diff options
| author | Samuel <34555296+Flam3rboy@users.noreply.github.com> | 2023-03-17 17:47:43 +0100 |
|---|---|---|
| committer | Samuel <34555296+Flam3rboy@users.noreply.github.com> | 2023-03-17 17:47:43 +0100 |
| commit | 810f5dd84cab8249f90276ce3acde5ffe6938c8d (patch) | |
| tree | d3937ad69408a3e4e924f6d52dc38a43db7a6ffb /src | |
| parent | fix: types when using yarn (diff) | |
| download | server-810f5dd84cab8249f90276ce3acde5ffe6938c8d.tar.xz | |
perf: cache jwt secret as key
Diffstat (limited to 'src')
| -rw-r--r-- | src/api/Server.ts | 8 | ||||
| -rw-r--r-- | src/api/middlewares/Authentication.ts | 17 | ||||
| -rw-r--r-- | src/util/util/Token.ts | 3 |
3 files changed, 21 insertions, 7 deletions
diff --git a/src/api/Server.ts b/src/api/Server.ts index 49229494..ced82dce 100644 --- a/src/api/Server.ts +++ b/src/api/Server.ts @@ -32,7 +32,7 @@ import "missing-native-js-functions"; import morgan from "morgan"; import path from "path"; import { red } from "picocolors"; -import { Authentication, CORS } from "./middlewares/"; +import { CORS, initAuthentication } from "./middlewares/"; import { BodyParser } from "./middlewares/BodyParser"; import { ErrorHandler } from "./middlewares/ErrorHandler"; import { initRateLimits } from "./middlewares/RateLimit"; @@ -97,7 +97,7 @@ export class FosscordServer extends Server { // @ts-ignore this.app = api; - api.use(Authentication); + initAuthentication(api); await initRateLimits(api); await initTranslation(api); @@ -126,6 +126,10 @@ export class FosscordServer extends Server { app.use("/api/v9", api); app.use("/api", api); // allow unversioned requests + try { + require("./middlewares/TestClient").default(this.app); + // eslint-disable-next-line no-empty + } catch (error) {} this.app.use(ErrorHandler); Sentry.errorHandler(this.app); diff --git a/src/api/middlewares/Authentication.ts b/src/api/middlewares/Authentication.ts index 771f0de8..e6e2f59a 100644 --- a/src/api/middlewares/Authentication.ts +++ b/src/api/middlewares/Authentication.ts @@ -18,8 +18,9 @@ import { checkToken, Config, Rights } from "@fosscord/util"; import * as Sentry from "@sentry/node"; -import { NextFunction, Request, Response } from "express"; +import { NextFunction, Request, Response, Router } from "express"; import { HTTPError } from "lambert-server"; +import { createSecretKey, KeyObject } from "crypto"; export const NO_AUTHORIZATION_ROUTES = [ // Authentication routes @@ -69,6 +70,16 @@ declare global { } } +let jwtPublicKey: KeyObject; + +// Initialize the jwt secret as a key object so it does not need to be regenerated for each request. +export function initAuthentication(api: Router) { + jwtPublicKey = createSecretKey( + Buffer.from(Config.get().security.jwtSecret), + ); + api.use(Authentication); +} + export async function Authentication( req: Request, res: Response, @@ -90,11 +101,9 @@ export async function Authentication( Sentry.setUser({ id: req.user_id }); try { - const { jwtSecret } = Config.get().security; - const { decoded, user } = await checkToken( req.headers.authorization, - jwtSecret, + jwtPublicKey, ); req.token = decoded; diff --git a/src/util/util/Token.ts b/src/util/util/Token.ts index ffc442aa..67e4b879 100644 --- a/src/util/util/Token.ts +++ b/src/util/util/Token.ts @@ -19,6 +19,7 @@ import jwt, { VerifyOptions } from "jsonwebtoken"; import { Config } from "./Config"; import { User } from "../entities"; +import { KeyObject } from "crypto"; export const JWTOptions: VerifyOptions = { algorithms: ["HS256"] }; @@ -62,7 +63,7 @@ async function checkEmailToken( export function checkToken( token: string, - jwtSecret: string, + jwtSecret: string | KeyObject, isEmailVerification = false, ): Promise<UserTokenData> { return new Promise((res, rej) => { |