Skip to content

Commit

Permalink
fix(env): use config file instead of env for public variable (#1039)
Browse files Browse the repository at this point in the history
  • Loading branch information
maxgfr authored Sep 28, 2023
1 parent 1a8899f commit 68eaefa
Show file tree
Hide file tree
Showing 19 changed files with 37 additions and 82 deletions.
6 changes: 0 additions & 6 deletions .kontinuous/env/dev/templates/www.configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,9 @@ apiVersion: v1
metadata:
name: www
data:
ACCOUNT_MAIL_SENDER: "[email protected]"
GITLAB_PROJECT_ID: "270"
GITLAB_URL: https://gitlab.factory.social.gouv.fr/api/v4
HASURA_GRAPHQL_ENDPOINT: "http://hasura/v1/graphql"
JWT_TOKEN_EXPIRES: "15" # 15 min
MATOMO_URL: "https://matomo.fabrique.social.gouv.fr/"
NEXT_PUBLIC_ACTIVATION_TOKEN_EXPIRES: "10080"
NODE_ENV: "production"
REFRESH_TOKEN_EXPIRES: "43200"
SENTRY_DSN: "https://[email protected]/42"
SMTP_URL: "smtp.tipimail.com"
STORAGE_CONTAINER: "cdtn-dev-source"
Expand Down
6 changes: 0 additions & 6 deletions .kontinuous/env/preprod/templates/www.configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,9 @@ apiVersion: v1
metadata:
name: www
data:
ACCOUNT_MAIL_SENDER: "[email protected]"
GITLAB_PROJECT_ID: "270"
GITLAB_URL: https://gitlab.factory.social.gouv.fr/api/v4
HASURA_GRAPHQL_ENDPOINT: "http://hasura/v1/graphql"
JWT_TOKEN_EXPIRES: "15" # 15 min
MATOMO_URL: "https://matomo.fabrique.social.gouv.fr/"
NEXT_PUBLIC_ACTIVATION_TOKEN_EXPIRES: "10080"
NODE_ENV: "production"
REFRESH_TOKEN_EXPIRES: "43200"
SENTRY_DSN: "https://[email protected]/42"
SMTP_URL: "smtp.tipimail.com"
STORAGE_CONTAINER: "cdtn-preprod-source"
Expand Down
6 changes: 0 additions & 6 deletions .kontinuous/env/prod/templates/www.configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,11 @@ apiVersion: v1
metadata:
name: www
data:
ACCOUNT_MAIL_SENDER: "[email protected]"
GITLAB_PROJECT_ID: "270"
GITLAB_URL: https://gitlab.factory.social.gouv.fr/api/v4
HASURA_GRAPHQL_ENDPOINT: "http://hasura/v1/graphql"
JWT_TOKEN_EXPIRES: "15" # 15 min
MATOMO_SITE_ID: "27"
MATOMO_URL: "https://matomo.fabrique.social.gouv.fr/"
NEXT_PUBLIC_ACTIVATION_TOKEN_EXPIRES: "10080"
NODE_ENV: "production"
PRODUCTION: "true"
REFRESH_TOKEN_EXPIRES: "43200"
SENTRY_DSN: "https://[email protected]/42"
SMTP_URL: "smtp.tipimail.com"
STORAGE_CONTAINER: "cdtn"
Expand Down
35 changes: 0 additions & 35 deletions targets/frontend/.env.sample

This file was deleted.

10 changes: 10 additions & 0 deletions targets/frontend/src/config.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
export const ACCOUNT_MAIL_SENDER = "[email protected]";
export const JWT_TOKEN_EXPIRES = 15; // 15 min
export const REFRESH_TOKEN_EXPIRES = 43200; // 30 days in minutes
export const ACTIVATION_TOKEN_EXPIRES = 10080; // 7 days in minutes
export const HASURA_GRAPHQL_JWT_SECRET = process.env
.HASURA_GRAPHQL_JWT_SECRET ?? {
type: "HS256",
key: "a_pretty_long_secret_key_that_should_be_at_least_32_char",
};
export const BASE_URL = process.env.FRONTEND_HOST || `http://localhost:3000`;
5 changes: 2 additions & 3 deletions targets/frontend/src/hoc/CustomUrqlClient.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { withUrqlClient } from "next-urql";
import { BASE_URL } from "src/config";
import {
customAuthExchange,
customErrorExchange,
Expand All @@ -8,9 +9,7 @@ import { cacheExchange, dedupExchange, fetchExchange } from "urql";
export const withCustomUrqlClient = (Component) =>
withUrqlClient(
(ssrExchange, ctx) => {
const url = ctx?.req
? `${process.env.FRONTEND_URL}/api/graphql`
: `/api/graphql`;
const url = ctx?.req ? `${BASE_URL}/api/graphql` : `/api/graphql`;
console.log(
"[ withUrqlClient ]",
ctx ? (ctx?.req ? "server" : "client") : "no ctx",
Expand Down
4 changes: 3 additions & 1 deletion targets/frontend/src/lib/auth/jwt.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import jwt, { verify } from "jsonwebtoken";

