Depends on #11

Switch to a MUI list, with a Plus button to add one, and a remove button (appears on hover) to remove

e.g.

> comfy init
# creates a project using the curent directory name, development environment, a generated passphrase
> comfy init --name foo
# creates a project using the the name 'foo', development environment, a generated passphrase
> comfy init --environments=development,staging,production
# you get the idea

See the discussion here #49

The current comfy add syntax is counterintuitive:

comfy add dev -f config.json

One has to peek inside the doc to know it. It would be more intuitive to have

comfy add dev '{"login": "admin", "password": "S3cr3T"}'

That way, I could also do

cat config.json | comfy add dev

or any other mix and match of STDIN and STDOUT

With two sections:

• Server configuration (using environment variables)
• SPA configuration (using JavaScript format)

Description

If I try to get for a non existant environment on comfy, then I get a 500 error.

Steps to Reproduce

1. type "comfy get fake_env"
2. Get this error message:

The API call returned a 500 HTTP error code
Error: The API call returned a 500 HTTP error code
    at Request._callback (/home/julienm/.nvm/versions/node/v8.10.0/lib/node_modules/comfygure/src/client.js:14:27)
    at Request.self.callback (/home/julienm/.nvm/versions/node/v8.10.0/lib/node_modules/comfygure/node_modules/request/request.js:188:22)
    at emitTwo (events.js:126:13)
    at Request.emit (events.js:214:7)
    at Request.<anonymous> (/home/julienm/.nvm/versions/node/v8.10.0/lib/node_modules/comfygure/node_modules/request/request.js:1171:10)
    at emitOne (events.js:116:13)
    at Request.emit (events.js:211:7)
    at IncomingMessage.<anonymous> (/home/julienm/.nvm/versions/node/v8.10.0/lib/node_modules/comfygure/node_modules/request/request.js:1091:12)
    at Object.onceWrapper (events.js:313:30)
    at emitNone (events.js:111:20)
Unknown error, command aborted.
If the error persists, please report it at https://github.com/marmelab/comfygure/issues

I would be so much better to have an explicit message like

Cannot get env "fake_env", check existing env with "comfy env list"

• Exact date when the issue happened: 26/03/2019

See https://github.com/marmelab/javascript-boilerplate/pull/148/files#diff-d069c09ce3ea5c380a686ce3820b24d4R10

Actually, we have comfy setall your-env, it would be nice to have something like that:

comfy set your-env your-key your-value
comfy get your-env your-key

Do not forget to take into account the case where you-key is object, array or simple value.

We can improve the developer experience a bit by writing a good makefile too.

Description

When I run a setall command with an absolute path as the file argument, the client crash.

Steps to Reproduce

1. Run the following command

comfy setall [env] /my/file.json

Expected behavior: It should retrieve my config

Actual behavior: It doesn't.

Do this issue happen with the default server (https://comfy.marmelab.com)?: Yes

Let's have the following example:

"parent": {
 "entry": "value"
}

I update my configuration like this:

"parent": {
 "child1": {
  "entry": "value"
 },
"child2": {
  "entry": "value"
 }
}

In database, parent.entry.value is not deleted, but the link with my configuration is removed.
The problem comes from get.

TODO

• Use Initialization Vector (IV) in the encryption functions (#92)
• Sign every encrypted data with HMAC and check it both server-side (optional) and client-side before usage (#93)
• Don't store the private key in plain text

Reference / Docs

-> AES 256 with an Initialization Vector
-> Check HMAC
-> Symmetric Cryptography (AES) with WebCrypto and Node.js

• Remove stable and next tags
• Add latest and current tags

Description

When using comfy log my_env, logs are returned not ordered, and there is no information to date them.

Steps to Reproduce

1. type comfy log existing_env
2. see the return without order and date

Expected behavior:

Something like:

development	2019-04-17 10:50:01 964e51df37c0fe2a518998fb6457b461c4013d28	(next)
development	2019-04-17 10:45:31 43990ed1b72b77a5bcaa6514a05e7bd773d1c482	(no tag)
development	2019-04-17 10:40:07 de9b94fdfc4d952a2efcf6ef81c7085cd00cd6c4	(no tag)
development	2019-03-17 09:40:01 5582a12fa38e60e500a92aa835c842b792aeac1e	(stable)

Actual behavior:

development	964e51df37c0fe2a518998fb6457b461c4013d28	(next)
development	5582a12fa38e60e500a92aa835c842b792aeac1e	(stable)
development	43990ed1b72b77a5bcaa6514a05e7bd773d1c482	(no tag)
development	de9b94fdfc4d952a2efcf6ef81c7085cd00cd6c4	(no tag)

Do this issue happen with the default server (https://comfy.marmelab.com)?: Yes

• Exact date when the issue happened: 2019-04-17

In the general case, the developer should not have to use tags

With ENVVARS like:

SOMETHING_URL=http://whatever.com/admin/#/something
WHATEVER=It's working

Calling something like:

$(eval ENVVARS = $(shell ./node_modules/.bin/comfy get integration --envvars))

It breaks because the cli actually echoes:

export SOMETHING_URL="http://whatever.com/admin/#/something";
export WHATEVER="It's working";

It happens for hash and quotes but it could happen with anything like string interpolation.

