implement default config && move password to auth section

src/backend/routes/auth.ts

@@ -22,7 +22,7 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) {
  */
 router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
   try {
-    if (!appConfig.password) {
+    if (!appConfig.auth.password) {
       res.render('auth', {
         title: 'Login page',
         header: 'Password not set',
@@ -32,7 +32,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
       return;
     }
 
-    if (req.body.password !== appConfig.password) {
+    if (req.body.password !== appConfig.auth.password) {
       res.render('auth', {
         title: 'Login page',
         header: 'Wrong password',
@@ -46,7 +46,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
       iss: 'Codex Team',
       sub: 'auth',
       iat: Date.now(),
-    }, appConfig.password + appConfig.auth.secret);
+    }, appConfig.auth.password + appConfig.auth.secret);
 
     res.cookie('authToken', token, {
       httpOnly: true,

src/backend/routes/middlewares/token.ts

@@ -14,14 +14,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex
   const token = req.cookies.authToken;
 
   try {
-    if (!appConfig.password) {
+    if (!appConfig.auth.password) {
       res.locals.isAuthorized = false;
       next();
 
       return;
     }
 
-    const decodedToken = jwt.verify(token, appConfig.password + appConfig.auth.secret);
+    const decodedToken = jwt.verify(token, appConfig.auth.password + appConfig.auth.secret);
 
     res.locals.isAuthorized = !!decodedToken;
 

src/backend/utils/appConfig.ts

@@ -65,6 +65,7 @@ const MongoDatabaseConfig = z.object({
  */
 const AuthConfig = z.object({
   secret: z.string(), // Secret for JWT
+  password: z.string(), // Password for admin panel
 });
 
 /**
@@ -103,7 +104,6 @@ const AppConfig = z.object({
   favicon: z.string().optional(), // Path or URL to favicon
   uploads: z.union([LocalUploadsConfig, S3UploadsConfig]), // Uploads configuration
   hawk: HawkConfig.optional().nullable(), // Hawk configuration
-  password: z.string(), // Password for admin panel
   frontend: FrontendConfig, // Frontend configuration
   auth: AuthConfig, // Auth configuration
   database: z.union([LocalDatabaseConfig, MongoDatabaseConfig]), // Database configuration
@@ -112,6 +112,46 @@ const AppConfig = z.object({
 
 export type AppConfig = z.infer<typeof AppConfig>;
 
+const defaultConfig: AppConfig = {
+  'port': 3000,
+  'host': 'localhost',
+  'uploads': {
+    'driver': 'local',
+    'local': {
+      'path': './uploads',
+    },
+  },
+  'frontend': {
+    'title': 'CodeX Docs',
+    'description': 'A block-styled editor with clean JSON output',
+    'startPage': '',
+    'misprintsChatId': '12344564',
+    'yandexMetrikaId': '',
+    'carbon': {
+      'serve': '',
+      'placement': '',
+    },
+    'menu': [
+      'Guides',
+      {
+        'title': 'CodeX',
+        'uri': 'https://codex.so',
+      },
+    ],
+  },
+  'auth': {
+    'secret': 'supersecret',
+    'password': 'secretpassword',
+  },
+  'hawk': null,
+  'database': {
+    'driver': 'local',
+    'local': {
+      'path': './db',
+    },
+  },
+};
+
 const args = arg({ /* eslint-disable @typescript-eslint/naming-convention */
   '--config': [ String ],
   '-c': '--config',
@@ -126,7 +166,7 @@ const paths = (args['--config'] || [ './docs-config.yaml' ]).map((configPath) =>
   return path.join(cwd, configPath);
 });
 
-const loadedConfig = loadConfig<AppConfig>(...paths);
+const loadedConfig = loadConfig(...[defaultConfig, ...paths]);
 
 const appConfig = AppConfig.parse(loadedConfig);