From 3a48e08fe0a60ea3b0e2ec1c069e1db233c81003 Mon Sep 17 00:00:00 2001
From: Vishnu Narayanan <vishnu@chatwoot.com>
Date: Thu, 25 Nov 2021 00:55:26 +0530
Subject: [PATCH] feat: migrate facebook env vars to globalConfig (#3369)

Migrate facebook env vars to globalConfig and make it editable from the super admin UI.
---
 .../api/v1/accounts/callbacks_controller.rb         |  2 +-
 app/controllers/dashboard_controller.rb             | 13 ++++++++-----
 app/controllers/webhooks/instagram_controller.rb    |  2 +-
 app/models/installation_config.rb                   |  6 ++++++
 app/services/instagram/send_on_instagram_service.rb |  2 +-
 config/initializers/facebook_messenger.rb           |  4 ++--
 lib/integrations/facebook/message_parser.rb         |  2 +-
 spec/lib/vapid_service_spec.rb                      |  7 ++++++-
 8 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/app/controllers/api/v1/accounts/callbacks_controller.rb b/app/controllers/api/v1/accounts/callbacks_controller.rb
index 9fc05d531..7c2469c05 100644
--- a/app/controllers/api/v1/accounts/callbacks_controller.rb
+++ b/app/controllers/api/v1/accounts/callbacks_controller.rb
@@ -74,7 +74,7 @@ class Api::V1::Accounts::CallbacksController < Api::V1::Accounts::BaseController
   end
 
   def long_lived_token(omniauth_token)
-    koala = Koala::Facebook::OAuth.new(ENV['FB_APP_ID'], ENV['FB_APP_SECRET'])
+    koala = Koala::Facebook::OAuth.new(GlobalConfigService.load('FB_APP_ID', ''), GlobalConfigService.load('FB_APP_SECRET', ''))
     koala.exchange_access_token_info(omniauth_token)['access_token']
   rescue StandardError => e
     Rails.logger.info e
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index ad5b0ba24..783b138af 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -26,14 +26,17 @@ class DashboardController < ActionController::Base
       'API_CHANNEL_THUMBNAIL',
       'ANALYTICS_TOKEN',
       'ANALYTICS_HOST'
-    ).merge(
-      APP_VERSION: Chatwoot.config[:version],
-      VAPID_PUBLIC_KEY: VapidService.public_key,
-      ENABLE_ACCOUNT_SIGNUP: GlobalConfigService.load('ENABLE_ACCOUNT_SIGNUP', 'false')
-    )
+    ).merge(app_config)
   end
 
   def ensure_installation_onboarding
     redirect_to '/installation/onboarding' if ::Redis::Alfred.get(::Redis::Alfred::CHATWOOT_INSTALLATION_ONBOARDING)
   end
+
+  def app_config
+    { APP_VERSION: Chatwoot.config[:version],
+      VAPID_PUBLIC_KEY: VapidService.public_key,
+      ENABLE_ACCOUNT_SIGNUP: GlobalConfigService.load('ENABLE_ACCOUNT_SIGNUP', 'false'),
+      FB_APP_ID: GlobalConfigService.load('FB_APP_ID', '') }
+  end
 end
diff --git a/app/controllers/webhooks/instagram_controller.rb b/app/controllers/webhooks/instagram_controller.rb
index bd6fee1f5..2338ca7d1 100644
--- a/app/controllers/webhooks/instagram_controller.rb
+++ b/app/controllers/webhooks/instagram_controller.rb
@@ -25,6 +25,6 @@ class Webhooks::InstagramController < ApplicationController
   private
 
   def valid_instagram_token?(token)
-    token == ENV['IG_VERIFY_TOKEN']
+    token == GlobalConfigService.load('IG_VERIFY_TOKEN', '')
   end
 end
diff --git a/app/models/installation_config.rb b/app/models/installation_config.rb
index ce65eb678..20ee1f5ff 100644
--- a/app/models/installation_config.rb
+++ b/app/models/installation_config.rb
@@ -23,6 +23,8 @@ class InstallationConfig < ApplicationRecord
   default_scope { order(created_at: :desc) }
   scope :editable, -> { where(locked: false) }
 