Possible solution: put single quotes.

Rationale

For now, we use object-hash to get a hash of configuration version.
We want to remove this dependency and write our own hashing function.

Details

Here is an example of the new API:

const currentVersion = {
    hash: '000000000000000000000000', // Already computed unique hash
    entries: {
        A: 'value A',
    },
};

const newVersion = {
    // ...
    entries: {
        A: 'value A',
        B: 'value B',
    },
};

const hash = getHash(newVersion.entries, currentVersion.hash); // Should be a unique hash
// or, if there is no precedent version (for example for the first version)
const hash = getHash(newVersion.entries);

The idea is to concatenate the following values:

[PRECEDENT VERSION HASH] + [ENTRY KEY 0] + [ENTRY VALUE 0] + [ENTRY KEY 1] ...
eg: 000000000000000000000000 A value A B value B

or, for no precedent version

[ENTRY KEY 0] + [ENTRY VALUE 0] + [ENTRY KEY 1] +  [ENTRY VALUE 1] ...

Then, get a unique hash of this character chain. You can use the native Node.JS crypto module to find the better way to do this.

Requirements

• The code MUST be tested
• The transpiled code should be compatible with Node 6 (see node.green)
• The hash MUST be unique for two different strings getHash({ a: 1 }) !== getHash({ b: 2 })
• The hash MUST be the same for the same string getHash({ a: 1 }) !== getHash({ a: 1 })

It is highly recommended to write the tests first and then code the function.
Feel free to ask your questions here!

Today, we needs no less than 6 environments variables to install comfy on a server.
This is ironic for a tool that aims to make deployment easier.

The next release must make this installation far simpler.

Let's have the following example:

> cat '{ "myvar": false }' > test.json
> comfy add production -f test.json

What is retrieved will depends on the format:

> comfy get production --envars
MYVAR='false'

> comfy get production --yml
myvar: false

> comfy get production --json
{
    "myvar": "false"
}

As you can see in JSON and environment variables, the boolean false is transformed in string.
This is a problem, especially in JSON, because:

Boolean('false') === true

And I'm not sure how to handle this case.

https://github.com/f/omelette

Description

Currently, saving a comfy get result into a file need to be done manually like this, by example:

comfy get test > config/test.js

But if something goes wrong with comfy (network down, server down, configuration doesn't exists), then It erases all the previous test.js file and replaces it with the comfy error message

It would be very nice to have an explicit output command inside comfy to assure this to not happen

Steps to Reproduce

1. Create a test.js file
2. Type something inside and save it
3. Do: comfy get testRandom > test.js
4. Open your file and see that all is erased

• Exact date when the issue happened: 2019-06-18

https://www.vaultproject.io/

Mush more robust and advanced, but similar in many points.

That also means that the REAME should underline the differences with Vault (simpler, serverless, ?)

Values appear as ******* by default. To reveal a value, click on it. It will only work if the passphrase was given.

Inspiration: Chrome password manager

eg. when we want to create a config on a non-existing environment.

We can't connect to pg using command line when serverless is running

This is the benchmark for one test:

  Basic Usages
    accessors
exec command: "comfy init --origin 'http://localhost:3000'": 762.499ms
PROJECT CREATION REQUEST: 84.690ms (api request)

exec command: "echo '{"login":"admin","password":"S3cret"}' > test.json": 3.164ms
exec command: "comfy setall development test.json": 492.143ms
exec command: "comfy get development": 435.218ms
exec command: "echo '{"login":"admin"}' > test.json": 3.501ms
exec command: "comfy setall development test.json": 442.185ms
exec command: "comfy get development": 370.392ms
      ✓ should retrieve the latest version by default (1748ms)


  1 passing (3s)

On this benchmark, you can see that the API request take 80ms and the command result is 762ms.
This cause test timeout, that we want to avoid.

TODO

• Find why the commands are so slow
• Remove the 5s timeout for mocha tests in test/Makefile

Currently, the private key used te encrypt and decrypt the config values is stored inside the .comfy/config file in clear text.

It would be better to store this private key (and some perhaps some other crypto informations) into a secure file like .comfy/privatekey or something.

I thought of some implementations, but none of them are satisfactory from the security and/or UX standpoint.

Any idea on how to implement a solution that is both secure and easy to use?