diff --git a/config/default.js b/config/default.js
index 53c4e603..db73f81b 100644
--- a/config/default.js
+++ b/config/default.js
@@ -154,8 +154,8 @@ module.exports = {
}
},
rs256: {
- pub: '/home/facugon/workspace/theeye/theeye-supervisor/config/jwtRS256.key.pub',
- priv: '/home/facugon/workspace/theeye/theeye-supervisor/config/jwtRS256.key'
+ pub: null,
+ priv: null
},
secret: '692fc164a0c06a9fd02575cf17688c9e'
},
diff --git a/config/development.js b/config/development.js
index d1df3c5d..7f8b75fd 100644
--- a/config/development.js
+++ b/config/development.js
@@ -42,6 +42,13 @@ module.exports = {
}
}
},
+ authentication: {
+ rs256: {
+ pub: join(__dirname, 'jwtRS256.key.pub'),
+ priv: join(__dirname, 'jwtRS256.key')
+ },
+ secret: '692fc164a0c06a9fd02575cf17688c9e'
+ },
monitor: {
disabled: true,
fails_count_alert: 3,
diff --git a/config/localdev.js b/config/localdev.js
index dac6fa82..29c0602d 100644
--- a/config/localdev.js
+++ b/config/localdev.js
@@ -2,6 +2,8 @@
* replace here the default configuration values for your
* local development environment
*/
+const { join } = require('path')
+
module.exports = {
storage: {
driver: "local"
@@ -47,6 +49,10 @@ module.exports = {
},
authentication: {
// same key must be in every internal service
+ rs256: {
+ pub: join(__dirname, 'jwtRS256.key.pub'),
+ priv: join(__dirname, 'jwtRS256.key')
+ },
secret: '692fc164a0c06a9fd02575cf17688c9e',
protocol: 'http', // http or https
api: {
diff --git a/core/service/gateway/token.js b/core/service/gateway/token.js
index d8ff394a..48e58b58 100644
--- a/core/service/gateway/token.js
+++ b/core/service/gateway/token.js
@@ -1,16 +1,27 @@
const config = require('config')
const jwt = require('jsonwebtoken')
+const fs = require('fs')
module.exports = {
create (context) {
- const key = config.authentication.rs256.priv
- return jwt.sign(
- { context },
- key, // our Private Key
- {
- expiresIn: 60, // seconds
- algorithm: "RS256"
- }
- )
+ const authCfg = config.authentication
+
+ // seconds
+ const signSettings = { expiresIn: 60 }
+
+ let key
+ if (authCfg.rs256?.priv) {
+ key = fs.readFileSync(authCfg.rs256.priv, 'utf8')
+ signSettings.algorithm = "RS256"
+ } else {
+ key = authCfg.secret
+ signSettings.algorithm = "HS256"
+ }
+
+ if (!key) {
+ throw new Error('Authorization system: security key not set')
+ }
+
+ return jwt.sign({ context }, key, signSettings)
}
}
diff --git a/docs/index.html b/docs/index.html
index 13d8c183..ef08dfb6 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -37,13 +37,13 @@
-
-
-
+
+
+