[BUG]: 0.26.1 crashes with "RangeError: Invalid key length"

[shapirus]

Describe the bug
Raw error text:

{"level":50,"time":1716966677374,"pid":8,"hostname":"activepieces-b488877b4-t24gg","err":{"type":"RangeError","message":"Invalid key length","stack":"RangeError: Invalid key length\n    at Cipheriv.createCipherBase (node:internal/crypto/cipher:122:19)\n    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:141:3)\n    at new Cipheriv (node:internal/crypto/cipher:249:3)\n    at Object.createCipheriv (node:crypto:141:10)\n    at y (/usr/src/app/dist/packages/server/api/main.js:1:218793)\n    at t.encryptObject (/usr/src/app/dist/packages/server/api/main.js:1:218954)\n    at Object.<anonymous> (/usr/src/app/dist/packages/server/api/main.js:1:774792)\n    at Generator.next (<anonymous>)\n    at fulfilled (/usr/src/app/dist/packages/server/api/node_modules/tslib/tslib.js:166:62)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","code":"ERR_CRYPTO_INVALID_KEYLEN"},"msg":"Invalid key length"}

Decoded json:

RangeError: Invalid key length
    at Cipheriv.createCipherBase (node:internal/crypto/cipher:122:19)
    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:141:3)
    at new Cipheriv (node:internal/crypto/cipher:249:3)
    at Object.createCipheriv (node:crypto:141:10)
    at y (/usr/src/app/dist/packages/server/api/main.js:1:218793)
    at t.encryptObject (/usr/src/app/dist/packages/server/api/main.js:1:218954)
    at Object.<anonymous> (/usr/src/app/dist/packages/server/api/main.js:1:774792)
    at Generator.next (<anonymous>)
    at fulfilled (/usr/src/app/dist/packages/server/api/node_modules/tslib/tslib.js:166:62)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

To Reproduce
All the keys (AP_API_KEY, AP_ENCRYPTION_KEY, AP_JWT_SECRET) are set to 128 bytes strings containing random characters from the [A-Za-z0-9] set.

Expected behavior
If there are any constraints on the length of the keys, the code must emit a proper error like "Invalid key length: <key_name> must be longer than XX and shorter than YY bytes" instead of crashing with a generic error that makes it impossible to troubleshoot the issue.

Additional context
The documentation at https://www.activepieces.com/docs/install/configurations/environment-variables does not mention any limitations on the key lengths.

[abuaboud]

Hi @shapirus

I see the confusion, most of people use this script to generate the values, we should add it in this page of documentation as well.

https://github.com/activepieces/activepieces/blob/main/tools/deploy.sh

Let me know if you still have any issues.

[shapirus]

https://github.com/activepieces/activepieces/blob/main/tools/deploy.sh

This error occured when the values were generated the same way that this script uses.

My workaround in the end was to reduce the length of all keys to 32 characters.

But that's not the point. The point is that the app must not crash. Any crash is normally (generally across the industry) recognized as a grave severity bug.

If the value of a variable does not meet required constraints, then the app must emit a reasonable error message, mentioning the variable name and the specific constraint that it does not meet, and exit gracefully. Unhandled exceptions are bad, unhandled exceptions with obscure messages are even worse.