feat: fetch from db auth secret

2021-11-20 20:20:16 +00:00 · 2021-11-20 20:20:16 +00:00 · bca6e15356
commit bca6e15356
parent 8884c75ffd
1 changed files with 20 additions and 29 deletions
--- a/lib/new-admin/middlewares/session.js
+++ b/lib/new-admin/middlewares/session.js
@ -1,41 +1,32 @@
-const fs = require('fs')
 const express = require('express')
 const router = express.Router()
-const hkdf = require('futoin-hkdf')
 const session = require('express-session')
 const PgSession = require('connect-pg-simple')(session)
-const mnemonicHelpers = require('../../mnemonic-helpers')
 const db = require('../../db')
 const options = require('../../options')
 const { USER_SESSIONS_TABLE_NAME } = require('../../constants')
-
-const getSecret = () => {
-  const mnemonic = fs.readFileSync(options.mnemonicPath, 'utf8')
-  return hkdf(
-    mnemonicHelpers.toEntropyBuffer(mnemonic),
-    16,
-    { info: 'operator-id' }
-  ).toString('hex')
-}
+const { getOperatorId } = require('../../operator')

 const hostname = options.hostname

-router.use('*', session({
-  store: new PgSession({
-    pgPromise: db,
-    tableName: USER_SESSIONS_TABLE_NAME
-  }),
-  name: 'lamassu_sid',
-  secret: getSecret(),
-  resave: false,
-  saveUninitialized: false,
-  cookie: {
-    httpOnly: true,
-    secure: true,
-    domain: hostname,
-    sameSite: true,
-    maxAge: 60 * 10 * 1000 // 10 minutes
-  }
-}))
+router.use('*', async () => {
+  return getOperatorId('authentication').then(secret => session({
+    store: new PgSession({
+      pgPromise: db,
+      tableName: USER_SESSIONS_TABLE_NAME
+    }),
+    name: 'lamassu_sid',
+    secret: secret,
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+      httpOnly: true,
+      secure: true,
+      domain: hostname,
+      sameSite: true,
+      maxAge: 60 * 10 * 1000 // 10 minutes
+    }
+  }))
+})

 module.exports = router