summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorSamuel <34555296+Flam3rboy@users.noreply.github.com>2023-03-17 17:47:43 +0100
committerSamuel <34555296+Flam3rboy@users.noreply.github.com>2023-03-17 17:47:43 +0100
commit810f5dd84cab8249f90276ce3acde5ffe6938c8d (patch)
treed3937ad69408a3e4e924f6d52dc38a43db7a6ffb /src
parentfix: types when using yarn (diff)
downloadserver-810f5dd84cab8249f90276ce3acde5ffe6938c8d.tar.xz
perf: cache jwt secret as key
Diffstat (limited to 'src')
-rw-r--r--src/api/Server.ts8
-rw-r--r--src/api/middlewares/Authentication.ts17
-rw-r--r--src/util/util/Token.ts3
3 files changed, 21 insertions, 7 deletions
diff --git a/src/api/Server.ts b/src/api/Server.ts
index 49229494..ced82dce 100644
--- a/src/api/Server.ts
+++ b/src/api/Server.ts
@@ -32,7 +32,7 @@ import "missing-native-js-functions";
 import morgan from "morgan";
 import path from "path";
 import { red } from "picocolors";
-import { Authentication, CORS } from "./middlewares/";
+import { CORS, initAuthentication } from "./middlewares/";
 import { BodyParser } from "./middlewares/BodyParser";
 import { ErrorHandler } from "./middlewares/ErrorHandler";
 import { initRateLimits } from "./middlewares/RateLimit";
@@ -97,7 +97,7 @@ export class FosscordServer extends Server {
 		// @ts-ignore
 		this.app = api;
 
-		api.use(Authentication);
+		initAuthentication(api);
 		await initRateLimits(api);
 		await initTranslation(api);
 
@@ -126,6 +126,10 @@ export class FosscordServer extends Server {
 		app.use("/api/v9", api);
 		app.use("/api", api); // allow unversioned requests
 
+		try {
+			require("./middlewares/TestClient").default(this.app);
+			// eslint-disable-next-line no-empty
+		} catch (error) {}
 		this.app.use(ErrorHandler);
 
 		Sentry.errorHandler(this.app);
diff --git a/src/api/middlewares/Authentication.ts b/src/api/middlewares/Authentication.ts
index 771f0de8..e6e2f59a 100644
--- a/src/api/middlewares/Authentication.ts
+++ b/src/api/middlewares/Authentication.ts
@@ -18,8 +18,9 @@
 
 import { checkToken, Config, Rights } from "@fosscord/util";
 import * as Sentry from "@sentry/node";
-import { NextFunction, Request, Response } from "express";
+import { NextFunction, Request, Response, Router } from "express";
 import { HTTPError } from "lambert-server";
+import { createSecretKey, KeyObject } from "crypto";
 
 export const NO_AUTHORIZATION_ROUTES = [
 	// Authentication routes
@@ -69,6 +70,16 @@ declare global {
 	}
 }
 
+let jwtPublicKey: KeyObject;
+
+// Initialize the jwt secret as a key object so it does not need to be regenerated for each request.
+export function initAuthentication(api: Router) {
+	jwtPublicKey = createSecretKey(
+		Buffer.from(Config.get().security.jwtSecret),
+	);
+	api.use(Authentication);
+}
+
 export async function Authentication(
 	req: Request,
 	res: Response,
@@ -90,11 +101,9 @@ export async function Authentication(
 	Sentry.setUser({ id: req.user_id });
 
 	try {
-		const { jwtSecret } = Config.get().security;
-
 		const { decoded, user } = await checkToken(
 			req.headers.authorization,
-			jwtSecret,
+			jwtPublicKey,
 		);
 
 		req.token = decoded;
diff --git a/src/util/util/Token.ts b/src/util/util/Token.ts
index ffc442aa..67e4b879 100644
--- a/src/util/util/Token.ts
+++ b/src/util/util/Token.ts
@@ -19,6 +19,7 @@
 import jwt, { VerifyOptions } from "jsonwebtoken";
 import { Config } from "./Config";
 import { User } from "../entities";
+import { KeyObject } from "crypto";
 
 export const JWTOptions: VerifyOptions = { algorithms: ["HS256"] };
 
@@ -62,7 +63,7 @@ async function checkEmailToken(
 
 export function checkToken(
 	token: string,
-	jwtSecret: string,
+	jwtSecret: string | KeyObject,
 	isEmailVerification = false,
 ): Promise<UserTokenData> {
 	return new Promise((res, rej) => {