Added an encryption mechanism for API keys, Fixed the config syncing problem

[m-javani]

Pull Request Details

This pull request includes solutions for issues #1 and #175.

Two issues are addressed in this PR.

Issue #175

The configs stored in the settings database and the environment key/values were not always in sync.

The reason is that when the application starts, it does not check or pick the environment variables if the application has been initialized previously.

so, because we have multiple sources of truth and do not check the changes in environment variables, the changes won't affect the code. as a workaround, I added a simple logic to compare the values every time the app starts.

note: the changes to the environment variables won't take effect until the next application restart.
solution: the better approach is to remove the API keys from the settings, and use a hot reload config reader package like Viper.

Issue #1

the keys are stored in the database in plain text.

the solution: I added AES Encryption/Decryption utility for encrypting the keys when storing and decrypting them when reading.

note: we need to add a secret key(PROXEUS_ENCRYPTION_SECRET_KEY = 32 characters long string) to the environment variables for this. so the docs should be updated to let the platform maintainer knows about it.

[loleg]

Thanks for the clean and clear PR. Tests are not passing due to probably just a need to update the go mods. The error due to which test-go is failing is this:

go: downloading github.com/jmespath/go-jmespath v0.4.0
../go/pkg/mod/github.com/huin/[email protected]/goupnp.go:24:2: missing go.sum entry for module providing package golang.org/x/net/html/charset (imported by github.com/onsi/gomega/matchers); to add:
	go get github.com/onsi/gomega/[email protected]
../go/pkg/mod/golang.org/x/[email protected]/acme/autocert/autocert.go:35:2: missing go.sum entry for module providing package golang.org/x/net/idna (imported by golang.org/x/crypto/acme/autocert); to add:
	go get golang.org/x/crypto/acme/[email protected]
../go/pkg/mod/github.com/dop251/[email protected]/string_unicode.go:16:2: missing go.sum entry for module providing package golang.org/x/text/cases (imported by github.com/dop251/goja); to add:
	go get github.com/dop251/[email protected]
../go/pkg/mod/github.com/dop251/[email protected]/builtin_string.go:11:2: missing go.sum entry for module providing package golang.org/x/text/collate (imported by github.com/dop251/goja); to add:
	go get github.com/dop251/[email protected]
../go/pkg/mod/github.com/dop251/[email protected]/builtin_string.go:12:2: missing go.sum entry for module providing package golang.org/x/text/language (imported by github.com/dop251/goja); to add:
	go get github.com/dop251/[email protected]
../go/pkg/mod/github.com/ethereum/[email protected]/accounts/scwallet/securechannel.go:32:2: missing go.sum entry for module providing package golang.org/x/text/unicode/norm (imported by github.com/dop251/goja); to add:
	go get github.com/dop251/[email protected]
make: *** [Makefile:149: test] Error 1

[m-javani]

fixed the dependency and go validation problems. the CircleCI pipeline passed successfully.

[loleg]

Please change to something like "PleAsE_chAnGe_me_32_Characters++" to make it clear that this is only a demo key. Also without ?= it will not get replaced by an environment variable.

[loleg]

We still need to add the new environment variable to documentation, however as tests are passing and this looks now all fine to me, I'm accepting the PR - with many thanks 🎉