From d3edcebc98222a6eabc43155ecdd894bcb7de74e Mon Sep 17 00:00:00 2001 From: AbegaM Date: Wed, 8 May 2024 10:51:33 +0300 Subject: [PATCH 1/4] Remove default values from cli and modify config.js file --- src/config/index.js | 20 ++++++++++++-------- src/controllers/auth/common.js | 10 +++++++++- src/controllers/auth/index.js | 3 ++- src/index.js | 4 ++++ 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/src/config/index.js b/src/config/index.js index 617e403..5538d3a 100644 --- a/src/config/index.js +++ b/src/config/index.js @@ -20,7 +20,7 @@ const envVarsSchema = Joi.object() VERBOSE: Joi.string().valid('console', null).default(null), CORS_ORIGIN_WHITELIST: Joi.string().default('*'), - AUTH: Joi.boolean().default(false), + AUTH: Joi.boolean(), RATE_LIMIT_ENABLED: Joi.boolean().default(false), RATE_LIMIT_WINDOW_MS: Joi.number().positive().default(1000), @@ -33,9 +33,9 @@ const envVarsSchema = Joi.object() INITIAL_USER_USERNAME: Joi.string(), INITIAL_USER_PASSWORD: Joi.string(), - TOKEN_SECRET: Joi.string().default(null), - ACCESS_TOKEN_EXPIRATION_TIME: Joi.string().default('5H'), - REFRESH_TOKEN_EXPIRATION_TIME: Joi.string().default('3D'), + TOKEN_SECRET: Joi.string(), + ACCESS_TOKEN_EXPIRATION_TIME: Joi.string(), + REFRESH_TOKEN_EXPIRATION_TIME: Joi.string(), }) .unknown(); @@ -113,12 +113,16 @@ module.exports = { envVars.CORS_ORIGIN_WHITELIST?.split(',') || ['*'], }, - auth: argv.auth || envVars.AUTH, - tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET, + auth: argv.auth || envVars.AUTH || false, + tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET || null, accessTokenExpirationTime: - argv.accesstokenexpirationtime || envVars.ACCESS_TOKEN_EXPIRATION_TIME, + argv.accesstokenexpirationtime || + envVars.ACCESS_TOKEN_EXPIRATION_TIME || + '5H', refreshTokenExpirationTime: - argv.refreshtokenexpirationtime || envVars.REFRESH_TOKEN_EXPIRATION_TIME, + argv.refreshtokenexpirationtime || + envVars.REFRESH_TOKEN_EXPIRATION_TIME || + '3D', initialUserUsername: argv.initialuserusername || envVars.INITIAL_USER_USERNAME, diff --git a/src/controllers/auth/common.js b/src/controllers/auth/common.js index 777930d..ac3d17d 100644 --- a/src/controllers/auth/common.js +++ b/src/controllers/auth/common.js @@ -13,4 +13,12 @@ const isUsernameTaken = (username) => { return users.length > 0; }; -module.exports = { isUsernameTaken }; +const checkAuthConfigs = ({ auth, tokenSecret }) => { + if (auth && !tokenSecret) { + throw new Error( + 'You need to provide a token secret either from the CLI or from your environment variables', + ); + } +}; + +module.exports = { isUsernameTaken, checkAuthConfigs }; diff --git a/src/controllers/auth/index.js b/src/controllers/auth/index.js index d7e3c44..6fa24f1 100644 --- a/src/controllers/auth/index.js +++ b/src/controllers/auth/index.js @@ -1,5 +1,6 @@ const users = require('./user'); const token = require('./token'); const tables = require('./tables'); +const { checkAuthConfigs } = require('./common'); -module.exports = { ...users, ...token, ...tables }; +module.exports = { ...users, ...token, ...tables, checkAuthConfigs }; diff --git a/src/index.js b/src/index.js index 3fe765d..952a79a 100755 --- a/src/index.js +++ b/src/index.js @@ -23,6 +23,7 @@ const { createDefaultTables, createInitialUser, removeRevokedRefreshTokens, + checkAuthConfigs, } = require('./controllers/auth'); const { runCLICommands } = require('./commands'); @@ -85,6 +86,9 @@ if (config.rateLimit.enabled) { app.use(limiter); } +// If Auth mode is activated but if the tokenSecret value is undefined then throw an error +checkAuthConfigs({ auth: config.auth, tokenSecret: config.tokenSecret }); + // If Auth mode is activated then create auth tables in the DB & create a super user if there are no users in the DB if (config.auth) { createDefaultTables(); From fbafeda6f9147730cbf2618d815c552880193598 Mon Sep 17 00:00:00 2001 From: AbegaM Date: Wed, 8 May 2024 12:07:33 +0300 Subject: [PATCH 2/4] Update README + Remove default from cli.js --- README.md | 32 ++++++++++++++++---------------- src/cli.js | 4 ---- src/index.js | 1 - 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 8d583fa..00ec017 100644 --- a/README.md +++ b/README.md @@ -36,12 +36,12 @@ Options: -c, --cors CORS whitelist origins [string] -a, --auth Enable authentication and authorization [boolean] - -iuu, --initialuserusername Initial user username [string] - -iup, --initialuserpassword Initial user password [string] + --iuu, --initialuserusername Initial user username [string] + --iup, --initialuserpassword Initial user password [string] - -ts, --tokensecret Token Secret [string] - -atet, --accesstokenexpirationtime Access Token Expiration Time (Default: 5H) [string] - -rtet, --refreshtokenexpirationtime Refresh Token Expiration Time (Default: 1D) [string] + --ts, --tokensecret Token Secret [string] + --atet, --accesstokenexpirationtime Access Token Expiration Time (Default: 5H) [string] + --rtet, --refreshtokenexpirationtime Refresh Token Expiration Time (Default: 1D) [string] -S, --studio Start Soul Studio in parallel --help Show help @@ -63,7 +63,7 @@ Run the Soul command with the necessary parameters: ``` - soul --d foobar.db -a -ts -atet=4H -rtet=3D -iuu=john -iup= + soul --d foobar.db -a --ts --atet=4H --rtet=3D --iuu=john --iup= ``` @@ -72,30 +72,30 @@ Note: When configuring your JWT Secret, it is recommended to use a long string v In this example: The `-a` flag instructs Soul to run in auth mode. -The `-ts` flag allows you to pass a JWT secret value for the `access and refresh tokens` generation and verification. Replace with your desired secret value. -The `-atet` flag sets the JWT expiration time for the access token. In this case, it is set to four hours (4H), meaning the token will expire after 4 hours. -The `-rtet` flag sets the JWT expiration time for the refresh token. In this case, it is set to three days (3D), meaning the token will expire after 3 days. -The `-iuu` flag is used to pass a username for the initial user -The `-iup` flag is used to pass a password for the initial user +The `--ts` flag allows you to pass a JWT secret value for the `access and refresh tokens` generation and verification. Replace with your desired secret value. +The `--atet` flag sets the JWT expiration time for the access token. In this case, it is set to four hours (4H), meaning the token will expire after 4 hours. +The `--rtet` flag sets the JWT expiration time for the refresh token. In this case, it is set to three days (3D), meaning the token will expire after 3 days. +The `--iuu` flag is used to pass a username for the initial user +The `--iup` flag is used to pass a password for the initial user -Here are some example values for the `-atet` and `rtet` flags +Here are some example values for the `atet` and `rtet` flags - 60M: Represents a duration of 60 minutes. - 5H: Represents a duration of 5 hours. - 1D: Represents a duration of 1 day. -NOTE: It is crucial to securely store a copy of the `-ts`(`Token Secret`) value used in Soul. Once you pass this values, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret values can result in a situation where all of your users are blocked from accessing Soul. +NOTE: It is crucial to securely store a copy of the `--ts`(`Token Secret`) value used in Soul. Once you pass this values, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret values can result in a situation where all of your users are blocked from accessing Soul. ### 3. Updating Super Users To modify a superuser information in a database, you can utilize the `updatesuperuser` command. This command allows you to change a superuser's `password` or upgrade/downgrade a normal user to a `superuser`. Below is an example of how to use it: ``` -soul --d foobar.db updatesuperuser --id=1 password= // Update the password for the superuser with ID 1 +soul -d foobar.db updatesuperuser --id=1 password= // Update the password for the superuser with ID 1 -soul --d foobar.db updatesuperuser --id=1 --is_superuser=true // Upgrade the user with ID 1 to a superuser +soul -d foobar.db updatesuperuser --id=1 --is_superuser=true // Upgrade the user with ID 1 to a superuser -soul --d foobar.db updatesuperuser --id=1 --is_superuser=false // Revoke the superuser role from the superuser with ID 1 +soul -d foobar.db updatesuperuser --id=1 --is_superuser=false // Revoke the superuser role from the superuser with ID 1 ``` ## Documentation diff --git a/src/cli.js b/src/cli.js index d18d773..6873bc8 100644 --- a/src/cli.js +++ b/src/cli.js @@ -50,28 +50,24 @@ if (process.env.NO_CLI !== 'true') { alias: 'auth', describe: 'Enable authentication and authorization', type: 'boolean', - default: false, demandOption: false, }) .options('ts', { alias: 'tokensecret', describe: 'JWT secret for the access and refresh tokens', type: 'string', - default: null, demandOption: false, }) .options('atet', { alias: 'accesstokenexpirationtime', describe: 'JWT expiration time for access token', type: 'string', - default: '5H', demandOption: false, }) .options('rtet', { alias: 'refreshtokenexpirationtime', describe: 'JWT expiration time for refresh token', type: 'string', - default: '3D', demandOption: false, }) .options('iuu', { diff --git a/src/index.js b/src/index.js index 952a79a..e1d9a4e 100755 --- a/src/index.js +++ b/src/index.js @@ -28,7 +28,6 @@ const { const { runCLICommands } = require('./commands'); const { authConstants } = require('./constants'); - const app = express(); app.get('/health', (req, res) => { res.send('OK'); From f85b6f67876a666fbcfc359aa395bc7cc72f6da6 Mon Sep 17 00:00:00 2001 From: AbegaM Date: Wed, 8 May 2024 12:23:34 +0300 Subject: [PATCH 3/4] Minor Fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 00ec017..fdc8fb8 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Run the Soul command with the necessary parameters: ``` - soul --d foobar.db -a --ts --atet=4H --rtet=3D --iuu=john --iup= + soul -d foobar.db -a --ts= --atet=4H --rtet=3D --iuu=john --iup= ``` From 1343e9e924d795104c0099877339fea68f62e6f5 Mon Sep 17 00:00:00 2001 From: AbegaM Date: Wed, 8 May 2024 12:36:03 +0300 Subject: [PATCH 4/4] Modified rate limit config variable names --- .env.sample | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index 68ff74d..c98fc7e 100644 --- a/.env.sample +++ b/.env.sample @@ -6,8 +6,8 @@ CORS_ORIGIN_WHITELIST=http://localhost:3000,http://127.0.0.1:3000 AUTH=false RATE_LIMIT_ENABLED=false -RATE_LIMIT_WINDOW_MS=1000 -RATE_LIMIT_MAX_REQUESTS=10 +RATE_LIMIT_WINDOW=1000 +RATE_LIMIT_MAX=10 DB=foobar.db