nodejs – 在 .env 中转义变量字符

huangapple go评论75阅读模式
英文:

nodejs - escaping variable character within .env

问题

我的 .env 文件中有两个简单的变量:

USERNAME: "myusername"
PASSWORD: "mypassword&7"

问题是,当我尝试使用 shell.exec 来传递 git clone 命令时,似乎忽略了密码变量中的 '&7'。

shell.exec(`git clone https://${process.env.USERNAME}:${process.env.USERNAME}@github.com/my-repo/xyz-git-ops.git`);

它输出:

/bin/sh: 7@gmy-repo/xyz-git-ops.git: No such file or directory
Cloning into 'mypassword'...
fatal: unable to access 'https://myusername:mypassword/' URL using bad/illegal format or missing URL

我注意到了一些奇怪的地方:

1 - 它忽略了密码值的最后2个字符,即'&7',而 git clone 输出中将其替换为'/'。

2 - 如果我执行 console.log(process.env.USERNAME),它会完美地打印出值:mypassword&7

所有这些让我想知道是否有一种方法可以要么转义密码值中的'&'字符,要么是否我的通过 shell.exec() 传递凭据的方法完全错误。以下是我的 .js 文件的完整内容:

const nodeCron = require("node-cron");
const shell = require('shelljs');
const rpath = '/Users/myuser/Documents/Git Ops Cron/repos';
require('dotenv').config();
const start = Date.now();
const username = process.env.USERNAME
const password = process.env.PASSWORD

async function xyzGitOps(){
    console.log("Running scheduled job", start);
    shell.cd(rpath);
    shell.exec(`git clone https://${username}:${password}@github.com/my-repo/xyz-git-ops.git`);
    return console.log("Job finished");
}

const job = nodeCron.schedule("* * * * *", xyzGitOps);
英文:

My .env has, say, two simple variables:

USERNAME:"myusername"
PASSWORD:"mypassword&7"

The thing is, when I try to use shell.exec to pass a git clone command, it seems to be ignoring the '&7'from my password variable.

shell.exec(`git clone https://${process.env.USERNAME}:${process.env.USERNAME}@github.com/my-repo/xyz-git-ops.git`);

it outputs:

> /bin/sh: 7@gmy-repo/xyz-git-ops.git: No such file or directory
Cloning into 'mypassword'...
fatal: unable to access 'https://myusername:mypassword/': URL using bad/illegal format or missing URL

I notice a few weird stuff:

1 - it ignores the last 2 characters of my password value, the '&7'and the git clone output replaces it with a '/'instead.

2 - if I do console.log(process.env.USERNAME), it prints the value perfectly: mypassword&7

All that makes me wonder if is there a way of either escaping the '&' char from the password value or if my approach to pass credential via shell.exec() is absolutely mistaken. Bellow is the full content of my .js file

const nodeCron = require("node-cron");
const shell = require('shelljs');
const rpath = '/Users/myuser/Documents/Git Ops Cron/repos';
require('dotenv').config();
const start = Date.now();
const username = process.env.USERNAME
const password = process.env.PASSWORD

async function xyzGitOps(){
    console.log("Running scheduled job", start);
    shell.cd(rpath);
    shell.exec(`git clone https://${username}:${password}@github.com/my-repo/xyz-git-ops.git`);
    return console.log("Job finished");
}

const job = nodeCron.schedule("* * * * *", xyzGitOps);

答案1

得分: 2

URL的用户名/密码部分应该进行百分比编码

node:url URL 类会为您执行此操作:

const repo = new URL(`https://github.com/my-repo/xyz-git-ops.git`)
repo.username = process.env.USERNAME
repo.password = process.env.PASSWORD

URL的.toString()方法会对这些值进行编码:

> String(repo)
'https://userw:pass%%2F%40%23$@github.com/my-repo/xyz-git-ops.git'
> `${repo}`
'https://userw:pass%%2F%40%23$@github.com/my-repo/xyz-git-ops.git'
英文:

The username/password component of a URL should be percent encoded.

The node:url URL class will do this for you

const repo = new URL(`https://github.com/my-repo/xyz-git-ops.git`)
repo.username = process.env.USERNAME
repo.password = process.env.PASSWORD

The URL's .toString() encodes the values:

> String(repo)
'https://userw:pass%%2F%40%23$@github.com/my-repo/xyz-git-ops.git'
> `${repo}`
'https://userw:pass%%2F%40%23$@github.com/my-repo/xyz-git-ops.git'

huangapple
  • 本文由 发表于 2023年1月9日 07:34:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/75052045.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定