Externalizing JWT token

This commit is contained in:
Dessalines 2019-05-02 09:55:29 -07:00
parent 1775eb7d5f
commit abe31e9f17
7 changed files with 20 additions and 10 deletions

View file

@ -22,6 +22,8 @@ services:
environment:
LEMMY_FRONT_END_DIR: /app/dist
DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
JWT_SECRET: changeme
HOSTNAME: rrr
restart: always
depends_on:
db:

View file

@ -2,6 +2,8 @@
set -e
export DATABASE_URL=postgres://rrr:rrr@localhost/rrr
export JWT_SECRET=changeme
export HOSTNAME=rrr
cd ui
yarn

View file

@ -3,7 +3,7 @@ use diesel::*;
use diesel::result::Error;
use schema::user_::dsl::*;
use serde::{Serialize, Deserialize};
use {Crud,is_email_regex};
use {Crud,is_email_regex, Settings};
use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
use bcrypt::{DEFAULT_COST, hash};
@ -86,7 +86,7 @@ impl Claims {
validate_exp: false,
..Validation::default()
};
decode::<Claims>(&jwt, "secret".as_ref(), &v)
decode::<Claims>(&jwt, Settings::get().jwt_secret.as_ref(), &v)
}
}
@ -96,9 +96,9 @@ impl User_ {
let my_claims = Claims {
id: self.id,
username: self.name.to_owned(),
iss: "rrf".to_string() // TODO this should come from config file
iss: self.fedi_name.to_owned(),
};
encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap()
encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap()
}
pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {

View file

@ -50,7 +50,7 @@ mod tests {
};
let person = expected_user.person();
assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap());
assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap());
let json = serde_json::to_string_pretty(&person).unwrap();
println!("{}", json);

View file

@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection {
pub struct Settings {
db_url: String,
hostname: String
hostname: String,
jwt_secret: String,
}
impl Settings {
@ -84,7 +85,8 @@ impl Settings {
Settings {
db_url: env::var("DATABASE_URL")
.expect("DATABASE_URL must be set"),
hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string())
hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()),
jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()),
}
}
fn api_endpoint(&self) -> String {
@ -143,7 +145,7 @@ mod tests {
use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
#[test]
fn test_api() {
assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1");
assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1");
}
#[test] fn test_email() {

View file

@ -13,7 +13,7 @@ use diesel::PgConnection;
use failure::Error;
use std::time::{SystemTime};
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs};
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings};
use actions::community::*;
use actions::user::*;
use actions::post::*;
@ -902,7 +902,7 @@ impl Perform for Register {
// Register the new user
let user_form = UserForm {
name: self.username.to_owned(),
fedi_name: "rrf".into(),
fedi_name: Settings::get().hostname.into(),
email: self.email.to_owned(),
password_encrypted: self.password.to_owned(),
preferred_username: None,

View file

@ -144,6 +144,10 @@ export class Navbar extends Component<any, NavbarState> {
parseMessage(msg: any) {
let op: UserOperation = msgOp(msg);
if (msg.error) {
if (msg.error == "Not logged in.") {
UserService.Instance.logout();
location.reload();
}
return;
} else if (op == UserOperation.GetReplies) {
let res: GetRepliesResponse = msg;