From 85f4e27904dafa304beac5a18c6ad0b21d5df532 Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 08:43:26 -0600 Subject: [PATCH 01/11] added dotenv --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 3ad1665..79a2c7a 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,7 @@ "bcrypt": "5.0.0", "bootstrap": "4.5.2", "cors": "2.8.5", + "dotenv": "8.2.0", "express": "4.17.1", "express-async-handler": "1.1.4", "gatsby": "2.24.52", From 99b2e860d5968ab45483fc91484a526c953b1083 Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 09:08:46 -0600 Subject: [PATCH 02/11] backend implementation of refresh token on login. --- server/auth/index.js | 5 ++++- server/controllers/userController.js | 24 +++++++++++++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/server/auth/index.js b/server/auth/index.js index 168180e..3efd993 100644 --- a/server/auth/index.js +++ b/server/auth/index.js @@ -3,6 +3,9 @@ const localStrategy = require('passport-local').Strategy; const User = require('../models/user'); const JWTstrategy = require('passport-jwt').Strategy; const ExtractJWT = require('passport-jwt').ExtractJwt; +const dotenv = require('dotenv'); + +dotenv.config({ path: '.env' }); passport.use( 'login', @@ -35,7 +38,7 @@ passport.use( passport.use( new JWTstrategy( { - secretOrKey: 'TOP_SECRET', + secretOrKey: process.env.TOKEN_SECRET, jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(), }, async (token, done) => { diff --git a/server/controllers/userController.js b/server/controllers/userController.js index 8b4707a..06ee9d5 100644 --- a/server/controllers/userController.js +++ b/server/controllers/userController.js @@ -2,6 +2,9 @@ const User = require('../models/user'); const passport = require('passport'); const jwt = require('jsonwebtoken'); const createError = require('http-errors'); +const dotenv = require('dotenv'); + +dotenv.config({ path: '.env' }); const checkMongoError = (ex) => { if (ex.name === 'ValidationError') { @@ -104,7 +107,26 @@ exports.loginUser = async (req, res, next) => { if (err) return next(err); const body = { _id: user._id, email: user.email }; - const token = jwt.sign({ user: body }, 'TOP_SECRET'); + const token = jwt.sign( + { user: body }, + process.env.TOKEN_SECRET, + { + expiresIn: 120, + }); + + const refreshToken = jwt.sign( + { user: body }, + process.env.REFRESH_TOKEN_SECRET, + ); + + await User.findByIdAndUpdate( + user._id, + { $set: + { refreshToken }, + }, + { useFindAndModify: false, + new: true }, + ); return res.json({ token, info }); }, From 36ac05e3f2d25001c9f2deff9bc3f5aa1a235c20 Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 09:30:47 -0600 Subject: [PATCH 03/11] updated gatsby --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3ad1665..ff58200 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "cors": "2.8.5", "express": "4.17.1", "express-async-handler": "1.1.4", - "gatsby": "2.24.52", + "gatsby": "2.25.2", "gatsby-plugin-create-client-paths": "2.3.11", "gatsby-plugin-nodejs": "0.7.0", "gatsby-plugin-styled-components": "3.3.12", From 81f54968f3badfb66639bd39e46436183c66e057 Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 08:43:26 -0600 Subject: [PATCH 04/11] added dotenv --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index ff58200..2cb2db5 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,7 @@ "bcrypt": "5.0.0", "bootstrap": "4.5.2", "cors": "2.8.5", + "dotenv": "8.2.0", "express": "4.17.1", "express-async-handler": "1.1.4", "gatsby": "2.25.2", From b3a112ed9f5bfd241b2c3756a23148f43689e64e Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 09:08:46 -0600 Subject: [PATCH 05/11] backend implementation of refresh token on login. --- server/auth/index.js | 5 ++++- server/controllers/userController.js | 24 +++++++++++++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/server/auth/index.js b/server/auth/index.js index 168180e..3efd993 100644 --- a/server/auth/index.js +++ b/server/auth/index.js @@ -3,6 +3,9 @@ const localStrategy = require('passport-local').Strategy; const User = require('../models/user'); const JWTstrategy = require('passport-jwt').Strategy; const ExtractJWT = require('passport-jwt').ExtractJwt; +const dotenv = require('dotenv'); + +dotenv.config({ path: '.env' }); passport.use( 'login', @@ -35,7 +38,7 @@ passport.use( passport.use( new JWTstrategy( { - secretOrKey: 'TOP_SECRET', + secretOrKey: