api: Configure jwt and cookie secret separately

This commit is contained in:
Paul Bienkowski 2021-02-27 13:06:06 +01:00
parent ad448efd7c
commit ccd3d80bae
6 changed files with 11 additions and 8 deletions

View file

@ -1,4 +1,5 @@
{
"secret": "CHANGEME!!!!!!!!!!@##@!!$$$$$$$$$$$$$!!",
"cookieSecret": "CHANGEME!!!!!!!!!!@##@!!$$$$$$$$$$$$$!!",
"jwtSecret": "CHANGEME??????????????////3212321;312kjbkasjd",
"mail": false
}

View file

@ -1,5 +1,6 @@
{
"secret": "CHANGEME",
"cookieSecret": "CHANGEME!!!!!!!!!!!!!!!!!!!!!11",
"jwtSecret": "CHANGEME???????????????????////",
"mail": {
"from": "Sender Name <sender@example.com>",
"smtp" : {

View file

@ -4,7 +4,8 @@ const Joi = require('joi');
const configSchema = Joi.object()
.required()
.keys({
secret: Joi.string().min(16).max(128).required(),
jwtSecret: Joi.string().min(16).max(128).required(),
cookieSecret: Joi.string().min(16).max(128).required(),
mail: Joi.alternatives().try(
Joi.object({

View file

@ -6,6 +6,7 @@ const cors = require('cors');
const errorhandler = require('errorhandler');
const passport = require('passport');
const config = require('./config');
require('./passport');
const isProduction = process.env.NODE_ENV === 'production';
@ -27,7 +28,7 @@ app.use(bodyParser.urlencoded({ limit: '50mb', extended: false }));
app.use(require('method-override')());
app.use(express.static(path.join(__dirname, 'public')));
app.use(session({ secret: 'obsobs', cookie: { maxAge: 10 * 60 * 1000 }, resave: false, saveUninitialized: false }));
app.use(session({ secret: config.cookieSecret, cookie: { maxAge: 10 * 60 * 1000 }, resave: false, saveUninitialized: false }));
app.use(passport.initialize());
app.use(passport.session());

View file

@ -2,7 +2,6 @@ const mongoose = require('mongoose');
const uniqueValidator = require('mongoose-unique-validator');
const crypto = require('crypto');
const jwt = require('jsonwebtoken');
const secret = require('../config').secret;
const schema = new mongoose.Schema(
{
@ -61,7 +60,7 @@ class User extends mongoose.Model {
username: this.username,
exp: parseInt(exp.getTime() / 1000),
},
secret,
config.jwtSecret,
);
}

View file

@ -6,7 +6,7 @@ const { Strategy: CustomStrategy } = require('passport-custom');
const { User, AccessToken, RefreshToken } = require('./models');
const secret = require('./config').secret;
const config = require('./config');
// used to serialize the user for the session
passport.serializeUser(function (user, done) {
@ -82,7 +82,7 @@ passport.use(
'jwt',
new JwtStrategy(
{
secretOrKey: secret,
secretOrKey: config.jwtSecret,
jwtFromRequest: getRequestToken,
algorithms: ['HS256'],
},