fix: db credentials encrypted when created or updated via api endpoint

lib/mix/tasks/seed.ex

@@ -3,16 +3,14 @@ defmodule Mix.Tasks.Seed do
 
   @shortdoc "Seed main database with tenant"
   def run(_) do
-    for _ <- 0..1,
-        do:
-          :httpc.request(
-            :put,
-            {'http://localhost:4000/api/tenants/dev_tenant',
-             [
-               {'x-api-key', 'dev'},
-               {'Authorization',
-                'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJvbGUiOiJhbm9uIiwiaWF0IjoxNjQ1MTkyODI0LCJleHAiOjE5NjA3Njg4MjR9.M9jrxyvPLkUxWgOYSf5dNdJ8v_eRrq810ShFRT8N-6M'}
-             ], 'application/json', '{"tenant": {
+    :httpc.request(
+      :put,
+      {'http://localhost:4000/api/tenants/dev_tenant',
+       [
+         {'x-api-key', 'dev'},
+         {'Authorization',
+          'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJvbGUiOiJhbm9uIiwiaWF0IjoxNjQ1MTkyODI0LCJleHAiOjE5NjA3Njg4MjR9.M9jrxyvPLkUxWgOYSf5dNdJ8v_eRrq810ShFRT8N-6M'}
+       ], 'application/json', '{"tenant": {
                 "name": "dev_tenant",
                 "extensions": [
                   {
@@ -32,9 +30,9 @@ defmodule Mix.Tasks.Seed do
                 ],
               "jwt_secret": "d3v_HtNXEpT+zfsyy1LE1WPGmNKLWRfw/rpjnVtCEEM2cSFV2s+kUh5OKX7TPYmG"
               }}'},
-            [],
-            []
-          )
-          |> IO.inspect()
+      [],
+      []
+    )
+    |> IO.inspect()
   end
 end

lib/realtime/api.ex

@@ -10,6 +10,8 @@ defmodule Realtime.Api do
 
   alias Realtime.Api.Tenant
 
+  @ttl 120
+
   @doc """
   Returns the list of tenants.
 
@@ -59,7 +61,6 @@ defmodule Realtime.Api do
 
     %Tenant{}
     |> Tenant.changeset(attrs)
-    |> Ecto.Changeset.put_assoc(:extensions, attrs["extensions"])
     |> Repo.insert()
   end
 
@@ -77,6 +78,7 @@ defmodule Realtime.Api do
   """
   def update_tenant(%Tenant{} = tenant, attrs) do
     tenant
+    |> Repo.preload(:extensions)
     |> Tenant.changeset(attrs)
     |> Repo.update()
   end
@@ -121,20 +123,29 @@ defmodule Realtime.Api do
   end
 
   def get_tenant_by_external_id(:cached, external_id) do
-    with {:commit, val} <- Cachex.fetch(:tenants, external_id, &get_dec_tenant_by_external_id/1) do
-      Cachex.expire(:tenants, external_id, :timer.seconds(500))
-      val
-    else
-      {:ok, val} ->
+    Cachex.get_and_update(:tenants, external_id, fn
+      nil ->
+        case get_dec_tenant_by_external_id(external_id) do
+          nil -> {:ignore, nil}
+          val -> {:commit, val}
+        end
+
+      val ->
+        {:ignore, val}
+    end)
+    |> case do
+      {:commit, val} ->
+        Cachex.expire(:tenants, external_id, :timer.seconds(@ttl))
         val
 
-      _ ->
-        :error
+      {:ignore, val} ->
+        val
     end
   end
 
   def get_dec_tenant_by_external_id(external_id) do
-    get_tenant_by_external_id(external_id)
+    external_id
+    |> get_tenant_by_external_id()
     |> decrypt_extensions_data()
   end
 
@@ -174,4 +185,6 @@ defmodule Realtime.Api do
 
     %{tenant | extensions: decrypted_extensions}
   end
+
+  def decrypt_extensions_data(_), do: nil
 end

lib/realtime/api/tenant.ex

@@ -4,6 +4,7 @@ defmodule Realtime.Api.Tenant do
   """
   use Ecto.Schema
   import Ecto.Changeset
+  alias Realtime.Api.Extensions
 
   @primary_key {:id, :binary_id, autogenerate: true}
   @foreign_key_type :binary_id
@@ -37,6 +38,6 @@ defmodule Realtime.Api.Tenant do
       :external_id,
       :jwt_secret
     ])
-    |> cast_assoc(:extensions, required: true)
+    |> cast_assoc(:extensions, with: &Extensions.changeset/2)
   end
 end

lib/realtime_web/controllers/tenant_controller.ex

@@ -22,7 +22,7 @@ defmodule RealtimeWeb.TenantController do
     extensions =
       Enum.reduce(tenant_params["extensions"], [], fn
         %{"type" => type, "settings" => settings}, acc ->
-          [%{type: type, settings: settings} | acc]
+          [%{"type" => type, "settings" => settings} | acc]
 
         _e, acc ->
           acc