Merge pull request #185 from thevahidal/184_remove_default_values_fro…

…m_cli_schema

Remove default values from cli and modify config.js file

.env.sample

@@ -6,8 +6,8 @@ CORS_ORIGIN_WHITELIST=http://localhost:3000,http://127.0.0.1:3000
 AUTH=false
 
 RATE_LIMIT_ENABLED=false
-RATE_LIMIT_WINDOW_MS=1000
-RATE_LIMIT_MAX_REQUESTS=10
+RATE_LIMIT_WINDOW=1000
+RATE_LIMIT_MAX=10
 
 DB=foobar.db
 

README.md

@@ -36,12 +36,12 @@ Options:
   -c,       --cors                                  CORS whitelist origins                              [string]
   -a,       --auth                                  Enable authentication and authorization             [boolean]
 
-  -iuu,     --initialuserusername                   Initial user username                               [string]
-  -iup,     --initialuserpassword                   Initial user password                               [string]
+  --iuu,     --initialuserusername                   Initial user username                               [string]
+  --iup,     --initialuserpassword                   Initial user password                               [string]
 
-  -ts,      --tokensecret                           Token Secret                                        [string]
-  -atet,    --accesstokenexpirationtime             Access Token Expiration Time    (Default: 5H)       [string]
-  -rtet,    --refreshtokenexpirationtime            Refresh Token Expiration Time   (Default: 1D)       [string]
+  --ts,      --tokensecret                           Token Secret                                        [string]
+  --atet,    --accesstokenexpirationtime             Access Token Expiration Time    (Default: 5H)       [string]
+  --rtet,    --refreshtokenexpirationtime            Refresh Token Expiration Time   (Default: 1D)       [string]
   -S,       --studio                                Start Soul Studio in parallel
   --help                                            Show help
 
@@ -63,7 +63,7 @@ Run the Soul command with the necessary parameters:
 
 ```
 
-  soul --d foobar.db -a -ts <your_jwt_secret_value> -atet=4H -rtet=3D -iuu=john -iup=<your_password>
+  soul -d foobar.db -a --ts=<your_jwt_secret_value> --atet=4H --rtet=3D --iuu=john --iup=<your_password>
 
 ```
 
@@ -72,30 +72,30 @@ Note: When configuring your JWT Secret, it is recommended to use a long string v
 In this example:
 
 The `-a` flag instructs Soul to run in auth mode.
-The `-ts` flag allows you to pass a JWT secret value for the `access and refresh tokens` generation and verification. Replace <your_jwt_secret_value> with your desired secret value.
-The `-atet` flag sets the JWT expiration time for the access token. In this case, it is set to four hours (4H), meaning the token will expire after 4 hours.
-The `-rtet` flag sets the JWT expiration time for the refresh token. In this case, it is set to three days (3D), meaning the token will expire after 3 days.
-The `-iuu` flag is used to pass a username for the initial user
-The `-iup` flag is used to pass a password for the initial user
+The `--ts` flag allows you to pass a JWT secret value for the `access and refresh tokens` generation and verification. Replace <your_jwt_secret_value> with your desired secret value.
+The `--atet` flag sets the JWT expiration time for the access token. In this case, it is set to four hours (4H), meaning the token will expire after 4 hours.
+The `--rtet` flag sets the JWT expiration time for the refresh token. In this case, it is set to three days (3D), meaning the token will expire after 3 days.
+The `--iuu` flag is used to pass a username for the initial user
+The `--iup` flag is used to pass a password for the initial user
 
-Here are some example values for the `-atet` and `rtet` flags
+Here are some example values for the `atet` and `rtet` flags
 
 - 60M: Represents a duration of 60 minutes.
 - 5H: Represents a duration of 5 hours.
 - 1D: Represents a duration of 1 day.
 
-NOTE: It is crucial to securely store a copy of the `-ts`(`Token Secret`) value used in Soul. Once you pass this values, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret values can result in a situation where all of your users are blocked from accessing Soul.
+NOTE: It is crucial to securely store a copy of the `--ts`(`Token Secret`) value used in Soul. Once you pass this values, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret values can result in a situation where all of your users are blocked from accessing Soul.
 
 ### 3. Updating Super Users
 
 To modify a superuser information in a database, you can utilize the `updatesuperuser` command. This command allows you to change a superuser's `password` or upgrade/downgrade a normal user to a `superuser`. Below is an example of how to use it:
 
 ```
-soul --d foobar.db updatesuperuser --id=1 password=<new_password_for_the_user> // Update the password for the superuser with ID 1
+soul -d foobar.db updatesuperuser --id=1 password=<new_password_for_the_user> // Update the password for the superuser with ID 1
 
-soul --d foobar.db updatesuperuser --id=1 --is_superuser=true // Upgrade the user with ID 1 to a superuser
+soul -d foobar.db updatesuperuser --id=1 --is_superuser=true // Upgrade the user with ID 1 to a superuser
 
-soul --d foobar.db updatesuperuser --id=1 --is_superuser=false // Revoke the superuser role from the superuser with ID 1
+soul -d foobar.db updatesuperuser --id=1 --is_superuser=false // Revoke the superuser role from the superuser with ID 1
 ```
 
