Skip to content

Commit

Permalink
- Replaced custom jwt id claim with sub claim, reduced expiration tim…
Browse files Browse the repository at this point in the history
…e to 1 hour and added mandatory algorithm check

- Moved imageDir to environment variable
  • Loading branch information
robbdimitrov committed Nov 5, 2019
1 parent 1c30ac8 commit 2727d3c
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 13 deletions.
3 changes: 2 additions & 1 deletion backend/src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ const DBClient = require('./services/db-client');

const port = process.env.PORT;
const dbUrl = process.env.DATABASE_URI;
const imageDir = process.env.IMAGE_DIR || '/data/images';

const dbClient = new DBClient(dbUrl);
const server = new Server(port, dbClient);
const server = new Server(port, dbClient, imageDir);

if (!module.parent) {
server.start();
Expand Down
8 changes: 4 additions & 4 deletions backend/src/server.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@ const UserService = require('./services/user-service');
const StatusCode = require('./routers/status-code');

class Server {
constructor(port, dbClient) {
constructor(port, dbClient, imageDir) {
this.port = port;
this.dbClient = dbClient;

this.app = express();
this.imageDir = '/data/images';
this.imageDir = imageDir;
this.routers = {};
this.app = express();

this.imageService = new ImageService(dbClient);
this.userService = new UserService(dbClient);
}
Expand Down
18 changes: 10 additions & 8 deletions backend/src/services/auth-service.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,22 +40,24 @@ class AuthService {
}

generateToken(user) {
const payload = { id: user._id };

const token = jwt.sign(payload, this.secret, {
expiresIn: '12h'
});

const issuedAt = Math.floor(Date.now() / 1000);
const expiration = issuedAt + 60 * 60;
const payload = {
sub: user._id,
iat: issuedAt,
exp: expiration
};
const token = jwt.sign(payload, this.secret, { algorithm: 'HS256' });
return token;
}

validateToken(token) {
return new Promise((resolve, reject) => {
jwt.verify(token, this.secret, (err, decoded) => {
jwt.verify(token, this.secret, { algorithm: 'HS256' }, (err, decoded) => {
if (err) {
reject(err);
} else {
resolve(decoded);
resolve({ id: decoded.sub });
}
});
});
Expand Down

0 comments on commit 2727d3c

Please sign in to comment.