From d37f3bdada58e57a07936c5819945188aaa93d9f Mon Sep 17 00:00:00 2001 From: Dessalines Date: Thu, 2 May 2019 09:55:29 -0700 Subject: Externalizing JWT token --- server/src/actions/user.rs | 8 ++++---- server/src/apub.rs | 2 +- server/src/lib.rs | 8 +++++--- server/src/websocket_server/server.rs | 4 ++-- 4 files changed, 12 insertions(+), 10 deletions(-) (limited to 'server') diff --git a/server/src/actions/user.rs b/server/src/actions/user.rs index 58cfd89d..9c9e0a52 100644 --- a/server/src/actions/user.rs +++ b/server/src/actions/user.rs @@ -3,7 +3,7 @@ use diesel::*; use diesel::result::Error; use schema::user_::dsl::*; use serde::{Serialize, Deserialize}; -use {Crud,is_email_regex}; +use {Crud,is_email_regex, Settings}; use jsonwebtoken::{encode, decode, Header, Validation, TokenData}; use bcrypt::{DEFAULT_COST, hash}; @@ -86,7 +86,7 @@ impl Claims { validate_exp: false, ..Validation::default() }; - decode::(&jwt, "secret".as_ref(), &v) + decode::(&jwt, Settings::get().jwt_secret.as_ref(), &v) } } @@ -96,9 +96,9 @@ impl User_ { let my_claims = Claims { id: self.id, username: self.name.to_owned(), - iss: "rrf".to_string() // TODO this should come from config file + iss: self.fedi_name.to_owned(), }; - encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap() + encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap() } pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result { diff --git a/server/src/apub.rs b/server/src/apub.rs index a9a417e2..4fc0ba33 100644 --- a/server/src/apub.rs +++ b/server/src/apub.rs @@ -50,7 +50,7 @@ mod tests { }; let person = expected_user.person(); - assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap()); + assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap()); let json = serde_json::to_string_pretty(&person).unwrap(); println!("{}", json); diff --git a/server/src/lib.rs b/server/src/lib.rs index d8d7f152..71b72ac3 100644 --- a/server/src/lib.rs +++ b/server/src/lib.rs @@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection { pub struct Settings { db_url: String, - hostname: String + hostname: String, + jwt_secret: String, } impl Settings { @@ -84,7 +85,8 @@ impl Settings { Settings { db_url: env::var("DATABASE_URL") .expect("DATABASE_URL must be set"), - hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string()) + hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()), + jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()), } } fn api_endpoint(&self) -> String { @@ -143,7 +145,7 @@ mod tests { use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search}; #[test] fn test_api() { - assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1"); + assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1"); } #[test] fn test_email() { diff --git a/server/src/websocket_server/server.rs b/server/src/websocket_server/server.rs index aaeae132..82c4007d 100644 --- a/server/src/websocket_server/server.rs +++ b/server/src/websocket_server/server.rs @@ -13,7 +13,7 @@ use diesel::PgConnection; use failure::Error; use std::time::{SystemTime}; -use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs}; +use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings}; use actions::community::*; use actions::user::*; use actions::post::*; @@ -902,7 +902,7 @@ impl Perform for Register { // Register the new user let user_form = UserForm { name: self.username.to_owned(), - fedi_name: "rrf".into(), + fedi_name: Settings::get().hostname.into(), email: self.email.to_owned(), password_encrypted: self.password.to_owned(), preferred_username: None, -- cgit v1.2.3