Reorganize server files and address TODO comments
Changes:
- Remove unneeded dependencies from package.json
- Remove unneeded async build() methods from services
- Use constructor as often as possible
- Rename and move storage services for clarity
- creds.ts -> accounts.ts, and creds.json -> accounts.json
- admin-config.ts -> admin-account.ts
- vault.ts -> signing-keys.ts
- Rename ws.ts to websocket-server.ts for clarity and consistency
- Make WebSocketServer initialize using constructor and bind server upgrade to WebSocketServer.upgrade
- Remove unused send-account-message endpoint from account-router.ts
- Set issuer and audience claims for JWT
- Create new utils/jwt.ts file to remove code duplication for JWT signing and verifying
- Delete utils.ts and merge it with jami-swig.ts
- Handle potentially undefined types in jami-swig.ts
- Replace hard to read one-liners with functions in jami-swig.ts
- Rename types in jami-swig.ts for consistency with daemon
- Remove handled/answered TODO comments
- Remove TODO comment about using .env for jamid.node as it does not work for require()
GitLab: #87
Change-Id: I1e5216ffa79ea34dd7e9b61540fb7e37d1f66c9f
diff --git a/server/src/routers/setup-router.ts b/server/src/routers/setup-router.ts
index 7dfa24f..3bc3088 100644
--- a/server/src/routers/setup-router.ts
+++ b/server/src/routers/setup-router.ts
@@ -20,20 +20,18 @@
import asyncHandler from 'express-async-handler';
import { ParamsDictionary, Request } from 'express-serve-static-core';
import { HttpStatusCode } from 'jami-web-common';
-import { SignJWT } from 'jose';
import { Container } from 'typedi';
-import { AdminConfig } from '../admin-config.js';
import { checkAdminSetup } from '../middleware/setup.js';
-import { Vault } from '../vault.js';
+import { AdminAccount } from '../storage/admin-account.js';
+import { signJwt } from '../utils/jwt.js';
+
+const adminAccount = Container.get(AdminAccount);
export const setupRouter = Router();
-const vault = Container.get(Vault);
-const adminConfig = Container.get(AdminConfig);
-
setupRouter.get('/check', (_req, res, _next) => {
- const isSetupComplete = adminConfig.get() !== undefined;
+ const isSetupComplete = adminAccount.get() !== undefined;
res.send({ isSetupComplete });
});
@@ -51,7 +49,7 @@
return;
}
- const isAdminCreated = adminConfig.get() !== undefined;
+ const isAdminCreated = adminAccount.get() !== undefined;
if (isAdminCreated) {
res.status(HttpStatusCode.Conflict).send('Admin already exists');
return;
@@ -59,8 +57,8 @@
const hashedPassword = await argon2.hash(password, { type: argon2.argon2id });
- adminConfig.set(hashedPassword);
- await adminConfig.save();
+ adminAccount.set(hashedPassword);
+ await adminAccount.save();
res.sendStatus(HttpStatusCode.Created);
})
@@ -68,7 +66,7 @@
// Every request handler after this line will be submitted to this middleware
// in order to ensure that the admin account is set up before proceeding with
-// setup related requests
+// setup-related requests
setupRouter.use(checkAdminSetup);
setupRouter.post(
@@ -81,7 +79,11 @@
return;
}
- const hashedPassword = adminConfig.get();
+ const hashedPassword = adminAccount.get();
+ if (hashedPassword === undefined) {
+ res.status(HttpStatusCode.InternalServerError).send('Admin password not found');
+ return;
+ }
const isPasswordVerified = await argon2.verify(hashedPassword, password);
if (!isPasswordVerified) {
@@ -89,14 +91,7 @@
return;
}
- const jwt = await new SignJWT({ id: 'admin' })
- .setProtectedHeader({ alg: 'EdDSA' })
- .setIssuedAt()
- // TODO: use valid issuer and audience
- .setIssuer('urn:example:issuer')
- .setAudience('urn:example:audience')
- .setExpirationTime('2h')
- .sign(vault.privateKey);
+ const jwt = await signJwt('admin');
res.send({ accessToken: jwt });
}
)