From 2f03b301d0c71524691871b9d03cdb5b9ad3e436 Mon Sep 17 00:00:00 2001 From: Piotr Russ Date: Sun, 22 Nov 2020 22:39:04 +0100 Subject: move environmental variables to dotenv --- server/db/mongoose.js | 14 +++++++++----- server/helpers/setCookie.js | 10 ++++++++++ server/middleware/auth.js | 5 +++-- server/middleware/redirectIfLoggedIn.js | 2 +- server/models/User.js | 4 ++-- server/routes/user.js | 2 +- 6 files changed, 26 insertions(+), 11 deletions(-) create mode 100644 server/helpers/setCookie.js (limited to 'server') diff --git a/server/db/mongoose.js b/server/db/mongoose.js index 579b5d7..9b89c14 100644 --- a/server/db/mongoose.js +++ b/server/db/mongoose.js @@ -1,6 +1,10 @@ -const mongoose = require("mongoose"); +const mongoose = require('mongoose'); -mongoose.connect('mongodb://127.0.0.1:27017/website-manager', { - useNewUrlParser: true, - useCreateIndex: true, -}); +mongoose.connect( + process.env.DB_CONNECT, + { + useNewUrlParser: true, + useCreateIndex: true, + }, + () => console.log('connected to DB') +); diff --git a/server/helpers/setCookie.js b/server/helpers/setCookie.js new file mode 100644 index 0000000..bb3580c --- /dev/null +++ b/server/helpers/setCookie.js @@ -0,0 +1,10 @@ +const setCookie = function (res, path, stat) { + if (res.req.newToken){ + res.set( + 'Set-Cookie', + 'token='+res.req.newToken+';httpOnly;MaxAge='+process.env.COOKIE_MAX_AGE+';Path=/' + ); + } +} + +module.exports = setCookie; diff --git a/server/middleware/auth.js b/server/middleware/auth.js index 462b100..bec113d 100644 --- a/server/middleware/auth.js +++ b/server/middleware/auth.js @@ -10,13 +10,14 @@ const auth = async (req, res, next) => { } try { - const decoded = jwt.verify(token, 'replaceThisWithSecretString'); + const decoded = jwt.verify(token, process.env.JWT_SECRET); req.userId = decoded._id; req.refreshToken = decoded.ref; return next(); } catch(er) { if (er.message && er.message === 'jwt expired') { - const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString'); + const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET); + console.log('reading db to login') const user = await User.findById(_id); if (!user) { diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js index 62a413c..fe793f7 100644 --- a/server/middleware/redirectIfLoggedIn.js +++ b/server/middleware/redirectIfLoggedIn.js @@ -9,7 +9,7 @@ const redirectIfLoggedIn = async (req, res, next) => { throw new Error(); } - const decoded = jwt.verify(token, 'replaceThisWithSecretString'); + const decoded = jwt.verify(token, process.env.JWT_SECRET); const user = await User.findOne({ _id: decoded._id, 'tokens.token': token }); if (!user) { diff --git a/server/models/User.js b/server/models/User.js index e777878..8cc9c4c 100644 --- a/server/models/User.js +++ b/server/models/User.js @@ -42,8 +42,8 @@ userSchema.methods.generateJwtToken = async function (currentRef) { return jwt.sign( { _id: this._id.toString(), ref }, - 'replaceThisWithSecretString', - { expiresIn: 300 } + process.env.JWT_SECRET, + { expiresIn: parseInt(process.env.JWT_TOKEN_MAX_AGE) } ); } diff --git a/server/routes/user.js b/server/routes/user.js index b3bdee3..91bc0f1 100644 --- a/server/routes/user.js +++ b/server/routes/user.js @@ -31,7 +31,7 @@ router.post('/login', async (req, res) => { const token = await user.generateJwtToken(); res .cookie('token', token, { - maxAge: 604800000, + maxAge: parseInt(process.env.COOKIE_MAX_AGE), secure: false, httpOnly: true, }) -- cgit v1.2.3