mirror of
https://github.com/wassname/talk.git
synced 2026-06-27 22:09:08 +08:00
Wyatt Johnson
71 lines
1.8 KiB
JavaScript
71 lines
1.8 KiB
JavaScript
const { JWT_SECRETS, JWT_SECRET, JWT_ALG } = require('./config');
|
|
|
|
const debug = require('debug')('talk:secrets');
|
|
const jwt = require('./services/jwt');
|
|
|
|
if (JWT_SECRETS) {
|
|
if (!Array.isArray(JWT_SECRETS)) {
|
|
throw new Error(
|
|
'TALK_JWT_SECRETS must be a JSON array in the form [{"kid": kid, ["secret": secret | "private": private, "public": public]}, ...]'
|
|
);
|
|
}
|
|
|
|
if (JWT_SECRETS.length === 0) {
|
|
throw new Error(
|
|
'TALK_JWT_SECRETS must be a JSON array with non zero length'
|
|
);
|
|
}
|
|
|
|
// Wrap a multi-secret around the available secrets.
|
|
module.exports.jwt = new jwt.MultiSecret(
|
|
JWT_SECRETS.map(secret => {
|
|
if (!('kid' in secret)) {
|
|
throw new Error(
|
|
"when multiple keys are specified, kid's must be specified"
|
|
);
|
|
}
|
|
|
|
if (typeof secret.kid !== 'string' || secret.kid.length === 0) {
|
|
throw new Error('kid must be a unique string');
|
|
}
|
|
|
|
// HMAC secrets do not have public/private keys.
|
|
if (JWT_ALG.startsWith('HS')) {
|
|
return new jwt.SharedSecret(secret, JWT_ALG);
|
|
}
|
|
|
|
if (!('public' in secret)) {
|
|
throw new Error(
|
|
'all symetric keys must provide a PEM encoded public key'
|
|
);
|
|
}
|
|
|
|
return new jwt.AsymmetricSecret(secret, JWT_ALG);
|
|
})
|
|
);
|
|
|
|
debug(
|
|
`loaded ${JWT_SECRETS.length} ${
|
|
JWT_ALG.startsWith('HS') ? 'shared' : 'asymmetric'
|
|
} secrets`
|
|
);
|
|
} else if (JWT_SECRET) {
|
|
if (JWT_ALG.startsWith('HS')) {
|
|
module.exports.jwt = new jwt.SharedSecret(
|
|
{
|
|
secret: JWT_SECRET,
|
|
},
|
|
JWT_ALG
|
|
);
|
|
} else {
|
|
module.exports.jwt = new jwt.AsymmetricSecret(
|
|
JSON.parse(JWT_SECRET),
|
|
JWT_ALG
|
|
);
|
|
}
|
|
|
|
debug(
|
|
`loaded a ${JWT_ALG.startsWith('HS') ? 'shared' : 'asymmetric'} secret`
|
|
);
|
|
}
|