fix: on app init read jwt secret from store

Signed-off-by: Pranav C <pranavxc@gmail.com>
1 year ago · 33ee5e85e3
3 changed files with 47 additions and 6 deletions
--- a/packages/nocodb/src/Noco.ts
+++ b/packages/nocodb/src/Noco.ts
@ -6,8 +6,9 @@ import NcToolGui from 'nc-lib-gui';
 import { IoAdapter } from '@nestjs/platform-socket.io';
 import requestIp from 'request-ip';
 import cookieParser from 'cookie-parser';
+import { T } from 'nc-help';
+import { v4 as uuidv4 } from 'uuid';
 import { AppModule } from './app.module';
-
 import { NC_LICENSE_KEY } from './constants';
 import Store from './models/Store';
 import type { IEventEmitter } from './modules/event-emitter/event-emitter.interface';
@ -125,4 +126,41 @@ export default class Noco {
  public static get server(): Express {
    return Noco._server;
  }
+
+  public static async initJwt(): Promise<any> {
+    if (this.config?.auth?.jwt) {
+      if (!this.config.auth.jwt.secret) {
+        let secret = (
+          await Noco._ncMeta.metaGet('', '', 'nc_store', {
+            key: 'nc_auth_jwt_secret',
+          })
+        )?.value;
+        if (!secret) {
+          await Noco._ncMeta.metaInsert('', '', 'nc_store', {
+            key: 'nc_auth_jwt_secret',
+            value: (secret = uuidv4()),
+          });
+        }
+        this.config.auth.jwt.secret = secret;
+      }
+
+      this.config.auth.jwt.options = this.config.auth.jwt.options || {};
+      if (!this.config.auth.jwt.options?.expiresIn) {
+        this.config.auth.jwt.options.expiresIn =
+          process.env.NC_JWT_EXPIRES_IN ?? '10h';
+      }
+    }
+    let serverId = (
+      await Noco._ncMeta.metaGet('', '', 'nc_store', {
+        key: 'nc_server_id',
+      })
+    )?.value;
+    if (!serverId) {
+      await Noco._ncMeta.metaInsert('', '', 'nc_store', {
+        key: 'nc_server_id',
+        value: (serverId = T.id),
+      });
+    }
+    process.env.NC_SERVER_UUID = serverId;
+  }
 }
--- a/packages/nocodb/src/app.module.ts
+++ b/packages/nocodb/src/app.module.ts
@ -98,6 +98,9 @@ export class AppModule implements OnApplicationBootstrap {
    Noco.config = this.connection.config;
    Noco.eventEmitter = this.eventEmitter;

+    // init jwt secret
+    await Noco.initJwt();
+
    // init plugin manager
    await NcPluginMgrv2.init(Noco.ncMeta);
    await Noco.loadEEState();
--- a/packages/nocodb/src/utils/NcConfigFactory.ts
+++ b/packages/nocodb/src/utils/NcConfigFactory.ts
@ -100,7 +100,7 @@ export default class NcConfigFactory {

    ncConfig.auth = {
      jwt: {
-        secret: process.env.NC_AUTH_JWT_SECRET ?? 'temporary-key',
+        secret: process.env.NC_AUTH_JWT_SECRET,
      },
    };

@ -421,7 +421,7 @@ export default class NcConfigFactory {
    if (process.env.NC_AUTH_ADMIN_SECRET) {
      config.auth = {
        masterKey: {
-          secret: process.env.NC_AUTH_ADMIN_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_ADMIN_SECRET,
        },
      };
    } else if (process.env.NC_NO_AUTH) {
@ -436,7 +436,7 @@ export default class NcConfigFactory {
          dbAlias:
            process.env.NC_AUTH_JWT_DB_ALIAS ||
            config.envs['_noco'].db[0].meta.dbAlias,
-          secret: process.env.NC_AUTH_JWT_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_JWT_SECRET,
        },
      };
    }
@ -536,7 +536,7 @@ export default class NcConfigFactory {
    if (process.env.NC_AUTH_ADMIN_SECRET) {
      config.auth = {
        masterKey: {
-          secret: process.env.NC_AUTH_ADMIN_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_ADMIN_SECRET,
        },
      };
    } else if (process.env.NC_NO_AUTH) {
@ -551,7 +551,7 @@ export default class NcConfigFactory {
          dbAlias:
            process.env.NC_AUTH_JWT_DB_ALIAS ||
            config.envs['_noco'].db[0].meta.dbAlias,
-          secret: process.env.NC_AUTH_JWT_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_JWT_SECRET,
        },
      };
    }