diff --git a/back-end/.env.example b/back-end/.env.example index 9731b96..75a7930 100644 --- a/back-end/.env.example +++ b/back-end/.env.example @@ -2,7 +2,8 @@ # .env.production for production NODE_PORT=3000 NODE_ENV=dev - +NODE_JWT_ISSUER="free-briques" +NODE_JWT_SECRET="ec2fbbfed81a2fef0115ed3de701071db6a6234550624f604f14ddf422bb9761" # those values must be the same as in ../docker-compose.dev.yml DB_HOST=localhost DB_NAME=briques_db diff --git a/back-end/.env.production b/back-end/.env.production index 5cb777d..dc8fde8 100644 --- a/back-end/.env.production +++ b/back-end/.env.production @@ -1,5 +1,7 @@ NODE_PORT=3000 NODE_ENV=production +NODE_JWT_ISSUER="free-briques" +NODE_JWT_SECRET="ec2fbbfed81a2fef0115ed3de701071db6a6234550624f604f14ddf422bb9761" DB_HOST=briques_postgres DB_NAME=briques_db DB_USER=briques_llm diff --git a/back-end/src/config/auth.config.ts b/back-end/src/config/auth.config.ts index 87bb883..b3051d5 100644 --- a/back-end/src/config/auth.config.ts +++ b/back-end/src/config/auth.config.ts @@ -1,9 +1,9 @@ import { createSecretKey } from 'crypto'; -const JWT_ISSUER = process.env.NODE_JWT_ISSUER as string; +const JWT_ISSUER = (process.env.NODE_JWT_ISSUER ?? 'free-briques') as string; const JWT_AUDIENCE = '*'; -const JWT_SECRET = process.env.NODE_JWT_SECRET as string; +const JWT_SECRET = (process.env.NODE_JWT_SECRET) as string; const JWT_EXPIRATION = '1 week'; const JWT_SECRET_KEY = createSecretKey(JWT_SECRET as string, 'utf-8'); -export {JWT_ISSUER, JWT_AUDIENCE, JWT_SECRET, JWT_EXPIRATION, JWT_SECRET_KEY }; +export { JWT_ISSUER, JWT_AUDIENCE, JWT_SECRET, JWT_EXPIRATION, JWT_SECRET_KEY }; diff --git a/back-end/src/controllers/auth.controller.ts b/back-end/src/controllers/auth.controller.ts index 267761d..bb23c58 100644 --- a/back-end/src/controllers/auth.controller.ts +++ b/back-end/src/controllers/auth.controller.ts @@ -1,5 +1,7 @@ import { Request, Response, Router } from 'express'; import bcrypt from 'bcrypt'; +import { SignJWT } from 'jose'; +import { JWT_ISSUER, JWT_AUDIENCE, JWT_SECRET, JWT_EXPIRATION, JWT_SECRET_KEY } from '../config/auth.config'; import { Member, User } from '../types/member'; import { new_client } from '../db/db_client'; import { Either, eitherLeft, eitherRight } from '../utils/utils'; @@ -47,7 +49,6 @@ function userAdapter(member: Member): User { return { id_member: member.id_member, name: member.name }; } - const register = (req: Request, res: Response) => { if (!req || !req.body || !req.body.name || !req.body.password) { res.status(400).send(); @@ -66,10 +67,17 @@ const register = (req: Request, res: Response) => { } const member: Either = await createMember(name, hash); - if (member.hasRight) - res.send(member.right); - else - res.send(userAdapter(member.left)); + if (member.hasRight) { + res.status(401).send(member.right); + return; + } + const token = await new SignJWT({ name }) + .setProtectedHeader({ alg: 'HS256' }) + .setAudience(JWT_AUDIENCE) + .setIssuer(JWT_ISSUER) + .setExpirationTime(JWT_EXPIRATION) + .sign(JWT_SECRET_KEY); + res.status(200).send({ member: userAdapter(member.left), token: token}); }); }); }; @@ -85,7 +93,7 @@ const login = async (req: Request, res: Response) => { res.send(member.right).send(); return; } - bcrypt.compare(req.body.password, member.left.password, (err, r) => { + bcrypt.compare(req.body.password, member.left.password, async (err, r) => { if (err) { res.status(500).send(); return; @@ -94,7 +102,13 @@ const login = async (req: Request, res: Response) => { res.status(401).send(); return; } - res.status(200).send(); + const token = await new SignJWT({ name }) + .setProtectedHeader({ alg: 'HS256' }) + .setAudience(JWT_AUDIENCE) + .setIssuer(JWT_ISSUER) + .setExpirationTime(JWT_EXPIRATION) + .sign(JWT_SECRET_KEY); + res.status(200).send({ member: userAdapter(member.left), token: token}); }); };