 ## Documentation

src/cli.js

@@ -50,28 +50,24 @@ if (process.env.NO_CLI !== 'true') {
       alias: 'auth',
       describe: 'Enable authentication and authorization',
       type: 'boolean',
-      default: false,
       demandOption: false,
     })
     .options('ts', {
       alias: 'tokensecret',
       describe: 'JWT secret for the access and refresh tokens',
       type: 'string',
-      default: null,
       demandOption: false,
     })
     .options('atet', {
       alias: 'accesstokenexpirationtime',
       describe: 'JWT expiration time for access token',
       type: 'string',
-      default: '5H',
       demandOption: false,
     })
     .options('rtet', {
       alias: 'refreshtokenexpirationtime',
       describe: 'JWT expiration time for refresh token',
       type: 'string',
-      default: '3D',
       demandOption: false,
     })
     .options('iuu', {

src/config/index.js

@@ -20,7 +20,7 @@ const envVarsSchema = Joi.object()
     VERBOSE: Joi.string().valid('console', null).default(null),
 
     CORS_ORIGIN_WHITELIST: Joi.string().default('*'),
-    AUTH: Joi.boolean().default(false),
+    AUTH: Joi.boolean(),
 
     RATE_LIMIT_ENABLED: Joi.boolean().default(false),
     RATE_LIMIT_WINDOW_MS: Joi.number().positive().default(1000),
@@ -33,9 +33,9 @@ const envVarsSchema = Joi.object()
     INITIAL_USER_USERNAME: Joi.string(),
     INITIAL_USER_PASSWORD: Joi.string(),
 
-    TOKEN_SECRET: Joi.string().default(null),
-    ACCESS_TOKEN_EXPIRATION_TIME: Joi.string().default('5H'),
-    REFRESH_TOKEN_EXPIRATION_TIME: Joi.string().default('3D'),
+    TOKEN_SECRET: Joi.string(),
+    ACCESS_TOKEN_EXPIRATION_TIME: Joi.string(),
+    REFRESH_TOKEN_EXPIRATION_TIME: Joi.string(),
   })
   .unknown();
 
@@ -113,12 +113,16 @@ module.exports = {
       envVars.CORS_ORIGIN_WHITELIST?.split(',') || ['*'],
   },
 
-  auth: argv.auth || envVars.AUTH,
-  tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET,
+  auth: argv.auth || envVars.AUTH || false,
+  tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET || null,
   accessTokenExpirationTime:
-    argv.accesstokenexpirationtime || envVars.ACCESS_TOKEN_EXPIRATION_TIME,
+    argv.accesstokenexpirationtime ||
+    envVars.ACCESS_TOKEN_EXPIRATION_TIME ||
+    '5H',
   refreshTokenExpirationTime:
-    argv.refreshtokenexpirationtime || envVars.REFRESH_TOKEN_EXPIRATION_TIME,
+    argv.refreshtokenexpirationtime ||
+    envVars.REFRESH_TOKEN_EXPIRATION_TIME ||
+    '3D',
 
   initialUserUsername:
     argv.initialuserusername || envVars.INITIAL_USER_USERNAME,

src/controllers/auth/common.js

@@ -13,4 +13,12 @@ const isUsernameTaken = (username) => {
   return users.length > 0;
 };
 
-module.exports = { isUsernameTaken };
+const checkAuthConfigs = ({ auth, tokenSecret }) => {
+  if (auth && !tokenSecret) {
+    throw new Error(
+      'You need to provide a token secret either from the CLI or from your environment variables',
+    );
+  }
+};
+
+module.exports = { isUsernameTaken, checkAuthConfigs };

src/controllers/auth/index.js

@@ -1,5 +1,6 @@
 const users = require('./user');
 const token = require('./token');
 const tables = require('./tables');
+const { checkAuthConfigs } = require('./common');
 
-module.exports = { ...users, ...token, ...tables };
+module.exports = { ...users, ...token, ...tables, checkAuthConfigs };

src/index.js

@@ -23,11 +23,11 @@ const {
   createDefaultTables,
   createInitialUser,
   removeRevokedRefreshTokens,
+  checkAuthConfigs,
 } = require('./controllers/auth');
 
 const { runCLICommands } = require('./commands');
 const { authConstants } = require('./constants');
-
 const app = express();
 app.get('/health', (req, res) => {
   res.send('OK');
@@ -85,6 +85,9 @@ if (config.rateLimit.enabled) {
   app.use(limiter);
 }
 
+// If Auth mode is activated but if the tokenSecret value is undefined then throw an error
+checkAuthConfigs({ auth: config.auth, tokenSecret: config.tokenSecret });
+
 // If Auth mode is activated then create auth tables in the DB & create a super user if there are no users in the DB
 if (config.auth) {
   createDefaultTables();