Merge pull request #5680 from nocodb/fix/5679-jwt-init-bug

fix: Load JWT secret from store on app init
1 year ago · 9894d51733
6 changed files with 175 additions and 59 deletions
--- a/packages/nocodb/src/Noco.ts
+++ b/packages/nocodb/src/Noco.ts
@ -1,4 +1,5 @@
-// import * as Sentry from '@sentry/node';
+import Sentry, { Handlers } from '@sentry/node';
+import { Logger } from '@nestjs/common';
 import { NestFactory } from '@nestjs/core';
 import clear from 'clear';
 import * as express from 'express';
@ -6,10 +7,12 @@ import NcToolGui from 'nc-lib-gui';
 import { IoAdapter } from '@nestjs/platform-socket.io';
 import requestIp from 'request-ip';
 import cookieParser from 'cookie-parser';
+import { T } from 'nc-help';
+import { v4 as uuidv4 } from 'uuid';
 import { AppModule } from './app.module';
-
 import { NC_LICENSE_KEY } from './constants';
 import Store from './models/Store';
+import { MetaTable } from './utils/globals';
 import type { IEventEmitter } from './modules/event-emitter/event-emitter.interface';
 import type { Express } from 'express';
 import type * as http from 'http';
@ -20,6 +23,7 @@ export default class Noco {
  public static readonly env: string = '_noco';
  private static _httpServer: http.Server;
  private static _server: Express;
+  private static logger = new Logger(Noco.name);

  public static get dashboardUrl(): string {
    let siteUrl = `http://localhost:${process.env.PORT || 8080}`;
@ -42,7 +46,6 @@ export default class Noco {
  public readonly metaMgrv2: any;
  public env: string;

-  private ncToolApi;
  private config: any;
  private requestContext: any;

@ -102,6 +105,8 @@ export default class Noco {

    const nestApp = await NestFactory.create(AppModule);

+    this.initSentry(nestApp);
+
    nestApp.useWebSocketAdapter(new IoAdapter(httpServer));

    nestApp.use(requestIp.mw());
@ -115,6 +120,9 @@ export default class Noco {
    const dashboardPath = process.env.NC_DASHBOARD_URL || '/dashboard';
    server.use(NcToolGui.expressMiddleware(dashboardPath));
    server.get('/', (_req, res) => res.redirect(dashboardPath));
+
+    this.initSentryErrorHandler(server);
+
    return nestApp.getHttpAdapter().getInstance();
  }

@ -125,4 +133,56 @@ export default class Noco {
  public static get server(): Express {
    return Noco._server;
  }
+
+  public static async initJwt(): Promise<any> {
+    if (this.config?.auth?.jwt) {
+      if (!this.config.auth.jwt.secret) {
+        let secret = (
+          await Noco._ncMeta.metaGet('', '', MetaTable.STORE, {
+            key: 'nc_auth_jwt_secret',
+          })
+        )?.value;
+        if (!secret) {
+          await Noco._ncMeta.metaInsert('', '', MetaTable.STORE, {
+            key: 'nc_auth_jwt_secret',
+            value: (secret = uuidv4()),
+          });
+        }
+        this.config.auth.jwt.secret = secret;
+      }
+
+      this.config.auth.jwt.options = this.config.auth.jwt.options || {};
+      if (!this.config.auth.jwt.options?.expiresIn) {
+        this.config.auth.jwt.options.expiresIn =
+          process.env.NC_JWT_EXPIRES_IN ?? '10h';
+      }
+    }
+    let serverId = (
+      await Noco._ncMeta.metaGet('', '', MetaTable.STORE, {
+        key: 'nc_server_id',
+      })
+    )?.value;
+    if (!serverId) {
+      await Noco._ncMeta.metaInsert('', '', MetaTable.STORE, {
+        key: 'nc_server_id',
+        value: (serverId = T.id),
+      });
+    }
+    process.env.NC_SERVER_UUID = serverId;
+  }
+
+  private static initSentryErrorHandler(router) {
+    if (process.env.NC_SENTRY_DSN) {
+      router.use(Handlers.errorHandler());
+    }
+  }
+
+  private static initSentry(router) {
+    if (process.env.NC_SENTRY_DSN) {
+      Sentry.init({ dsn: process.env.NC_SENTRY_DSN });
+
+      // The request handler must be the first middleware on the app
+      router.use(Handlers.requestHandler());
+    }
+  }
 }
--- a/packages/nocodb/src/app.module.ts
+++ b/packages/nocodb/src/app.module.ts
@ -1,35 +1,25 @@
-import { Inject, Module, RequestMethod } from '@nestjs/common';
+import { Module, RequestMethod } from '@nestjs/common';
 import { APP_FILTER } from '@nestjs/core';
 import { BullModule } from '@nestjs/bull';
 import { EventEmitterModule as NestJsEventEmitter } from '@nestjs/event-emitter';
-import { Connection } from './connection/connection';
 import { GlobalExceptionFilter } from './filters/global-exception/global-exception.filter';
-import NcPluginMgrv2 from './helpers/NcPluginMgrv2';
 import { GlobalMiddleware } from './middlewares/global/global.middleware';
 import { GuiMiddleware } from './middlewares/gui/gui.middleware';
 import { PublicMiddleware } from './middlewares/public/public.middleware';
 import { DatasModule } from './modules/datas/datas.module';
-import { IEventEmitter } from './modules/event-emitter/event-emitter.interface';
 import { EventEmitterModule } from './modules/event-emitter/event-emitter.module';
 import { AuthService } from './services/auth.service';
 import { UsersModule } from './modules/users/users.module';
-import { MetaService } from './meta/meta.service';
-import Noco from './Noco';
 import { TestModule } from './modules/test/test.module';
 import { GlobalModule } from './modules/global/global.module';
 import { HookHandlerService } from './services/hook-handler.service';
 import { LocalStrategy } from './strategies/local.strategy';
 import { AuthTokenStrategy } from './strategies/authtoken.strategy/authtoken.strategy';
 import { BaseViewStrategy } from './strategies/base-view.strategy/base-view.strategy';
-import NcConfigFactory from './utils/NcConfigFactory';
-import NcUpgrader from './version-upgrader/NcUpgrader';
 import { MetasModule } from './modules/metas/metas.module';
-import NocoCache from './cache/NocoCache';
 import { JobsModule } from './modules/jobs/jobs.module';
-import type {
-  MiddlewareConsumer,
-  OnApplicationBootstrap,
-} from '@nestjs/common';
+import { AppInitService } from './services/app-init.service';
+import type { MiddlewareConsumer } from '@nestjs/common';

