mirror of
https://github.com/LemmyNet/lemmy.git
synced 2024-11-23 18:01:00 +00:00
Externalizing JWT token
This commit is contained in:
parent
1775eb7d5f
commit
abe31e9f17
7 changed files with 20 additions and 10 deletions
|
@ -22,6 +22,8 @@ services:
|
|||
environment:
|
||||
LEMMY_FRONT_END_DIR: /app/dist
|
||||
DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
|
||||
JWT_SECRET: changeme
|
||||
HOSTNAME: rrr
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
set -e
|
||||
|
||||
export DATABASE_URL=postgres://rrr:rrr@localhost/rrr
|
||||
export JWT_SECRET=changeme
|
||||
export HOSTNAME=rrr
|
||||
|
||||
cd ui
|
||||
yarn
|
||||
|
|
|
@ -3,7 +3,7 @@ use diesel::*;
|
|||
use diesel::result::Error;
|
||||
use schema::user_::dsl::*;
|
||||
use serde::{Serialize, Deserialize};
|
||||
use {Crud,is_email_regex};
|
||||
use {Crud,is_email_regex, Settings};
|
||||
use jsonwebtoken::{encode, decode, Header, Validation, TokenData};
|
||||
use bcrypt::{DEFAULT_COST, hash};
|
||||
|
||||
|
@ -86,7 +86,7 @@ impl Claims {
|
|||
validate_exp: false,
|
||||
..Validation::default()
|
||||
};
|
||||
decode::<Claims>(&jwt, "secret".as_ref(), &v)
|
||||
decode::<Claims>(&jwt, Settings::get().jwt_secret.as_ref(), &v)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -96,9 +96,9 @@ impl User_ {
|
|||
let my_claims = Claims {
|
||||
id: self.id,
|
||||
username: self.name.to_owned(),
|
||||
iss: "rrf".to_string() // TODO this should come from config file
|
||||
iss: self.fedi_name.to_owned(),
|
||||
};
|
||||
encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap()
|
||||
encode(&Header::default(), &my_claims, Settings::get().jwt_secret.as_ref()).unwrap()
|
||||
}
|
||||
|
||||
pub fn find_by_email_or_username(conn: &PgConnection, username_or_email: &str) -> Result<Self, Error> {
|
||||
|
|
|
@ -50,7 +50,7 @@ mod tests {
|
|||
};
|
||||
|
||||
let person = expected_user.person();
|
||||
assert_eq!("http://0.0.0.0/api/v1/user/thom", person.object_props.id_string().unwrap());
|
||||
assert_eq!("rrr/api/v1/user/thom", person.object_props.id_string().unwrap());
|
||||
let json = serde_json::to_string_pretty(&person).unwrap();
|
||||
println!("{}", json);
|
||||
|
||||
|
|
|
@ -75,7 +75,8 @@ pub fn establish_connection() -> PgConnection {
|
|||
|
||||
pub struct Settings {
|
||||
db_url: String,
|
||||
hostname: String
|
||||
hostname: String,
|
||||
jwt_secret: String,
|
||||
}
|
||||
|
||||
impl Settings {
|
||||
|
@ -84,7 +85,8 @@ impl Settings {
|
|||
Settings {
|
||||
db_url: env::var("DATABASE_URL")
|
||||
.expect("DATABASE_URL must be set"),
|
||||
hostname: env::var("HOSTNAME").unwrap_or("http://0.0.0.0".to_string())
|
||||
hostname: env::var("HOSTNAME").unwrap_or("rrr".to_string()),
|
||||
jwt_secret: env::var("JWT_SECRET").unwrap_or("changeme".to_string()),
|
||||
}
|
||||
}
|
||||
fn api_endpoint(&self) -> String {
|
||||
|
@ -143,7 +145,7 @@ mod tests {
|
|||
use {Settings, is_email_regex, remove_slurs, has_slurs, fuzzy_search};
|
||||
#[test]
|
||||
fn test_api() {
|
||||
assert_eq!(Settings::get().api_endpoint(), "http://0.0.0.0/api/v1");
|
||||
assert_eq!(Settings::get().api_endpoint(), "rrr/api/v1");
|
||||
}
|
||||
|
||||
#[test] fn test_email() {
|
||||
|
|
|
@ -13,7 +13,7 @@ use diesel::PgConnection;
|
|||
use failure::Error;
|
||||
use std::time::{SystemTime};
|
||||
|
||||
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs};
|
||||
use {Crud, Joinable, Likeable, Followable, Bannable, Saveable, establish_connection, naive_now, naive_from_unix, SortType, SearchType, has_slurs, remove_slurs, Settings};
|
||||
use actions::community::*;
|
||||
use actions::user::*;
|
||||
use actions::post::*;
|
||||
|
@ -902,7 +902,7 @@ impl Perform for Register {
|
|||
// Register the new user
|
||||
let user_form = UserForm {
|
||||
name: self.username.to_owned(),
|
||||
fedi_name: "rrf".into(),
|
||||
fedi_name: Settings::get().hostname.into(),
|
||||
email: self.email.to_owned(),
|
||||
password_encrypted: self.password.to_owned(),
|
||||
preferred_username: None,
|
||||
|
|
|
@ -144,6 +144,10 @@ export class Navbar extends Component<any, NavbarState> {
|
|||
parseMessage(msg: any) {
|
||||
let op: UserOperation = msgOp(msg);
|
||||
if (msg.error) {
|
||||
if (msg.error == "Not logged in.") {
|
||||
UserService.Instance.logout();
|
||||
location.reload();
|
||||
}
|
||||
return;
|
||||
} else if (op == UserOperation.GetReplies) {
|
||||
let res: GetRepliesResponse = msg;
|
||||
|
|
Loading…
Reference in a new issue