process.env.TOKEN_SECRET, jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(), }, async (token, done) => { diff --git a/server/controllers/userController.js b/server/controllers/userController.js index 8b4707a..06ee9d5 100644 --- a/server/controllers/userController.js +++ b/server/controllers/userController.js @@ -2,6 +2,9 @@ const User = require('../models/user'); const passport = require('passport'); const jwt = require('jsonwebtoken'); const createError = require('http-errors'); +const dotenv = require('dotenv'); + +dotenv.config({ path: '.env' }); const checkMongoError = (ex) => { if (ex.name === 'ValidationError') { @@ -104,7 +107,26 @@ exports.loginUser = async (req, res, next) => { if (err) return next(err); const body = { _id: user._id, email: user.email }; - const token = jwt.sign({ user: body }, 'TOP_SECRET'); + const token = jwt.sign( + { user: body }, + process.env.TOKEN_SECRET, + { + expiresIn: 120, + }); + + const refreshToken = jwt.sign( + { user: body }, + process.env.REFRESH_TOKEN_SECRET, + ); + + await User.findByIdAndUpdate( + user._id, + { $set: + { refreshToken }, + }, + { useFindAndModify: false, + new: true }, + ); return res.json({ token, info }); }, From 506a31b76c340fa7a6e6fbeff1b97d2cac9eb576 Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 09:57:11 -0600 Subject: [PATCH 06/11] updated node --- .nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.nvmrc b/.nvmrc index 83f2a92..55d1782 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -v12.18.3 +v14.15.0 From cbf9409f52f72b0147d18064be0c64f9ea5ec490 Mon Sep 17 00:00:00 2001 From: Gilles Rusca Date: Thu, 5 Nov 2020 13:38:40 -0600 Subject: [PATCH 07/11] downgraded gatsby-plugin-nodejs --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2cb2db5..88a4a21 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "express-async-handler": "1.1.4", "gatsby": "2.25.2", "gatsby-plugin-create-client-paths": "2.3.11", - "gatsby-plugin-nodejs": "0.7.0", + "gatsby-plugin-nodejs": "0.6.4", "gatsby-plugin-styled-components": "3.3.12", "http-errors": "1.8.0", "jsonwebtoken": "8.5.1", From b5a40d2e0998e612e58503367009d67cf773b308 Mon Sep 17 00:00:00 2001 From: guanacone Date: Fri, 6 Nov 2020 07:42:14 -0600 Subject: [PATCH 08/11] Update node.js.yml --- .github/workflows/node.js.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index db77aad..39fc3e6 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -23,3 +23,6 @@ jobs: node-version: ${{ matrix.node-version }} - run: npm install - run: npm run build --if-present + - env: + TOKEN_SECRET: ${{secrets.TOKEN_SECRET}}, + REFRESH_TOKEN_SECRET: ${{secrets.REFRESH_TOKEN_SECRET}} From 3182d834897e8d865dfa714cf98bd215a7108f3f Mon Sep 17 00:00:00 2001 From: guanacone Date: Fri, 6 Nov 2020 07:50:20 -0600 Subject: [PATCH 09/11] Update node.js.yml --- .github/workflows/node.js.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 39fc3e6..7b2b04b 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -24,5 +24,5 @@ jobs: - run: npm install - run: npm run build --if-present - env: - TOKEN_SECRET: ${{secrets.TOKEN_SECRET}}, - REFRESH_TOKEN_SECRET: ${{secrets.REFRESH_TOKEN_SECRET}} + TOKEN_SECRET: ${secrets.TOKEN_SECRET}, + REFRESH_TOKEN_SECRET: ${secrets.REFRESH_TOKEN_SECRET } From 80d0ea7b68d3f030265d1678daa121d44d35d86d Mon Sep 17 00:00:00 2001 From: guanacone Date: Fri, 6 Nov 2020 07:51:18 -0600 Subject: [PATCH 10/11] Update node.js.yml --- .github/workflows/node.js.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 7b2b04b..fa5ffdd 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -24,5 +24,5 @@ jobs: - run: npm install - run: npm run build --if-present - env: - TOKEN_SECRET: ${secrets.TOKEN_SECRET}, - REFRESH_TOKEN_SECRET: ${secrets.REFRESH_TOKEN_SECRET } + TOKEN_SECRET: ${secrets.TOKEN_SECRET} + REFRESH_TOKEN_SECRET: ${secrets.REFRESH_TOKEN_SECRET} From 0900c5fdcd8568d47076b915dbb7683539e779f4 Mon Sep 17 00:00:00 2001 From: guanacone Date: Fri, 6 Nov 2020 07:52:19 -0600 Subject: [PATCH 11/11] Update node.js.yml --- .github/workflows/node.js.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index fa5ffdd..384b7d6 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -23,6 +23,6 @@ jobs: node-version: ${{ matrix.node-version }} - run: npm install - run: npm run build --if-present - - env: + env: TOKEN_SECRET: ${secrets.TOKEN_SECRET} REFRESH_TOKEN_SECRET: ${secrets.REFRESH_TOKEN_SECRET}