Fix/privatisation quickie interaction (#1094)

* fix: modify both staging and staging-lite sites when modifying passwords

* fix: adjust behaviour of staging url retrieval to have private sites take priority

* chore: update privatisation status after amplify call succeeds

src/services/configServices/SettingsService.js

@@ -173,6 +173,14 @@ class SettingsService {
       // only when changing from public to private - not awaited as this is slow and non-blocking
       privatiseNetlifySite(siteName, password)
     }
+    const updatePasswordResp = await this.deploymentsService.updateAmplifyPassword(
+      siteName,
+      password,
+      enablePassword
+    )
+    if (updatePasswordResp.isErr()) {
+      return updatePasswordResp
+    }
     if (isPrivate !== enablePassword) {
       // For public -> private or private -> public, we also need to update the repo privacy on github
       const privatiseRepoRes = await this.gitHubService.changeRepoPrivacy(
@@ -189,11 +197,7 @@ class SettingsService {
         return errAsync(err)
       }
     }
-    return this.deploymentsService.updateAmplifyPassword(
-      siteName,
-      password,
-      enablePassword
-    )
+    return updatePasswordResp
   }
 
   shouldUpdateHomepage(updatedConfigContent, configContent) {

src/services/identity/DeploymentClient.ts

@@ -143,19 +143,23 @@ class DeploymentClient {
     },
   })
 
-  generateDeletePasswordInput = (appId: string): UpdateBranchCommandInput => ({
+  generateDeletePasswordInput = (
+    appId: string,
+    branchName = "staging"
+  ): UpdateBranchCommandInput => ({
     appId,
-    branchName: "staging",
+    branchName,
     enableBasicAuth: false,
     basicAuthCredentials: "",
   })
 
   generateUpdatePasswordInput = (
     appId: string,
-    password: string
+    password: string,
+    branchName = "staging"
   ): UpdateBranchCommandInput => ({
     appId,
-    branchName: "staging",
+    branchName,
     enableBasicAuth: true,
     basicAuthCredentials: Buffer.from(`user:${password}`).toString("base64"),
   })

src/services/identity/DeploymentsService.ts

@@ -202,9 +202,14 @@ class DeploymentsService {
     return okAsync(deploymentInfo)
   }
 
-  deletePassword = async (appId: string, deploymentId: number) => {
+  deletePassword = async (
+    appId: string,
+    deploymentId: number,
+    isStagingLite: boolean
+  ) => {
     const updateAppInput = this.deploymentClient.generateDeletePasswordInput(
-      appId
+      appId,
+      isStagingLite ? "staging-lite" : "staging"
     )
     const updateResp = await this.deploymentClient.sendUpdateApp(updateAppInput)
 
@@ -249,9 +254,22 @@ class DeploymentsService {
       return errAsync(
         new NotFoundError(`Deployment for site ${repoName} does not exist`)
       )
-    const { id, hostingId: appId } = deploymentInfo
+    const {
+      id,
+      hostingId: appId,
+      stagingLiteHostingId: stagingLiteId,
+    } = deploymentInfo
 
-    if (!enablePassword) return this.deletePassword(appId, id)
+    if (!enablePassword) {
+      const stagingRes = await this.deletePassword(appId, id, false)
+      if (!stagingLiteId || stagingRes.isErr()) return stagingRes
+      const stagingLiteRes = await this.deletePassword(stagingLiteId, id, true)
+      if (stagingLiteRes.isErr())
+        logger.error(
+          `Privatisation adjustment failed for ${repoName} - requires manual fixing of inconsistent state`
+        )
+      return stagingLiteRes
+    }
 
     const {
       encryptedPassword: oldEncryptedPassword,
@@ -273,6 +291,24 @@ class DeploymentsService {
       return updateResp
     }
 
+    if (stagingLiteId) {
+      const updateStagingLiteInput = this.deploymentClient.generateUpdatePasswordInput(
+        stagingLiteId,
+        password,
+        "staging-lite"
+      )
+
+      const updateStagingLiteResp = await this.deploymentClient.sendUpdateApp(
+        updateStagingLiteInput
+      )
+      if (updateStagingLiteResp.isErr()) {
+        logger.error(
+          `Privatisation adjustment failed for ${repoName} - requires manual fixing of inconsistent state`
+        )
+        return updateStagingLiteResp
+      }
+    }
+
     const { encryptedPassword, iv } = encryptPassword(password, SECRET_KEY)
     await this.deploymentsRepository.update(
       {

src/services/identity/SitesService.ts

@@ -327,19 +327,30 @@ class SitesService {
             return okAsync(site.deployment)
           }
 
+          // Privatisation has priority over growthbook - if private, automatically use staging
+          const isPrivateSiteSyncedWithDb =
+            site.isPrivate && site?.deployment?.stagingUrl.includes("staging.")
+
           const featureFlagSyncedWithDb =
-            (isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) &&
+            !site.isPrivate &&
+            ((isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) &&
               site?.deployment?.stagingUrl.includes("staging-lite.")) ||
-            // useful for rollbacks
-            (!isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) &&
-              site?.deployment?.stagingUrl.includes("staging."))
+              // useful for rollbacks
+              (!isReduceBuildTimesWhitelistedRepo(sessionData.growthbook) &&
+                site?.deployment?.stagingUrl.includes("staging.")))
 
-          if (featureFlagSyncedWithDb) {
+          if (isPrivateSiteSyncedWithDb || featureFlagSyncedWithDb) {
             return okAsync(site.deployment)
           }
 
           let stagingUrl: StagingPermalink
-          if (isReduceBuildTimesWhitelistedRepo(sessionData.growthbook)) {
+          if (site.isPrivate) {
+            stagingUrl = Brand.fromString(
+              `https://staging.${site.deployment.hostingId}.amplifyapp.com`
+            )
+          } else if (
+            isReduceBuildTimesWhitelistedRepo(sessionData.growthbook)
+          ) {
             stagingUrl = Brand.fromString(
               `https://staging-lite.${site.deployment.stagingLiteHostingId}.amplifyapp.com`
             )