move JWT secret into ENV

2021-03-31 17:58:47 +02:00
parent 55c890aca5
commit 1bc7293660
11 changed files with 63 additions and 17 deletions
--- a/src/main/kotlin/fr/dcproject/component/auth/jwt/JWTMaker.kt
+++ b/src/main/kotlin/fr/dcproject/component/auth/jwt/JWTMaker.kt
@@ -2,13 +2,16 @@ package fr.dcproject.component.auth.jwt

 import com.auth0.jwt.JWT
 import fr.dcproject.component.auth.database.UserI
+import org.koin.core.context.GlobalContext

 /**
 * Produce a token for this combination of User and Account
 */
-fun UserI.makeToken(): String = JWT.create()
-    .withSubject("Authentication")
-    .withIssuer(JwtConfig.issuer)
-    .withClaim("id", id.toString())
-    .withExpiresAt(JwtConfig.getExpiration())
-    .sign(JwtConfig.algorithm)
+fun UserI.makeToken(): String = GlobalContext.get().koin.get<JwtConfig>().run {
+    JWT.create()
+        .withSubject("Authentication")
+        .withIssuer(issuer)
+        .withClaim("id", id.toString())
+        .withExpiresAt(getExpiration())
+        .sign(algorithm)
+}
--- a/src/main/kotlin/fr/dcproject/component/auth/jwt/JwtConfig.kt
+++ b/src/main/kotlin/fr/dcproject/component/auth/jwt/JwtConfig.kt
@@ -5,11 +5,11 @@ import com.auth0.jwt.JWTVerifier
 import com.auth0.jwt.algorithms.Algorithm
 import java.util.Date

-object JwtConfig {
-    private const val secret = "zAP5MBA4B4Ijz0MZaS48"
-    const val issuer = "dc-project.fr"
-    private const val validityInMs = 3_600_000 * 10 // 10 hours
-
+class JwtConfig(
+    private val secret: String,
+    val issuer: String,
+    private val validityInMs: Int,
+) {
    // TODO change to RSA512
    val algorithm: Algorithm = Algorithm.HMAC512(secret)

--- a/src/main/kotlin/fr/dcproject/component/auth/jwt/JwtInstallation.kt
+++ b/src/main/kotlin/fr/dcproject/component/auth/jwt/JwtInstallation.kt
@@ -1,5 +1,6 @@
 package fr.dcproject.component.auth.jwt

+import com.auth0.jwt.JWTVerifier
 import fr.dcproject.component.auth.database.User
 import fr.dcproject.component.auth.database.UserRepository
 import io.ktor.application.ApplicationCall
@@ -9,14 +10,14 @@ import io.ktor.http.auth.HttpAuthHeader
 import io.ktor.routing.Routing
 import java.util.UUID

-fun jwtInstallation(userRepo: UserRepository): Authentication.Configuration.() -> Unit = {
+fun jwtInstallation(userRepo: UserRepository, verifier: JWTVerifier): Authentication.Configuration.() -> Unit = {
    /**
     * Setup the JWT authentication to be used in [Routing].
     * If the token is valid, the corresponding [User] is fetched from the database.
     * The [User] can then be accessed in each [ApplicationCall].
     */
    jwt {
-        verifier(JwtConfig.verifier)
+        verifier(verifier)
        realm = "dc-project.fr"
        validate {
            it.payload.getClaim("id").asString()?.let { id ->
@@ -27,7 +28,7 @@ fun jwtInstallation(userRepo: UserRepository): Authentication.Configuration.() -

    /* Token in URL */
    jwt("url") {
-        verifier(JwtConfig.verifier)
+        verifier(verifier)
        realm = "dc-project.fr"
        authHeader { call ->
            call.request.queryParameters["token"]?.let {