diff --git a/.env.secret b/.env.secret index f6ce573..128fc26 100644 Binary files a/.env.secret and b/.env.secret differ diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx index 3b7f1e8..a71495a 100644 Binary files a/.gitsecret/keys/pubring.kbx and b/.gitsecret/keys/pubring.kbx differ diff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~ index 902ad16..33df60e 100644 Binary files a/.gitsecret/keys/pubring.kbx~ and b/.gitsecret/keys/pubring.kbx~ differ diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg index 47a5bc1..78d623f 100644 --- a/.gitsecret/paths/mapping.cfg +++ b/.gitsecret/paths/mapping.cfg @@ -1,3 +1,3 @@ -.env:9c1a52e44745107c32d34055320ee62f4572a83a96453b4d38495940c79ab9a3 +.env:1074cf24f051cdd8cbbdf11b4e1c8f2ed88736319a8c0771476e55c77e239a78 src/config/private.pem:040731b01f84c8b9119367982872acb3d046cdf67f21566e18cfa337c130c1d4 src/config/public.pem:2a545e85b82c860d6185deff6f81a8d478b7d21eba2062dceae84d2cee03211d diff --git a/docker-compose.yml b/docker-compose.yml index 5cfc797..ac09019 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,12 +2,24 @@ version: '3.4' services: database: - image: '${REGISTRY_NAME}mongo:latest' + image: '${REGISTRY_NAME}mongo:4.2-bionic' volumes: - casidb:/data/db networks: - 'internal' restart: 'unless-stopped' + redis: + image: '${REGISTRY_NAME}redis:6.2-alpine' + restart: always + networks: + - 'internal' + ports: + - '6379:6379' + env_file: + - './.env' + command: redis-server --loglevel warning --requirepass ${REDIS_PASS} + volumes: + - casi_redis:/data CASI: build: . image: '${REGISTRY_NAME}devclubiitd/casi:0.1' @@ -30,9 +42,11 @@ services: - MONGODB_URI_LOCAL depends_on: - database + - redis volumes: casidb: + casi_redis: networks: reverseproxy: diff --git a/src/config/axios.js b/src/config/axios.js new file mode 100644 index 0000000..c69f2fa --- /dev/null +++ b/src/config/axios.js @@ -0,0 +1,13 @@ +import * as keys from './keys'; + +const HttpsProxyAgent = require('https-proxy-agent'); + +const axiosDefaultConfig = { + proxy: false, + httpsAgent: !keys.isDev + ? new HttpsProxyAgent('http://devclub.iitd.ac.in:3128') + : null, +}; +const axios = require('axios').create(axiosDefaultConfig); + +export default axios; diff --git a/src/config/keys.js b/src/config/keys.js index 446caae..66107dd 100644 --- a/src/config/keys.js +++ b/src/config/keys.js @@ -1,6 +1,10 @@ const fs = require('fs'); const path = require('path'); +require('dotenv').config({ + path: `${__dirname}/../../.env`, +}); + export const expTime = 60 * 20; export const rememberTime = 60 * 60 * 24 * 2; export const reqExpTime = 60; @@ -19,6 +23,7 @@ export const accountExists = 'An account is already linked with that account, Please try linking another one.'; export const noRedirectState = 'xyz'; +export const isDev = process.env.NODE_ENV === 'DEV'; // Role to Privilege export const r2p = { diff --git a/src/config/private.pem.secret b/src/config/private.pem.secret index a61b475..c28c3a7 100644 Binary files a/src/config/private.pem.secret and b/src/config/private.pem.secret differ diff --git a/src/config/public.pem.secret b/src/config/public.pem.secret index 9da3cca..2c7af7c 100644 Binary files a/src/config/public.pem.secret and b/src/config/public.pem.secret differ diff --git a/src/config/redis.js b/src/config/redis.js new file mode 100644 index 0000000..4b4be2c --- /dev/null +++ b/src/config/redis.js @@ -0,0 +1,15 @@ +import redis from 'redis'; +import { isDev } from './keys'; + +const redisURl = isDev + ? 