From bca6e153569353fbf75beed0d53c0907db2f9038 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Oliveira?= Date: Sat, 20 Nov 2021 20:20:16 +0000 Subject: [PATCH] feat: fetch from db auth secret --- lib/new-admin/middlewares/session.js | 49 ++++++++++++---------------- 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/lib/new-admin/middlewares/session.js b/lib/new-admin/middlewares/session.js index fbdf4465..ff9093d4 100644 --- a/lib/new-admin/middlewares/session.js +++ b/lib/new-admin/middlewares/session.js @@ -1,41 +1,32 @@ -const fs = require('fs') const express = require('express') const router = express.Router() -const hkdf = require('futoin-hkdf') const session = require('express-session') const PgSession = require('connect-pg-simple')(session) -const mnemonicHelpers = require('../../mnemonic-helpers') const db = require('../../db') const options = require('../../options') const { USER_SESSIONS_TABLE_NAME } = require('../../constants') - -const getSecret = () => { - const mnemonic = fs.readFileSync(options.mnemonicPath, 'utf8') - return hkdf( - mnemonicHelpers.toEntropyBuffer(mnemonic), - 16, - { info: 'operator-id' } - ).toString('hex') -} +const { getOperatorId } = require('../../operator') const hostname = options.hostname -router.use('*', session({ - store: new PgSession({ - pgPromise: db, - tableName: USER_SESSIONS_TABLE_NAME - }), - name: 'lamassu_sid', - secret: getSecret(), - resave: false, - saveUninitialized: false, - cookie: { - httpOnly: true, - secure: true, - domain: hostname, - sameSite: true, - maxAge: 60 * 10 * 1000 // 10 minutes - } -})) +router.use('*', async () => { + return getOperatorId('authentication').then(secret => session({ + store: new PgSession({ + pgPromise: db, + tableName: USER_SESSIONS_TABLE_NAME + }), + name: 'lamassu_sid', + secret: secret, + resave: false, + saveUninitialized: false, + cookie: { + httpOnly: true, + secure: true, + domain: hostname, + sameSite: true, + maxAge: 60 * 10 * 1000 // 10 minutes + } + })) +}) module.exports = router