const { HASURA_GRAPHQL_JWT_SECRET, JWT_TOKEN_EXPIRES } = process.env;
import { HASURA_GRAPHQL_JWT_SECRET } from "../../config";

import { JWT_TOKEN_EXPIRES } from "../../config";

let jwtSecret;
try {
Expand Down
3 changes: 2 additions & 1 deletion targets/frontend/src/lib/auth/setJwtCookie.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import cookie from "cookie";
import { REFRESH_TOKEN_EXPIRES } from "../../config";

export function setJwtCookie(res, refresh_token, jwt_token) {
const cookies = [
cookie.serialize("refresh_token", refresh_token, {
httpOnly: true,
maxAge: parseInt(process.env.REFRESH_TOKEN_EXPIRES, 10) * 60, // maxAge in second
maxAge: parseInt(REFRESH_TOKEN_EXPIRES, 10) * 60, // maxAge in second
path: "/",
sameSite: "Strict",
secure: process.env.NODE_ENV === "production",
Expand Down
4 changes: 1 addition & 3 deletions targets/frontend/src/lib/auth/token.js
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,7 @@ export async function auth(ctx) {
try {
console.log("[auth] refresh token");
const tokenData = await request(
ctx?.req
? `${process.env.FRONTEND_URL}/api/refresh_token`
: "/api/refresh_token",
ctx?.req ? `${BASE_URL}/api/refresh_token` : "/api/refresh_token",
{
body: {},
credentials: "include",
Expand Down
4 changes: 1 addition & 3 deletions targets/frontend/src/lib/emails/activateAccount.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
import { BASE_URL } from "src/config";
import sendmail from "./sendmail";

const BASE_URL =
process.env.FRONTEND_HOST || `http://localhost:${process.env.PORT}`;

export function sendActivateAccountEmail(email: string, secret_token: string) {
const subject = "Activation de votre compte";
const activateUrl = `${BASE_URL}/change_password?token=${secret_token}&activate=1`; // todo: dynamic hostname
Expand Down
4 changes: 1 addition & 3 deletions targets/frontend/src/lib/emails/lostPassword.js
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
import { BASE_URL } from "../../config";
import sendmail from "./sendmail";

const BASE_URL =
process.env.FRONTEND_HOST || `http://localhost:${process.env.PORT}`;

export function sendLostPasswordEmail(email, secret_token) {
const activateUrl = `${BASE_URL}/change_password?token=${secret_token}`; // todo: dynamic hostname
const subject = "Réinitialisation de votre mot de passe";
Expand Down
3 changes: 2 additions & 1 deletion targets/frontend/src/pages/api/graphql.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ const proxy = createProxyMiddleware({
},
pathRewrite: { "^/api/graphql": "/v1/graphql" },
prependPath: false,
target: process.env.HASURA_GRAPHQL_ENDPOINT,
target:
process.env.HASURA_GRAPHQL_ENDPOINT ?? "http://localhost:8080/v1/graphql",
ws: true,
xfwd: true, // proxy websockets
});
Expand Down
4 changes: 3 additions & 1 deletion targets/frontend/src/pages/api/login.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ import { getExpiryDate } from "src/lib/duration";

import { loginQuery, refreshTokenMutation } from "./login.gql";

const { REFRESH_TOKEN_EXPIRES = "", JWT_TOKEN_EXPIRES = "" } = process.env;
const { REFRESH_TOKEN_EXPIRES = "" } = process.env;

import { JWT_TOKEN_EXPIRES } from "../../config";

export default async function login(req, res) {
const apiError = createErrorFor(res);
Expand Down
9 changes: 3 additions & 6 deletions targets/frontend/src/pages/api/refresh_token.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import { generateJwtToken } from "src/lib/auth/jwt";
import { setJwtCookie } from "src/lib/auth/setJwtCookie";
import { getExpiryDate } from "src/lib/duration";
import { v4 as uuidv4 } from "uuid";
import { REFRESH_TOKEN_EXPIRES, JWT_TOKEN_EXPIRES } from "../../config";

