.app_secret
+  config.omniauth :twitter, Rails.application.credentials.twitter.app_id, Rails.application.credentials.twitter.app_secret
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
diff --git a/config/initializers/geocoder.rb b/config/initializers/geocoder.rb
index f603a1583..0e5f88a7e 100644
--- a/config/initializers/geocoder.rb
+++ b/config/initializers/geocoder.rb
@@ -1,12 +1,7 @@
 # frozen_string_literal: true
 
 module Geocoder
-  cs_api_file = Rails.root.join("config", "cyclestreets")
-  API_KEY = if cs_api_file.exist?
-              cs_api_file.read.strip.freeze
-            else
-              ""
-            end
+  API_KEY = Rails.application.credentials.cyclestreets
   CS_BASE_URL    = "https://api.cyclestreets.net/v2/"
   GEO_URL        = "#{CS_BASE_URL}geocoder"
   COLLISIONS_URL = "#{CS_BASE_URL}collisions.locations"
diff --git a/config/initializers/rakismet.rb b/config/initializers/rakismet.rb
index 3da1c63a6..5e200e8b1 100644
--- a/config/initializers/rakismet.rb
+++ b/config/initializers/rakismet.rb
@@ -3,8 +3,8 @@
 akismet_file = Rails.root.join("config", "akismet")
 
 Cyclescape::Application.config.rakismet.key =
-  if akismet_file.exist?
-    akismet_file.read.strip
+  if (token = Rails.application.credentials.rakismet)
+    token
   elsif %w[development test].include? Rails.env
     "development"
   end
diff --git a/config/initializers/rollbar.rb b/config/initializers/rollbar.rb
index 8d636fb66..0659d1619 100644
--- a/config/initializers/rollbar.rb
+++ b/config/initializers/rollbar.rb
@@ -1,10 +1,8 @@
 # frozen_string_literal: true
 
 Rollbar.configure do |config|
-  access_token_file = Rails.root.join("config", "rollbar")
-
-  if access_token_file.exist?
-    config.access_token = access_token_file.read.strip
+  if (token = Rails.application.credentials.rollbar)
+    config.access_token = token
   else
     config.enabled = false
   end
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
deleted file mode 100644
index c0aaa1643..000000000
--- a/config/initializers/secret_token.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-# Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-fallback_token = "a1bcbfb276fb310924d6c5f8c7ca23d880200b"
-
-# check for the existence of a config/secret_token file, which we generate for produtions systems.
-
-# TODO: remove secret_file (this is now secret key base)
-secret_key_base = Rails.root.join("config", "secret_token")
-
-if Rails.env.production?
-  Rails.application.secrets.secret_key_base = File.read(secret_key_base).strip
-else
-  Rails.application.secrets.secret_key_base = fallback_token
-end
diff --git a/config/mailboxes.example.yml b/config/mailboxes.example.yml
deleted file mode 100644
index f9fe1e64a..000000000
--- a/config/mailboxes.example.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-primary:
-  host: "mail.example.com"
-  user_name: "user@example.com"
-  password: "secret"
-  authentication: "PLAIN"
-  mailbox: "INBOX"
-  mail_processor: "InboundMailProcessor"
-  days_to_retain: 10
diff --git a/lib/mailbox_processor.rb b/lib/mailbox_processor.rb
index c94092d9b..6a9332aff 100644
--- a/lib/mailbox_processor.rb
+++ b/lib/mailbox_processor.rb
@@ -5,16 +5,7 @@
 class MailboxProcessor
   attr_accessor :config
 
-  def self.mailboxes_config
-    return @config if @config
-
-    config_path = Rails.root + "config" + "mailboxes.yml"
-    raise "Mailboxes config file not found at #{config_path}" unless config_path.exist?
-
-    @config ||= YAML.safe_load(File.read(config_path)).with_indifferent_access
-  end
-
-  def initialize(config = {})
+  def initialize(config)
     @config = config
   end
 
diff --git a/lib/tasks/scheduled.rake b/lib/tasks/scheduled.rake
index 58bb0e275..69120bf2a 100644
--- a/lib/tasks/scheduled.rake
+++ b/lib/tasks/scheduled.rake
@@ -2,7 +2,7 @@
 
 namespace :scheduled do
   task process_all_mailboxes: :environment do
-    MailboxReader.mailboxes_config.each do |_name, config|
+    Rails.application.credentials.mail.each_value do |config|
       MailboxReader.new(config).run
     end
   end