From: Dessalines Date: Thu, 2 May 2019 16:55:29 +0000 (-0700) Subject: Externalizing JWT token X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/readmes/%22https:/hacktivis.me/%24%7Bsrc%7D?a=commitdiff_plain;h=820af563879fbf945092d2230f1e2fde0c860ca0;p=lemmy.git Externalizing JWT token --- diff --git a/docker-compose.yml b/docker-compose.yml index 03c72881..1f86c531 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,6 +22,8 @@ services: environment: LEMMY_FRONT_END_DIR: /app/dist DATABASE_URL: postgres://rrr:rrr@db:5432/rrr + JWT_SECRET: changeme + HOSTNAME: rrr restart: always depends_on: db: diff --git a/install.sh b/install.sh index 071acc6f..80d3277a 100755 --- a/install.sh +++ b/install.sh @@ -2,6 +2,8 @@ set -e export DATABASE_URL=postgres://rrr:rrr@localhost/rrr +export JWT_SECRET=changeme +export HOSTNAME=rrr cd ui yarn diff --git a/server/src/actions/user.rs b/server/src/actions/user.rs index 58cfd89d..9c9e0a52 100644 --- a/server/src/actions/user.rs +++ b/server/src/actions/user.rs @@ -3,7 +3,7 @@ use diesel::*; use diesel::result::Error; use schema::user_::dsl::*; use serde::{Serialize, Deserialize}; -use {Crud,is_email_regex}; +use {Crud,is_email_regex, Settings}; use jsonwebtoken::{encode, decode, Header, Validation, TokenData}; use bcrypt::{DEFAULT_COST, hash}; @@ -86,7 +86,7 @@ impl Claims { validate_exp: false, ..Validation::default() }; - decode::(&jwt, "secret".as_ref(), &v) + decode::(&jwt, Settings::get().jwt_secret.as_ref(), &v) } } @@ -96,9 +96,9 @@ impl User_ { let my_claims = Claims { id: self.id, username: self.name.to_owned(), - iss: "rrf".to_string() // TODO this should come from config file + iss: self.fedi_name.to_owned(), }; - encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap() + encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap() } pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result { diff --git a/server/src/apub.rs b/server/src/apub.rs index a9a417e2..4fc0ba33 100644 --- a/server/src/apub.rs +++ b/server/src/apub.rs @@ -50,7 +50,7 @@ mod tests { }; let person = expected_user.person(); - assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap()); + assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap()); let json = serde_json::to_string_pretty(&person).unwrap(); println!("{}", json); diff --git a/server/src/lib.rs b/server/src/lib.rs index d8d7f152..71b72ac3 100644 --- a/server/src/lib.rs +++ b/server/src/lib.rs @@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection { pub struct Settings { db_url: String, - hostname: String + hostname: String, + jwt_secret: String, } impl Settings { @@ -84,7 +85,8 @@ impl Settings { Settings { db_url: env::var("DATABASE_URL") .expect("DATABASE_URL must be set"), - hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string()) + hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()), + jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()), } } fn api_endpoint(&self) -> String { @@ -143,7 +145,7 @@ mod tests { use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search}; #[test] fn test_api() { - assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1"); + assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1"); } #[test] fn test_email() { diff --git a/server/src/websocket_server/server.rs b/server/src/websocket_server/server.rs index aaeae132..82c4007d 100644 --- a/server/src/websocket_server/server.rs +++ b/server/src/websocket_server/server.rs @@ -13,7 +13,7 @@ use diesel::PgConnection; use failure::Error; use std::time::{SystemTime}; -use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs}; +use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings}; use actions::community::*; use actions::user::*; use actions::post::*; @@ -902,7 +902,7 @@ impl Perform for Register { // Register the new user let user_form = UserForm { name: self.username.to_owned(), - fedi_name: "rrf".into(), + fedi_name: Settings::get().hostname.into(), email: self.email.to_owned(), password_encrypted: self.password.to_owned(), preferred_username: None, diff --git a/ui/src/components/navbar.tsx b/ui/src/components/navbar.tsx index 6861461c..84471145 100644 --- a/ui/src/components/navbar.tsx +++ b/ui/src/components/navbar.tsx @@ -144,6 +144,10 @@ export class Navbar extends Component { parseMessage(msg: any) { let op: UserOperation = msgOp(msg); if (msg.error) { + if (msg.error == "Not logged in.") { + UserService.Instance.logout(); + location.reload(); + } return; } else if (op == UserOperation.GetReplies) { let res: GetRepliesResponse = msg;