import {
deletePreviousRefreshTokenMutation,
Expand Down Expand Up @@ -66,9 +67,7 @@ export default async function refreshToken(req, res) {
result = await client
.mutation(deletePreviousRefreshTokenMutation, {
new_refresh_token_data: {
expires_at: getExpiryDate(
parseInt(process.env.REFRESH_TOKEN_EXPIRES, 10)
),
expires_at: getExpiryDate(parseInt(REFRESH_TOKEN_EXPIRES, 10)),
refresh_token: new_refresh_token,
user_id: user.id,
},
Expand All @@ -87,9 +86,7 @@ export default async function refreshToken(req, res) {

res.json({
jwt_token,
jwt_token_expiry: getExpiryDate(
parseInt(process.env.JWT_TOKEN_EXPIRES, 10) || 15
),
jwt_token_expiry: getExpiryDate(parseInt(JWT_TOKEN_EXPIRES, 10) || 15),
refresh_token: new_refresh_token,
});
}
5 changes: 2 additions & 3 deletions targets/frontend/src/pages/api/reset_password.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import { client } from "@shared/graphql-client";
import { createErrorFor } from "src/lib/apiError";
import { getExpiryDate } from "src/lib/duration";
import { v4 as uuidv4 } from "uuid";
import { ACTIVATION_TOKEN_EXPIRES } from "../../config";

export default async function reset_password(req, res) {
const apiError = createErrorFor(res);
Expand All @@ -28,9 +29,7 @@ export default async function reset_password(req, res) {
const result = await client
.mutation(udpateSecretTokenMutation, {
email,
expires: getExpiryDate(
parseInt(process.env.NEXT_PUBLIC_ACTIVATION_TOKEN_EXPIRES, 10)
),
expires: getExpiryDate(parseInt(ACTIVATION_TOKEN_EXPIRES, 10)),
secret_token,
})
.toPromise();
Expand Down
3 changes: 2 additions & 1 deletion targets/frontend/src/pages/api/storage/[path].js
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@ import Boom from "@hapi/boom";
import { verify } from "jsonwebtoken";
import { createErrorFor } from "src/lib/apiError";
import { deleteBlob } from "src/lib/azure";
import { HASURA_GRAPHQL_JWT_SECRET } from "../../../config";

const container = process.env.STORAGE_CONTAINER;
const jwtSecret = JSON.parse(process.env.HASURA_GRAPHQL_JWT_SECRET);
const jwtSecret = JSON.parse(HASURA_GRAPHQL_JWT_SECRET);

export default async function deleteFiles(req, res) {
const apiError = createErrorFor(res);
Expand Down
3 changes: 2 additions & 1 deletion targets/frontend/src/pages/api/storage/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ import { createErrorFor } from "src/lib/apiError";
import { getContainerBlobs, uploadBlob } from "src/lib/azure";
import { isUploadFileSafe } from "src/lib/secu";
import * as stream from "stream";
import { HASURA_GRAPHQL_JWT_SECRET } from "../../../config";

const container = process.env.STORAGE_CONTAINER;
const jwtSecret = JSON.parse(process.env.HASURA_GRAPHQL_JWT_SECRET);
const jwtSecret = JSON.parse(HASURA_GRAPHQL_JWT_SECRET);

async function endPoint(req, res) {
const apiError = createErrorFor(res);
Expand Down
2 changes: 1 addition & 1 deletion targets/frontend/src/pages/fichiers.js
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import {
} from "@mui/material";

const listFiles = () =>
request(`${process.env.FRONTEND_URL || ""}/api/storage`, {
request(`/api/storage`, {
headers: { token: getToken()?.jwt_token || "" },
});

Expand Down
3 changes: 2 additions & 1 deletion targets/frontend/src/pages/user/new.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import { withUserProvider } from "src/hoc/UserProvider";
import { getExpiryDate } from "src/lib/duration";
import { useMutation } from "urql";
import { Alert } from "@mui/material";
import { ACTIVATION_TOKEN_EXPIRES } from "../../config";

const registerUserMutation = `
mutation registerUser($user: auth_users_insert_input! ) {
Expand All @@ -29,7 +30,7 @@ function prepareMutationData(input) {
user: {
...input,
secret_token_expires_at: getExpiryDate(
parseInt(process.env.NEXT_PUBLIC_ACTIVATION_TOKEN_EXPIRES, 10)
parseInt(ACTIVATION_TOKEN_EXPIRES, 10)
),
user_roles: { data: { role: input.default_role } },
},
Expand Down

0 comments on commit 68eaefa

Please sign in to comment.