api: Configure jwt and cookie secret separately
This commit is contained in:
parent
ad448efd7c
commit
ccd3d80bae
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
"secret": "CHANGEME!!!!!!!!!!@##@!!$$$$$$$$$$$$$!!",
|
||||
"cookieSecret": "CHANGEME!!!!!!!!!!@##@!!$$$$$$$$$$$$$!!",
|
||||
"jwtSecret": "CHANGEME??????????????////3212321;312kjbkasjd",
|
||||
"mail": false
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"secret": "CHANGEME",
|
||||
"cookieSecret": "CHANGEME!!!!!!!!!!!!!!!!!!!!!11",
|
||||
"jwtSecret": "CHANGEME???????????????????////",
|
||||
"mail": {
|
||||
"from": "Sender Name <sender@example.com>",
|
||||
"smtp" : {
|
|
@ -4,7 +4,8 @@ const Joi = require('joi');
|
|||
const configSchema = Joi.object()
|
||||
.required()
|
||||
.keys({
|
||||
secret: Joi.string().min(16).max(128).required(),
|
||||
jwtSecret: Joi.string().min(16).max(128).required(),
|
||||
cookieSecret: Joi.string().min(16).max(128).required(),
|
||||
|
||||
mail: Joi.alternatives().try(
|
||||
Joi.object({
|
||||
|
|
|
@ -6,6 +6,7 @@ const cors = require('cors');
|
|||
const errorhandler = require('errorhandler');
|
||||
const passport = require('passport');
|
||||
|
||||
const config = require('./config');
|
||||
require('./passport');
|
||||
|
||||
const isProduction = process.env.NODE_ENV === 'production';
|
||||
|
@ -27,7 +28,7 @@ app.use(bodyParser.urlencoded({ limit: '50mb', extended: false }));
|
|||
app.use(require('method-override')());
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
|
||||
app.use(session({ secret: 'obsobs', cookie: { maxAge: 10 * 60 * 1000 }, resave: false, saveUninitialized: false }));
|
||||
app.use(session({ secret: config.cookieSecret, cookie: { maxAge: 10 * 60 * 1000 }, resave: false, saveUninitialized: false }));
|
||||
app.use(passport.initialize());
|
||||
app.use(passport.session());
|
||||
|
||||
|
|
|
@ -2,7 +2,6 @@ const mongoose = require('mongoose');
|
|||
const uniqueValidator = require('mongoose-unique-validator');
|
||||
const crypto = require('crypto');
|
||||
const jwt = require('jsonwebtoken');
|
||||
const secret = require('../config').secret;
|
||||
|
||||
const schema = new mongoose.Schema(
|
||||
{
|
||||
|
@ -61,7 +60,7 @@ class User extends mongoose.Model {
|
|||
username: this.username,
|
||||
exp: parseInt(exp.getTime() / 1000),
|
||||
},
|
||||
secret,
|
||||
config.jwtSecret,
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ const { Strategy: CustomStrategy } = require('passport-custom');
|
|||
|
||||
const { User, AccessToken, RefreshToken } = require('./models');
|
||||
|
||||
const secret = require('./config').secret;
|
||||
const config = require('./config');
|
||||
|
||||
// used to serialize the user for the session
|
||||
passport.serializeUser(function (user, done) {
|
||||
|
@ -82,7 +82,7 @@ passport.use(
|
|||
'jwt',
|
||||
new JwtStrategy(
|
||||
{
|
||||
secretOrKey: secret,
|
||||
secretOrKey: config.jwtSecret,
|
||||
jwtFromRequest: getRequestToken,
|
||||
algorithms: ['HS256'],
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue