在插件中添加 vault-rails gem 时遇到问题

pfaffman · 2020 年12 月 14 日 20:53

我试图在插件中添加 vault-rails，以加密我添加的模型中包含的密钥，参考了以下示例：Plugin with custom gems - #4 by Falco

（Discourse 中是否已有某种方法可以实现这一点，而我尚未发现？我只看到了 encrypt 插件……）

如果我在 plugin.rb 中添加这一行，就会收到错误提示：Could not find 'rails' (>= 5.0) among 348 total gem(s)。但将相同的行添加到 Discourse 的 Gemfile 中则能正常工作。

gem "vault-rails", "0.7.0", { require: false }

 (master *) pfaffman@shinytim:~/src/discourse-repos/discourse$ ./bin/rails c
Traceback (most recent call last):
	43: from ./bin/rails:17:in `<main>'
	42: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/activesupport-6.0.3.3/lib/active_support/dependencies.rb:324:in `require'
	41: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/activesupport-6.0.3.3/lib/active_support/dependencies.rb:291:in `load_dependency'
	40: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/activesupport-6.0.3.3/lib/active_support/dependencies.rb:324:in `block in require'
	39: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:31:in `require'
	38: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in `require_with_bootsnap_lfi'
	37: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/loaded_features_index.rb:92:in `register'
	36: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in `block in require_with_bootsnap_lfi'
	35: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in `require'
	34: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/railties-6.0.3.3/lib/rails/commands.rb:18:in `<main>'
	33: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/railties-6.0.3.3/lib/rails/command.rb:46:in `invoke'
	32: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/railties-6.0.3.3/lib/rails/command/base.rb:69:in `perform'
	31: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor.rb:392:in `dispatch'
	30: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/invocation.rb:127:in `invoke_command'
	29: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/command.rb:27:in `run'
	28: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/railties-6.0.3.3/lib/rails/commands/console/console_command.rb:101:in `perform'
	27: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/railties-6.0.3.3/lib/rails/command/actions.rb:14:in `require_application_and_environment!'
	26: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/railties-6.0.3.3/lib/rails/command/actions.rb:22:in `require_application!'
	25: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/activesupport-6.0.3.3/lib/active_support/dependencies.rb:324:in `require'
	24: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/activesupport-6.0.3.3/lib/active_support/dependencies.rb:291:in `load_dependency'
	23: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/activesupport-6.0.3.3/lib/active_support/dependencies.rb:324:in `block in require'
	22: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:31:in `require'
	21: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in `require_with_bootsnap_lfi'
	20: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/loaded_features_index.rb:92:in `register'
	19: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in `block in require_with_bootsnap_lfi'
	18: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0/gems/bootsnap-1.5.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in `require'
	17: from /home/pfaffman/src/discourse-repos/discourse/config/application.rb:70:in `<main>'
	16: from /home/pfaffman/src/discourse-repos/discourse/config/application.rb:71:in `<module:Discourse>'
	15: from /home/pfaffman/src/discourse-repos/discourse/config/application.rb:304:in `<class:Application>'
	14: from /home/pfaffman/src/discourse-repos/discourse/lib/plugin_initialization_guard.rb:5:in `plugin_initialization_guard'
	13: from /home/pfaffman/src/discourse-repos/discourse/config/application.rb:305:in `block in <class:Application>'
	12: from lib/discourse.rb:225:in `activate_plugins!'
	11: from lib/discourse.rb:225:in `each'
	10: from lib/discourse.rb:228:in `block in activate_plugins!'
	 9: from /home/pfaffman/src/discourse-repos/discourse/lib/plugin/instance.rb:611:in `activate!'
	 8: from /home/pfaffman/src/discourse-repos/discourse/lib/plugin/instance.rb:611:in `instance_eval'
	 7: from /home/pfaffman/src/discourse-repos/discourse/plugins/discourse-pfaffmanager/plugin.rb:13:in `activate!'
	 6: from /home/pfaffman/src/discourse-repos/discourse/lib/plugin/instance.rb:705:in `gem'
	 5: from /home/pfaffman/src/discourse-repos/discourse/lib/plugin_gem.rb:22:in `load'
	 4: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/site_ruby/2.7.0/rubygems/specification.rb:1371:in `activate'
	 3: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/site_ruby/2.7.0/rubygems/specification.rb:1389:in `activate_dependencies'
	 2: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/site_ruby/2.7.0/rubygems/specification.rb:1389:in `each'
	 1: from /home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/site_ruby/2.7.0/rubygems/specification.rb:1400:in `block in activate_dependencies'
/home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/site_ruby/2.7.0/rubygems/dependency.rb:311:in `to_specs': Could not find 'rails' (>= 5.0) among 348 total gem(s) (Gem::MissingSpecError)
Checked in 'GEM_PATH=/home/pfaffman/.rbenv/versions/2.7.1/lib/ruby/gems/2.7.0:/home/pfaffman/Dropbox/home/bin/dotfiles/.gem/ruby/2.7.0', execute `gem env` for more information

Falco · 2020 年12 月 14 日 20:59

你链接的帖子中提到：

你试过这样做吗？

Discourse 并不依赖 Rails gem，我们只导入所需的模块。你想要使用的这个 gem 依赖于完整的 Rails gem，因此你需要递归地添加 Discourse 尚未包含的每一个依赖项。

恐怕这会涉及大量内容，但至少它能明确告诉你还缺少哪些依赖。

pfaffman · 2020 年12 月 14 日 21:14

哦，我完全没想到 rails 没有被加载。

整个依赖树！我明白了。

这看起来确实有很多东西。

我打算把像 DigitalOcean API 密钥和 SSH 密钥这样的信息存储在数据库中。您是否知道其他简单且安全的方法？我想我也可以直接调用 shell 并运行 vault 之类的工具，配合 exec 使用。不过这种情况不会经常发生。

Falco · 2020 年12 月 14 日 21:20

也许可以只使用 vault gem，它仅依赖 aws-sigv4 和 aws-eventstream？

这里的“安全地”具体指什么？你的威胁模型（https://en.wikipedia.org/wiki/Threat_model）是什么？你是在试图防止拥有 Data Explorer 访问权限的管理员访问吗？如果是这样，使用一个简单的环境变量可能会更简单。

pfaffman · 2020 年12 月 14 日 21:26

“安全”意味着安全程度足以让你愿意提供 Digital Ocean API 密钥和 Mailgun API 密钥，以便我的这个小插件创建一台 Droplet 并在其上安装 Discourse，同时生成一个用于执行升级等操作的 SSH 密钥。

我认为我唯一需要增加的防护措施是：即使有人窃取了数据库，他们也无法获得这些密钥。当然，如果他们攻破了服务器，那就另当别论了。

我想我可能需要寻找一种更轻量级的方式来加密这几个字段。

编辑：https://pawelurbanek.com/rails-secure-encrypt-decrypt 看起来足够简单，并且使用了 ActiveSupport::MessageEncryptor，这似乎已经可用。

话题		回复	浏览量
Transforming simple ruby files into a ruby gem Development	5	1052	2018 年12 月 14 日
Specifying the gem dependecies for plugin - gem does not exist Development	11	3587	2021 年10 月 14 日
Package a Discourse plugin as a gem Developers how-to , plugin-guides	4	608	2023 年7 月 27 日
Requiring external gems Development	9	1771	2023 年8 月 28 日
Discourse Plugins and Rails 6 config/initializers Question Development	22	3010	2020 年11 月 22 日

在插件中添加 vault-rails gem 时遇到问题

相关话题