+  after_commit :clear_cache
+
   def value
     serialized_value[:value]
   end
@@ -38,4 +40,8 @@ class InstallationConfig < ApplicationRecord
   def set_lock
     self.locked = true if locked.nil?
   end
+
+  def clear_cache
+    GlobalConfig.clear_cache
+  end
 end
diff --git a/app/services/instagram/send_on_instagram_service.rb b/app/services/instagram/send_on_instagram_service.rb
index 4f331e58b..0a8e9d4ec 100644
--- a/app/services/instagram/send_on_instagram_service.rb
+++ b/app/services/instagram/send_on_instagram_service.rb
@@ -50,7 +50,7 @@ class Instagram::SendOnInstagramService < Base::SendOnChannelService
   # @see https://developers.facebook.com/docs/messenger-platform/instagram/features/send-message
   def send_to_facebook_page(message_content)
     access_token = channel.page_access_token
-    app_secret_proof = calculate_app_secret_proof(ENV['FB_APP_SECRET'], access_token)
+    app_secret_proof = calculate_app_secret_proof(GlobalConfigService.load('FB_APP_SECRET', ''), access_token)
 
     query = { access_token: access_token }
     query[:appsecret_proof] = app_secret_proof if app_secret_proof
diff --git a/config/initializers/facebook_messenger.rb b/config/initializers/facebook_messenger.rb
index ad7e5ab1f..f9f4fae88 100644
--- a/config/initializers/facebook_messenger.rb
+++ b/config/initializers/facebook_messenger.rb
@@ -1,11 +1,11 @@
 # ref: https://github.com/jgorset/facebook-messenger#make-a-configuration-provider
 class ChatwootFbProvider < Facebook::Messenger::Configuration::Providers::Base
   def valid_verify_token?(_verify_token)
-    ENV['FB_VERIFY_TOKEN']
+    GlobalConfigService.load('FB_VERIFY_TOKEN', '')
   end
 
   def app_secret_for(_page_id)
-    ENV['FB_APP_SECRET']
+    GlobalConfigService.load('FB_APP_SECRET', '')
   end
 
   def access_token_for(page_id)
diff --git a/lib/integrations/facebook/message_parser.rb b/lib/integrations/facebook/message_parser.rb
index e53438d70..d2b943c00 100644
--- a/lib/integrations/facebook/message_parser.rb
+++ b/lib/integrations/facebook/message_parser.rb
@@ -44,7 +44,7 @@ class Integrations::Facebook::MessageParser
 
   # TODO : does this work ?
   def sent_from_chatwoot_app?
-    app_id && app_id == ENV['FB_APP_ID'].to_i
+    app_id && app_id == GlobalConfigService.load('FB_APP_ID', '').to_i
   end
 end
 
diff --git a/spec/lib/vapid_service_spec.rb b/spec/lib/vapid_service_spec.rb
index bdadeabf5..8a5d3891c 100644
--- a/spec/lib/vapid_service_spec.rb
+++ b/spec/lib/vapid_service_spec.rb
@@ -19,6 +19,9 @@ describe VapidService do
         ENV['VAPID_PUBLIC_KEY'] = 'test'
         described_class.public_key
 
+        # this call will hit db as after_commit method will clear globalConfig cache
+        expect(InstallationConfig).to receive(:find_by)
+        described_class.public_key
         # subsequent calls should not hit DB
         expect(InstallationConfig).not_to receive(:find_by)
         described_class.public_key
@@ -30,11 +33,13 @@ describe VapidService do
         ENV['VAPID_PRIVATE_KEY'] = 'test'
         described_class.private_key
 
+        # this call will hit db as after_commit method will clear globalConfig cache
+        expect(InstallationConfig).to receive(:find_by)
+        described_class.private_key
         # subsequent calls should not hit DB
         expect(InstallationConfig).not_to receive(:find_by)
         described_class.private_key
         ENV['VAPID_PRIVATE_KEY'] = nil
-        ENV['VAPID_PRIVATE_KEY'] = nil
       end
 
       it 'clears cache and fetch from DB next time, when clear_cache is called' do