From fd427e8a8c96e963b98586394947db6e380bf239 Mon Sep 17 00:00:00 2001 From: Sanjay Kumar Sah Date: Fri, 3 Jan 2025 11:33:11 +0530 Subject: [PATCH] refactor(JWT): Move JWT Keys to Environment Variables for Cloud Compatibility --- .env.example | 7 ++++++- CHANGELOG.md | 6 ++++++ package.json | 2 +- src/constants/env.constant.ts | 2 ++ src/utils/crypto.util.ts | 15 +++++++-------- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/.env.example b/.env.example index de27eb1..b56e8fe 100644 --- a/.env.example +++ b/.env.example @@ -19,4 +19,9 @@ GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= GOOGLE_CLIENT_URL= -CLIENT_URL= \ No newline at end of file +CLIENT_URL= + +# Crypto keys +PUBLIC_KEY= +PRIVATE_KEY= + diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fe8697..7e699b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to the User Service will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.1] - 2025-01-03 + +### Security + +- Move JWT encryption keys to environment variables for cloud compatibility + ## [1.0.0] - 2024-03-19 ### Added diff --git a/package.json b/package.json index c1c68b3..2ecf73f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "user", - "version": "1.0.0", + "version": "1.0.1", "description": "user service for ansopedia", "main": "index.js", "scripts": { diff --git a/src/constants/env.constant.ts b/src/constants/env.constant.ts index de3b459..f1c22b8 100644 --- a/src/constants/env.constant.ts +++ b/src/constants/env.constant.ts @@ -28,6 +28,8 @@ const envSchema = z.object({ GOOGLE_CLIENT_SECRET: z.string().min(1, "GOOGLE_CLIENT_SECRET is required").readonly(), GOOGLE_CLIENT_URL: z.string().url().readonly(), CLIENT_URL: z.string().url().readonly(), + PUBLIC_KEY: z.string().min(1, "PUBLIC_KEY is required").readonly(), + PRIVATE_KEY: z.string().min(1, "PRIVATE_KEY is required").readonly(), }); export const envConstants = envSchema.parse(process.env); diff --git a/src/utils/crypto.util.ts b/src/utils/crypto.util.ts index c6cd765..555f6c4 100644 --- a/src/utils/crypto.util.ts +++ b/src/utils/crypto.util.ts @@ -1,7 +1,4 @@ -import fs from "fs"; -import path from "path"; - -import { ErrorTypeEnum } from "@/constants"; +import { ErrorTypeEnum, envConstants } from "@/constants"; import logger from "./logger"; @@ -27,11 +24,13 @@ export class CryptoUtil { if (this.keyPair) return this.keyPair; try { - const keysDir = path.join(process.cwd(), "keys"); - - const publicKey = await fs.promises.readFile(path.join(keysDir, "public.pem"), "utf8"); + const publicKey = envConstants.PUBLIC_KEY; + const privateKey = envConstants.PRIVATE_KEY; - const privateKey = await fs.promises.readFile(path.join(keysDir, "private.pem"), "utf8"); + if (publicKey.length === 0 || privateKey.length === 0) { + logger.error("Public or private key not found in environment variables"); + throw new Error(ErrorTypeEnum.enum.INTERNAL_SERVER_ERROR); + } this.keyPair = { publicKey, privateKey }; return this.keyPair;