db-password from google secrets aligned to server start gogle secrets initialized before migration

2026-01-23 12:51:49 +05:30 · 2026-01-23 12:51:49 +05:30 · 088ac173a7
commit 088ac173a7
parent be220bbb0c
5 changed files with 77 additions and 62 deletions
--- a/package.json
+++ b/package.json
@ -4,8 +4,8 @@
  "description": "Royal Enfield Workflow Management System - Backend API (TypeScript)",
  "main": "dist/server.js",
  "scripts": {
-    "start": "npm run setup && npm run build && npm run start:prod",
-    "dev": "npm run setup && nodemon --exec ts-node -r tsconfig-paths/register src/server.ts",
+    "start": "npm run build && npm run start:prod && npm run setup",
+    "dev": "nodemon --exec ts-node -r tsconfig-paths/register src/server.ts && npm run setup",
    "dev:no-setup": "nodemon --exec ts-node -r tsconfig-paths/register src/server.ts",
    "build": "tsc && tsc-alias",
    "build:watch": "tsc --watch",
--- a/src/app.ts
+++ b/src/app.ts
@ -16,17 +16,7 @@ import path from 'path';
 // Load environment variables from .env file first
 dotenv.config();

-// Initialize Google Secret Manager (async, but we'll wait for it in server.ts)
-// This will merge secrets from GCS into process.env if USE_GOOGLE_SECRET_MANAGER=true
-// Export initialization function so server.ts can await it before starting
-export async function initializeSecrets(): Promise<void> {
-  try {
-    await initializeGoogleSecretManager();
-  } catch (error) {
-    // Log error but don't throw - allow fallback to .env
-    console.error('⚠️  Failed to initialize Google Secret Manager, using .env file:', error);
-  }
-}
+// Secrets are now initialized in server.ts before app is imported

 const app: express.Application = express();
 const userService = new UserService();
--- a/src/scripts/auto-setup.ts
+++ b/src/scripts/auto-setup.ts
@ -11,8 +11,8 @@
 */

 import { Client } from 'pg';
-import { sequelize } from '../config/database';
 import { QueryTypes } from 'sequelize';
+import { initializeGoogleSecretManager } from '../services/googleSecretManager.service';
 import { exec } from 'child_process';
 import { promisify } from 'util';
 import dotenv from 'dotenv';
@ -21,14 +21,15 @@ import path from 'path';
 dotenv.config({ path: path.resolve(__dirname, '../../.env') });

 const execAsync = promisify(exec);
+// DB constants moved inside functions to ensure secrets are loaded first

+async function checkAndCreateDatabase(): Promise<boolean> {
  const DB_HOST = process.env.DB_HOST || 'localhost';
  const DB_PORT = parseInt(process.env.DB_PORT || '5432');
  const DB_USER = process.env.DB_USER || 'postgres';
  const DB_PASSWORD = process.env.DB_PASSWORD || '';
  const DB_NAME = process.env.DB_NAME || 'royal_enfield_workflow';

-async function checkAndCreateDatabase(): Promise<boolean> {
  const client = new Client({
    host: DB_HOST,
    port: DB_PORT,
@ -156,6 +157,8 @@ async function runMigrations(): Promise<void> {
      { name: '20260122-create-workflow-templates', module: m30 },
    ];

+    // Dynamically import sequelize after secrets are loaded
+    const { sequelize } = require('../config/database');
    const queryInterface = sequelize.getQueryInterface();

    // Ensure migrations tracking table exists
@ -171,10 +174,10 @@ async function runMigrations(): Promise<void> {
    }

    // Get already executed migrations
-    const executedResults = await sequelize.query<{ name: string }>(
+    const executedResults = await sequelize.query(
      'SELECT name FROM migrations ORDER BY id',
      { type: QueryTypes.SELECT }
-    );
+    ) as { name: string }[];
    const executedMigrations = executedResults.map(r => r.name);

    // Find pending migrations
@ -222,6 +225,7 @@ async function runMigrations(): Promise<void> {
 async function testConnection(): Promise<void> {
  try {
    console.log('🔌 Testing database connection...');
+    const { sequelize } = require('../config/database');
    await sequelize.authenticate();
    console.log('✅ Database connection established!');
  } catch (error: any) {
@ -236,6 +240,10 @@ async function autoSetup(): Promise<void> {
  console.log('========================================\n');

  try {
+    // Step 0: Initialize secrets
+    console.log('🔐 Initializing secrets...');
+    await initializeGoogleSecretManager();
+
    // Step 1: Check and create database if needed
    const wasCreated = await checkAndCreateDatabase();