@Module({
  imports: [
@ -60,15 +50,10 @@ import type {
    AuthTokenStrategy,
    BaseViewStrategy,
    HookHandlerService,
+    AppInitService,
  ],
 })
-export class AppModule implements OnApplicationBootstrap {
-  constructor(
-    private readonly connection: Connection,
-    private readonly metaService: MetaService,
-    @Inject('IEventEmitter') private readonly eventEmitter: IEventEmitter,
-  ) {}
-
+export class AppModule {
  // Global Middleware
  configure(consumer: MiddlewareConsumer) {
    consumer
@ -79,30 +64,4 @@ export class AppModule implements OnApplicationBootstrap {
      .apply(GlobalMiddleware)
      .forRoutes({ path: '*', method: RequestMethod.ALL });
  }
-
-  // app init
-  async onApplicationBootstrap(): Promise<void> {
-    process.env.NC_VERSION = '0105004';
-
-    await NocoCache.init();
-
-    await this.connection.init();
-
-    await NcConfigFactory.metaDbCreateIfNotExist(this.connection.config);
-
-    await this.metaService.init();
-
-    // todo: remove
-    // temporary hack
-    Noco._ncMeta = this.metaService;
-    Noco.config = this.connection.config;
-    Noco.eventEmitter = this.eventEmitter;
-
-    // init plugin manager
-    await NcPluginMgrv2.init(Noco.ncMeta);
-    await Noco.loadEEState();
-
-    // run upgrader
-    await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta });
-  }
 }
--- a/packages/nocodb/src/modules/global/global.module.ts
+++ b/packages/nocodb/src/modules/global/global.module.ts
@ -1,19 +1,27 @@
 import { Global, Module } from '@nestjs/common';
-import { JwtModule, JwtService } from '@nestjs/jwt';
 import { ExtractJwt } from 'passport-jwt';
+import {
+  AppInitService,
+  appInitServiceProvider,
+} from '../../services/app-init.service';
 import { SocketGateway } from '../../gateways/socket.gateway';
 import { Connection } from '../../connection/connection';
 import { GlobalGuard } from '../../guards/global/global.guard';
 import { MetaService } from '../../meta/meta.service';
+import Noco from '../../Noco';
 import { JwtStrategy } from '../../strategies/jwt.strategy';
-import NcConfigFactory from '../../utils/NcConfigFactory';
 import { UsersService } from '../../services/users/users.service';
 import type { Provider } from '@nestjs/common';

 export const JwtStrategyProvider: Provider = {
  provide: JwtStrategy,
-  useFactory: async (usersService: UsersService) => {
-    const config = await NcConfigFactory.make();
+  useFactory: async (
+    usersService: UsersService,
+    appInitService: AppInitService,
+  ) => {
+    const config = appInitService.appConfig;
+
+    await Noco.initJwt();

    const options = {
      // ignoreExpiration: false,
@ -26,13 +34,14 @@ export const JwtStrategyProvider: Provider = {

    return new JwtStrategy(options, usersService);
  },
-  inject: [UsersService],
+  inject: [UsersService, AppInitService],
 };

