commit 7d4386c9d16ca0966073fe468a8414b31e70edf0
author simon <tran.simon2@gmail.com> Wed Oct 26 17:47:59 2022 -0400
committer simon <tran.simon2@gmail.com> Wed Oct 26 17:59:47 2022 -0400
tree 1435fce408c0cda5fd753512d766a5ca2f975dc2
parent 8ef4840b2349bca96c9e32f1798043ba229090f0

Fix jamid.node path in server

Add npm script in server to generate keys.
Improve dockerfile to generate server keys.
Add dotenv and dotenv-cli dependencies to server

Change-Id: Ibcb21578b4cb59d3bc9a99fa0e832d3b30cfb01a

server/.gitignore

diff --git a/server/.gitignore b/server/.gitignore
index 54fcf25..efc99e0 100644
--- a/server/.gitignore
+++ b/server/.gitignore
@@ -1,2 +1 @@
 creds.json
-*.pem

server/misc/gen_key_pair.sh

diff --git a/server/misc/gen_key_pair.sh b/server/misc/gen_key_pair.sh
deleted file mode 100755
index ea60e05..0000000
--- a/server/misc/gen_key_pair.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-set -ex
-
-# Generate PEM-encoded PKCS#8 private key and PEM-encoded SPKI public key
-
-if command -v openssl; then
-  # -algorithm RSA -pkeyopt rsa_keygen_bits:2048
-  # ES256: -algorithm EC -pkeyopt ec_paramgen_curve:P-256
-  gen_pkcs8() { openssl genpkey -algorithm ed25519; }
-  pkcs8_to_spki() { openssl pkey -pubout; }
-else
-  printf 'No tools known\n' >&2 && exit 1
-fi
-
-gen_pkcs8 | tee ./privkey.pem | pkcs8_to_spki >./pubkey.pem

server/package.json

diff --git a/server/package.json b/server/package.json
index 6d17ce8..b11c92d 100644
--- a/server/package.json
+++ b/server/package.json
@@ -9,13 +9,16 @@
     "lint": "eslint src",
     "lint:fix": "eslint --fix src",
     "format": "prettier --write src",
-    "format:check": "prettier --check src"
+    "format:check": "prettier --check src",
+    "prepare": "npm run genkeys",
+    "genkeys": "sh scripts/genkeys.sh"
   },
   "devDependencies": {
     "@types/express": "^4.17.14",
     "@types/node": "^18.8.3",
     "@types/whatwg-url": "^11.0.0",
     "@types/ws": "^8.5.3",
+    "dotenv-cli": "^6.0.0",
     "nodemon": "^2.0.20",
     "npm-check-updates": "^16.3.3",
     "ts-node": "^10.9.1",
@@ -24,6 +27,7 @@
   },
   "dependencies": {
     "argon2": "^0.29.1",
+    "dotenv": "^16.0.3",
     "express": "^4.18.2",
     "express-async-handler": "^1.2.0",
     "helmet": "^6.0.0",

server/scripts/genkeys.sh

diff --git a/server/scripts/genkeys.sh b/server/scripts/genkeys.sh
new file mode 100755
index 0000000..18f1bdf
--- /dev/null
+++ b/server/scripts/genkeys.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+if ! command -v dotenv; then
+  printf 'Missing "dotenv". Please run "npm install"\n' >&2 && exit 1
+fi
+
+if [ "$(dotenv -p PRIVATE_KEY)" ] && [ "$(dotenv -p PUBLIC_KEY)" ]; then
+  printf 'Public and private keys are already defined. Exiting...\n' >&2 && exit 0
+fi
+
+# Generate PEM-encoded PKCS#8 private key and PEM-encoded SPKI public key
+
+if command -v openssl; then
+  # -algorithm RSA -pkeyopt rsa_keygen_bits:2048
+  # ES256: -algorithm EC -pkeyopt ec_paramgen_curve:P-256
+  gen_pkcs8() { openssl genpkey -algorithm ed25519; }
+  pkcs8_to_spki() { openssl pkey -pubout; }
+else
+  printf 'No tools known\n' >&2 && exit 1
+fi
+
+private_key=$(gen_pkcs8)
+public_key=$(echo "${private_key}" | pkcs8_to_spki)
+
+echo "PRIVATE_KEY=\"${private_key}\"" >> .env
+echo "PUBLIC_KEY=\"${public_key}\"" >> .env

server/src/index.ts

diff --git a/server/src/index.ts b/server/src/index.ts
index ec7067e..d00f78b 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -17,6 +17,9 @@
  */
 import 'reflect-metadata';
 
+import * as dotenv from 'dotenv';
+dotenv.config();
+
 import { createServer } from 'node:http';
 
 import log from 'loglevel';

server/src/jamid/jamid.ts

diff --git a/server/src/jamid/jamid.ts b/server/src/jamid/jamid.ts
index 51394eb..48c20f2 100644
--- a/server/src/jamid/jamid.ts
+++ b/server/src/jamid/jamid.ts
@@ -38,7 +38,7 @@
 
   constructor() {
     // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-    this.jamiSwig = require('../../jamid.node') as JamiSwig;
+    this.jamiSwig = require('../../jamid.node') as JamiSwig; // TODO: we should put the path in the .env
 
     const handlers: Record<string, unknown> = {};
     const handler = (sig: string) => {

server/src/vault.ts

diff --git a/server/src/vault.ts b/server/src/vault.ts
index 45548db..07e2914 100644
--- a/server/src/vault.ts
+++ b/server/src/vault.ts
@@ -15,8 +15,6 @@
  * License along with this program.  If not, see
  * <https://www.gnu.org/licenses/>.
  */
-import { readFile } from 'node:fs/promises';
-
 import { importPKCS8, importSPKI, KeyLike } from 'jose';
 import { Service } from 'typedi';
 
@@ -25,13 +23,16 @@
   privateKey!: KeyLike;
   publicKey!: KeyLike;
 
-  // TODO: Convert to environment variables and check if defined
   async build() {
-    const privateKeyBuffer = await readFile('privkey.pem');
-    this.privateKey = await importPKCS8(privateKeyBuffer.toString(), 'EdDSA');
+    const privatekey = process.env.PRIVATE_KEY;
+    const publicKey = process.env.PUBLIC_KEY;
 
-    const publicKeyBuffer = await readFile('pubkey.pem');
-    this.publicKey = await importSPKI(publicKeyBuffer.toString(), 'EdDSA');
+    if (!privatekey || !publicKey) {
+      throw new Error('Missing private or public key environment variables. Try running "npm run genkeys"');
+    }
+
+    this.privateKey = await importPKCS8(privatekey, 'EdDSA');
+    this.publicKey = await importSPKI(publicKey, 'EdDSA');
 
     return this;
   }