refactor(config): ♻️ Redo config structure from scratch, simplify validation code, improve checks, add support for loading sensitive data from paths

2026-03-13 05:49:16 +01:00 · 2025-02-15 02:47:29 +01:00 · 2025-02-15 02:47:29 +01:00 · 54fd81f076
commit 54fd81f076
parent d4afd84019
118 changed files with 3892 additions and 5291 deletions
--- a/classes/inbox/processor.test.ts
+++ b/classes/inbox/processor.test.ts
@ -9,8 +9,10 @@ import {
    User,
 } from "@versia/kit/db";
 import type { SocketAddress } from "bun";
+import type { z } from "zod";
 import { ValidationError } from "zod-validation-error";
-import { config } from "~/packages/config-manager/index.ts";
+import { config } from "~/config.ts";
+import type { ConfigSchema } from "../config/schema.ts";
 import { InboxProcessor } from "./processor.ts";

 // Mock dependencies
@ -58,7 +60,7 @@ mock.module("@versia/federation", () => ({
    RequestParserHandler: jest.fn(),
 }));

-mock.module("~/packages/config-manager/index.ts", () => ({
+mock.module("~/config.ts", () => ({
    config: {
        debug: {
            federation: false,
@ -172,9 +174,13 @@ describe("InboxProcessor", () => {
        });

        test("returns false for valid bridge request", () => {
-            config.federation.bridge.enabled = true;
-            config.federation.bridge.token = "valid-token";
-            config.federation.bridge.allowed_ips = ["127.0.0.1"];
+            config.federation.bridge = {
+                token: "valid-token",
+                allowed_ips: ["127.0.0.1"],
+                url: new URL("https://test.com"),
+                software: "versia-ap",
+            };
+
            mockHeaders.authorization = "Bearer valid-token";

            // biome-ignore lint/complexity/useLiteralKeys: Private method
@ -183,7 +189,9 @@ describe("InboxProcessor", () => {
        });

        test("returns error response for invalid token", () => {
-            config.federation.bridge.enabled = true;
+            config.federation.bridge = {} as z.infer<
+                typeof ConfigSchema
+            >["federation"]["bridge"];
            mockHeaders.authorization = "Bearer invalid-token";

            // biome-ignore lint/complexity/useLiteralKeys: Private method
--- a/classes/inbox/processor.ts
+++ b/classes/inbox/processor.ts
@ -23,7 +23,7 @@ import { eq } from "drizzle-orm";
 import type { StatusCode } from "hono/utils/http-status";
 import { matches } from "ip-matching";
 import { type ValidationError, isValidationError } from "zod-validation-error";
-import { config } from "~/packages/config-manager/index.ts";
+import { config } from "~/config.ts";

 type ResponseBody = {
    message?: string;
@ -98,7 +98,7 @@ export class InboxProcessor {
            throw new Error("Sender is not defined");
        }

-        if (config.debug.federation) {
+        if (config.debug?.federation) {
            this.logger.debug`Sender public key: ${chalk.gray(
                this.sender.key,
            )}`;
@ -134,7 +134,7 @@ export class InboxProcessor {
     * @returns {boolean | ResponseBody} - Whether to skip signature checks. May include a response body if there are errors.
     */
    private shouldCheckSignature(): boolean | ResponseBody {
-        if (config.federation.bridge.enabled) {
+        if (config.federation.bridge) {
            const token = this.headers.authorization?.split("Bearer ")[1];

            if (token) {
@ -158,6 +158,14 @@ export class InboxProcessor {
     * @returns
     */
    private isRequestFromBridge(token: string): boolean | ResponseBody {
+        if (!config.federation.bridge) {
+            return {
+                message:
+                    "Bridge is not configured. Please remove the Authorization header.",
+                code: 500,
+            };
+        }
+
        if (token !== config.federation.bridge.token) {
            return {
                message: