sirtimbly/bewcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement a more robust Config (#60)

Browse Source 
* Implement a more robust Config

This moves the configuration variables from the `.env` file to a new `bewcloud.config.ts` file. Note that DB connection and secrets are still in the `.env` file.

This will allow for more reliable and easier personalized configurations, and was a requirement to start working on adding SSO (#13).

For now, `.env`-based config will still be allowed and respected (overriden by `bewcloud.config.ts`), but in the future I'll probably remove it (some major upgrade).

* Update deploy script to also copy the new config file
This commit is contained in:
Bruno Bernardino
2025-05-25 15:48:53 +01:00
committed by GitHub
parent 69142973d8
commit e337859a22
30 changed files with 443 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/auth.ts
View File

@@ -3,10 +3,10 @@ import { decodeBase64 } from 'std/encoding/base64.ts';
import { Cookie, getCookies, setCookie } from 'std/http/cookie.ts';
import 'std/dotenv/load.ts';
import { baseUrl, generateHash, isRunningLocally } from './utils/misc.ts';
import { generateHash, isRunningLocally } from './utils/misc.ts';
import { User, UserSession } from './types.ts';
import { UserModel, UserSessionModel, validateUserAndSession } from './models/user.ts';
import { isCookieDomainAllowed, isCookieDomainSecurityDisabled } from './config.ts';
import { AppConfig } from './config.ts';
const JWT_SECRET = Deno.env.get('JWT_SECRET') || '';
export const PASSWORD_SALT = Deno.env.get('PASSWORD_SALT') || '';
@@ -19,7 +19,7 @@ export interface JwtData {
};
}
const isBaseUrlAnIp = () => /^(?!0)(?!.*\.$)((1?\d?\d|25[0-5]|2[0-4]\d)(\.|$)){4}$/.test(baseUrl);
const isUrlAnIp = (baseUrl: string) => /^(?!0)(?!.*\.$)((1?\d?\d|25[0-5]|2[0-4]\d)(\.|$)){4}$/.test(baseUrl);
const textToData = (text: string) => new TextEncoder().encode(text);
@@ -51,10 +51,13 @@ async function verifyAuthJwt(key: CryptoKey, jwt: string) {
throw new Error('Invalid JWT');
}
function resolveCookieDomain(request: Request) {
if (!isBaseUrlAnIp() || isRunningLocally(request)) {
async function resolveCookieDomain(request: Request) {
const config = await AppConfig.getConfig();
const baseUrl = config.auth.baseUrl;
if (!isUrlAnIp(baseUrl) || isRunningLocally(request)) {
const domain = new URL(request.url).hostname;
if (isCookieDomainAllowed(domain)) {
if (await AppConfig.isCookieDomainAllowed(domain)) {
return domain;
}
return baseUrl.replace('https://', '').replace('http://', '').split(':')[0];
@@ -170,10 +173,10 @@ export async function logoutUser(request: Request) {
secure: isRunningLocally(request) ? false : true,
httpOnly: true,
sameSite: 'Lax',
domain: resolveCookieDomain(request),
domain: await resolveCookieDomain(request),
};
if (isCookieDomainSecurityDisabled()) {
if (await AppConfig.isCookieDomainSecurityDisabled()) {
delete cookie.domain;
}
@@ -223,10 +226,10 @@ export async function createSessionCookie(
secure: isRunningLocally(request) ? false : true,
httpOnly: true,
sameSite: 'Lax',
domain: resolveCookieDomain(request),
domain: await resolveCookieDomain(request),
};
if (isCookieDomainSecurityDisabled()) {
if (await AppConfig.isCookieDomainSecurityDisabled()) {
delete cookie.domain;
}
@@ -251,10 +254,10 @@ export async function updateSessionCookie(
secure: isRunningLocally(request) ? false : true,
httpOnly: true,
sameSite: 'Lax',
domain: resolveCookieDomain(request),
domain: await resolveCookieDomain(request),
};
if (isCookieDomainSecurityDisabled()) {
if (await AppConfig.isCookieDomainSecurityDisabled()) {
delete cookie.domain;
}