--- a/src/scripts/migrate.ts
+++ b/src/scripts/migrate.ts
@ -1,5 +1,5 @@
-import { sequelize } from '../config/database';
 import { QueryInterface, QueryTypes } from 'sequelize';
+import { initializeGoogleSecretManager } from '../services/googleSecretManager.service';
 import * as m0 from '../migrations/2025103000-create-users';
 import * as m1 from '../migrations/2025103001-create-workflow-requests';
 import * as m2 from '../migrations/2025103002-create-approval-levels';
@ -102,12 +102,12 @@ async function ensureMigrationsTable(queryInterface: QueryInterface): Promise<vo
 /**
 * Get list of already executed migrations
 */
-async function getExecutedMigrations(): Promise<string[]> {
+async function getExecutedMigrations(sequelize: any): Promise<string[]> {
  try {
-    const results = await sequelize.query<{ name: string }>(
+    const results = await sequelize.query(
      'SELECT name FROM migrations ORDER BY id',
      { type: QueryTypes.SELECT }
-    );
+    ) as { name: string }[];
    return results.map(r => r.name);
  } catch (error) {
    // Table might not exist yet
@ -118,7 +118,7 @@ async function getExecutedMigrations(): Promise<string[]> {
 /**
 * Mark migration as executed
 */
-async function markMigrationExecuted(name: string): Promise<void> {
+async function markMigrationExecuted(sequelize: any, name: string): Promise<void> {
  await sequelize.query(
    'INSERT INTO migrations (name) VALUES (:name) ON CONFLICT (name) DO NOTHING',
    {
@ -133,6 +133,12 @@ async function markMigrationExecuted(name: string): Promise<void> {
 */
 async function run() {
  try {
+    console.log('🔐 Initializing secrets...');
+    await initializeGoogleSecretManager();
+
+    // Dynamically import sequelize after secrets are loaded
+    const { sequelize } = require('../config/database');
+
    await sequelize.authenticate();

    const queryInterface = sequelize.getQueryInterface();
@ -141,7 +147,7 @@ async function run() {
    await ensureMigrationsTable(queryInterface);

    // Get already executed migrations
-    const executedMigrations = await getExecutedMigrations();
+    const executedMigrations = await getExecutedMigrations(sequelize);

    // Find pending migrations
    const pendingMigrations = migrations.filter(
@ -160,7 +166,7 @@ async function run() {
    for (const migration of pendingMigrations) {
      try {
        await migration.module.up(queryInterface);
-        await markMigrationExecuted(migration.name);
+        await markMigrationExecuted(sequelize, migration.name);
        console.log(`✅ ${migration.name}`);
      } catch (error: any) {
        console.error(`❌ Migration failed: ${migration.name} - ${error.message}`);
--- a/src/server.ts
+++ b/src/server.ts
@ -1,16 +1,13 @@
 import http from 'http';
-import { initializeSecrets } from './app'; // Import initialization function
-import app from './app';
-import { initSocket } from './realtime/socket';
-import './queues/tatWorker'; // Initialize TAT worker
-import { logTatConfig } from './config/tat.config';
-import { logSystemConfig } from './config/system.config';
-import { initializeHolidaysCache } from './utils/tatTimeUtils';
-import { seedDefaultConfigurations } from './services/configSeed.service';
-import { startPauseResumeJob } from './jobs/pauseResumeJob';
-import './queues/pauseResumeWorker'; // Initialize pause resume worker
-import { initializeQueueMetrics, stopQueueMetrics } from './utils/queueMetrics';
-import { emailService } from './services/email.service';
+import dotenv from 'dotenv';
+import path from 'path';
+
+// Load environment variables from .env file FIRST
+dotenv.config({ path: path.resolve(__dirname, '../.env') });
+import { initializeGoogleSecretManager } from './services/googleSecretManager.service';
+import { stopQueueMetrics } from './utils/queueMetrics';
+
+// Dynamic imports will be used inside startServer to ensure secrets are loaded first

 const PORT: number = parseInt(process.env.PORT || '5000', 10);

@ -19,7 +16,21 @@ const startServer = async (): Promise<void> => {
  try {
    // Initialize Google Secret Manager before starting server
    // This will merge secrets from GCS into process.env if enabled
-    await initializeSecrets();
+    console.log('🔐 Initializing secrets...');
+    await initializeGoogleSecretManager();
+
+    // Dynamically import everything else after secrets are loaded
+    const app = require('./app').default;
+    const { initSocket } = require('./realtime/socket');
+    require('./queues/tatWorker'); // Initialize TAT worker
+    const { logTatConfig } = require('./config/tat.config');
+    const { logSystemConfig } = require('./config/system.config');
+    const { initializeHolidaysCache } = require('./utils/tatTimeUtils');
+    const { seedDefaultConfigurations } = require('./services/configSeed.service');
+    const { startPauseResumeJob } = require('./jobs/pauseResumeJob');
+    require('./queues/pauseResumeWorker'); // Initialize pause resume worker
+    const { initializeQueueMetrics } = require('./utils/queueMetrics');
+    const { emailService } = require('./services/email.service');

    // Re-initialize email service after secrets are loaded (in case SMTP credentials were loaded)
    // This ensures the email service uses production SMTP if credentials are available