diff --git a/src/api.server.ts b/src/api.server.ts index 4d6bf55..b18a937 100644 --- a/src/api.server.ts +++ b/src/api.server.ts @@ -38,7 +38,7 @@ export class ApiServer { }) this.server.register(apiAuthPlugin, { - secret: config.api.token_secret, + secret: { private: config.api.token_secret_private, public: config.api.token_secret_public }, expiresIn: config.api.token_expiresIn, }) if (process.env.NODE_ENV !== 'production') { diff --git a/src/config/config.ts b/src/config/config.ts index c264deb..1f4b589 100644 --- a/src/config/config.ts +++ b/src/config/config.ts @@ -1,29 +1,47 @@ -import * as dotenv from "dotenv"; -const NODE_ENV = process.env.NODE_ENV || "development"; +import * as dotenv from 'dotenv' +import assert from 'assert' +const NODE_ENV = process.env.NODE_ENV || 'development' -dotenv.config(); -let path; +dotenv.config() +let path switch (process.env.NODE_ENV) { - case "test": - path = `${__dirname}/../../.env.development`; - break; - case "production": - path = `${__dirname}/../../.env.production`; - break; + case 'test': + path = `${__dirname}/../../.env.development` + break + case 'production': + path = `${__dirname}/../../.env.production` + break default: - path = `${__dirname}/../../.env.development`; + path = `${__dirname}/../../.env.development` } -dotenv.config({ path: path, debug: NODE_ENV === "development" }); +dotenv.config({ path: path, debug: NODE_ENV === 'development' }) + +assert(process.env.API_TOKEN_SECRET_PRIVATE, 'API_TOKEN_SECRET_PRIVATE not set') +assert(process.env.API_TOKEN_SECRET_PUBLIC, 'API_TOKEN_SECRET_PUBLIC not set') +assert(process.env.API_TOKEN_EXPIRESIN, 'API_TOKEN_EXPIRESIN not set') + +const privateKey = ` +-----BEGIN PRIVATE KEY----- +${process.env.API_TOKEN_SECRET_PRIVATE} +-----END PRIVATE KEY----- +` +const publicKey = ` +-----BEGIN PUBLIC KEY----- +${process.env.API_TOKEN_SECRET_PUBLIC} +-----END PUBLIC KEY----- +` + let baseConfig = { api: { port: parseInt(process.env.API_PORT), host: process.env.API_HOST, - token_secret: process.env.API_TOKEN_SECRET, + token_secret_private: privateKey, + token_secret_public: publicKey, token_expiresIn: process.env.API_TOKEN_EXPIRESIN, }, db_main: process.env.DB_MAIN, db_second: process.env.DB_SECOND, -}; +} -export default baseConfig; +export default baseConfig diff --git a/src/plugins/apiauth.ts b/src/plugins/apiauth.ts index 87a0e1f..13676db 100644 --- a/src/plugins/apiauth.ts +++ b/src/plugins/apiauth.ts @@ -14,25 +14,16 @@ declare module 'fastify' { } export interface ApiAuthOptions { - secret: string + secret: { + private: string + public: string + } expiresIn: string } -const privateKey = ` ------BEGIN PRIVATE KEY----- -${process.env.API_TOKEN_SECRET_PRIVATE} ------END PRIVATE KEY----- -` -const publicKey = ` ------BEGIN PUBLIC KEY----- -${process.env.API_TOKEN_SECRET_PUBLIC} ------END PUBLIC KEY----- -` + const apiAuthPlugin: FastifyPluginAsync = async function (fastify, opts) { fastify.register(require('@fastify/jwt'), { - secret: { - private: privateKey, - public: publicKey, - }, + secret: opts.secret, sign: { expiresIn: opts.expiresIn, algorithm: 'EdDSA' }, }) // 只有路由配置的role为anon才不需要过滤