Inject secret key at build time
This commit is contained in:
Michael Jackson
parent
09ed8ac129
commit
76f05911cd
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
"public/_assets/main.js": {
|
||||
"bundled": 106742,
|
||||
"minified": 41138,
|
||||
"gzipped": 12988
|
||||
"bundled": 106911,
|
||||
"minified": 41169,
|
||||
"gzipped": 13005
|
||||
},
|
||||
"public/_assets/autoIndex.js": {
|
||||
"bundled": 44018,
|
||||
"bundled": 44017,
|
||||
"minified": 15077,
|
||||
"gzipped": 5142
|
||||
}
|
||||
|
|
|
|||
16
.travis.yml
16
.travis.yml
|
|
@ -2,7 +2,13 @@ language: node_js
|
|||
node_js: node
|
||||
cache: npm
|
||||
env:
|
||||
secure: Z/uibhTgn2S4fy12WQs1wopytecb0Eo2O1qkT4FyEuu4xjSM0ZQ5zKP3eRSRAfr7tTZbTro1zRGWjNCQjJSNvm/6Ftyzp7aN8tFd7zVlZSGIJWGGItB1vqz3ls5ynt6EGLk6SRPtsHCiunaIzYUCLl5c1kFyjyqW3Aab77TQL6sNeTEOb2nS9wDi4xEfS1yDcJIT3swupHf4+tHtTHBMqwtvTpqdyRwkoauAaP94qWP2Glz3YnEpgJFLfvI9MHlOG+dMs6iroJ6UTzNfYOeWKq7xXrmtH2DY0u93fa9JOFIe4CrcSEt88fSO4o1BcdnPitLoB5GfgC8G4IanmtPTMl/3lrnjA2LkhqNs4w4ad9Xhd0fMLRKDofKSRarhMmfMxRY8o14K/2AmUWoS6DBjiOoHap7UTwdPxh2RmEhctG9ufvaQOXD6LAT2pewx9I9Jdg/FrEF7pCnuJxV8jFn8CryQw9QFYAqvgesjJNuHhjfoQdtuqNAQZl6RjoD0lg5iTnr/iwxfE6ayPilKPw7bJNw+yPUgNC//0rCj/KGcOS+9Ho2eD48Qh0GWpOOYBHhxVoo9oF2M1evlMpuuMXfM5KT++XZbxUbDZj1L22eYQDKF0Cwaf4NLCJ0/K5Wwcjphshmk7iy2t5c+JL76T5lFTt/aYQMGNdMdqB/Ato8aow8=
|
||||
global:
|
||||
- secure: uKf/ZaQjLXOQE+h/HE2YhabzndG/gYtDU2hfo799hgyb/W1ojgW3NJZyS2H4SJ3ESaGSwc0L6x/CRGc6jn09rx4iDEzt5jeIQhA4IrEIlLEEarnn3amUqrQ4syd2GPpqsFROu7d5aQDK/dZHLk5Hpv1y9Atz392VCWnro5Pbc0tkRkMaCPZLEgs2A6wK0aYzX3X7FACyBXBc/xA+FfzevpAx7SVt10A6pxx8rYbqrmz0hi4NEH8wmynN35imKxRCVWblHv8ty7ZkyfTv7kUaEW0wBfTxJNh/Kio4Y71Jg/DI6lekF0oY2gAqZ+JnReC94po2HEaF15NuC6j35HHv56CtTUQBRl/nKrItPI7PMuPlyCHi5ChuSD3Oc5Hmu2UiRh5le+iNLjHrpXD25tAOPUfSmrgkaLIn0fdqeKnO3D4Be55KTnWhDlSWjyaQFR9POUvIQwWzjdTflIegRQIzNEC6z9fAp+YDpVyCgbpHbWk0xF8lrEqvBRoJ8vOTYTNUiYM/XPWrv552MyC90th8yCaWl+Dhf2Zso1/neIAejbwhGhFXUeXHxkUK+JDYvfDlq4yrg8h4MPuZ0SE3U5sqvFeNxxFbvNLxbbWLOYmaAXfYrdjT3Ns0TEQc49ZUkLz5feGsIkh+CpiqVRUoBVCizrnAU6mzW2E7IsHVES1ILVY=
|
||||
- secure: 2glMrYXCJv0NAtO3MouSWhijwdUDaYPTWuNT+la0A4hxIF+N00j2+kgqjidJAmijpmPICEyeXe5RtdLVER8Wye8Nz6FocagC/bM3TKmGg689033HjUU1f4YDXkrhemywWV+Kdgnd+98bFWmUBUGy0c0m+C2GR+DocYchIVwzHH7NVUwRd+byE5CtW3xSMhrKVPhiQgeCBbMYLCHCrsppAsxRChRYcteYAXsR4DeT9BRyZ2q35FNNxh3NuVOBUoH1jUMEbJJ+te1UwxLM1mZRJ5GpJ1B6349myX0L5I5DxoYZqTMUSbYGFB5Ad1NZjEXxS6WtrlWRlsviX5ER3J8AkfPh4sjVt9IqAinBeMhW3SUeK2qazdWE/7zyb3n5sL4/74epGeLp6Sq4OHVDVTiDMVN1rW+9no0IKknvgzqDVkdp3/ShJnQj0TrZYjXyn2wnmYcfMIHjsqWr+uY0oFbyZDNeIGV9f/KW1Rx8XZt3pqiR2AuxLrvKTpPL/Zffu5GXryM53gpcWFoXFHjpBfFbRP250wLiCqNY+XZSA7okzv6vIsykXsHU6FEu7SYiZZhX2mfJQOSRa/+64wuhKwNllSuLIj1I9n/myaSUNQa5Lor6jzsDz4dbXP/tEnh93mXvdKe3DdS9LG7Ca9V8YfxOWccJhT7gXf7DVFMNI5VNMvw=
|
||||
