Setup jwt signing key

2025-11-05 23:44:22 +00:00 · 2024-11-01 17:04:08 +01:00
parent 34868c53eb
commit 46eeb18a31
4 changed files with 108 additions and 16 deletions
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -4,19 +4,19 @@ import (
 	"log"
 	"net/http"
 	"os"
 	"time"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"novamd/internal/api"
 	"novamd/internal/auth"
 	"novamd/internal/config"
 	"novamd/internal/db"
 	"novamd/internal/filesystem"
 	"novamd/internal/user"
 )
 func main() {
 	// Load configuration
 	cfg, err := config.Load()
 	if err != nil {
@@ -28,38 +28,56 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	defer func() {
+	defer database.Close()
-		if err := database.Close(); err != nil {
+
-			log.Printf("Error closing database: %v", err)
+	// Get or generate JWT signing key
 	signingKey := cfg.JWTSigningKey
 	if signingKey == "" {
 		signingKey, err = database.EnsureJWTSecret()
 		if err != nil {
 			log.Fatal("Failed to ensure JWT secret:", err)
 		}
 	}
 	}()
 	// Initialize filesystem
 	fs := filesystem.New(cfg.WorkDir)
-	// Initialize user service
+	// Initialize JWT service
-	userService := user.NewUserService(database, fs)
+	jwtService, err := auth.NewJWTService(auth.JWTConfig{
-
+		SigningKey:         signingKey,
-	// Create admin user
+		AccessTokenExpiry:  15 * time.Minute,
-	if _, err := userService.SetupAdminUser(cfg.AdminEmail, cfg.AdminPassword); err != nil {
+		RefreshTokenExpiry: 7 * 24 * time.Hour,
-		log.Fatal(err)
+	})
 	if err != nil {
 		log.Fatal("Failed to initialize JWT service:", err)
 	}
 	// Initialize auth middleware
 	authMiddleware := auth.NewMiddleware(jwtService)
 	// Initialize session service
 	sessionService := auth.NewSessionService(database.DB, jwtService)
 	// Set up router
 	r := chi.NewRouter()
 	// Middleware
 	r.Use(middleware.Logger)
 	r.Use(middleware.Recoverer)
 	r.Use(middleware.RequestID)
 	r.Use(middleware.RealIP)
 	r.Use(middleware.Timeout(30 * time.Second))
-	// API routes
+	// Set up routes
 	r.Route("/api/v1", func(r chi.Router) {
-		api.SetupRoutes(r, database, fs)
+		api.SetupRoutes(r, database, fs, authMiddleware, sessionService)
 	})
 	// Handle all other routes with static file server
 	r.Get("/*", api.NewStaticHandler(cfg.StaticPath).ServeHTTP)
 	// Start server
-	port := os.Getenv("NOVAMD_PORT")
+	port := os.Getenv("PORT")
 	if port == "" {
 		port = "8080"
 	}
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
@@ -16,6 +16,7 @@ type Config struct {
 	AdminEmail    string
 	AdminPassword string
 	EncryptionKey string
 	JWTSigningKey string
 }
 func DefaultConfig() *Config {
@@ -69,6 +70,7 @@ func Load() (*Config, error) {
 	config.AdminEmail = os.Getenv("NOVAMD_ADMIN_EMAIL")
 	config.AdminPassword = os.Getenv("NOVAMD_ADMIN_PASSWORD")
 	config.EncryptionKey = os.Getenv("NOVAMD_ENCRYPTION_KEY")
 	config.JWTSigningKey = os.Getenv("NOVAMD_JWT_SIGNING_KEY")
 	// Validate all settings
 	if err := config.Validate(); err != nil {
--- a/backend/internal/db/migrations.go
+++ b/backend/internal/db/migrations.go
@@ -67,7 +67,14 @@ var migrations = []Migration{
 		ALTER TABLE workspaces ADD COLUMN created_by INTEGER REFERENCES users(id);
 		ALTER TABLE workspaces ADD COLUMN updated_by INTEGER REFERENCES users(id);
 		ALTER TABLE workspaces ADD COLUMN updated_at TIMESTAMP;
-		`,
+		
 		-- Create system_settings table for application settings
 		CREATE TABLE IF NOT EXISTS system_settings (
 			key TEXT PRIMARY KEY,
 			value TEXT NOT NULL,
 			created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
 			updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 		);`,
 	},
 }
--- a/backend/internal/db/system_settings.go
+++ b/backend/internal/db/system_settings.go
@@ -0,0 +1,65 @@
 package db
 import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
 )
 const (
 	JWTSecretKey = "jwt_secret"
 )
 // EnsureJWTSecret makes sure a JWT signing secret exists in the database
 // If no secret exists, it generates and stores a new one
 func (db *DB) EnsureJWTSecret() (string, error) {
 	// First, try to get existing secret
 	secret, err := db.GetSystemSetting(JWTSecretKey)
 	if err == nil {
 		return secret, nil
 	}
 	// Generate new secret if none exists
 	newSecret, err := generateRandomSecret(32) // 256 bits
 	if err != nil {
 		return "", fmt.Errorf("failed to generate JWT secret: %w", err)
 	}
 	// Store the new secret
 	err = db.SetSystemSetting(JWTSecretKey, newSecret)
 	if err != nil {
 		return "", fmt.Errorf("failed to store JWT secret: %w", err)
 	}
 	return newSecret, nil
 }
 // GetSystemSetting retrieves a system setting by key
 func (db *DB) GetSystemSetting(key string) (string, error) {
 	var value string
 	err := db.QueryRow("SELECT value FROM system_settings WHERE key = ?", key).Scan(&value)
 	if err != nil {
 		return "", err
 	}
 	return value, nil
 }
 // SetSystemSetting stores or updates a system setting
 func (db *DB) SetSystemSetting(key, value string) error {
 	_, err := db.Exec(`
 		INSERT INTO system_settings (key, value)
 		VALUES (?, ?)
 		ON CONFLICT(key) DO UPDATE SET value = ?`,
 		key, value, value)
 	return err
 }
 // generateRandomSecret generates a cryptographically secure random string
 func generateRandomSecret(bytes int) (string, error) {
 	b := make([]byte, bytes)
 	_, err := rand.Read(b)
 	if err != nil {
 		return "", err
 	}
 	return base64.StdEncoding.EncodeToString(b), nil
 }