Use different JWT secret for auth and refresh tokens..

2020-06-15 16:51:37 +02:00 · 2020-06-15 16:51:37 +02:00 · 7c364c7295
commit 7c364c7295
parent 11740e5986
3 changed files with 8 additions and 6 deletions
--- a/api/resources/application.dev.yaml
+++ b/api/resources/application.dev.yaml
@ -11,11 +11,12 @@ server:
    cors: true

 jwt:
-    secret: 9Io9kvgIedOcLdUvKl31OKf51jdTZcFHJFgqvEpfJuI= # Can be generated with `openssl rand -base64 32`
    auth:
+        secret: uiqzRNiMYwbObn/Ps5xTasYVeu/63ZuI+1oB98Ez+lY=
        validity: 1
        unit: HOURS
    refresh:
+        secret: wWchkx44YGig4Q5Z7b7+E/3ymGEGd6PS7UGedMul3bg=
        validity: 15
        unit: DAYS

--- a/api/resources/application.prod.yaml
+++ b/api/resources/application.prod.yaml
@ -11,11 +11,12 @@ server:
    cors: ${CORS:-true}

 jwt:
-    secret: ${JWT_SECRET} # Can be generated with `openssl rand -base64 32`
    auth:
+        secret: ${JWT_SECRET} # Can be generated with `openssl rand -base64 32`
        validity: 1
        unit: HOURS
    refresh:
+        secret: ${JWT_REFRESH_SECRET} # Can be generated with `openssl rand -base64 32`
        validity: 15
        unit: DAYS

--- a/api/src/features/ConfigurationFeature.kt
+++ b/api/src/features/ConfigurationFeature.kt
@ -29,21 +29,21 @@ val configurationModule = Kodein.Module(name = "Configuration") {

 data class DatabaseConfig(val host: String, val port: Int, val name: String, val username: String, val password: Masked)
 data class ServerConfig(val host: String, val port: Int, val cors: Boolean)
-data class JwtConfig(val secret: Masked, val auth: JwtValidity, val refresh: JwtValidity)
-data class JwtValidity(val validity: Long, val unit: TimeUnit)
+data class JwtConfig(val auth: Jwt, val refresh: Jwt)
+data class Jwt(val validity: Long, val unit: TimeUnit, val secret: Masked)
 data class Config(val database: DatabaseConfig, val server: ServerConfig, val jwt: JwtConfig)


 private fun configureAuthJwt(kodein: Kodein): SimpleJWT {
    val config by kodein.instance<Config>()
-    val jwtSecret = config.jwt.secret
+    val jwtSecret = config.jwt.auth.secret
    val authConfig = config.jwt.auth
    return SimpleJWT(jwtSecret.value, authConfig.validity, authConfig.unit)
 }

 private fun configureRefreshJwt(kodein: Kodein): SimpleJWT {
    val config by kodein.instance<Config>()
-    val jwtSecret = config.jwt.secret
+    val jwtSecret = config.jwt.refresh.secret
    val refreshConfig = config.jwt.auth
    return SimpleJWT(jwtSecret.value, refreshConfig.validity, refreshConfig.unit)
 }