forked from nutomic/lemmy
Externalizing JWT token
This commit is contained in:
parent
1775eb7d5f
commit
abe31e9f17
7 changed files with 20 additions and 10 deletions
|
@ -22,6 +22,8 @@ services:
|
||||||
environment:
|
environment:
|
||||||
LEMMY_FRONT_END_DIR: /app/dist
|
LEMMY_FRONT_END_DIR: /app/dist
|
||||||
DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
|
DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
|
||||||
|
JWT_SECRET: changeme
|
||||||
|
HOSTNAME: rrr
|
||||||
restart: always
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
export DATABASE_URL=postgres://rrr:rrr@localhost/rrr
|
export DATABASE_URL=postgres://rrr:rrr@localhost/rrr
|
||||||
|
export JWT_SECRET=changeme
|
||||||
|
export HOSTNAME=rrr
|
||||||
|
|
||||||
cd ui
|
cd ui
|
||||||
yarn
|
yarn
|
||||||
|
|
|
@ -3,7 +3,7 @@ use diesel::*;
|
||||||
use diesel::result::Error;
|
use diesel::result::Error;
|
||||||
use schema::user_::dsl::*;
|
use schema::user_::dsl::*;
|
||||||
use serde::{Serialize, Deserialize};
|
use serde::{Serialize, Deserialize};
|
||||||
use {Crud,is_email_regex};
|
use {Crud,is_email_regex, Settings};
|
||||||
use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
|
use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
|
||||||
use bcrypt::{DEFAULT_COST, hash};
|
use bcrypt::{DEFAULT_COST, hash};
|
||||||
|
|
||||||
|
@ -86,7 +86,7 @@ impl Claims {
|
||||||
validate_exp: false,
|
validate_exp: false,
|
||||||
..Validation::default()
|
..Validation::default()
|
||||||
};
|
};
|
||||||
decode::<Claims>(&jwt, "secret".as_ref(), &v)
|
decode::<Claims>(&jwt, Settings::get().jwt_secret.as_ref(), &v)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,9 +96,9 @@ impl User_ {
|
||||||
let my_claims = Claims {
|
let my_claims = Claims {
|
||||||
id: self.id,
|
id: self.id,
|
||||||
username: self.name.to_owned(),
|
username: self.name.to_owned(),
|
||||||
iss: "rrf".to_string() // TODO this should come from config file
|
iss: self.fedi_name.to_owned(),
|
||||||
};
|
};
|
||||||
encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap()
|
encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {
|
pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {
|
||||||
|
|
|
@ -50,7 +50,7 @@ mod tests {
|
||||||
};
|
};
|
||||||
|
|
||||||
let person = expected_user.person();
|
let person = expected_user.person();
|
||||||
assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap());
|
assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap());
|
||||||
let json = serde_json::to_string_pretty(&person).unwrap();
|
let json = serde_json::to_string_pretty(&person).unwrap();
|
||||||
println!("{}", json);
|
println!("{}", json);
|
||||||
|
|
||||||
|
|
|
@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection {
|
||||||
|
|
||||||
pub struct Settings {
|
pub struct Settings {
|
||||||
db_url: String,
|
db_url: String,
|
||||||
hostname: String
|
hostname: String,
|
||||||
|
jwt_secret: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Settings {
|
impl Settings {
|
||||||
|
@ -84,7 +85,8 @@ impl Settings {
|
||||||
Settings {
|
Settings {
|
||||||
db_url: env::var("DATABASE_URL")
|
db_url: env::var("DATABASE_URL")
|
||||||
.expect("DATABASE_URL must be set"),
|
.expect("DATABASE_URL must be set"),
|
||||||
hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string())
|
hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()),
|
||||||
|
jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
fn api_endpoint(&self) -> String {
|
fn api_endpoint(&self) -> String {
|
||||||
|
@ -143,7 +145,7 @@ mod tests {
|
||||||
use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
|
use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
|
||||||
#[test]
|
#[test]
|
||||||
fn test_api() {
|
fn test_api() {
|
||||||
assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1");
|
assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1");
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test] fn test_email() {
|
#[test] fn test_email() {
|
||||||
|
|
|
@ -13,7 +13,7 @@ use diesel::PgConnection;
|
||||||
use failure::Error;
|
use failure::Error;
|
||||||
use std::time::{SystemTime};
|
use std::time::{SystemTime};
|
||||||
|
|
||||||
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs};
|
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings};
|
||||||
use actions::community::*;
|
use actions::community::*;
|
||||||
use actions::user::*;
|
use actions::user::*;
|
||||||
use actions::post::*;
|
use actions::post::*;
|
||||||
|
@ -902,7 +902,7 @@ impl Perform for Register {
|
||||||
// Register the new user
|
// Register the new user
|
||||||
let user_form = UserForm {
|
let user_form = UserForm {
|
||||||
name: self.username.to_owned(),
|
name: self.username.to_owned(),
|
||||||
fedi_name: "rrf".into(),
|
fedi_name: Settings::get().hostname.into(),
|
||||||
email: self.email.to_owned(),
|
email: self.email.to_owned(),
|
||||||
password_encrypted: self.password.to_owned(),
|
password_encrypted: self.password.to_owned(),
|
||||||
preferred_username: None,
|
preferred_username: None,
|
||||||
|
|
|
@ -144,6 +144,10 @@ export class Navbar extends Component<any, NavbarState> {
|
||||||
parseMessage(msg: any) {
|
parseMessage(msg: any) {
|
||||||
let op: UserOperation = msgOp(msg);
|
let op: UserOperation = msgOp(msg);
|
||||||
if (msg.error) {
|
if (msg.error) {
|
||||||
|
if (msg.error == "Not logged in.") {
|
||||||
|
UserService.Instance.logout();
|
||||||
|
location.reload();
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
} else if (op == UserOperation.GetReplies) {
|
} else if (op == UserOperation.GetReplies) {
|
||||||
let res: GetRepliesResponse = msg;
|
let res: GetRepliesResponse = msg;
|
||||||
|
|
Loading…
Reference in a new issue