feat: configure JWT secret

author: nsfisis <nsfisis@gmail.com> 2024-08-10 00:53:27 +0900
committer: nsfisis <nsfisis@gmail.com> 2024-08-10 00:53:27 +0900
commit: 1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64 (patch)
tree: 771fe342b68a5f8906259e395e6e8444a9a8616c
parent: 01fafac46390e540f4d8766d53177a69da7e64ae (diff)
download: phperkaigi-2025-albatross-1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64.tar.gz
phperkaigi-2025-albatross-1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64.tar.zst
phperkaigi-2025-albatross-1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64.zip
7 files changed, 32 insertions, 6 deletions
diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..f8186e1
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,2 @@
+ALBATROSS_JWT_SECRET=[your_secret_key]
+ALBATROSS_COOKIE_SECRET=[your_secret_key]
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f10862a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/.env
diff --git a/backend/auth/jwt.go b/backend/auth/jwt.go
index 510656b..13af837 100644
--- a/backend/auth/jwt.go
+++ b/backend/auth/jwt.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"errors"
+	"os"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -9,6 +10,17 @@ import (
 	"github.com/nsfisis/iosdc-japan-2024-albatross/backend/db"
 )
 
+var (
+	jwtSecret []byte
+)
+
+func init() {
+	jwtSecret = []byte(os.Getenv("ALBATROSS_JWT_SECRET"))
+	if len(jwtSecret) == 0 {
+		panic("ALBATROSS_JWT_SECRET is not set")
+	}
+}
+
 type JWTClaims struct {
 	UserID      int     `json:"user_id"`
 	Username    string  `json:"username"`
@@ -30,7 +42,7 @@ func NewJWT(user *db.User) (string, error) {
 		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	return token.SignedString([]byte("TODO"))
+	return token.SignedString(jwtSecret)
 }
 
 func NewAnonymousJWT() (string, error) {
@@ -38,7 +50,7 @@ func NewAnonymousJWT() (string, error) {
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 5)),
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	return token.SignedString([]byte("TODO"))
+	return token.SignedString(jwtSecret)
 }
 
 func NewShortLivedJWT(claims *JWTClaims) (string, error) {
@@ -53,13 +65,13 @@ func NewShortLivedJWT(claims *JWTClaims) (string, error) {
 		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, newClaims)
-	return token.SignedString([]byte("TODO"))
+	return token.SignedString(jwtSecret)
 }
 
 func ParseJWT(token string) (*JWTClaims, error) {
 	claims := new(JWTClaims)
 	t, err := jwt.ParseWithClaims(token, claims, func(*jwt.Token) (interface{}, error) {
-		return []byte("TODO"), nil
+		return jwtSecret, nil
 	})
 	if err != nil {
 		return nil, err
diff --git a/compose.local.yaml b/compose.local.yaml
index 883d640..cfcb41e 100644
--- a/compose.local.yaml
+++ b/compose.local.yaml
@@ -15,6 +15,7 @@ services:
       ALBATROSS_DB_USER: postgres
       ALBATROSS_DB_PASSWORD: eepei5reesoo0ov2ceelahd4Emi0au8ahJa6oochohheiquahweihoovahsee1oo
       ALBATROSS_DB_NAME: albatross
+    env_file: [.env]
     restart: always
 
   db:
@@ -50,6 +51,7 @@ services:
       context: ./worker
     expose:
       - 80
+    env_file: [.env]
     restart: always
 
   tools:
diff --git a/compose.prod.yaml b/compose.prod.yaml
index c4e1b40..07ff19e 100644
--- a/compose.prod.yaml
+++ b/compose.prod.yaml
@@ -26,6 +26,7 @@ services:
       ALBATROSS_DB_USER: postgres
       ALBATROSS_DB_PASSWORD: eepei5reesoo0ov2ceelahd4Emi0au8ahJa6oochohheiquahweihoovahsee1oo
       ALBATROSS_DB_NAME: albatross
+    env_file: [.env]
     restart: always
 
   app-server:
@@ -35,6 +36,7 @@ services:
         ALBATROSS_HOST: localhost
     expose:
       - 80
+    env_file: [.env]
     restart: always
 
   db:
@@ -70,6 +72,7 @@ services:
       context: ./worker
     expose:
       - 80
+    env_file: [.env]
     restart: always
 
 volumes:
diff --git a/frontend/app/.server/session.ts b/frontend/app/.server/session.ts
index 102bcd2..f03f9fa 100644
--- a/frontend/app/.server/session.ts
+++ b/frontend/app/.server/session.ts
@@ -6,7 +6,7 @@ export const cookieOptions = {
 	httpOnly: true,
 	// secure: process.env.NODE_ENV === "production",
 	secure: false, // TODO
-	secrets: ["TODO"],
+	secrets: [process.env.ALBATROSS_COOKIE_SECRET ?? "local"],
 };
 
 export const sessionStorage = createCookieSessionStorage({
diff --git a/worker/main.go b/worker/main.go
index 8134a56..ac65305 100644
--- a/worker/main.go
+++ b/worker/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"log"
 	"net/http"
+	"os"
 
 	echojwt "github.com/labstack/echo-jwt/v4"
 	"github.com/labstack/echo/v4"
@@ -10,6 +11,11 @@ import (
 )
 
 func main() {
+	jwtSecret := os.Getenv("ALBATROSS_JWT_SECRET")
+	if jwtSecret == "" {
+		log.Fatal("ALBATROSS_JWT_SECRET is not set")
+	}
+
 	if err := prepareDirectories(); err != nil {
 		log.Fatal(err)
 	}
@@ -20,7 +26,7 @@ func main() {
 	e.Use(middleware.Recover())
 
 	e.Use(echojwt.WithConfig(echojwt.Config{
-		SigningKey: []byte("TODO"),
+		SigningKey: []byte(jwtSecret),
 	}))
 
 	e.POST("/api/swiftc", handleSwiftCompile)
author	nsfisis <nsfisis@gmail.com>	2024-08-10 00:53:27 +0900
committer	nsfisis <nsfisis@gmail.com>	2024-08-10 00:53:27 +0900
commit	1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64 (patch)
tree	771fe342b68a5f8906259e395e6e8444a9a8616c
parent	01fafac46390e540f4d8766d53177a69da7e64ae (diff)
download	phperkaigi-2025-albatross-1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64.tar.gz phperkaigi-2025-albatross-1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64.tar.zst phperkaigi-2025-albatross-1b4b976ec6c0e6f25cbdde7c3ee564e99a786e64.zip