LukeParke/pypistats.dev
1
0
Fork 0
mirror of https://github.com/LukeHagar/pypistats.dev.git synced 2025-12-06 20:57:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

troubleshooting secrets

Browse Source
This commit is contained in:
Luke Hagar
2025-08-14 14:50:44 -05:00
parent 8a19a483e4
commit de7cc4090d
1 changed files with 45 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/lib/data-processor.ts
View File

@@ -36,16 +36,54 @@ export class DataProcessor {
}; };
// Handle credentials from environment variable or file // Handle credentials from environment variable or file
if (process.env.GOOGLE_APPLICATION_CREDENTIALS_JSON) { const rawCredentialsEnv = process.env.GOOGLE_APPLICATION_CREDENTIALS_JSON;
// Use JSON credentials from environment variable if (rawCredentialsEnv) {
// Add diagnostics without leaking secrets
const trimmed = rawCredentialsEnv.trim();
const firstChar = trimmed[0];
const looksLikeJson = firstChar === '{' || firstChar === '[';
const looksLikeBase64 = !looksLikeJson && /^[A-Za-z0-9+/=\n\r]+$/.test(trimmed);
console.log(
'BigQuery credentials detected in GOOGLE_APPLICATION_CREDENTIALS_JSON',
`length=${trimmed.length}`,
`startsWith=${firstChar}`,
`jsonLikely=${looksLikeJson}`,
`base64Likely=${looksLikeBase64}`
);
try { try {
const credentials = JSON.parse(process.env.GOOGLE_APPLICATION_CREDENTIALS_JSON); let parsed: any | null = null;
bigQueryConfig.credentials = credentials; if (looksLikeJson) {
bigQueryConfig.credentials.private_key = credentials.private_key.replace(/\\n/g, '\n'); parsed = JSON.parse(trimmed);
} else {
// Try base64 decode → JSON parse
try {
const decoded = Buffer.from(trimmed, 'base64').toString('utf8');
console.log('BigQuery credentials decoded from base64', `decodedLength=${decoded.length}`);
parsed = JSON.parse(decoded);
} catch (e) {
console.error('BigQuery credentials base64 decode/parse failed');
throw e;
}
}
if (parsed && typeof parsed.private_key === 'string') {
parsed.private_key = parsed.private_key.replace(/\\n/g, '\n');
}
bigQueryConfig.credentials = parsed;
} catch (error) { } catch (error) {
console.error('Failed to parse GOOGLE_APPLICATION_CREDENTIALS_JSON:', error); console.error(
'Failed to parse GOOGLE_APPLICATION_CREDENTIALS_JSON. '
+ 'Ensure it is valid JSON or base64-encoded JSON with escaped newlines in private_key.'
);
// Fallback: if a key file path is provided, use it; otherwise, surface a clearer error
if (process.env.GOOGLE_APPLICATION_CREDENTIALS) {
console.warn('Falling back to GOOGLE_APPLICATION_CREDENTIALS keyFilename');
bigQueryConfig.keyFilename = process.env.GOOGLE_APPLICATION_CREDENTIALS;
} else {
throw new Error('Invalid GOOGLE_APPLICATION_CREDENTIALS_JSON format'); throw new Error('Invalid GOOGLE_APPLICATION_CREDENTIALS_JSON format');
} }
}
} else if (process.env.GOOGLE_APPLICATION_CREDENTIALS) { } else if (process.env.GOOGLE_APPLICATION_CREDENTIALS) {
// Use file path (existing behavior) // Use file path (existing behavior)
bigQueryConfig.keyFilename = process.env.GOOGLE_APPLICATION_CREDENTIALS; bigQueryConfig.keyFilename = process.env.GOOGLE_APPLICATION_CREDENTIALS;