- secure: rrZwddgjDOdZj81JRQ6Z+PWEGodJG4FcWk+BOkfF7HrMKK30ZAQwjJWAxb33OrhGLrZ2QFVoAD4kbMYlV8oo/OBtiXHgR2Xv1JKW74VF7r+VdKk4MGvuqXuprbauRfJYnR0aAH16H/l0+dKLtma4FL7moD33f7+UYac8xRRKC9dFsT8xxxfznTpqTP2loDZPsBJ+EaCzWGK2n/wTegGirxVHcS/dAj6yN6EIdAr+ekAgzGtqIaRAVYkGW3qRvz8FXA0PRzZopgBrLcAaWpot9yDIaS0K+vrVNF05fWF5CPP8ygOjd7I04DsoGd4S/5aW45yALxIasElZCMWesrcmNL/fCn+BFolJQY/aoZVqiOiL6h3u7/OLL6gOwXeJhLx/qMS3WcaeoudzhpjMg9q6urgA9FrViCdY21CoFcRxw8ZFXi92CFx3c2Tn8QoFLumHHOS9F8ZJ0t+EMC6fJ6kS2P+GWO6Iwvt+ONOeB88ZnzIViyH66y43+i/Zrqzs28KW5i7sTcrx3zFQrEuWCLS6jMhWYsesvi/hsqfWlvMu3c9V6YxNSgZJHtmlpXN4Bq28chS3S5YVr2pV5rmLywSchcfmJgQoPikPwJ8qinm0egnmr/ukOcKELtaSTlPz+tZL/tVjwC6Qkzh4ELzVxmX1wWZGJgERFHEUHuC2LeXnn94=
|
||||
before_install:
|
||||
- openssl aes-256-cbc -K $encrypted_a35d52d190dd_key -iv $encrypted_a35d52d190dd_iv
|
||||
-in secret_key.enc -out secret_key -d
|
||||
script:
|
||||
- NODE_ENV=production npm run build
|
||||
before_deploy:
|
||||
|
|
@ -10,11 +16,7 @@ before_deploy:
|
|||
deploy:
|
||||
- provider: script
|
||||
skip_cleanup: true
|
||||
script: $(npm bin -g)/firebase deploy
|
||||
--project unpkg-gcp
|
||||
--message "https://travis-ci.com/$TRAVIS_REPO_SLUG/builds/$TRAVIS_BUILD_ID"
|
||||
--token $FIREBASE_TOKEN
|
||||
--non-interactive
|
||||
--force
|
||||
script: $(npm bin -g)/firebase deploy --project unpkg-gcp --message "https://travis-ci.com/$TRAVIS_REPO_SLUG/builds/$TRAVIS_BUILD_ID"
|
||||
--token $FIREBASE_TOKEN --non-interactive --force
|
||||
on:
|
||||
branch: firebase-hosting
|
||||
|
|
|
|||
|
|
@ -3382,11 +3382,6 @@
|
|||
"is-stream": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"node-forge": {
|
||||
"version": "0.7.6",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz",
|
||||
"integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw=="
|
||||
},
|
||||
"nth-check": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz",
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@
|
|||
"lru-cache": "^5.1.1",
|
||||
"mime": "^2.4.0",
|
||||
"ndjson": "^1.5.0",
|
||||
"node-forge": "^0.7.6",
|
||||
"pretty-bytes": "^5.1.0",
|
||||
"prop-types": "^15.6.2",
|
||||
"react": "^16.7.0",
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
import secretKey from '../secretKey';
|
||||
import { secretKey } from '../config';
|
||||
|
||||
export default function showPublicKey(req, res) {
|
||||
res.send({ publicKey: secretKey.public });
|
||||
|
|
|
|||
|
|
@ -1,4 +1,10 @@
|
|||
import invariant from 'invariant';
|
||||
|
||||
export const npmRegistryURL =
|
||||
process.env.NPM_REGISTRY_URL || 'https://registry.npmjs.org';
|
||||
|
||||
export const origin = process.env.ORIGIN || 'http://localhost:5000';
|
||||
|
||||
export const secretKey = process.env.SECRET_KEY;
|
||||
|
||||
invariant(secretKey, 'Missing $SECRET_KEY environment variable');
|
||||
|
|
|
|||
|
|
@ -1,31 +0,0 @@
|
|||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
import forge from 'node-forge';
|
||||
import invariant from 'invariant';
|
||||
|
||||
let secretKey;
|
||||
if (process.env.NODE_ENV === 'production') {
|
||||
invariant(
|
||||
process.env.PRIVATE_KEY,
|
||||
'Missing $PRIVATE_KEY environment variable'
|
||||
);
|
||||
|
||||
secretKey = {
|
||||
public: fs.readFileSync(
|
||||
path.resolve(__dirname, '../secret_key.pub'),
|
||||
'utf8'
|
||||
),
|
||||
private: process.env.PRIVATE_KEY
|
||||
};
|
||||
} else {
|
||||
// Generate a random keypair for dev/testing.