'redis://127.0.0.1:6379' + : `redis://:${process.env.REDIS_PASS}@redis:6379`; +const rtokens = redis.createClient({ + url: redisURl, +}); + +rtokens.on('error', (err) => { + console.log(err); +}); + +export default rtokens; diff --git a/src/data/resourceToken.js b/src/data/resourceToken.js deleted file mode 100644 index 466bc00..0000000 --- a/src/data/resourceToken.js +++ /dev/null @@ -1,9 +0,0 @@ -import redis from 'redis'; - -const rtokens = redis.createClient(); - -rtokens.on('error', (err) => { - console.log(err); -}); - -export default rtokens; diff --git a/src/routes/auth.js b/src/routes/auth.js index a40e9a7..f5307e2 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -2,7 +2,7 @@ import express from 'express'; import { verify, decode } from 'jsonwebtoken'; import bcrypt from 'bcryptjs'; import util from 'util'; -import rtoken from '../data/resourceToken'; +import rtoken from '../config/redis'; import * as keys from '../config/keys'; import { verifyToken, @@ -24,19 +24,10 @@ import { noRedirectState, } from '../config/keys'; import { Client, User } from '../models/user'; +import axios from '../config/axios'; const router = express.Router(); const passport = require('passport'); -const HttpsProxyAgent = require('https-proxy-agent'); - -const axiosDefaultConfig = { - proxy: false, - httpsAgent: - process.env.NODE_ENV !== 'DEV' - ? new HttpsProxyAgent('http://devclub.iitd.ac.in:3128') - : null, -}; -const axios = require('axios').create(axiosDefaultConfig); const qs = require('qs'); // post route to check validity of tokens, clients will hit this route. router.post('/refresh-token', async (req, res) => { @@ -69,10 +60,10 @@ router.get('/email/verify/token', async (req, res) => { } catch (error) { console.log(error); res.clearCookie(accessTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); res.clearCookie(refreshTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); res.render('account_verified', { error: true }); } @@ -130,10 +121,10 @@ router.get('/password/reset/token', async (req, res) => { } catch (error) { console.log(error); res.clearCookie(accessTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); res.clearCookie(refreshTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); res.render('login', { message: 'Invalid Token. Please try resetting your password again', @@ -348,8 +339,8 @@ router.get('/clientVerify', async (req, res) => { const token = createJWTCookie(user, res, refreshTokenName); res.cookie('_rememberme', token, { httpOnly: false, - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, - secure: process.env.NODE_ENV !== 'DEV', + domain: !keys.isDev ? 'devclub.in' : null, + secure: !keys.isDev, }); return res.status(200).json({ err: false, diff --git a/src/routes/profile.js b/src/routes/profile.js index a9deeea..a7cab1f 100644 --- a/src/routes/profile.js +++ b/src/routes/profile.js @@ -2,7 +2,7 @@ /* eslint-disable import/named */ import express from 'express'; import { verifyToken, getUserPrivilege } from '../utils/utils'; -import { accessTokenName, refreshTokenName } from '../config/keys'; +import { accessTokenName, isDev, refreshTokenName } from '../config/keys'; import settingsRoutes from './settings'; import { Client, SocialAccount, User } from '../models/user'; @@ -28,10 +28,10 @@ router.post('/', async (req, res) => { router.post('/logout', (req, res) => { try { res.clearCookie(accessTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !isDev ? 'devclub.in' : null, }); res.clearCookie(refreshTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !isDev ? 'devclub.in' : null, }); return res.json({ err: false, @@ -85,7 +85,7 @@ router.post('/delete', async (req, res) => { await user.remove(); res.clearCookie(accessTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !isDev ? 