fix: centralized secret loading for preflight checks (#554)

[CodeWithCJ]

fix: centralized secret loading for preflight checks (#554)

• Add secretLoader utility to resolve _FILE env vars into process.env
• Integrate secret loading into server entry point before preflight
• Simplify encryption.js by removing redundant local secret retrieval

[gemini-code-assist]

Summary of Changes

Hello @CodeWithCJ, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the server's secret management by centralizing the loading of secrets from files, which is crucial for containerized deployments like Docker Swarm and Kubernetes. This change streamlines the server startup process, ensuring that all necessary secrets are available before critical services and preflight checks are executed. Additionally, it refines the food database's sorting logic to provide more consistent and predictable results for paginated queries.

Highlights

• Centralized Secret Loading: Introduced a new secretLoader utility to automatically resolve environment variables ending with _FILE by reading their content from the specified file path. This enhances support for Docker Swarm and Kubernetes secret management.
• Server Initialization Flow: Integrated the new secret loading mechanism into the server's entry point (SparkyFitnessServer.js) to ensure secrets are loaded before preflight checks and other modules that depend on them are initialized.
• Encryption Module Simplification: Refactored the encryption.js module by removing its internal getSecret helper function, as secret retrieval is now handled centrally by the secretLoader at an earlier stage.
• Improved Food Sorting Consistency: Enhanced the food pagination query to include f.id ASC in the ORDER BY clause for all sorting scenarios, ensuring stable and consistent results when multiple foods share the same primary sort value. Also added NULLS LAST for nutrition-based sorting.

Changelog

• SparkyFitnessServer/SparkyFitnessServer.js
  • Imported and invoked secretLoader at the beginning of the server startup to load secrets from files.
  • Applied minor formatting adjustments to various app.use and app.get calls for consistency.
  • Updated logging statements for better readability.
  • Adjusted cors middleware configuration formatting.
  • Refined console.warn message for private network CORS.
• SparkyFitnessServer/models/food.js
  • Modified getFoodsWithPagination to include f.id ASC in the ORDER BY clause for all sorting options to ensure stable sorting.
  • Added NULLS LAST to nutrition-based sorting fields to handle null values gracefully.
• SparkyFitnessServer/security/encryption.js
  • Removed the getSecret helper function, relying on the new secretLoader to populate environment variables.
  • Updated direct access to process.env.SPARKY_FITNESS_API_ENCRYPTION_KEY.
  • Adjusted string literals from single to double quotes for consistency.
• SparkyFitnessServer/test_secret_loader.js
  • Added a new utility script to test the functionality of the secretLoader module, including mocking environment variables and file operations.
• SparkyFitnessServer/tests/foodSorting.test.js
  • Updated expected ORDER BY clauses in food sorting tests to reflect the new f.id ASC and NULLS LAST additions for accurate validation.
• SparkyFitnessServer/utils/secretLoader.js
  • Added a new utility module containing the loadSecrets function, which reads environment variables ending in _FILE and sets the corresponding base environment variable with the file's content.

Activity

• CodeWithCJ implemented the secretLoader utility to centralize secret loading from files.
• CodeWithCJ integrated the secretLoader into the server entry point before preflight checks.
• CodeWithCJ simplified encryption.js by removing redundant local secret retrieval logic.
• CodeWithCJ made minor formatting and consistency adjustments across several files.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a centralized secretLoader utility to handle environment variables that reference secret files, which is a robust improvement for managing secrets, especially in containerized environments. The encryption.js file has been simplified by removing its local secret retrieval logic, now relying on the new utility. Additionally, the food sorting logic in food.js has been enhanced to provide more stable and predictable sorting by including f.id ASC as a tie-breaker and NULLS LAST for nutrition fields, with corresponding test updates. Minor formatting adjustments were also made across several files to improve readability.

[gemini-code-assist]

The addition of f.id ASC to the ORDER BY clause is a good practice for ensuring stable and deterministic sorting, especially when f.name might not be unique. This improves the consistency of pagination results.

[gemini-code-assist]

Adding NULLS LAST to the ORDER BY clause for nutrition fields (like fv.calories) is a significant improvement. It ensures that foods with NULL values for these fields are consistently placed at the end of the sorted list, preventing unpredictable ordering and improving data presentation. The inclusion of f.id ASC as a secondary sort key further enhances stability.