@Global()
@Module({
  imports: [],
  providers: [
+    appInitServiceProvider,
    Connection,
    MetaService,
    UsersService,
@ -41,6 +50,7 @@ export const JwtStrategyProvider: Provider = {
    SocketGateway,
  ],
  exports: [
+    AppInitService,
    Connection,
    MetaService,
    JwtStrategyProvider,
--- a/packages/nocodb/src/services/app-init.service.spec.ts
+++ b/packages/nocodb/src/services/app-init.service.spec.ts
@ -0,0 +1,19 @@
+import { Test } from '@nestjs/testing';
+import { AppInitService } from './app-init.service';
+import type { TestingModule } from '@nestjs/testing';
+
+describe('AppInitService', () => {
+  let service: AppInitService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [AppInitService],
+    }).compile();
+
+    service = module.get<AppInitService>(AppInitService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});
--- a/packages/nocodb/src/services/app-init.service.ts
+++ b/packages/nocodb/src/services/app-init.service.ts
@ -0,0 +1,68 @@
+import { Inject, Injectable } from '@nestjs/common';
+import NocoCache from '../cache/NocoCache';
+import { Connection } from '../connection/connection';
+import NcPluginMgrv2 from '../helpers/NcPluginMgrv2';
+import { MetaService } from '../meta/meta.service';
+import Noco from '../Noco';
+import NcConfigFactory from '../utils/NcConfigFactory';
+import NcUpgrader from '../version-upgrader/NcUpgrader';
+import type { IEventEmitter } from '../modules/event-emitter/event-emitter.interface';
+import type { Provider } from '@nestjs/common';
+
+export class AppInitService {
+  private readonly config: any;
+
+  constructor(config) {
+    this.config = config;
+  }
+
+  get appConfig(): any {
+    return this.config;
+  }
+}
+
+export const appInitServiceProvider: Provider = {
+  provide: AppInitService,
+  // initialize app,
+  // 1. init cache
+  // 2. init db connection and create if not exist
+  // 3. init meta and set to Noco
+  // 4. init jwt
+  // 5. init plugin manager
+  // 6. run upgrader
+  useFactory: async (
+    connection: Connection,
+    metaService: MetaService,
+    eventEmitter: IEventEmitter,
+  ) => {
+    process.env.NC_VERSION = '0105004';
+
+    await NocoCache.init();
+
+    await connection.init();
+
+    await NcConfigFactory.metaDbCreateIfNotExist(connection.config);
+
+    await metaService.init();
+
+    // todo: remove
+    // temporary hack
+    Noco._ncMeta = metaService;
+    Noco.config = connection.config;
+    Noco.eventEmitter = eventEmitter;
+
+    // init jwt secret
+    await Noco.initJwt();
+
+    // init plugin manager
+    await NcPluginMgrv2.init(Noco.ncMeta);
+    await Noco.loadEEState();
+
+    // run upgrader
+    await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta });
+
+    // todo: move app config to app-init service
+    return new AppInitService(connection.config);
+  },
+  inject: [Connection, MetaService, 'IEventEmitter'],
+};
--- a/packages/nocodb/src/utils/NcConfigFactory.ts
+++ b/packages/nocodb/src/utils/NcConfigFactory.ts
@ -100,7 +100,7 @@ export default class NcConfigFactory {

    ncConfig.auth = {
      jwt: {
-        secret: process.env.NC_AUTH_JWT_SECRET ?? 'temporary-key',
+        secret: process.env.NC_AUTH_JWT_SECRET,
      },
    };

@ -421,7 +421,7 @@ export default class NcConfigFactory {
    if (process.env.NC_AUTH_ADMIN_SECRET) {
      config.auth = {
        masterKey: {
-          secret: process.env.NC_AUTH_ADMIN_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_ADMIN_SECRET,
        },
      };
    } else if (process.env.NC_NO_AUTH) {
@ -436,7 +436,7 @@ export default class NcConfigFactory {
          dbAlias:
            process.env.NC_AUTH_JWT_DB_ALIAS ||
            config.envs['_noco'].db[0].meta.dbAlias,
-          secret: process.env.NC_AUTH_JWT_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_JWT_SECRET,
        },
      };
    }
@ -536,7 +536,7 @@ export default class NcConfigFactory {
    if (process.env.NC_AUTH_ADMIN_SECRET) {
      config.auth = {
        masterKey: {
-          secret: process.env.NC_AUTH_ADMIN_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_ADMIN_SECRET,
        },
      };
    } else if (process.env.NC_NO_AUTH) {
@ -551,7 +551,7 @@ export default class NcConfigFactory {
          dbAlias:
            process.env.NC_AUTH_JWT_DB_ALIAS ||
            config.envs['_noco'].db[0].meta.dbAlias,
-          secret: process.env.NC_AUTH_JWT_SECRET ?? 'temporary-key',
+          secret: process.env.NC_AUTH_JWT_SECRET,
        },
      };
    }