Load env from Secrets path with fallback

This commit is contained in:
2026-06-11 18:56:45 -05:00
parent a5408ba8da
commit 5834bd1e60
+33 -9
View File
@@ -3,12 +3,16 @@ import { Hono } from 'hono';
import { serveStatic } from 'hono/bun'; import { serveStatic } from 'hono/bun';
import { cors } from 'hono/cors'; import { cors } from 'hono/cors';
import PocketBase from 'pocketbase'; import PocketBase from 'pocketbase';
import { ConfidentialClientApplication } from '@azure/msal-node';
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
// Config // Config
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
config({ path: '/home/admin/secrets/.env' }); const PRIMARY_ENV_PATH = 'C:\\Users\\AlfonsoEwing\\OneDrive - Cardoza Construction\\Apps\\Secrets\\.env';
const FALLBACK_ENV_PATH = 'D:\\.env';
const primaryEnv = config({ path: PRIMARY_ENV_PATH });
if (primaryEnv.error) {
config({ path: FALLBACK_ENV_PATH });
}
// Known OneNote target // Known OneNote target
// Section/page IDs must come from the OneNote Graph API (sites/{siteId}/onenote/sections), // Section/page IDs must come from the OneNote Graph API (sites/{siteId}/onenote/sections),
@@ -365,19 +369,39 @@ function findRecordFieldName(record: Record<string, unknown>, patterns: RegExp[]
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
// MSAL app-only (Graph status check) // MSAL app-only (Graph status check)
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
const cca = new ConfidentialClientApplication({ type ClientCredentialResult = {
auth: { accessToken?: string;
clientId: process.env.CLIENT_ID || '', expiresOn?: Date | string | null;
authority: `https://login.microsoftonline.com/${process.env.TENANT_ID}`, } | null;
clientSecret: process.env.CLIENT_SECRET || '',
}, type ClientCredentialApp = {
}); acquireTokenByClientCredential: (request: { scopes: string[] }) => Promise<ClientCredentialResult>;
};
let ccaPromise: Promise<ClientCredentialApp> | null = null;
async function getConfidentialClientApp(): Promise<ClientCredentialApp> {
if (!ccaPromise) {
ccaPromise = (async () => {
const msal = await import('@azure/msal-node');
return new msal.ConfidentialClientApplication({
auth: {
clientId: process.env.CLIENT_ID || '',
authority: `https://login.microsoftonline.com/${process.env.TENANT_ID}`,
clientSecret: process.env.CLIENT_SECRET || '',
},
});
})();
}
return ccaPromise;
}
let graphTokenCache: { token: string; expiresOn: number } | null = null; let graphTokenCache: { token: string; expiresOn: number } | null = null;
async function getGraphToken() { async function getGraphToken() {
const now = Date.now(); const now = Date.now();
if (graphTokenCache && graphTokenCache.expiresOn - 60_000 > now) return graphTokenCache; if (graphTokenCache && graphTokenCache.expiresOn - 60_000 > now) return graphTokenCache;
const cca = await getConfidentialClientApp();
const result = await cca.acquireTokenByClientCredential({ scopes: ['https://graph.microsoft.com/.default'] }); const result = await cca.acquireTokenByClientCredential({ scopes: ['https://graph.microsoft.com/.default'] });
if (!result?.accessToken) throw new Error('Failed to acquire Graph token'); if (!result?.accessToken) throw new Error('Failed to acquire Graph token');
graphTokenCache = { graphTokenCache = {