feat: persist encrypted env
This commit is contained in:
Lakhan Samani
@@ -20,7 +20,7 @@ func AdminLoginResolver(ctx context.Context, params model.AdminLoginInput) (*mod
|
||||
log.Println("=> error:", err)
|
||||
return res, err
|
||||
}
|
||||
if params.AdminSecret != constants.ADMIN_SECRET {
|
||||
if params.AdminSecret != constants.EnvData.ADMIN_SECRET {
|
||||
return nil, fmt.Errorf(`invalid admin secret`)
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ func ForgotPassword(ctx context.Context, params model.ForgotPasswordInput) (*mod
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if constants.DISABLE_BASIC_AUTHENTICATION {
|
||||
if constants.EnvData.DISABLE_BASIC_AUTHENTICATION {
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
host := gc.Request.Host
|
||||
|
||||
@@ -22,7 +22,7 @@ func Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, e
|
||||
return res, err
|
||||
}
|
||||
|
||||
if constants.DISABLE_BASIC_AUTHENTICATION {
|
||||
if constants.EnvData.DISABLE_BASIC_AUTHENTICATION {
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
||||
@@ -46,7 +46,7 @@ func Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, e
|
||||
log.Println("compare password error:", err)
|
||||
return res, fmt.Errorf(`invalid password`)
|
||||
}
|
||||
roles := constants.DEFAULT_ROLES
|
||||
roles := constants.EnvData.DEFAULT_ROLES
|
||||
currentRoles := strings.Split(user.Roles, ",")
|
||||
if len(params.Roles) > 0 {
|
||||
if !utils.IsValidRoles(currentRoles, params.Roles) {
|
||||
|
||||
@@ -17,7 +17,7 @@ import (
|
||||
func MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*model.Response, error) {
|
||||
var res *model.Response
|
||||
|
||||
if constants.DISABLE_MAGIC_LINK_LOGIN {
|
||||
if constants.EnvData.DISABLE_MAGIC_LINK_LOGIN {
|
||||
return res, fmt.Errorf(`magic link login is disabled for this instance`)
|
||||
}
|
||||
|
||||
@@ -41,13 +41,13 @@ func MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*mod
|
||||
// define roles for new user
|
||||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
if !utils.IsValidRoles(constants.ROLES, params.Roles) {
|
||||
if !utils.IsValidRoles(constants.EnvData.ROLES, params.Roles) {
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
} else {
|
||||
inputRoles = params.Roles
|
||||
}
|
||||
} else {
|
||||
inputRoles = constants.DEFAULT_ROLES
|
||||
inputRoles = constants.EnvData.DEFAULT_ROLES
|
||||
}
|
||||
|
||||
user.Roles = strings.Join(inputRoles, ",")
|
||||
@@ -72,7 +72,7 @@ func MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*mod
|
||||
// check if it contains protected unassigned role
|
||||
hasProtectedRole := false
|
||||
for _, ur := range unasignedRoles {
|
||||
if utils.StringSliceContains(constants.PROTECTED_ROLES, ur) {
|
||||
if utils.StringSliceContains(constants.EnvData.PROTECTED_ROLES, ur) {
|
||||
hasProtectedRole = true
|
||||
}
|
||||
}
|
||||
@@ -98,7 +98,7 @@ func MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*mod
|
||||
}
|
||||
}
|
||||
|
||||
if !constants.DISABLE_EMAIL_VERIFICATION {
|
||||
if !constants.EnvData.DISABLE_EMAIL_VERIFICATION {
|
||||
// insert verification request
|
||||
verificationType := enum.MagicLinkLogin.String()
|
||||
token, err := utils.CreateVerificationToken(params.Email, verificationType)
|
||||
|
||||
@@ -14,7 +14,7 @@ import (
|
||||
|
||||
func ResetPassword(ctx context.Context, params model.ResetPasswordInput) (*model.Response, error) {
|
||||
var res *model.Response
|
||||
if constants.DISABLE_BASIC_AUTHENTICATION {
|
||||
if constants.EnvData.DISABLE_BASIC_AUTHENTICATION {
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ func Session(ctx context.Context, roles []string) (*model.AuthResponse, error) {
|
||||
expiresTimeObj := time.Unix(expiresAt, 0)
|
||||
currentTimeObj := time.Now()
|
||||
|
||||
claimRoleInterface := claim[constants.JWT_ROLE_CLAIM].([]interface{})
|
||||
claimRoleInterface := claim[constants.EnvData.JWT_ROLE_CLAIM].([]interface{})
|
||||
claimRoles := make([]string, len(claimRoleInterface))
|
||||
for i, v := range claimRoleInterface {
|
||||
claimRoles[i] = v.(string)
|
||||
|
||||
@@ -22,7 +22,7 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
|
||||
return res, err
|
||||
}
|
||||
|
||||
if constants.DISABLE_BASIC_AUTHENTICATION {
|
||||
if constants.EnvData.DISABLE_BASIC_AUTHENTICATION {
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
if params.ConfirmPassword != params.Password {
|
||||
@@ -52,13 +52,13 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
|
||||
|
||||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
if !utils.IsValidRoles(constants.ROLES, params.Roles) {
|
||||
if !utils.IsValidRoles(constants.EnvData.ROLES, params.Roles) {
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
} else {
|
||||
inputRoles = params.Roles
|
||||
}
|
||||
} else {
|
||||
inputRoles = constants.DEFAULT_ROLES
|
||||
inputRoles = constants.EnvData.DEFAULT_ROLES
|
||||
}
|
||||
|
||||
user := db.User{
|
||||
@@ -103,7 +103,7 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
|
||||
}
|
||||
|
||||
user.SignupMethods = enum.BasicAuth.String()
|
||||
if constants.DISABLE_EMAIL_VERIFICATION {
|
||||
if constants.EnvData.DISABLE_EMAIL_VERIFICATION {
|
||||
now := time.Now().Unix()
|
||||
user.EmailVerifiedAt = &now
|
||||
}
|
||||
@@ -115,7 +115,7 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
|
||||
roles := strings.Split(user.Roles, ",")
|
||||
userToReturn := utils.GetResponseUserData(user)
|
||||
|
||||
if !constants.DISABLE_EMAIL_VERIFICATION {
|
||||
if !constants.EnvData.DISABLE_EMAIL_VERIFICATION {
|
||||
// insert verification request
|
||||
verificationType := enum.BasicAuthSignup.String()
|
||||
token, err := utils.CreateVerificationToken(params.Email, verificationType)
|
||||
|
||||
@@ -112,7 +112,7 @@ func UpdateUser(ctx context.Context, params model.UpdateUserInput) (*model.User,
|
||||
inputRoles = append(inputRoles, *item)
|
||||
}
|
||||
|
||||
if !utils.IsValidRoles(append([]string{}, append(constants.ROLES, constants.PROTECTED_ROLES...)...), inputRoles) {
|
||||
if !utils.IsValidRoles(append([]string{}, append(constants.EnvData.ROLES, constants.EnvData.PROTECTED_ROLES...)...), inputRoles) {
|
||||
return res, fmt.Errorf("invalid list of roles")
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user