Merge pull request #95 from ansopedia/94-refactor-move-jwt-keys

refactor(JWT): Move JWT Keys to Environment Variables for Cloud Compa…
ansopedia · Jan 3, 2025 · beef117 · beef117
2 parents f05857c + fd427e8
commit beef117
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 10 deletions.
diff --git a/.env.example b/.env.example
@@ -19,4 +19,9 @@ GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
 GOOGLE_CLIENT_URL=
 
-CLIENT_URL=
+CLIENT_URL=
+
+# Crypto keys
+PUBLIC_KEY=
+PRIVATE_KEY=
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to the User Service will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.1] - 2025-01-03
+
+### Security
+
+- Move JWT encryption keys to environment variables for cloud compatibility
+
 ## [1.0.0] - 2024-03-19
 
 ### Added

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "user",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "user service for ansopedia",
   "main": "index.js",
   "scripts": {

diff --git a/src/constants/env.constant.ts b/src/constants/env.constant.ts
@@ -28,6 +28,8 @@ const envSchema = z.object({
   GOOGLE_CLIENT_SECRET: z.string().min(1, "GOOGLE_CLIENT_SECRET is required").readonly(),
   GOOGLE_CLIENT_URL: z.string().url().readonly(),
   CLIENT_URL: z.string().url().readonly(),
+  PUBLIC_KEY: z.string().min(1, "PUBLIC_KEY is required").readonly(),
+  PRIVATE_KEY: z.string().min(1, "PRIVATE_KEY is required").readonly(),
 });
 
 export const envConstants = envSchema.parse(process.env);
diff --git a/src/utils/crypto.util.ts b/src/utils/crypto.util.ts
@@ -1,7 +1,4 @@
-import fs from "fs";
-import path from "path";
-
-import { ErrorTypeEnum } from "@/constants";
+import { ErrorTypeEnum, envConstants } from "@/constants";
 
 import logger from "./logger";
 
@@ -27,11 +24,13 @@ export class CryptoUtil {
     if (this.keyPair) return this.keyPair;
 
     try {
-      const keysDir = path.join(process.cwd(), "keys");
-
-      const publicKey = await fs.promises.readFile(path.join(keysDir, "public.pem"), "utf8");
+      const publicKey = envConstants.PUBLIC_KEY;
+      const privateKey = envConstants.PRIVATE_KEY;
 
-      const privateKey = await fs.promises.readFile(path.join(keysDir, "private.pem"), "utf8");
+      if (publicKey.length === 0 || privateKey.length === 0) {
+        logger.error("Public or private key not found in environment variables");
+        throw new Error(ErrorTypeEnum.enum.INTERNAL_SERVER_ERROR);
+      }
 
       this.keyPair = { publicKey, privateKey };
       return this.keyPair;