From 2f03b301d0c71524691871b9d03cdb5b9ad3e436 Mon Sep 17 00:00:00 2001
From: Piotr Russ <mail@pruss.it>
Date: Sun, 22 Nov 2020 22:39:04 +0100
Subject: move environmental variables to dotenv

---
 .env.example                            |  5 +++++
 .gitignore                              |  1 +
 app.js                                  | 25 ++++++++++++++-----------
 package-lock.json                       | 13 +++++++++++++
 package.json                            |  1 +
 server/db/mongoose.js                   | 14 +++++++++-----
 server/helpers/setCookie.js             | 10 ++++++++++
 server/middleware/auth.js               |  5 +++--
 server/middleware/redirectIfLoggedIn.js |  2 +-
 server/models/User.js                   |  4 ++--
 server/routes/user.js                   |  2 +-
 11 files changed, 60 insertions(+), 22 deletions(-)
 create mode 100644 .env.example
 create mode 100644 server/helpers/setCookie.js

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..3ca9069
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,5 @@
+DB_CONNECT =
+PORT =
+COOKIE_MAX_AGE =
+JWT_TOKEN_MAX_AGE =
+JWT_SECRET =
diff --git a/.gitignore b/.gitignore
index c2658d7..713d500 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 node_modules/
+.env
diff --git a/app.js b/app.js
index 40fc07d..4391b7f 100755
--- a/app.js
+++ b/app.js
@@ -1,8 +1,10 @@
 const path = require("path");
 const express = require("express");
-// const cors = require('cors');
 const cookieParser = require('cookie-parser');
+// const cors = require('cors');
+require('dotenv-safe').config();
 require('./server/db/mongoose');
+const setCookie = require('./server/helpers/setCookie');
 const userRoutes = require('./server/routes/user');
 const auth = require('./server/middleware/auth');
 const redirectIfLoggedIn = require('./server/middleware/redirectIfLoggedIn');
@@ -11,22 +13,23 @@ const app = express();
 const port = process.env.PORT || 3000;
 
 app.use(express.json());
-// app.use(cors());
 app.use(cookieParser());
+// app.use(cors());
 
 app.use('/api/user/', userRoutes);
 
-app.use('/admin/', auth, express.static(path.join(__dirname, 'client/admin'), {
-  setHeaders: function (res, path, stat) {
-    if (res.req.newToken){
-      res.set('Set-Cookie', "token=" + res.req.newToken + ";httpOnly;MaxAge=604800000;Path=/");
-    }
-  }
-}));
+app.use('/admin/', auth, express.static(
+  path.join(__dirname, 'client/admin'),
+  { setHeaders: setCookie }
+));
 
-app.use('/login/', redirectIfLoggedIn, express.static(path.join(__dirname, 'client/login')));
+app.use('/login/', redirectIfLoggedIn, express.static(
+  path.join(__dirname, 'client/login')
+));
 
-app.use('/', express.static(path.join(__dirname, 'client/public')));
+app.use('/', express.static(
+  path.join(__dirname, 'client/public')
+));
 
 app.get('*', (req, res) => res.redirect('/'));
 
diff --git a/package-lock.json b/package-lock.json
index 8dbe3b8..7f05a7b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2847,6 +2847,19 @@
         "is-obj": "^1.0.0"
       }
     },
+    "dotenv": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
+      "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw=="
+    },
+    "dotenv-safe": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/dotenv-safe/-/dotenv-safe-8.2.0.tgz",
+      "integrity": "sha512-uWwWWdUQkSs5a3mySDB22UtNwyEYi0JtEQu+vDzIqr9OjbDdC2Ip13PnSpi/fctqlYmzkxCeabiyCAOROuAIaA==",
+      "requires": {
+        "dotenv": "^8.2.0"
+      }
+    },
     "duplexer3": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz",
diff --git a/package.json b/package.json
index 263bbc7..dc6baf4 100644
--- a/package.json
+++ b/package.json
@@ -16,6 +16,7 @@
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.19.0",
     "cookie-parser": "^1.4.5",
+    "dotenv-safe": "^8.2.0",
     "express": "^4.16.4",
     "jsonwebtoken": "^8.5.1",
     "mongoose": "^5.10.13",
diff --git a/server/db/mongoose.js b/server/db/mongoose.js
index 579b5d7..9b89c14 100644
--- a/server/db/mongoose.js
+++ b/server/db/mongoose.js
@@ -1,6 +1,10 @@
-const mongoose = require("mongoose");
+const mongoose = require('mongoose');
 
-mongoose.connect('mongodb://127.0.0.1:27017/website-manager', {
-  useNewUrlParser: true,
-  useCreateIndex: true,
-});
+mongoose.connect(
+  process.env.DB_CONNECT,
+  {
+    useNewUrlParser: true,
+    useCreateIndex: true,
+  },
+  () => console.log('connected to DB')
+);
diff --git a/server/helpers/setCookie.js b/server/helpers/setCookie.js
new file mode 100644
index 0000000..bb3580c
--- /dev/null
+++ b/server/helpers/setCookie.js
@@ -0,0 +1,10 @@
+const setCookie = function (res, path, stat) {
+  if (res.req.newToken){
+    res.set(
+      'Set-Cookie',
+      'token='+res.req.newToken+';httpOnly;MaxAge='+process.env.COOKIE_MAX_AGE+';Path=/'
+    );
+  }
+}
+
+module.exports = setCookie;
diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 462b100..bec113d 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -10,13 +10,14 @@ const auth = async (req, res, next) => {
     }
 
     try {
-      const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
       req.userId = decoded._id;
       req.refreshToken = decoded.ref;
       return next();
     } catch(er) {
       if (er.message && er.message === 'jwt expired') {
-        const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString');
+        const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET);
+        console.log('reading db to login')
         const user = await User.findById(_id);
 
         if (!user) {
diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js
index 62a413c..fe793f7 100644
--- a/server/middleware/redirectIfLoggedIn.js
+++ b/server/middleware/redirectIfLoggedIn.js
@@ -9,7 +9,7 @@ const redirectIfLoggedIn = async (req, res, next) => {
       throw new Error();
     }
 
-    const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
     const user = await User.findOne({ _id: decoded._id, 'tokens.token': token });
 
     if (!user) {
diff --git a/server/models/User.js b/server/models/User.js
index e777878..8cc9c4c 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -42,8 +42,8 @@ userSchema.methods.generateJwtToken = async function (currentRef) {
 
   return jwt.sign(
     { _id: this._id.toString(), ref },
-    'replaceThisWithSecretString',
-    { expiresIn: 300 }
+    process.env.JWT_SECRET,
+    { expiresIn: parseInt(process.env.JWT_TOKEN_MAX_AGE) }
   );
 }
 
diff --git a/server/routes/user.js b/server/routes/user.js
index b3bdee3..91bc0f1 100644
--- a/server/routes/user.js
+++ b/server/routes/user.js
@@ -31,7 +31,7 @@ router.post('/login', async (req, res) => {
     const token = await user.generateJwtToken();
     res
       .cookie('token', token, {
-        maxAge: 604800000,
+        maxAge: parseInt(process.env.COOKIE_MAX_AGE),
         secure: false,
         httpOnly: true,
       })
-- 
cgit v1.2.3