fix: auth creds selection (#91)

* docs * fix: sign gateway tokens using priv/pub
theeye-io-team · Jul 3, 2023 · 080d635 · 080d635
1 parent 139f2ae
commit 080d635
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 14 deletions.
diff --git a/config/default.js b/config/default.js
@@ -154,8 +154,8 @@ module.exports = {
       }
     },
     rs256: {
-      pub: '/home/facugon/workspace/theeye/theeye-supervisor/config/jwtRS256.key.pub',
-      priv: '/home/facugon/workspace/theeye/theeye-supervisor/config/jwtRS256.key'
+      pub: null,
+      priv: null
     },
     secret: '692fc164a0c06a9fd02575cf17688c9e'
   },

diff --git a/config/development.js b/config/development.js
@@ -42,6 +42,13 @@ module.exports = {
       }
     }
   },
+  authentication: {
+    rs256: {
+      pub: join(__dirname, 'jwtRS256.key.pub'),
+      priv: join(__dirname, 'jwtRS256.key')
+    },
+    secret: '692fc164a0c06a9fd02575cf17688c9e'
+  },
   monitor: {
     disabled: true,
     fails_count_alert: 3,

diff --git a/config/localdev.js b/config/localdev.js
@@ -2,6 +2,8 @@
  * replace here the default configuration values for your
  * local development environment
  */
+const { join } = require('path')
+
 module.exports = {
   storage: {
     driver: "local"
@@ -47,6 +49,10 @@ module.exports = {
   },
   authentication: {
     // same key must be in every internal service
+    rs256: {
+      pub: join(__dirname, 'jwtRS256.key.pub'),
+      priv: join(__dirname, 'jwtRS256.key')
+    },
     secret: '692fc164a0c06a9fd02575cf17688c9e',
     protocol: 'http', // http or https
     api: {

diff --git a/core/service/gateway/token.js b/core/service/gateway/token.js
@@ -1,16 +1,27 @@
 const config = require('config')
 const jwt = require('jsonwebtoken')
+const fs = require('fs')
 
 module.exports = {
   create (context) {
-    const key = config.authentication.rs256.priv
-    return jwt.sign(
-      { context },
-      key, // our Private Key
-      {
-        expiresIn: 60, // seconds
-        algorithm: "RS256"
-      }
-    )
+    const authCfg = config.authentication
+
+    // seconds
+    const signSettings = { expiresIn: 60 }
+
+    let key
+    if (authCfg.rs256?.priv) {
+      key = fs.readFileSync(authCfg.rs256.priv, 'utf8')
+      signSettings.algorithm = "RS256"
+    } else {
+      key = authCfg.secret
+      signSettings.algorithm = "HS256"
+    }
+
+    if (!key) {
+      throw new Error('Authorization system: security key not set')
+    }
+
+    return jwt.sign({ context }, key, signSettings)
   }
 }
diff --git a/docs/index.html b/docs/index.html
@@ -37,13 +37,13 @@
   <!-- Docsify v4 -->
   <script src="//cdn.jsdelivr.net/npm/docsify@4"></script>
   <script src="//cdn.jsdelivr.net/npm/docsify/lib/plugins/emoji.min.js"></script>
-  <script src="//cdn.jsdelivr.net/npm/docsify/lib/plugins/search.min.js"></script>
-  <script src="//cdn.jsdelivr.net/npm/docsify-copy-code"></script>
-  <script src="//cdn.jsdelivr.net/npm/docsify-tabs@1"></script>
+  <script src="//cdn.jsdelivr.net/npm/docsify-copy-code/dist/docsify-copy-code.min.js"></script>
   <script 
     src="//cdn.jsdelivr.net/npm/docsify-darklight-theme@latest/dist/index.min.js"
     type="text/javascript">
   </script>
+  <script src="//cdn.jsdelivr.net/npm/docsify/lib/plugins/search.min.js"></script>
+  <script src="//cdn.jsdelivr.net/npm/docsify-tabs@1"></script>
   <script src="//cdn.jsdelivr.net/npm/prismjs@1/components/prism-bash.min.js"></script>
   <script src="//cdn.jsdelivr.net/npm/prismjs@1/components/prism-batch.min.js"></script>
   <script src="//cdn.jsdelivr.net/npm/prismjs@1/components/prism-powershell.min.js"></script>