feat(config): Make JWT token expiry time and issuer configurable in `…

…config.sh`
Tangerine-Community · Sep 27, 2021 · 50a53c5 · 50a53c5
1 parent 8270b1e
commit 50a53c5
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 2 deletions.
diff --git a/config.defaults.sh b/config.defaults.sh
@@ -115,6 +115,10 @@ T_ARCHIVE_APKS_TO_DISK="true"
 # Set to false if you would not want to archive PWAs to Disk when creating a release
 T_ARCHIVE_PWAS_TO_DISK="true"
 
+# The value to use for issuer parameter when signing JWTs.
+T_JWT_ISSUER="Tangerine"
+# The validity period for a signed JWT Token - determines how long before a token is conidered invalid. Expressed in seconds or a string describing a time span as defined in https://github.com/zeit/ms
+T_JWT_EXPIRES_IN="1h"
 #
 # Development
 #

diff --git a/develop-tangy-form-libs.sh b/develop-tangy-form-libs.sh
@@ -157,6 +157,8 @@ CMD="docker run -it --name $T_CONTAINER_NAME \
   --env \"T_ARCHIVE_PWAS_TO_DISK=$T_ARCHIVE_PWAS_TO_DISK\" \
   --env \"T_PASSWORD_POLICY=$T_PASSWORD_POLICY\" \
   --env \"T_PASSWORD_RECIPE=$T_PASSWORD_RECIPE\" \
+  --env \"T_JWT_ISSUER=$T_JWT_ISSUER\" \
+  --env \"T_JWT_EXPIRES_IN=$T_JWT_EXPIRES_IN\" \
   $T_PORT_MAPPING \
   -p 9229:9229 \
   -p 9228:9228 \

diff --git a/develop.sh b/develop.sh
@@ -184,6 +184,8 @@ OPTIONS="--link $T_COUCHDB_CONTAINER_NAME:couchdb \
   --env \"T_ARCHIVE_PWAS_TO_DISK=$T_ARCHIVE_PWAS_TO_DISK\" \
   --env \"T_PASSWORD_POLICY=$T_PASSWORD_POLICY\" \
   --env \"T_PASSWORD_RECIPE=$T_PASSWORD_RECIPE\" \
+  --env \"T_JWT_ISSUER=$T_JWT_ISSUER\" \
+  --env \"T_JWT_EXPIRES_IN=$T_JWT_EXPIRES_IN\" \
   $T_PORT_MAPPING \
   -p 9229:9229 \
   -p 9228:9228 \

diff --git a/editor-develop.sh b/editor-develop.sh
@@ -137,6 +137,8 @@ CMD="docker run -it --name $T_CONTAINER_NAME \
   --env \"T_CENTRALLY_MANAGED_USER_PROFILE=$T_CENTRALLY_MANAGED_USER_PROFILE\" \
   --env \"T_CATEGORIES=$T_CATEGORIES\" \
   --env \"T_ORIENTATION=$T_ORIENTATION\" \
+  --env \"T_JWT_ISSUER=$T_JWT_ISSUER\" \
+  --env \"T_JWT_EXPIRES_IN=$T_JWT_EXPIRES_IN\" \
 
   $T_PORT_MAPPING \
   -p 9229:9229 \

diff --git a/server/src/auth-utils.js b/server/src/auth-utils.js
@@ -1,6 +1,6 @@
 const jwt = require('jsonwebtoken');
-const expiresIn ='1h';
-const issuer = 'Tangerine';
+const issuer = process.env.T_JWT_ISSUER || 'Tangerine';
+const expiresIn = process.env.T_JWT_EXPIRES_IN || '1h';
 const jwtTokenSecret = require('crypto').randomBytes(256).toString('base64');
 
 const createLoginJWT = ({ username, permissions }) => {

diff --git a/start.sh b/start.sh
@@ -193,6 +193,8 @@ RUN_OPTIONS="
   --env \"T_ARCHIVE_PWAS_TO_DISK=$T_ARCHIVE_PWAS_TO_DISK\" \
   --env \"T_PASSWORD_POLICY=$T_PASSWORD_POLICY\" \
   --env \"T_PASSWORD_RECIPE=$T_PASSWORD_RECIPE\" \
+  --env \"T_JWT_ISSUER=$T_JWT_ISSUER\" \
+  --env \"T_JWT_EXPIRES_IN=$T_JWT_EXPIRES_IN\" \
   $T_PORT_MAPPING \
   --volume $(pwd)/content-sets:/tangerine/content-sets:delegated \
   --volume $(pwd)/data/dat-output:/dat-output/ \

diff --git a/test.sh b/test.sh
@@ -137,6 +137,8 @@ CMD="docker run -it --name $T_CONTAINER_NAME \
   --env \"T_CENTRALLY_MANAGED_USER_PROFILE=$T_CENTRALLY_MANAGED_USER_PROFILE\" \
   --env \"T_CATEGORIES=$T_CATEGORIES\" \
   --env \"T_ORIENTATION=$T_ORIENTATION\" \
+  --env \"T_JWT_ISSUER=$T_JWT_ISSUER\" \
+  --env \"T_JWT_EXPIRES_IN=$T_JWT_EXPIRES_IN\" \
 
   $T_PORT_MAPPING \
   -p 9229:9229 \