From 9f72b324fa651330d3ba5ae0199602da349ae59d Mon Sep 17 00:00:00 2001 From: Nikita Melnikov Date: Sat, 29 Oct 2022 00:27:29 +0300 Subject: [PATCH] implement default config && move password to auth section --- src/backend/routes/auth.ts | 6 ++-- src/backend/routes/middlewares/token.ts | 4 +-- src/backend/utils/appConfig.ts | 44 +++++++++++++++++++++++-- 3 files changed, 47 insertions(+), 7 deletions(-) diff --git a/src/backend/routes/auth.ts b/src/backend/routes/auth.ts index 9b69c9a..bc316f4 100644 --- a/src/backend/routes/auth.ts +++ b/src/backend/routes/auth.ts @@ -22,7 +22,7 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) { */ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => { try { - if (!appConfig.password) { + if (!appConfig.auth.password) { res.render('auth', { title: 'Login page', header: 'Password not set', @@ -32,7 +32,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon return; } - if (req.body.password !== appConfig.password) { + if (req.body.password !== appConfig.auth.password) { res.render('auth', { title: 'Login page', header: 'Wrong password', @@ -46,7 +46,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon iss: 'Codex Team', sub: 'auth', iat: Date.now(), - }, appConfig.password + appConfig.auth.secret); + }, appConfig.auth.password + appConfig.auth.secret); res.cookie('authToken', token, { httpOnly: true, diff --git a/src/backend/routes/middlewares/token.ts b/src/backend/routes/middlewares/token.ts index d57169e..a48a475 100644 --- a/src/backend/routes/middlewares/token.ts +++ b/src/backend/routes/middlewares/token.ts @@ -14,14 +14,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex const token = req.cookies.authToken; try { - if (!appConfig.password) { + if (!appConfig.auth.password) { res.locals.isAuthorized = false; next(); return; } - const decodedToken = jwt.verify(token, appConfig.password + appConfig.auth.secret); + const decodedToken = jwt.verify(token, appConfig.auth.password + appConfig.auth.secret); res.locals.isAuthorized = !!decodedToken; diff --git a/src/backend/utils/appConfig.ts b/src/backend/utils/appConfig.ts index 7d90d9e..d9e646b 100644 --- a/src/backend/utils/appConfig.ts +++ b/src/backend/utils/appConfig.ts @@ -65,6 +65,7 @@ const MongoDatabaseConfig = z.object({ */ const AuthConfig = z.object({ secret: z.string(), // Secret for JWT + password: z.string(), // Password for admin panel }); /** @@ -103,7 +104,6 @@ const AppConfig = z.object({ favicon: z.string().optional(), // Path or URL to favicon uploads: z.union([LocalUploadsConfig, S3UploadsConfig]), // Uploads configuration hawk: HawkConfig.optional().nullable(), // Hawk configuration - password: z.string(), // Password for admin panel frontend: FrontendConfig, // Frontend configuration auth: AuthConfig, // Auth configuration database: z.union([LocalDatabaseConfig, MongoDatabaseConfig]), // Database configuration @@ -112,6 +112,46 @@ const AppConfig = z.object({ export type AppConfig = z.infer; +const defaultConfig: AppConfig = { + 'port': 3000, + 'host': 'localhost', + 'uploads': { + 'driver': 'local', + 'local': { + 'path': './uploads', + }, + }, + 'frontend': { + 'title': 'CodeX Docs', + 'description': 'A block-styled editor with clean JSON output', + 'startPage': '', + 'misprintsChatId': '12344564', + 'yandexMetrikaId': '', + 'carbon': { + 'serve': '', + 'placement': '', + }, + 'menu': [ + 'Guides', + { + 'title': 'CodeX', + 'uri': 'https://codex.so', + }, + ], + }, + 'auth': { + 'secret': 'supersecret', + 'password': 'secretpassword', + }, + 'hawk': null, + 'database': { + 'driver': 'local', + 'local': { + 'path': './db', + }, + }, +}; + const args = arg({ /* eslint-disable @typescript-eslint/naming-convention */ '--config': [ String ], '-c': '--config', @@ -126,7 +166,7 @@ const paths = (args['--config'] || [ './docs-config.yaml' ]).map((configPath) => return path.join(cwd, configPath); }); -const loadedConfig = loadConfig(...paths); +const loadedConfig = loadConfig(...[defaultConfig, ...paths]); const appConfig = AppConfig.parse(loadedConfig);