jamey/berrypod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat: add encrypted settings, guided Stripe setup, and admin credentials page

Browse Source 
Store API keys and secrets encrypted in the SQLite database via the
existing Vault module (AES-256-GCM). The only external dependency is
SECRET_KEY_BASE — everything else lives in the portable DB file.

- Add encrypted_value column to settings table with new "encrypted" type
- Add put_secret/get_secret/delete_setting/secret_hint to Settings context
- Add Secrets module to load encrypted config into Application env at startup
- Add Stripe.Setup module with connect/disconnect/verify_api_key flow
  - Auto-creates webhook endpoints via Stripe API in production
  - Detects localhost and shows Stripe CLI instructions for dev
- Add admin credentials page at /admin/settings with guided setup:
  - Not configured: single Secret key input with dashboard link
  - Connected (production): status display, webhook info, disconnect
  - Connected (dev): Stripe CLI instructions, manual signing secret input
- Remove Stripe env vars from dev.exs and runtime.exs
- Fix CSSCache test startup crash (handle_continue instead of init)
- Add nav link for Credentials page

507 tests, 0 failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jamey
2026-02-07 17:12:53 +00:00
parent ff1bc483b9
commit eede9bb517
15 changed files with 829 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/simpleshop_theme/settings/setting.ex
View File

@@ -9,6 +9,7 @@ defmodule SimpleshopTheme.Settings.Setting do
field :key, :string
field :value, :string
field :value_type, :string, default: "string"
field :encrypted_value, :binary
timestamps(type: :utc_datetime)
end
@@ -16,9 +17,22 @@ defmodule SimpleshopTheme.Settings.Setting do
@doc false
def changeset(setting, attrs) do
setting
|> cast(attrs, [:key, :value, :value_type])
|> validate_required([:key, :value, :value_type])
|> validate_inclusion(:value_type, ~w(string json integer boolean))
|> cast(attrs, [:key, :value, :value_type, :encrypted_value])
|> validate_required([:key, :value_type])
|> validate_inclusion(:value_type, ~w(string json integer boolean encrypted))
|> validate_has_value()
|> unique_constraint(:key)
end
# Encrypted settings store data in encrypted_value, not value.
# All other types require value.
defp validate_has_value(changeset) do
case get_field(changeset, :value_type) do
"encrypted" ->
validate_required(changeset, [:encrypted_value])
_ ->
validate_required(changeset, [:value])
end
end
end