move environmental variables to dotenv

6 files changed, 26 insertions, 11 deletions

diff --git a/server/db/mongoose.js b/server/db/mongoose.js
index 579b5d7..9b89c14 100644
--- a/server/db/mongoose.js
+++ b/server/db/mongoose.js
@@ -1,6 +1,10 @@
-const mongoose = require("mongoose");
+const mongoose = require('mongoose');
 
-mongoose.connect('mongodb://127.0.0.1:27017/website-manager', {
-  useNewUrlParser: true,
-  useCreateIndex: true,
-});
+mongoose.connect(
+  process.env.DB_CONNECT,
+  {
+    useNewUrlParser: true,
+    useCreateIndex: true,
+  },
+  () => console.log('connected to DB')
+);
diff --git a/server/helpers/setCookie.js b/server/helpers/setCookie.js
new file mode 100644
index 0000000..bb3580c
--- /dev/null
+++ b/server/helpers/setCookie.js
@@ -0,0 +1,10 @@
+const setCookie = function (res, path, stat) {
+  if (res.req.newToken){
+    res.set(
+      'Set-Cookie',
+      'token='+res.req.newToken+';httpOnly;MaxAge='+process.env.COOKIE_MAX_AGE+';Path=/'
+    );
+  }
+}
+
+module.exports = setCookie;
diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 462b100..bec113d 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -10,13 +10,14 @@ const auth = async (req, res, next) => {
     }
 
     try {
-      const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
       req.userId = decoded._id;
       req.refreshToken = decoded.ref;
       return next();
     } catch(er) {
       if (er.message && er.message === 'jwt expired') {
-        const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString');
+        const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET);
+        console.log('reading db to login')
         const user = await User.findById(_id);
 
         if (!user) {
diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js
index 62a413c..fe793f7 100644
--- a/server/middleware/redirectIfLoggedIn.js
+++ b/server/middleware/redirectIfLoggedIn.js
@@ -9,7 +9,7 @@ const redirectIfLoggedIn = async (req, res, next) => {
       throw new Error();
     }
 
-    const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
     const user = await User.findOne({ _id: decoded._id, 'tokens.token': token });
 
     if (!user) {
diff --git a/server/models/User.js b/server/models/User.js
index e777878..8cc9c4c 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -42,8 +42,8 @@ userSchema.methods.generateJwtToken = async function (currentRef) {
 
   return jwt.sign(
     { _id: this._id.toString(), ref },
-    'replaceThisWithSecretString',
-    { expiresIn: 300 }
+    process.env.JWT_SECRET,
+    { expiresIn: parseInt(process.env.JWT_TOKEN_MAX_AGE) }
   );
 }
 
diff --git a/server/routes/user.js b/server/routes/user.js
index b3bdee3..91bc0f1 100644
--- a/server/routes/user.js
+++ b/server/routes/user.js
@@ -31,7 +31,7 @@ router.post('/login', async (req, res) => {
     const token = await user.generateJwtToken();
     res
       .cookie('token', token, {
-        maxAge: 604800000,
+        maxAge: parseInt(process.env.COOKIE_MAX_AGE),
         secure: false,
         httpOnly: true,
       })