Use config_for for VAPID key storage (#34845)

config/application.rb

@@ -106,6 +106,7 @@ module Mastodon
     config.x.captcha = config_for(:captcha)
     config.x.mastodon = config_for(:mastodon)
     config.x.translation = config_for(:translation)
+    config.x.vapid = config_for(:vapid)
 
     if ENV.fetch('QUERY_LOG_TAGS_ENABLED', 'false') == 'true'
       config.active_record.query_log_tags_enabled = ENV.fetch('QUERY_LOG_TAGS_ENABLED', 'false') == 'true'

config/environments/development.rb

@@ -40,10 +40,10 @@ Rails.application.configure do
   # Override default file logging in favor of STDOUT logging in dev environment
   config.logger = ActiveSupport::TaggedLogging.logger($stdout, formatter: config.log_formatter)
 
-  # Generate random VAPID keys
+  # Generate random VAPID keys when needed
   Webpush.generate_key.tap do |vapid_key|
-    config.x.vapid_private_key = vapid_key.private_key
-    config.x.vapid_public_key = vapid_key.public_key
+    config.x.vapid.private_key ||= vapid_key.private_key
+    config.x.vapid.public_key ||= vapid_key.public_key
   end
 
   # Don't care if the mailer can't send.

config/environments/test.rb

@@ -48,10 +48,11 @@ Rails.application.configure do
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 
-  # Generate random VAPID keys
-  vapid_key = Webpush.generate_key
-  config.x.vapid_private_key = vapid_key.private_key
-  config.x.vapid_public_key = vapid_key.public_key
+  # Generate random VAPID keys when needed
+  Webpush.generate_key.tap do |vapid_key|
+    config.x.vapid.private_key ||= vapid_key.private_key
+    config.x.vapid.public_key ||= vapid_key.public_key
+  end
 
   # Raise exceptions when a reorder occurs in in_batches
   config.active_record.error_on_ignored_order = true

config/initializers/vapid.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-Rails.application.configure do
-  # You can generate the keys using the following command (first is the private key, second is the public one)
-  # You should only generate this once per instance. If you later decide to change it, all push subscription will
-  # be invalidated, requiring the users to access the website again to resubscribe.
-  #
-  # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web bundle exec rails mastodon:webpush:generate_vapid_key` if you use docker compose)
-  #
-  # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
-
-  if Rails.env.production?
-    config.x.vapid_private_key = ENV['VAPID_PRIVATE_KEY']
-    config.x.vapid_public_key = ENV['VAPID_PUBLIC_KEY']
-  end
-end

config/vapid.yml

@@ -0,0 +1,17 @@
+# You can generate the private and public keys using the following task. You
+# should only generate this once per instance. If you later decide to change it,
+# all push subscriptions will be invalidated, requiring users to access the
+# website again to resubscribe.
+#
+# Generate on the CLI:
+# `bundle exec rails mastodon:webpush:generate_vapid_key`
+#
+# Generate via Docker Compose:
+# `docker-compose run --rm web bundle exec rails mastodon:webpush:generate_vapid_key`
+#
+# For more information visit
+# https://rossta.net/blog/using-the-web-push-api-with-vapid.html
+#
+shared:
+  private_key: <%= ENV.fetch('VAPID_PRIVATE_KEY', nil) %>
+  public_key: <%= ENV.fetch('VAPID_PUBLIC_KEY', nil) %>