From cbbdbed0dcbd5144993e5d5162e8cf31a759dbce Mon Sep 17 00:00:00 2001 From: ras0q Date: Sun, 24 Sep 2023 22:03:32 +0900 Subject: [PATCH] :adhesive_bandage: jwtTokenKey as env var --- .env.example | 1 + README.md | 1 + docker-compose.yml | 2 +- main.go | 13 +++++++++++-- router/authorization.go | 4 +--- router/middleware.go | 2 +- router/router.go | 1 + 7 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.env.example b/.env.example index 6f9a2956..c3daf63b 100644 --- a/.env.example +++ b/.env.example @@ -6,6 +6,7 @@ WEBHOOK_SECRET= ACTIVITY_CHANNEL_ID= DAILY_CHANNEL_ID= TOKEN_KEY= +JWT_TOKEN_KEY= KNOQ_VERSION= KNOQ_REVISION= DEVELOPMENT= diff --git a/README.md b/README.md index 5b61f0cd..2685dc08 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ knoQ の全ての機能を動作させるためには、追加の情報が必要 | DAILY_CHANNEL_ID | 環境変数 | | Bot が毎日定時に投稿する先のチャンネル | | ACTIVITY_CHANNEL_ID | 環境変数 | | Bot が都度送信するチャンネル | | TOKEN_KEY | 環境変数 | `random32wordsXXXXXXXXXXXXXXXXXXX` | Token を暗号化する。長さ 32 文字のランダム文字列。存在しない場合はエラー。 | +| JWT_TOKEN_KEY | 環境変数 | `random_strings` | JWT の Token を暗号化する。存在しない場合はエラー。 | | KNOQ_VERSION | 環境変数 | UNKNOWN | knoQ のバージョン (github actions でイメージ作成時に指定) | | KNOQ_REVISION | 環境変数 | UNKNOWN | git の sha1 (github actions でイメージ作成時に指定) | | DEVELOPMENT | 環境変数 | | 開発時かどうか | diff --git a/docker-compose.yml b/docker-compose.yml index c5a84aef..0d6c32e4 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,6 @@ version: "3" networks: default: - services: knoq: build: @@ -26,6 +25,7 @@ services: DAILY_CHANNEL_ID: ${DAILY_CHANNEL_ID} ACTIVITY_CHANNEL_ID: ${ACTIVITY_CHANNEL_ID} TOKEN_KEY: ${TOKEN_KEY:-random32wordsXXXXXXXXXXXXXXXXXXX} + JWT_TOKEN_KEY: ${JWT_TOKEN_KEY:-jwt_token_key} KNOQ_VERSION: ${KNOQ_VERSION:-dev} DEVELOPMENT: true GORM_LOG_LEVEL: info diff --git a/main.go b/main.go index 5adc4829..2b7c93a8 100644 --- a/main.go +++ b/main.go @@ -10,8 +10,8 @@ import ( "github.com/traPtitech/knoQ/domain" "github.com/traPtitech/knoQ/infra/db" - "github.com/traPtitech/knoQ/repository" "github.com/traPtitech/knoQ/infra/traq" + "github.com/traPtitech/knoQ/repository" "github.com/traPtitech/knoQ/utils" "golang.org/x/oauth2" @@ -32,7 +32,8 @@ var ( mariadbPassword = getenv("MARIADB_PASSWORD", "password") mariadbDatabase = getenv("MARIADB_DATABASE", "knoQ") mariadbPort = getenv("MARIADB_PORT", "3306") - tokenKey = getenv("TOKEN_KEY", "random32wordsXXXXXXXXXXXXXXXXXXX") + tokenKey = mustGetenv("TOKEN_KEY") + jwtTokenKey = mustGetenv("JWT_TOKEN_KEY") gormLogLevel = getenv("GORM_LOG_LEVEL", "silent") clientID = getenv("CLIENT_ID", "client_id") @@ -89,6 +90,7 @@ func main() { ActivityChannelID: activityChannelID, DailyChannelId: dailyChannelID, Origin: origin, + JWTTokenKey: jwtTokenKey, } e := handler.SetupRoute() @@ -120,3 +122,10 @@ func getenv(key, fallback string) string { } return fallback } + +func mustGetenv(key string) string { + if value, ok := os.LookupEnv(key); ok { + return value + } + panic("environment variable " + key + " is not set") +} diff --git a/router/authorization.go b/router/authorization.go index 56ac5270..e83d18bc 100644 --- a/router/authorization.go +++ b/router/authorization.go @@ -13,8 +13,6 @@ import ( "github.com/traPtitech/knoQ/utils/random" ) -const JWTSecret = "jwtsecret" - var verifierCache = cache.New(5*time.Minute, 10*time.Minute) var stateCache = cache.New(5*time.Minute, 10*time.Minute) @@ -99,7 +97,7 @@ func (h *Handlers) HandleCreateToken(c echo.Context) error { token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - signedToken, err := token.SignedString([]byte(JWTSecret)) + signedToken, err := token.SignedString([]byte(h.JWTTokenKey)) if err != nil { return internalServerError(err) } diff --git a/router/middleware.go b/router/middleware.go index 9d241398..d7028e8f 100644 --- a/router/middleware.go +++ b/router/middleware.go @@ -85,7 +85,7 @@ func ServerVersionMiddleware(version string) echo.MiddlewareFunc { func (h *Handlers) JWTMiddleware() echo.MiddlewareFunc { return echojwt.WithConfig( echojwt.Config{ - SigningKey: []byte(JWTSecret), + SigningKey: []byte(h.JWTTokenKey), SuccessHandler: func(c echo.Context) { // jwtの検証に成功したらsessionにuserIDを保存 sess, _ := session.Get("session", c) diff --git a/router/router.go b/router/router.go index 45e9a074..fd61edeb 100644 --- a/router/router.go +++ b/router/router.go @@ -30,6 +30,7 @@ type Handlers struct { ActivityChannelID string DailyChannelId string Origin string + JWTTokenKey string } func (h *Handlers) SetupRoute() *echo.Echo {