Add lazy config and improve settings style/design

appinfo/info.xml

@@ -9,7 +9,7 @@
     <summary>Integration of Discourse forum and mailing list management system</summary>
     <description><![CDATA[Discourse integration provides a dashboard widget displaying your important notifications
     and the ability to find topics and posts with Nextcloud's unified search.]]></description>
-    <version>3.1.0</version>
+    <version>3.2.0</version>
     <licence>agpl</licence>
     <author>Julien Veyssier</author>
     <namespace>Discourse</namespace>

lib/Controller/ConfigController.php

@@ -15,6 +15,7 @@
 use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\RedirectResponse;
+use OCP\IAppConfig;
 use OCP\IConfig;
 use OCP\IL10N;
 
@@ -33,6 +34,7 @@ public function __construct(
 		string $appName,
 		IRequest $request,
 		private IConfig $config,
+		private IAppConfig $appConfig,
 		private ICrypto $crypto,
 		private IURLGenerator $urlGenerator,
 		private IL10N $l,
@@ -73,19 +75,6 @@ public function setSensitiveConfig(array $values): DataResponse {
 		return new DataResponse('');
 	}
 
-	/**
-	 * set admin config values
-	 *
-	 * @param array $values
-	 * @return DataResponse
-	 */
-	public function setAdminConfig(array $values): DataResponse {
-		foreach ($values as $key => $value) {
-			$this->config->setAppValue(Application::APP_ID, $key, $value);
-		}
-		return new DataResponse(1);
-	}
-
 	/**
 	 * receive oauth encrypted payload with protocol handler redirect
 	 *
@@ -125,11 +114,7 @@ public function oauthRedirect(string $payload = ''): RedirectResponse {
 			);
 		}
 		$configNonce = $this->config->getUserValue($this->userId, Application::APP_ID, 'nonce');
-		// decrypt payload
-		$privKey = $this->config->getAppValue(Application::APP_ID, 'private_key');
-		if ($privKey !== '') {
-			$privKey = $this->crypto->decrypt($privKey);
-		}
+		$privKey = $this->appConfig->getValueString(Application::APP_ID, 'private_key', lazy: true);
 		$decPayload = base64_decode($payload);
 		$rsa = new RSA();
 		$rsa->setEncryptionMode(RSA::ENCRYPTION_PKCS1);

lib/Migration/Version030200Date20251208110814.php

@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+declare(strict_types=1);
+
+namespace OCA\Discourse\Migration;
+
+use Closure;
+use OCA\Discourse\AppInfo\Application;
+use OCP\DB\ISchemaWrapper;
+use OCP\IAppConfig;
+use OCP\IConfig;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use OCP\Security\ICrypto;
+
+class Version030200Date20251208110814 extends SimpleMigrationStep {
+
+	public function __construct(
+		private ICrypto $crypto,
+		private IConfig $config,
+		private IAppConfig $appConfig,
+	) {
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 *
+	 * @return null|ISchemaWrapper
+	 */
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
+		// migrate (already manually encrypted) private_key: make it lazy and sensitive
+		$privKey = $this->config->getAppValue(Application::APP_ID, 'private_key');
+		if ($privKey !== '') {
+			$privKey = $this->crypto->decrypt($privKey);
+			$this->appConfig->setValueString(Application::APP_ID, 'private_key', $privKey, lazy: true, sensitive: true);
+		}
+
+		$pubKey = $this->config->getAppValue(Application::APP_ID, 'public_key');
+		if ($pubKey !== '') {
+			$this->appConfig->setValueString(Application::APP_ID, 'public_key', $pubKey, lazy: true);
+		}
+	}
+}

lib/Settings/Personal.php

@@ -10,6 +10,7 @@
 use OCA\Discourse\AppInfo\Application;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
+use OCP\IAppConfig;
 use OCP\IConfig;
 use OCP\PreConditionNotMetException;
 use OCP\Security\ICrypto;
@@ -23,6 +24,7 @@ class Personal implements ISettings {
 
 	public function __construct(
 		private IConfig $config,
+		private IAppConfig $appConfig,
 		private ICrypto $crypto,
 		private IInitialState $initialStateService,
 		private ?string $userId,
@@ -49,11 +51,8 @@ public function getForm(): TemplateResponse {
 		if ($clientID !== '') {
 			$clientID = $this->crypto->decrypt($clientID);
 		}
-		$pubKey = $this->config->getAppValue(Application::APP_ID, 'public_key');
-		$privKey = $this->config->getAppValue(Application::APP_ID, 'private_key');
-		if ($privKey !== '') {
-			$privKey = $this->crypto->decrypt($privKey);
-		}
+		$pubKey = $this->appConfig->getValueString(Application::APP_ID, 'public_key', lazy: true);
+		$privKey = $this->appConfig->getValueString(Application::APP_ID, 'private_key', lazy: true);
 
 		if ($clientID === '') {
 			// random string of 32 chars length
@@ -67,10 +66,10 @@ public function getForm(): TemplateResponse {
 			$rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_PKCS1);
 			$keys = $rsa->createKey(2048);
 			$pubKey = $keys['publickey'];
-			$privKey = $this->crypto->encrypt($keys['privatekey']);
+			$privKey = $keys['privatekey'];
 
-			$this->config->setAppValue(Application::APP_ID, 'public_key', $pubKey);
-			$this->config->setAppValue(Application::APP_ID, 'private_key', $privKey);
+			$this->appConfig->setValueString(Application::APP_ID, 'public_key', $pubKey, lazy: true);
+			$this->appConfig->setValueString(Application::APP_ID, 'private_key', $privKey, lazy: true, sensitive: true);
 		}
 
 		$userConfig = [