Externalizing JWT token

docker-compose.yml

@@ -22,6 +22,8 @@ services:
     environment:
       LEMMY_FRONT_END_DIR: /app/dist
       DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
+      JWT_SECRET: changeme
+      HOSTNAME: rrr
     restart: always
     depends_on: 
       db: 

install.sh

@@ -2,6 +2,8 @@
 set -e
 
 export DATABASE_URL=postgres://rrr:rrr@localhost/rrr
+export JWT_SECRET=changeme
+export HOSTNAME=rrr
 
 cd ui
 yarn

server/src/actions/user.rs

@@ -3,7 +3,7 @@ use diesel::*;
 use diesel::result::Error;
 use schema::user_::dsl::*;
 use serde::{Serialize, Deserialize};
-use {Crud,is_email_regex};
+use {Crud,is_email_regex, Settings};
 use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
 use bcrypt::{DEFAULT_COST, hash};
 
@@ -86,7 +86,7 @@ impl Claims {
       validate_exp: false,
       ..Validation::default()
     };
-    decode::<Claims>(&jwt, "secret".as_ref(), &v)
+    decode::<Claims>(&jwt, Settings::get().jwt_secret.as_ref(), &v)
   }
 }
 
@@ -96,9 +96,9 @@ impl User_ {
     let my_claims = Claims {
       id: self.id,
       username: self.name.to_owned(),
-      iss: "rrf".to_string() // TODO this should come from config file
+      iss: self.fedi_name.to_owned(),
     };
-    encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap()
+    encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap()
   }
 
   pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {

server/src/apub.rs

@@ -50,7 +50,7 @@ mod tests {
     };
 
     let person = expected_user.person();
-    assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap());
+    assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap());
     let json = serde_json::to_string_pretty(&person).unwrap();
     println!("{}", json);
 

server/src/lib.rs

@@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection {
 
 pub struct Settings {
   db_url: String,
-  hostname: String
+  hostname: String,
+  jwt_secret: String,
 }
 
 impl Settings {
@@ -84,7 +85,8 @@ impl Settings {
     Settings {
       db_url: env::var("DATABASE_URL")
         .expect("DATABASE_URL must be set"),
-        hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string())
+        hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()),
+        jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()),
     }
   }
   fn api_endpoint(&self) -> String {
@@ -143,7 +145,7 @@ mod tests {
   use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
   #[test]
   fn test_api() {
-    assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1");
+    assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1");
   }
 
   #[test] fn test_email() {

server/src/websocket_server/server.rs

@@ -13,7 +13,7 @@ use diesel::PgConnection;
 use failure::Error;
 use std::time::{SystemTime};
 
-use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs};
+use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings};
 use actions::community::*;
 use actions::user::*;
 use actions::post::*;
@@ -902,7 +902,7 @@ impl Perform for Register {
     // Register the new user
     let user_form = UserForm {
       name: self.username.to_owned(),
-      fedi_name: "rrf".into(),
+      fedi_name: Settings::get().hostname.into(),
       email: self.email.to_owned(),
       password_encrypted: self.password.to_owned(),
       preferred_username: None,

ui/src/components/navbar.tsx

@@ -144,6 +144,10 @@ export class Navbar extends Component<any, NavbarState> {
   parseMessage(msg: any) {
     let op: UserOperation = msgOp(msg);
     if (msg.error) {
+      if (msg.error == "Not logged in.") {
+        UserService.Instance.logout();
+        location.reload();
+      }
       return;
     } else if (op == UserOperation.GetReplies) {
       let res: GetRepliesResponse = msg;