diff options
| -rw-r--r-- | .env.example | 2 | ||||
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | backend/auth/jwt.go | 20 | ||||
| -rw-r--r-- | backend/main.go | 4 | ||||
| -rw-r--r-- | compose.local.yaml | 2 | ||||
| -rw-r--r-- | compose.prod.yaml | 3 | ||||
| -rw-r--r-- | frontend/app/.server/session.ts | 5 | ||||
| -rw-r--r-- | frontend/app/root.tsx | 2 | ||||
| -rw-r--r-- | worker/main.go | 8 |
9 files changed, 36 insertions, 11 deletions
diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..f8186e1 --- /dev/null +++ b/.env.example @@ -0,0 +1,2 @@ +ALBATROSS_JWT_SECRET=[your_secret_key] +ALBATROSS_COOKIE_SECRET=[your_secret_key] diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f10862a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.env diff --git a/backend/auth/jwt.go b/backend/auth/jwt.go index 510656b..13af837 100644 --- a/backend/auth/jwt.go +++ b/backend/auth/jwt.go @@ -2,6 +2,7 @@ package auth import ( "errors" + "os" "time" "github.com/golang-jwt/jwt/v5" @@ -9,6 +10,17 @@ import ( "github.com/nsfisis/iosdc-japan-2024-albatross/backend/db" ) +var ( + jwtSecret []byte +) + +func init() { + jwtSecret = []byte(os.Getenv("ALBATROSS_JWT_SECRET")) + if len(jwtSecret) == 0 { + panic("ALBATROSS_JWT_SECRET is not set") + } +} + type JWTClaims struct { UserID int `json:"user_id"` Username string `json:"username"` @@ -30,7 +42,7 @@ func NewJWT(user *db.User) (string, error) { }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func NewAnonymousJWT() (string, error) { @@ -38,7 +50,7 @@ func NewAnonymousJWT() (string, error) { ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 5)), } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func NewShortLivedJWT(claims *JWTClaims) (string, error) { @@ -53,13 +65,13 @@ func NewShortLivedJWT(claims *JWTClaims) (string, error) { }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, newClaims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func ParseJWT(token string) (*JWTClaims, error) { claims := new(JWTClaims) t, err := jwt.ParseWithClaims(token, claims, func(*jwt.Token) (interface{}, error) { - return []byte("TODO"), nil + return jwtSecret, nil }) if err != nil { return nil, err diff --git a/backend/main.go b/backend/main.go index c01394b..3296957 100644 --- a/backend/main.go +++ b/backend/main.go @@ -89,10 +89,10 @@ func main() { // For local dev: This is never used in production because the reverse // proxy sends /login and /logout to the app server. - e.GET("/login", func(c echo.Context) error { + e.GET("/iosdc-japan/2024/code-battle/login", func(c echo.Context) error { return c.Redirect(http.StatusPermanentRedirect, "http://localhost:5173/iosdc-japan/2024/code-battle/login") }) - e.POST("/logout", func(c echo.Context) error { + e.POST("/iosdc-japan/2024/code-battle/logout", func(c echo.Context) error { return c.Redirect(http.StatusPermanentRedirect, "http://localhost:5173/iosdc-japan/2024/code-battle/logout") }) diff --git a/compose.local.yaml b/compose.local.yaml index 883d640..cfcb41e 100644 --- a/compose.local.yaml +++ b/compose.local.yaml @@ -15,6 +15,7 @@ services: ALBATROSS_DB_USER: postgres ALBATROSS_DB_PASSWORD: eepei5reesoo0ov2ceelahd4Emi0au8ahJa6oochohheiquahweihoovahsee1oo ALBATROSS_DB_NAME: albatross + env_file: [.env] restart: always db: @@ -50,6 +51,7 @@ services: context: ./worker expose: - 80 + env_file: [.env] restart: always tools: diff --git a/compose.prod.yaml b/compose.prod.yaml index c4e1b40..07ff19e 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -26,6 +26,7 @@ services: ALBATROSS_DB_USER: postgres ALBATROSS_DB_PASSWORD: eepei5reesoo0ov2ceelahd4Emi0au8ahJa6oochohheiquahweihoovahsee1oo ALBATROSS_DB_NAME: albatross + env_file: [.env] restart: always app-server: @@ -35,6 +36,7 @@ services: ALBATROSS_HOST: localhost expose: - 80 + env_file: [.env] restart: always db: @@ -70,6 +72,7 @@ services: context: ./worker expose: - 80 + env_file: [.env] restart: always volumes: diff --git a/frontend/app/.server/session.ts b/frontend/app/.server/session.ts index 102bcd2..4730305 100644 --- a/frontend/app/.server/session.ts +++ b/frontend/app/.server/session.ts @@ -4,9 +4,8 @@ export const cookieOptions = { sameSite: "lax" as const, path: "/", httpOnly: true, - // secure: process.env.NODE_ENV === "production", - secure: false, // TODO - secrets: ["TODO"], + secure: process.env.NODE_ENV === "production", + secrets: [process.env.ALBATROSS_COOKIE_SECRET ?? "local"], }; export const sessionStorage = createCookieSessionStorage({ diff --git a/frontend/app/root.tsx b/frontend/app/root.tsx index 57f1a10..054474a 100644 --- a/frontend/app/root.tsx +++ b/frontend/app/root.tsx @@ -9,7 +9,7 @@ import { import "./tailwind.css"; export const links: LinksFunction = () => [ - { rel: "icon", href: "/favicon.svg" }, + { rel: "icon", href: "/iosdc-japan/2024/code-battle/favicon.svg" }, ]; export function Layout({ children }: { children: React.ReactNode }) { diff --git a/worker/main.go b/worker/main.go index 8134a56..ac65305 100644 --- a/worker/main.go +++ b/worker/main.go @@ -3,6 +3,7 @@ package main import ( "log" "net/http" + "os" echojwt "github.com/labstack/echo-jwt/v4" "github.com/labstack/echo/v4" @@ -10,6 +11,11 @@ import ( ) func main() { + jwtSecret := os.Getenv("ALBATROSS_JWT_SECRET") + if jwtSecret == "" { + log.Fatal("ALBATROSS_JWT_SECRET is not set") + } + if err := prepareDirectories(); err != nil { log.Fatal(err) } @@ -20,7 +26,7 @@ func main() { e.Use(middleware.Recover()) e.Use(echojwt.WithConfig(echojwt.Config{ - SigningKey: []byte("TODO"), + SigningKey: []byte(jwtSecret), })) e.POST("/api/swiftc", handleSwiftCompile) |