From 63bf01971dcd5b65f4dc88a56257aa5c96f4e239 Mon Sep 17 00:00:00 2001 From: Jessop Breth Date: Thu, 15 Nov 2018 11:08:33 -0500 Subject: [PATCH] moves sensitive keys to gitignored folder --- cli/configure.js | 38 ++++++++++++++++--- package-lock.json | 5 +++ package.json | 1 + server/controllers/api/user/password/index.js | 3 +- server/index.js | 3 +- site/private/.gitkeep | 0 utils/createModuleAliases.js | 1 + 7 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 site/private/.gitkeep diff --git a/cli/configure.js b/cli/configure.js index 8db0faac..95922f17 100644 --- a/cli/configure.js +++ b/cli/configure.js @@ -3,6 +3,7 @@ const fs = require('fs'); const Path = require('path'); const axios = require('axios'); const ip = require('ip'); +const pwGenerator = require('generate-password'); const mysqlQuestions = require(Path.resolve(__dirname, 'questions/mysqlQuestions.js')); const siteQuestions = require(Path.resolve(__dirname, 'questions/siteQuestions.js')); @@ -12,11 +13,14 @@ let thumbnailChannelDefault = '@thumbnails'; let thumbnailChannel = ''; let thumbnailChannelId = ''; -const createConfigFile = (fileName, configObject) => { // siteConfig.json , siteConfig - const fileLocation = Path.resolve(__dirname, `../site/config/${fileName}`); +const createConfigFile = (fileName, configObject, topSecret) => { // siteConfig.json , siteConfig + const fileLocation = topSecret + ? Path.resolve(__dirname, `../site/private/${fileName}`) + : Path.resolve(__dirname, `../site/config/${fileName}`); + const fileContents = JSON.stringify(configObject, null, 2); fs.writeFileSync(fileLocation, fileContents, 'utf-8'); - console.log(`Successfully created ./site/config/${fileName}\n`); + console.log(`Successfully created ${fileLocation}\n`); }; // import existing configs or import the defaults @@ -74,6 +78,27 @@ try { chainqueryConfig = require('./defaults/chainqueryConfig.json'); } +// authConfig +let randSessionKey = pwGenerator.generate({ + length : 20, + numbers: true, +}); + +let randMasterPass = pwGenerator.generate({ + length : 20, + numbers: true, +}); + +let authConfig; +try { + authConfig = require('../site/private/authConfig.json'); +} catch (error) { + authConfig = { + sessionKey : randSessionKey, + masterPassword: randMasterPass, + }; +} + // ask user questions and create config files inquirer .prompt(mysqlQuestions(mysqlDatabase, mysqlUsername, mysqlPassword)) @@ -204,11 +229,14 @@ inquirer createConfigFile('loggerConfig.json', loggerConfig); createConfigFile('slackConfig.json', slackConfig); createConfigFile('chainqueryConfig.json', chainqueryConfig); + createConfigFile('authConfig.json', authConfig, true); }) .then(() => { console.log('\nYou\'re all done!'); - console.log('Next step: run "npm run start" to build and start your server!'); - console.log('If you want to change any settings, you can edit the files in the "/config" folder.'); + console.log('\nIt\'s a good idea to BACK UP YOUR MASTER PASSWORD \nin "/site/private/authConfig.json" so that you don\'t lose \ncontrol of your channel.'); + + console.log('\nNext step: run "npm run start" to build and start your server!'); + console.log('If you want to change any settings, you can edit the files in the "/site" folder.'); process.exit(0); }) .catch(error => { diff --git a/package-lock.json b/package-lock.json index d6f59989..e654db8d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5753,6 +5753,11 @@ "is-property": "^1.0.2" } }, + "generate-password": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/generate-password/-/generate-password-1.4.1.tgz", + "integrity": "sha512-MwMSkOIKkgYBG3JrquF0m/Rky+pl5jZFNmoroE9bQU5VawFDKdJfxMx1qBthPusx8GQyNWSW0m+Jaw0mZnqApg==" + }, "generic-pool": { "version": "3.4.2", "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-3.4.2.tgz", diff --git a/package.json b/package.json index a0576b28..1a1b2a07 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,7 @@ "express": "^4.16.4", "express-handlebars": "^3.0.0", "express-http-context": "^1.2.0", + "generate-password": "^1.4.1", "get-video-dimensions": "^1.0.0", "helmet": "^3.15.0", "image-size": "^0.6.3", diff --git a/server/controllers/api/user/password/index.js b/server/controllers/api/user/password/index.js index 28fd146b..ddfb3f44 100644 --- a/server/controllers/api/user/password/index.js +++ b/server/controllers/api/user/password/index.js @@ -1,8 +1,7 @@ const { handleErrorResponse } = require('../../../utils/errorHandlers.js'); const logger = require('winston'); const db = require('../../../../models'); -const { auth: { masterPassword } } = require('@config/siteConfig.json'); - +const { masterPassword } = require('@private/authConfig.json'); /* route to update a password diff --git a/server/index.js b/server/index.js index 72982647..8194d881 100644 --- a/server/index.js +++ b/server/index.js @@ -26,13 +26,14 @@ const { const { details: { port: PORT }, - auth: { sessionKey }, startup: { performChecks, performUpdates, }, } = require('@config/siteConfig'); +const { sessionKey } = require('@private/authConfig.json'); + function Server () { this.initialize = () => { // configure logging diff --git a/site/private/.gitkeep b/site/private/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/utils/createModuleAliases.js b/utils/createModuleAliases.js index ca34d2e8..c77802e4 100644 --- a/utils/createModuleAliases.js +++ b/utils/createModuleAliases.js @@ -42,6 +42,7 @@ module.exports = () => { // aliases for configs moduleAliases['@config'] = resolve('site/config'); + moduleAliases['@private'] = resolve('site/private'); // create specific aliases for locally defined components in the following folders moduleAliases = addAliasesForCustomComponentFolder('containers', moduleAliases); -- 2.45.3