fix: build fails and standalone docker fixes

Dockerfile.fips.standalone-infisical

@@ -73,17 +73,6 @@ RUN apt-get update && apt-get install -y \
 # Configure ODBC
 RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini
 
-
-# Build and install FIPS validated OpenSSL
-WORKDIR /openssl-build
-RUN wget https://www.openssl.org/source/openssl-3.1.2.tar.gz \
-    && tar -xf openssl-3.1.2.tar.gz \
-    && cd openssl-3.1.2 \
-    && ./Configure enable-fips \
-    && make \
-    && make install_fips
-
-
 COPY backend/package*.json ./
 RUN npm ci --only-production
 
@@ -114,15 +103,6 @@ RUN apt-get update && apt-get install -y \
 # Configure ODBC
 RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini
 
-# Build and install FIPS validated OpenSSL
-WORKDIR /openssl-build
-RUN wget https://www.openssl.org/source/openssl-3.1.2.tar.gz \
-    && tar -xf openssl-3.1.2.tar.gz \
-    && cd openssl-3.1.2 \
-    && ./Configure enable-fips \
-    && make \
-    && make install_fips
-
 COPY backend/package*.json ./
 RUN npm ci --only-production
 
@@ -135,6 +115,12 @@ FROM base AS production
 
 # Install necessary packages including ODBC
 RUN apt-get update && apt-get install -y \
+    build-essential \
+    autoconf \
+    automake \
+    libtool \
+    wget \
+    libssl-dev \
     ca-certificates \
     curl \
     git \
@@ -152,6 +138,15 @@ RUN apt-get update && apt-get install -y \
 # Configure ODBC in production
 RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini
 
+
+WORKDIR /openssl-build
+RUN wget https://www.openssl.org/source/openssl-3.1.2.tar.gz \
+    && tar -xf openssl-3.1.2.tar.gz \
+    && cd openssl-3.1.2 \
+    && ./Configure enable-fips \
+    && make \
+    && make install_fips
+
 # Install Infisical CLI
 RUN curl -1sLf 'https://artifacts-cli.infisical.com/setup.deb.sh' | bash \
     && apt-get update && apt-get install -y infisical=0.41.89 \
@@ -198,14 +193,16 @@ ENV OPENSSL_CONF=/backend/nodejs.fips.cnf
 ENV OPENSSL_MODULES=/usr/local/lib/ossl-modules
 ENV NODE_OPTIONS=--force-fips
 ENV FIPS_ENABLED=true
+  
 
 WORKDIR /backend
 
 ENV TELEMETRY_ENABLED true
 
 EXPOSE 8080
+EXPOSE 80
 EXPOSE 443
 
 USER non-root-user
 
-CMD ["./standalone-entrypoint.sh"]
+CMD ["./standalone-entrypoint.sh"]

backend/src/lib/crypto/cryptography/crypto.ts

@@ -20,17 +20,8 @@ import { logger } from "../../logger";
 import { asymmetricFipsValidated } from "./asymmetric-fips";
 import { hasherFipsValidated } from "./hash-fips";
 import { jwtFipsValidated } from "./jwt-fips";
-import {
-  DigestType,
-  JWTPayload,
-  JWTSecretOrKey,
-  JWTSignOptions,
-  JWTVerifyOptions,
-  SymmetricKeySize,
-  TDecryptAsymmetricInput,
-  TDecryptSymmetricInput,
-  TEncryptSymmetricInput
-} from "./types";
+import type { TDecryptAsymmetricInput, TDecryptSymmetricInput, TEncryptSymmetricInput } from "./types";
+import { DigestType, JWTPayload, JWTSecretOrKey, JWTSignOptions, JWTVerifyOptions, SymmetricKeySize } from "./types";
 
 const bytesToBits = (bytes: number) => bytes * 8;
 

backend/src/lib/crypto/cryptography/index.ts

@@ -1,9 +1,8 @@
 export { crypto } from "./crypto";
-export {
-  DigestType,
-  SymmetricKeySize,
+export type {
   TDecryptAsymmetricInput,
   TDecryptSymmetricInput,
   TEncryptedWithRootEncryptionKey,
   TEncryptSymmetricInput
 } from "./types";
+export { DigestType, SymmetricKeySize } from "./types";

backend/src/lib/crypto/index.ts

@@ -1,4 +1,4 @@
-export { crypto, SymmetricKeySize, TEncryptedWithRootEncryptionKey } from "./cryptography";
+export { crypto, SymmetricKeySize } from "./cryptography";
 export { buildSecretBlindIndexFromName } from "./encryption";
 export {
   decryptIntegrationAuths,

backend/src/lib/telemetry/instrumentation.ts

@@ -6,7 +6,6 @@ import { HttpInstrumentation } from "@opentelemetry/instrumentation-http";
 import { Resource } from "@opentelemetry/resources";
 import { AggregationTemporality, MeterProvider, PeriodicExportingMetricReader } from "@opentelemetry/sdk-metrics";
 import { ATTR_SERVICE_NAME, ATTR_SERVICE_VERSION } from "@opentelemetry/semantic-conventions";
-import tracer from "dd-trace";
 import dotenv from "dotenv";
 
 import { initEnvConfig } from "../config/env";
@@ -89,6 +88,8 @@ const setupTelemetry = async () => {
   }
 
   if (envCfg.SHOULD_USE_DATADOG_TRACER) {
+    const tracer = await import("dd-trace");
+
     console.log("Initializing Datadog tracer");
     tracer.init({
       profiling: envCfg.DATADOG_PROFILING_ENABLED,

backend/src/queue/queue-service.ts

@@ -448,6 +448,9 @@ export const queueServiceFactory = (
     if (appCfg.QUEUE_WORKERS_ENABLED && isQueueEnabled(name)) {
       workerContainer[name] = new Worker(name, jobFn, {
         ...queueSettings,
+        settings: {
+          repeatKeyHashAlgorithm: "sha256"
+        },
         connection
       });
     }