Externalizing JWT token

This commit is contained in:
Dessalines 2019-05-02 09:55:29 -07:00
parent 9d3b4de436
commit 820af56387
7 changed files with 20 additions and 10 deletions

View file

@ -22,6 +22,8 @@ services:
environment: environment:
LEMMY_FRONT_END_DIR: /app/dist LEMMY_FRONT_END_DIR: /app/dist
DATABASE_URL: postgres://rrr:rrr@db:5432/rrr DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
JWT_SECRET: changeme
HOSTNAME: rrr
restart: always restart: always
depends_on: depends_on:
db: db:

View file

@ -2,6 +2,8 @@
set -e set -e
export DATABASE_URL=postgres://rrr:rrr@localhost/rrr export DATABASE_URL=postgres://rrr:rrr@localhost/rrr
export JWT_SECRET=changeme
export HOSTNAME=rrr
cd ui cd ui
yarn yarn

View file

@ -3,7 +3,7 @@ use diesel::*;
use diesel::result::Error; use diesel::result::Error;
use schema::user_::dsl::*; use schema::user_::dsl::*;
use serde::{Serialize, Deserialize}; use serde::{Serialize, Deserialize};
use {Crud,is_email_regex}; use {Crud,is_email_regex, Settings};
use jsonwebtoken::{encode, decode, Header, Validation, TokenData}; use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
use bcrypt::{DEFAULT_COST, hash}; use bcrypt::{DEFAULT_COST, hash};
@ -86,7 +86,7 @@ impl Claims {
validate_exp: false, validate_exp: false,
..Validation::default() ..Validation::default()
}; };
decode::<Claims>(&jwt, "secret".as_ref(), &v) decode::<Claims>(&jwt, Settings::get().jwt_secret.as_ref(), &v)
} }
} }
@ -96,9 +96,9 @@ impl User_ {
let my_claims = Claims { let my_claims = Claims {
id: self.id, id: self.id,
username: self.name.to_owned(), username: self.name.to_owned(),
iss: "rrf".to_string() // TODO this should come from config file iss: self.fedi_name.to_owned(),
}; };
encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap() encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap()
} }
pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> { pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {

View file

@ -50,7 +50,7 @@ mod tests {
}; };
let person = expected_user.person(); let person = expected_user.person();
assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap()); assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap());
let json = serde_json::to_string_pretty(&person).unwrap(); let json = serde_json::to_string_pretty(&person).unwrap();
println!("{}", json); println!("{}", json);

View file

@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection {
pub struct Settings { pub struct Settings {
db_url: String, db_url: String,
hostname: String hostname: String,
jwt_secret: String,
} }
impl Settings { impl Settings {
@ -84,7 +85,8 @@ impl Settings {
Settings { Settings {
db_url: env::var("DATABASE_URL") db_url: env::var("DATABASE_URL")
.expect("DATABASE_URL must be set"), .expect("DATABASE_URL must be set"),
hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string()) hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()),
jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()),
} }
} }
fn api_endpoint(&self) -> String { fn api_endpoint(&self) -> String {
@ -143,7 +145,7 @@ mod tests {
use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search}; use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
#[test] #[test]
fn test_api() { fn test_api() {
assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1"); assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1");
} }
#[test] fn test_email() { #[test] fn test_email() {

View file

@ -13,7 +13,7 @@ use diesel::PgConnection;
use failure::Error; use failure::Error;
use std::time::{SystemTime}; use std::time::{SystemTime};
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs}; use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings};
use actions::community::*; use actions::community::*;
use actions::user::*; use actions::user::*;
use actions::post::*; use actions::post::*;
@ -902,7 +902,7 @@ impl Perform for Register {
// Register the new user // Register the new user
let user_form = UserForm { let user_form = UserForm {
name: self.username.to_owned(), name: self.username.to_owned(),
fedi_name: "rrf".into(), fedi_name: Settings::get().hostname.into(),
email: self.email.to_owned(), email: self.email.to_owned(),
password_encrypted: self.password.to_owned(), password_encrypted: self.password.to_owned(),
preferred_username: None, preferred_username: None,

View file

@ -144,6 +144,10 @@ export class Navbar extends Component<any, NavbarState> {
parseMessage(msg: any) { parseMessage(msg: any) {
let op: UserOperation = msgOp(msg); let op: UserOperation = msgOp(msg);
if (msg.error) { if (msg.error) {
if (msg.error == "Not logged in.") {
UserService.Instance.logout();
location.reload();
}
return; return;
} else if (op == UserOperation.GetReplies) { } else if (op == UserOperation.GetReplies) {
let res: GetRepliesResponse = msg; let res: GetRepliesResponse = msg;