diff options
| -rw-r--r-- | .env.example | 2 | ||||
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | backend/auth/jwt.go | 20 | ||||
| -rw-r--r-- | compose.local.yaml | 2 | ||||
| -rw-r--r-- | compose.prod.yaml | 3 | ||||
| -rw-r--r-- | frontend/app/.server/session.ts | 2 | ||||
| -rw-r--r-- | worker/main.go | 8 |
7 files changed, 32 insertions, 6 deletions
diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..f8186e1 --- /dev/null +++ b/.env.example @@ -0,0 +1,2 @@ +ALBATROSS_JWT_SECRET=[your_secret_key] +ALBATROSS_COOKIE_SECRET=[your_secret_key] diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f10862a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.env diff --git a/backend/auth/jwt.go b/backend/auth/jwt.go index 510656b..13af837 100644 --- a/backend/auth/jwt.go +++ b/backend/auth/jwt.go @@ -2,6 +2,7 @@ package auth import ( "errors" + "os" "time" "github.com/golang-jwt/jwt/v5" @@ -9,6 +10,17 @@ import ( "github.com/nsfisis/iosdc-japan-2024-albatross/backend/db" ) +var ( + jwtSecret []byte +) + +func init() { + jwtSecret = []byte(os.Getenv("ALBATROSS_JWT_SECRET")) + if len(jwtSecret) == 0 { + panic("ALBATROSS_JWT_SECRET is not set") + } +} + type JWTClaims struct { UserID int `json:"user_id"` Username string `json:"username"` @@ -30,7 +42,7 @@ func NewJWT(user *db.User) (string, error) { }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func NewAnonymousJWT() (string, error) { @@ -38,7 +50,7 @@ func NewAnonymousJWT() (string, error) { ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 5)), } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func NewShortLivedJWT(claims *JWTClaims) (string, error) { @@ -53,13 +65,13 @@ func NewShortLivedJWT(claims *JWTClaims) (string, error) { }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, newClaims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func ParseJWT(token string) (*JWTClaims, error) { claims := new(JWTClaims) t, err := jwt.ParseWithClaims(token, claims, func(*jwt.Token) (interface{}, error) { - return []byte("TODO"), nil + return jwtSecret, nil }) if err != nil { return nil, err diff --git a/compose.local.yaml b/compose.local.yaml index 883d640..cfcb41e 100644 --- a/compose.local.yaml +++ b/compose.local.yaml @@ -15,6 +15,7 @@ services: ALBATROSS_DB_USER: postgres ALBATROSS_DB_PASSWORD: eepei5reesoo0ov2ceelahd4Emi0au8ahJa6oochohheiquahweihoovahsee1oo ALBATROSS_DB_NAME: albatross + env_file: [.env] restart: always db: @@ -50,6 +51,7 @@ services: context: ./worker expose: - 80 + env_file: [.env] restart: always tools: diff --git a/compose.prod.yaml b/compose.prod.yaml index c4e1b40..07ff19e 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -26,6 +26,7 @@ services: ALBATROSS_DB_USER: postgres ALBATROSS_DB_PASSWORD: eepei5reesoo0ov2ceelahd4Emi0au8ahJa6oochohheiquahweihoovahsee1oo ALBATROSS_DB_NAME: albatross + env_file: [.env] restart: always app-server: @@ -35,6 +36,7 @@ services: ALBATROSS_HOST: localhost expose: - 80 + env_file: [.env] restart: always db: @@ -70,6 +72,7 @@ services: context: ./worker expose: - 80 + env_file: [.env] restart: always volumes: diff --git a/frontend/app/.server/session.ts b/frontend/app/.server/session.ts index 102bcd2..f03f9fa 100644 --- a/frontend/app/.server/session.ts +++ b/frontend/app/.server/session.ts @@ -6,7 +6,7 @@ export const cookieOptions = { httpOnly: true, // secure: process.env.NODE_ENV === "production", secure: false, // TODO - secrets: ["TODO"], + secrets: [process.env.ALBATROSS_COOKIE_SECRET ?? "local"], }; export const sessionStorage = createCookieSessionStorage({ diff --git a/worker/main.go b/worker/main.go index 8134a56..ac65305 100644 --- a/worker/main.go +++ b/worker/main.go @@ -3,6 +3,7 @@ package main import ( "log" "net/http" + "os" echojwt "github.com/labstack/echo-jwt/v4" "github.com/labstack/echo/v4" @@ -10,6 +11,11 @@ import ( ) func main() { + jwtSecret := os.Getenv("ALBATROSS_JWT_SECRET") + if jwtSecret == "" { + log.Fatal("ALBATROSS_JWT_SECRET is not set") + } + if err := prepareDirectories(); err != nil { log.Fatal(err) } @@ -20,7 +26,7 @@ func main() { e.Use(middleware.Recover()) e.Use(echojwt.WithConfig(echojwt.Config{ - SigningKey: []byte("TODO"), + SigningKey: []byte(jwtSecret), })) e.POST("/api/swiftc", handleSwiftCompile) |