Setting Module Attributes in endpoint during compile time for Environment (could not fetch application environment)

apoorv-2204 · December 2, 2024, 12:40pm

Hi there Elixir Community,

IN the phoenix Endpoint, I want to have different session options for dev environment and the production environment, like setting cookie secure, etc.

Issue I am facing is when I use Application.get_env or Application.fetch_env it gives warning and CI fails ,
the Warning: is discouraged in the module body, use Application.compile_env/3 instead

When I use Compile env I get this error.

* (ArgumentError) could not fetch application environment [AdminWeb.Endpoint, :session_options] for application :admin because the application was not loaded nor configured
    (elixir 1.14.4) lib/application.ex:602: Application.compile_env!/3
    lib/admin_web/endpoint.ex:5: (module)
    (elixir 1.14.4) lib/kernel/parallel_compiler.ex:340: anonymous fn/5 in Kernel.ParallelCompiler.spawn_workers/7
Elixir

I have two apps in umbrella
AdminWeb and ServiceProviderWeb

Code for AdminWeb ,ServiceProvider


defmodule AdminWeb.Endpoint do
  @moduledoc false
  use Phoenix.Endpoint, otp_app: :admin

  @session_options Application.compile_env!(:admin, [__MODULE__, :session_options])

  socket("/admin/live", Phoenix.LiveView.Socket,
    websocket: [connect_info: [session: @session_options]]
  )
#other lines omitted
  plug(Plug.Session, @session_options)
end

defmodule ServiceProvider.Endpoint do
  @moduledoc false
  use Phoenix.Endpoint, otp_app: :service_provider
  @session_options Application.compile_env!(:service_provider, [__MODULE__, :session_options])


  socket("/service_provider/live", Phoenix.LiveView.Socket,
    websocket: [connect_info: [session: @session_options]]
  )

  plug(Plug.Session, @session_options)

end

dev.exs

 
config :admin, AdminWeb.Endpoint,
  server: true,
  http: [port: 4001],
  debug_errors: true,
  code_reloader: true,
  check_origin: false,
  watchers: [
    node: [
      "node_modules/webpack/bin/webpack.js",
      "--mode",
      "development",
      cd: Path.expand("../apps/admin/assets", __DIR__)
    ]
  ],
  live_reload: [
    patterns: [
      ~r"priv/static/.*(js|css|png|jpeg|jpg|gif|svg)$",
      ~r"priv/gettext/.*(po)$",
      ~r"lib/admin_web/.*(ex)$",
      ~r"lib/admin_web/.*(eex)$",
      ~r"lib/admin_web/.*(heex)$"
    ],
    url: "/admin/phoenix/live_reload/socket"
  ],
  session_options: [
    max_age: 120 * 60 * 60,
    store: AdminWeb.Session.Store,
    key: "_a_dev_web_key_",
    signing_salt:  "rand_Contatvalie"
  ]

config :service_provider, ServiceProvider.Endpoint,
  server: true,
  http: [port: 4003],
  debug_errors: true,
  code_reloader: true,
  check_origin: false,
  watchers: [
    node: [
      "node_modules/webpack/bin/webpack.js",
      "--mode",
      "development",
      cd: Path.expand("../apps/service_provider/assets", __DIR__)
    ]
  ],
  live_reload: [
    patterns: [
      ~r"priv/static/.*(js|css|png|jpeg|jpg|gif|svg)$",
      ~r"priv/gettext/.*(po)$",
      ~r"lib/service_provider/.*(ex)$",
      ~r"lib/service_provider/.*(eex)$",
      ~r"lib/service_provider/.*(heex)$"
    ],
    url: "/service_provider/phoenix/live_reload/socket"
  ],
  session_options: [
    store: :cookie,
    key: "_sp_dev_web_key_",
    signing_salt: "rand_Constant tvallue",
    max_age: 120 * 60 * 60
  ]

Prod.exs

config :admin, AdminWeb.Endpoint,
  cache_static_manifest: "priv/static/cache_manifest.json",
  session_options: [
    max_age: 120 * 60 * 60,
    store: AdminWeb.Session.Store,
    key: "_a_web_key_",
    signing_salt: "random_sallt",
    secure: true,
    http_only: true,
    sign: true
  ]

config :service_provider, ServiceProvider.Endpoint,
  cache_static_manifest: "priv/static/cache_manifest.json",
  session_options: [
    store: :cookie,
    key: "_sp_web_key_",
    signing_salt: "random_sallt",
    max_age: 120 * 60 * 60,
    secure: true,
    http_only: true,
    sign: true,encrypt: true
  ]

`My questions`

Q1. What is the solution for it, what mistake I am making?.What wrong settings I have done here?
Q2. Are dev.exs and prod.exs executed once on compilation? so can i use `Base.encode64(:crypto.strong_rand_bytes(64), padding: false)` for `signing_salt`.
Q3. what are the generral best practices tips that you guys can share?

apoorv-2204 · December 2, 2024, 12:45pm

elixir 1.14.4-otp-25
erlang 25.2.2

linux
already tried pruging _build , deps, plts,etc

gushonorato · December 6, 2024, 3:53pm

Hey @apoorv-2204

Q1. What is the solution for it, what mistake I am making?.What wrong settings I have done here?

The problem is that Application.compile_env!/3 does not accept a list as an argument. Instead, you should do the following: @session_options Application.compile_env!(:admin, ServiceProvider.Endpoint) |> Keyword.fetch!(:session_options)

Q2. Are dev.exs and prod.exs executed once on compilation? so can i use Base.encode64(:crypto.strong_rand_bytes(64), padding: false) for signing_salt.

You must not use Base.encode64/2 to generate the signing_salt in this way. If you do so, a new signing_salt will be generated with each deployment, and all sessions will be invalidated in production every time the application is deployed.

Q3. what are the generral best practices tips that you guys can share?

You can use any signing_salt for development and store it hardcoded in your dev.exs file. However, for production, it is not recommended to store the signing_salt hardcoded in version-controlled files. Instead, store it as an environment variable and load it in config/runtime.exs.

# config/runtime.exs

signing_salt = 
  System.get_env("SESSION_SIGNING_SALT") || 
    raise "SESSION_SIGNING_SALT environment variable is not set"

config :admin, AdminWeb.Endpoint,
  session_options: [
    max_age: 120 * 60 * 60,
    store: AdminWeb.Session.Store,
    key: "_a_dev_web_key_",
    signing_salt: signing_salt
  ]

apoorv-2204 · December 14, 2024, 11:12am

thanks a lot sir
it solved my issue
@session_options Application.compile_env!(:admin, ServiceProvider.Endpoint) |> Keyword.fetch!(:session_options)