Setup jwt signing key

2025-11-06 07:54:22 +00:00 · 2024-11-01 17:04:08 +01:00
parent 34868c53eb
commit 46eeb18a31
4 changed files with 108 additions and 16 deletions
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
@@ -16,6 +16,7 @@ type Config struct {
 	AdminEmail    string
 	AdminPassword string
 	EncryptionKey string
+	JWTSigningKey string
 }

 func DefaultConfig() *Config {
@@ -69,6 +70,7 @@ func Load() (*Config, error) {
 	config.AdminEmail = os.Getenv("NOVAMD_ADMIN_EMAIL")
 	config.AdminPassword = os.Getenv("NOVAMD_ADMIN_PASSWORD")
 	config.EncryptionKey = os.Getenv("NOVAMD_ENCRYPTION_KEY")
+	config.JWTSigningKey = os.Getenv("NOVAMD_JWT_SIGNING_KEY")

 	// Validate all settings
 	if err := config.Validate(); err != nil {
--- a/backend/internal/db/migrations.go
+++ b/backend/internal/db/migrations.go
@@ -67,7 +67,14 @@ var migrations = []Migration{
 		ALTER TABLE workspaces ADD COLUMN created_by INTEGER REFERENCES users(id);
 		ALTER TABLE workspaces ADD COLUMN updated_by INTEGER REFERENCES users(id);
 		ALTER TABLE workspaces ADD COLUMN updated_at TIMESTAMP;
-		`,
+		
+		-- Create system_settings table for application settings
+		CREATE TABLE IF NOT EXISTS system_settings (
+			key TEXT PRIMARY KEY,
+			value TEXT NOT NULL,
+			created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+			updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+		);`,
 	},
 }

--- a/backend/internal/db/system_settings.go
+++ b/backend/internal/db/system_settings.go
@@ -0,0 +1,65 @@
+package db
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+)
+
+const (
+	JWTSecretKey = "jwt_secret"
+)
+
+// EnsureJWTSecret makes sure a JWT signing secret exists in the database
+// If no secret exists, it generates and stores a new one
+func (db *DB) EnsureJWTSecret() (string, error) {
+	// First, try to get existing secret
+	secret, err := db.GetSystemSetting(JWTSecretKey)
+	if err == nil {
+		return secret, nil
+	}
+
+	// Generate new secret if none exists
+	newSecret, err := generateRandomSecret(32) // 256 bits
+	if err != nil {
+		return "", fmt.Errorf("failed to generate JWT secret: %w", err)
+	}
+
+	// Store the new secret
+	err = db.SetSystemSetting(JWTSecretKey, newSecret)
+	if err != nil {
+		return "", fmt.Errorf("failed to store JWT secret: %w", err)
+	}
+
+	return newSecret, nil
+}
+
+// GetSystemSetting retrieves a system setting by key
+func (db *DB) GetSystemSetting(key string) (string, error) {
+	var value string
+	err := db.QueryRow("SELECT value FROM system_settings WHERE key = ?", key).Scan(&value)
+	if err != nil {
+		return "", err
+	}
+	return value, nil
+}
+
+// SetSystemSetting stores or updates a system setting
+func (db *DB) SetSystemSetting(key, value string) error {
+	_, err := db.Exec(`
+		INSERT INTO system_settings (key, value)
+		VALUES (?, ?)
+		ON CONFLICT(key) DO UPDATE SET value = ?`,
+		key, value, value)
+	return err
+}
+
+// generateRandomSecret generates a cryptographically secure random string
+func generateRandomSecret(bytes int) (string, error) {
+	b := make([]byte, bytes)
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(b), nil
+}