From 8ac963a796f2858f2c284a8d587914ff25535916 Mon Sep 17 00:00:00 2001
From: Daryl Lim <5508348+daryllimyt@users.noreply.github.com>
Date: Wed, 8 May 2024 17:00:52 -0700
Subject: [PATCH] feat(engine): Split runner url into private/public env vars

---
 .env.example        | 3 ++-
 docker-compose.yaml | 2 ++
 env.sh              | 2 +-
 tracecat/config.py  | 1 +
 tracecat/db.py      | 4 ++--
 5 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.env.example b/.env.example
index d77ff853..8146eaab 100644
--- a/.env.example
+++ b/.env.example
@@ -18,7 +18,8 @@ TRACECAT__API_URL=http://api:8000
 # Runner Service URL
 # We recommend using ngrok here, but feel free to use any other service
 # Run `ngrok http --domain=INSERT_STATIC_NGROK_DOMAIN_HERE 8001` to start ngrok and get the forwarding URL
-TRACECAT__RUNNER_URL=https://your-ngrok-runner-url
+TRACECAT__RUNNER_URL=http://runner:8000
+TRACECAT__PUBLIC_RUNNER_URL=https://your-ngrok-runner-url
 
 # --- RabbitMQ ---
 RABBITMQ_DEFAULT_PASS=guest
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 546e0980..a755d406 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -20,6 +20,7 @@ services:
       TRACECAT__SIGNING_SECRET: ${TRACECAT__SIGNING_SECRET}
       TRACECAT__API_URL: ${TRACECAT__API_URL}
       TRACECAT__RUNNER_URL: ${TRACECAT__RUNNER_URL}
+      TRACECAT__PUBLIC_RUNNER_URL: ${TRACECAT__PUBLIC_RUNNER_URL}
       # Auth
       CLERK_FRONTEND_API_URL: ${CLERK_FRONTEND_API_URL}
       TRACECAT__DISABLE_AUTH: ${TRACECAT__DISABLE_AUTH}
@@ -52,6 +53,7 @@ services:
       TRACECAT__SIGNING_SECRET: ${TRACECAT__SIGNING_SECRET}
       TRACECAT__API_URL: ${TRACECAT__API_URL}
       TRACECAT__RUNNER_URL: ${TRACECAT__RUNNER_URL}
+      TRACECAT__PUBLIC_RUNNER_URL: ${TRACECAT__PUBLIC_RUNNER_URL}
       # Integrations
       OPENAI_API_KEY: ${OPENAI_API_KEY}
       RESEND_API_KEY: ${RESEND_API_KEY}
diff --git a/env.sh b/env.sh
index 5f9880b0..6a5c77b7 100755
--- a/env.sh
+++ b/env.sh
@@ -97,7 +97,7 @@ cp .env.example .env
 dotenv_replace "TRACECAT__SERVICE_KEY" "$service_key" "$env_file"
 dotenv_replace "TRACECAT__SIGNING_SECRET" "$signing_secret" "$env_file"
 dotenv_replace "TRACECAT__DB_ENCRYPTION_KEY" "$db_fernet_key" "$env_file"
-dotenv_replace "TRACECAT__RUNNER_URL" "$runner_url" "$env_file"
+dotenv_replace "TRACECAT__PUBLIC_RUNNER_URL" "$runner_url" "$env_file"
 dotenv_replace "OPENAI_API_KEY" "$openai_api_key" "$env_file"
 dotenv_replace "RESEND_API_KEY" "$resend_api_key" "$env_file"
 
diff --git a/tracecat/config.py b/tracecat/config.py
index 21b16da8..b0839f55 100644
--- a/tracecat/config.py
+++ b/tracecat/config.py
@@ -12,6 +12,7 @@
 TRACECAT__APP_ENV = os.environ.get("TRACECAT__APP_ENV", "dev")
 TRACECAT__API_URL = os.environ.get("TRACECAT__API_URL", "http://api:8000")
 TRACECAT__RUNNER_URL = os.environ.get("TRACECAT__RUNNER_URL", "http://runner:8000")
+TRACECAT__PUBLIC_RUNNER_URL = os.environ["TRACECAT__PUBLIC_RUNNER_URL"]
 
 TRACECAT__TIMESTAMP_FORMAT = "%Y%m%d%H%M%S"
 TRACECAT__TRIAGE_DIR = TRACECAT_DIR / "triage"
diff --git a/tracecat/db.py b/tracecat/db.py
index 4cea1d0d..43992a3b 100644
--- a/tracecat/db.py
+++ b/tracecat/db.py
@@ -23,7 +23,7 @@
 from tracecat import auth, integrations
 from tracecat.config import (
     TRACECAT__APP_ENV,
-    TRACECAT__RUNNER_URL,
+    TRACECAT__PUBLIC_RUNNER_URL,
     TRACECAT_DIR,
 )
 from tracecat.labels.mitre import get_mitre_tactics_techniques
@@ -319,7 +319,7 @@ def secret(self) -> str:
     @computed_field
     @property
     def url(self) -> str:
-        return f"{TRACECAT__RUNNER_URL}/webhook/{self.id}/{self.secret}"
+        return f"{TRACECAT__PUBLIC_RUNNER_URL}/webhook/{self.id}/{self.secret}"
 
 
 def create_db_engine() -> Engine: