adjustment: moved backup logic to cmd layer

2026-05-02 03:02:03 -04:00 · 2024-05-02 00:49:29 +08:00
parent 24f7ecc548
commit 8fc4fd64f8
2 changed files with 71 additions and 45 deletions
--- a/cli/packages/cmd/run.go
+++ b/cli/packages/cmd/run.go
@@ -116,35 +116,82 @@ var runCmd = &cobra.Command{
 			Recursive:     recursive,
 		}

+		var secrets []models.SingleEnvironmentVariable
+		var isUserSession bool
+		var infisicalDotJson models.WorkspaceConfigFile
+		var userBackupSecretsEncryptionKey []byte
+
 		if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
 			request.InfisicalToken = token.Token
 		} else if token != nil && token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER {
 			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, projectConfigDir)
-
-		if err != nil {
-			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
-		}
-
-		if secretOverriding {
-			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
 		} else {
-			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
-		}
-
-		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-
-			if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER {
-				authParams.UniversalAuthAccessToken = token.Token
+			// user session
+			isUserSession = true
+			loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
+			if err != nil {
+				util.HandleError(err)
 			}

-			secrets = util.ExpandSecrets(secrets, authParams, projectConfigDir)
+			isConnected := util.CheckIsConnectedToInfisicalAPI()
+
+			if projectConfigDir == "" {
+				projectConfig, err := util.GetWorkSpaceFromFile()
+				if err != nil {
+					util.HandleError(err)
+				}
+	
+				infisicalDotJson = projectConfig
+			} else {
+				projectConfig, err := util.GetWorkSpaceFromFilePath(projectConfigDir)
+				if err != nil {
+					util.HandleError(err)
+				}
+	
+				infisicalDotJson = projectConfig
+			}
+
+			userBackupSecretsEncryptionKey = []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32]
+
+			if !isConnected {
+				secrets, err = util.ReadBackupSecrets(infisicalDotJson.WorkspaceId, environmentName, userBackupSecretsEncryptionKey)
+				if err != nil {
+					util.HandleError(err)
+				}
+				if len(secrets) > 0 {
+					util.PrintWarning("Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug")
+				}
+			}
+		}
+
+		if len(secrets) == 0 {
+			secrets, err = util.GetAllEnvironmentVariables(request, projectConfigDir)
+			if err != nil {
+				util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
+			}
+
+			if secretOverriding {
+				secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
+			} else {
+				secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
+			}
+
+			if shouldExpandSecrets {
+
+				authParams := models.ExpandSecretsAuthentication{}
+
+				if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
+					authParams.InfisicalToken = token.Token
+				} else if token != nil && token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER {
+					authParams.UniversalAuthAccessToken = token.Token
+				}
+
+				secrets = util.ExpandSecrets(secrets, authParams, projectConfigDir)
+			}
+
+			if isUserSession {
+				util.WriteBackupSecrets(infisicalDotJson.WorkspaceId, environmentName, userBackupSecretsEncryptionKey, secrets)
+			}
 		}

 		secretsByKey := getSecretsByKeys(secrets)
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@@ -319,21 +319,16 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo
 		}

 		RequireLogin()
-
 		log.Debug().Msg("GetAllEnvironmentVariables: Trying to fetch secrets using logged in details")

 		loggedInUserDetails, err := GetCurrentLoggedInUserDetails()
-		isConnected := CheckIsConnectedToInfisicalAPI()
-
-		if isConnected {
-			log.Debug().Msg("GetAllEnvironmentVariables: Connected to Infisical instance, checking logged in creds")
-		}
+		log.Debug().Msg("GetAllEnvironmentVariables: Connected to Infisical instance, checking logged in creds")

 		if err != nil {
 			return nil, err
 		}

-		if isConnected && loggedInUserDetails.LoginExpired {
+		if loggedInUserDetails.LoginExpired {
 			PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
 		}

@@ -362,22 +357,6 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo
 		secretsToReturn, errorToReturn = GetPlainTextSecretsViaJTW(loggedInUserDetails.UserCredentials.JTWToken, loggedInUserDetails.UserCredentials.PrivateKey, infisicalDotJson.WorkspaceId,
 			params.Environment, params.TagSlugs, params.SecretsPath, params.IncludeImport, params.Recursive)
 		log.Debug().Msgf("GetAllEnvironmentVariables: Trying to fetch secrets JTW token [err=%s]", errorToReturn)
-
-		backupSecretsEncryptionKey := []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32]
-		if errorToReturn == nil {
-			WriteBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, backupSecretsEncryptionKey, secretsToReturn)
-		}
-
-		// only attempt to serve cached secrets if no internet connection and if at least one secret cached
-		if !isConnected {
-			backedSecrets, err := ReadBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, backupSecretsEncryptionKey)
-			if len(backedSecrets) > 0 {
-				PrintWarning("Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug")
-				secretsToReturn = backedSecrets
-				errorToReturn = err
-			}
-		}
-
 	} else {
 		if params.InfisicalToken != "" {
 			log.Debug().Msg("Trying to fetch secrets using service token")