'devclub.in' : null, }); return res.redirect('/'); } catch (error) { diff --git a/src/routes/settings.js b/src/routes/settings.js index d7e2c2f..bcdebb5 100644 --- a/src/routes/settings.js +++ b/src/routes/settings.js @@ -1,7 +1,7 @@ /* eslint-disable import/named */ import bcrypt from 'bcryptjs'; import { SocialAccount } from '../models/user'; -import { accessTokenName } from '../config/keys'; +import { accessTokenName, isDev } from '../config/keys'; import { createJWTCookie, verifyToken } from '../utils/utils'; const router = require('express').Router(); @@ -101,8 +101,7 @@ router.post('/', async (req, res) => { } else { // If the validation was successful, update the user and create a new JWT for the updated credentials res.clearCookie(accessTokenName, { - domain: - process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !isDev ? 'devclub.in' : null, }); await createJWTCookie(user, res); res.render('settings', { messages }); diff --git a/src/routes/user.js b/src/routes/user.js index c6edcfa..3a41962 100644 --- a/src/routes/user.js +++ b/src/routes/user.js @@ -6,7 +6,7 @@ import { sendVerificationEmail, addRoles, } from '../utils/utils'; -import { refreshTokenName } from '../config/keys'; +import { isDev, refreshTokenName } from '../config/keys'; import { User } from '../models/user'; const router = express.Router(); @@ -124,7 +124,7 @@ router.post('/register', async (req, res) => { username, email, password, - isverified: process.env.NODE_ENV === 'DEV', + isverified: isDev, }); // encrypt the password using bcrypt @@ -142,7 +142,7 @@ router.post('/register', async (req, res) => { addRoles(user); - if (process.env.NODE_ENV !== 'DEV') { + if (!isDev) { sendVerificationEmail(user); } diff --git a/src/server.js b/src/server.js index 5cc319f..0e0928c 100644 --- a/src/server.js +++ b/src/server.js @@ -13,10 +13,6 @@ import * as keys from './config/keys'; import { socialAuthenticate, linkSocial } from './utils/utils'; -require('dotenv').config({ - path: `${__dirname}/../.env`, -}); - const app = express(); const passport = require('passport'); @@ -192,7 +188,7 @@ app.use('/profile', profile); app.use('/client', client); app.use('/api', api); -if (process.env.NODE_ENV === 'DEV') { +if (keys.isDev) { app.use('/test', tests); } app.get('/privacy-policy', (req, res) => { diff --git a/src/tests/tests.js b/src/tests/tests.js index 85aad95..265f9bc 100644 --- a/src/tests/tests.js +++ b/src/tests/tests.js @@ -1,6 +1,6 @@ import express from 'express'; import util from 'util'; -import rtoken from '../data/resourceToken'; +import rtoken from '../config/redis'; import { makeid } from '../utils/utils'; const router = express.Router(); diff --git a/src/utils/utils.js b/src/utils/utils.js index 08730fa..4e4f7ad 100644 --- a/src/utils/utils.js +++ b/src/utils/utils.js @@ -6,17 +6,7 @@ import jwt, { verify } from 'jsonwebtoken'; import * as keys from '../config/keys'; import { User, SocialAccount, Role } from '../models/user'; - -const HttpsProxyAgent = require('https-proxy-agent'); - -const axiosDefaultConfig = { - proxy: false, - httpsAgent: - process.env.NODE_ENV !== 'DEV' - ? new HttpsProxyAgent('http://devclub.iitd.ac.in:3128') - : null, -}; -const axios = require('axios').create(axiosDefaultConfig); +import axios from '../config/axios'; const getUserPrivilege = (user) => { let privilege = 0; @@ -67,10 +57,10 @@ const createJWTCookie = (user, res, tokenName = keys.accessTokenName) => { // set the cookie with token with the same age as that of token res.cookie(tokenName, token, { maxAge: exp * 1000, // in milli seconds - secure: process.env.NODE_ENV !== 'DEV', // set to true if you are using https + secure: !keys.isDev, // set to true if you are using https httpOnly: true, sameSite: 'lax', - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); return token; }; @@ -120,10 +110,10 @@ const verifyToken = async ( // I wasn't able to verify the token as it was invalid // clear the tokens res.clearCookie(keys.accessTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); res.clearCookie(keys.refreshTokenName, { - domain: process.env.NODE_ENV !== 'DEV' ? 'devclub.in' : null, + domain: !keys.isDev ? 'devclub.in' : null, }); throw err; }