Browse Source

Externalizing JWT token

pull/269/head
Dessalines 3 years ago
parent
commit
7e3d345d1d
  1. 2
      docker-compose.yml
  2. 2
      install.sh
  3. 8
      server/src/actions/user.rs
  4. 2
      server/src/apub.rs
  5. 8
      server/src/lib.rs
  6. 4
      server/src/websocket_server/server.rs

2
docker-compose.yml

@ -22,6 +22,8 @@ services:
environment:
LEMMY_FRONT_END_DIR: /app/dist
DATABASE_URL: postgres://rrr:[email protected]:5432/rrr
JWT_SECRET: changeme
HOSTNAME: rrr
restart: always
depends_on:
db:

2
install.sh

@ -2,6 +2,8 @@
set -e
export DATABASE_URL=postgres://rrr:[email protected]/rrr
export JWT_SECRET=changeme
export HOSTNAME=rrr
cd ui
yarn

8
server/src/actions/user.rs

@ -3,7 +3,7 @@ use diesel::*;
use diesel::result::Error;
use schema::user_::dsl::*;
use serde::{Serialize, Deserialize};
use {Crud,is_email_regex};
use {Crud,is_email_regex, Settings};
use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
use bcrypt::{DEFAULT_COST, hash};
@ -86,7 +86,7 @@ impl Claims {
validate_exp: false,
..Validation::default()
};
decode::<Claims>(&jwt, "secret".as_ref(), &v)
decode::<Claims>(&jwt, Settings::get().jwt_secret.as_ref(), &v)
}
}
@ -96,9 +96,9 @@ impl User_ {
let my_claims = Claims {
id: self.id,
username: self.name.to_owned(),
iss: "rrf".to_string() // TODO this should come from config file
iss: self.fedi_name.to_owned(),
};
encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap()
encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap()
}
pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {

2
server/src/apub.rs

@ -50,7 +50,7 @@ mod tests {
};
let person = expected_user.person();
assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap());
assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap());
let json = serde_json::to_string_pretty(&person).unwrap();
println!("{}", json);

8
server/src/lib.rs

@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection {
pub struct Settings {
db_url: String,
hostname: String
hostname: String,
jwt_secret: String,
}
impl Settings {
@ -84,7 +85,8 @@ impl Settings {
Settings {
db_url: env::var("DATABASE_URL")
.expect("DATABASE_URL must be set"),
hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string())
hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()),
jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()),
}
}
fn api_endpoint(&self) -> String {
@ -143,7 +145,7 @@ mod tests {
use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
#[test]
fn test_api() {
assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1");
assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1");
}
#[test] fn test_email() {

4
server/src/websocket_server/server.rs

@ -13,7 +13,7 @@ use diesel::PgConnection;
use failure::Error;
use std::time::{SystemTime};
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs};
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings};
use actions::community::*;
use actions::user::*;
use actions::post::*;
@ -902,7 +902,7 @@ impl Perform for Register {
// Register the new user
let user_form = UserForm {
name: self.username.to_owned(),
fedi_name: "rrf".into(),
fedi_name: Settings::get().hostname.into(),
email: self.email.to_owned(),
password_encrypted: self.password.to_owned(),
preferred_username: None,

Loading…
Cancel
Save