reddb-io-server 1.2.0

RedDB server-side engine: storage, runtime, replication, MCP, AI, and the gRPC/HTTP/RedWire/PG-wire dispatchers. Re-exported by the umbrella `reddb` crate.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

//! Env-var-with-`_FILE`-companion helper (PLAN.md Phase 6.4).
//!
//! Centralises the pattern that ~5 modules independently reinvented:
//!   1. Read `VAR`. If non-empty/non-whitespace, return it.
//!   2. Otherwise read `VAR_FILE`. If set, treat its value as a path
//!      to a file containing the secret.
//!   3. `read_to_string` the file, trim trailing `\n`/`\r` (kubectl
//!      create secret + echo > file both append a newline), and
//!      return the contents if non-empty.
//!   4. On read failure, log a warning and return `None` — boot
//!      fails closed downstream when the secret was required.

/// Read `name` from the env. If unset/empty, fall back to
/// `<name>_FILE`. Returns `None` when neither produces a usable
/// value. Trims trailing whitespace from file contents.
pub fn env_with_file_fallback(name: &str) -> Option<String> {
    if let Ok(value) = std::env::var(name) {
        if !value.trim().is_empty() {
            return Some(value);
        }
    }
    let file_var = format!("{name}_FILE");
    let path = std::env::var(&file_var).ok()?;
    let trimmed_path = path.trim();
    if trimmed_path.is_empty() {
        return None;
    }
    match std::fs::read_to_string(trimmed_path) {
        Ok(contents) => {
            let value = contents.trim_end_matches(['\n', '\r']).to_string();
            if value.is_empty() {
                None
            } else {
                Some(value)
            }
        }
        Err(err) => {
            tracing::warn!(
                target: "reddb::secrets",
                env = %file_var,
                path = %trimmed_path,
                error = %err,
                "secret file referenced by {file_var} could not be read; falling back to None"
            );
            None
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::sync::Mutex;

    // The env namespace is process-global, so serialise the tests
    // that mutate it; otherwise running in parallel would create
    // false negatives.
    fn env_lock() -> &'static Mutex<()> {
        static LOCK: std::sync::OnceLock<Mutex<()>> = std::sync::OnceLock::new();
        LOCK.get_or_init(|| Mutex::new(()))
    }

    #[test]
    fn returns_inline_when_set() {
        let _g = env_lock().lock();
        unsafe {
            std::env::set_var("REDDB_TEST_INLINE", "value-from-env");
            std::env::remove_var("REDDB_TEST_INLINE_FILE");
        }
        assert_eq!(
            env_with_file_fallback("REDDB_TEST_INLINE"),
            Some("value-from-env".to_string())
        );
        unsafe {
            std::env::remove_var("REDDB_TEST_INLINE");
        }
    }

    #[test]
    fn falls_back_to_file_when_inline_empty() {
        let _g = env_lock().lock();
        let dir =
            std::env::temp_dir().join(format!("reddb-env-secret-test-{}", std::process::id()));
        let _ = std::fs::create_dir_all(&dir);
        let path = dir.join("token");
        std::fs::write(&path, "value-from-file\n").unwrap();
        unsafe {
            std::env::remove_var("REDDB_TEST_FALLBACK");
            std::env::set_var("REDDB_TEST_FALLBACK_FILE", &path);
        }
        assert_eq!(
            env_with_file_fallback("REDDB_TEST_FALLBACK"),
            Some("value-from-file".to_string()) // trailing \n trimmed
        );
        unsafe {
            std::env::remove_var("REDDB_TEST_FALLBACK_FILE");
        }
        let _ = std::fs::remove_dir_all(&dir);
    }

    #[test]
    fn inline_wins_over_file() {
        let _g = env_lock().lock();
        let dir = std::env::temp_dir().join(format!("reddb-env-precedence-{}", std::process::id()));
        let _ = std::fs::create_dir_all(&dir);
        let path = dir.join("token");
        std::fs::write(&path, "from-file").unwrap();
        unsafe {
            std::env::set_var("REDDB_TEST_PRIORITY", "from-env");
            std::env::set_var("REDDB_TEST_PRIORITY_FILE", &path);
        }
        assert_eq!(
            env_with_file_fallback("REDDB_TEST_PRIORITY"),
            Some("from-env".to_string())
        );
        unsafe {
            std::env::remove_var("REDDB_TEST_PRIORITY");
            std::env::remove_var("REDDB_TEST_PRIORITY_FILE");
        }
        let _ = std::fs::remove_dir_all(&dir);
    }

    #[test]
    fn returns_none_when_neither_set() {
        let _g = env_lock().lock();
        unsafe {
            std::env::remove_var("REDDB_TEST_NONE");
            std::env::remove_var("REDDB_TEST_NONE_FILE");
        }
        assert_eq!(env_with_file_fallback("REDDB_TEST_NONE"), None);
    }

    #[test]
    fn read_failure_returns_none() {
        let _g = env_lock().lock();
        unsafe {
            std::env::remove_var("REDDB_TEST_BAD");
            std::env::set_var("REDDB_TEST_BAD_FILE", "/nonexistent/path/zzz");
        }
        assert_eq!(env_with_file_fallback("REDDB_TEST_BAD"), None);
        unsafe {
            std::env::remove_var("REDDB_TEST_BAD_FILE");
        }
    }
}