|
||||
// See https://gist.github.com/sebadoom/2b70969e70db5da9a203bebd9cff099f
|
||||
const keypair = forge.rsa.generateKeyPair({ bits: 2048 });
|
||||
|
||||
secretKey = {
|
||||
public: forge.pki.publicKeyToPem(keypair.publicKey, 72),
|
||||
private: forge.pki.privateKeyToPem(keypair.privateKey, 72)
|
||||
};
|
||||
}
|
||||
|
||||
export default secretKey;
|
||||
|
|
@ -2,7 +2,7 @@ import crypto from 'crypto';
|
|||
import jwt from 'jsonwebtoken';
|
||||
|
||||
import data from './data';
|
||||
import secretKey from '../secretKey';
|
||||
import { secretKey } from '../config';
|
||||
|
||||
function getCurrentSeconds() {
|
||||
return Math.floor(Date.now() / 1000);
|
||||
|
|
|
|||
|
|
@ -3007,6 +3007,11 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"date-fns": {
|
||||
"version": "1.30.1",
|
||||
"resolved": "https://registry.npmjs.org/date-fns/-/date-fns-1.30.1.tgz",
|
||||
"integrity": "sha512-hBSVCvSmWC+QypYObzwGOd9wqdDpOt+0wl0KbU+R+uuZBS1jN8VsD1ss3irQDknRj5NvxiTF6oj/nDRnN/UQNw=="
|
||||
},
|
||||
"date-now": {
|
||||
"version": "0.1.4",
|
||||
"resolved": "https://registry.npmjs.org/date-now/-/date-now-0.1.4.tgz",
|
||||
|
|
@ -6690,6 +6695,12 @@
|
|||
"is-stream": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"node-forge": {
|
||||
"version": "0.7.6",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz",
|
||||
"integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==",
|
||||
"dev": true
|
||||
},
|
||||
"node-int64": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz",
|
||||
|
|
@ -6879,6 +6890,11 @@
|
|||
"integrity": "sha512-FTMyFUm2wBcGHnH2eXmz7tC6IwlqQZ6mVZ+6dm6vZ4IQIHjs6FdNsQBuKGPuUUUY6NfJw2PshC08Tn6LzLDOag==",
|
||||
"dev": true
|
||||
},
|
||||
"object-path": {
|
||||
"version": "0.6.0",
|
||||
"resolved": "https://registry.npmjs.org/object-path/-/object-path-0.6.0.tgz",
|
||||
"integrity": "sha1-tpp9EQk3k08zbKVh/ZvhrXt+DLc="
|
||||
},
|
||||
"object-visit": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz",
|
||||
|
|
@ -7271,6 +7287,11 @@
|
|||
"integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks=",
|
||||
"dev": true
|
||||
},
|
||||
"pretty-bytes": {
|
||||
"version": "5.1.0",
|
||||
"resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.1.0.tgz",
|
||||
"integrity": "sha512-wa5+qGVg9Yt7PB6rYm3kXlKzgzgivYTLRandezh43jjRqgyDyP+9YxfJpJiLs9yKD1WeU8/OvtToWpW7255FtA=="
|
||||
},
|
||||
"pretty-format": {
|
||||
"version": "22.4.3",
|
||||
"resolved": "http://registry.npmjs.org/pretty-format/-/pretty-format-22.4.3.tgz",
|
||||
|
|
@ -8914,6 +8935,14 @@
|
|||
"kind-of": "^3.2.0"
|
||||
}
|
||||
},
|
||||
"sort-by": {
|
||||
"version": "1.2.0",
|
||||
"resolved": "https://registry.npmjs.org/sort-by/-/sort-by-1.2.0.tgz",
|
||||
"integrity": "sha1-7ZK7/5/SKEtB9lA+OElmB7Il/m8=",
|
||||
"requires": {
|
||||
"object-path": "0.6.0"
|
||||
}
|
||||
},
|
||||
"source-map": {
|
||||
"version": "0.5.7",
|
||||
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@
|
|||
"invariant": "^2.2.2",
|
||||
"isomorphic-fetch": "^2.2.1",
|
||||
"jest": "^22.4.4",
|
||||
"node-forge": "^0.7.6",
|
||||
"rollup": "^1.0.0",
|
||||
"rollup-plugin-babel": "^4.2.0",
|
||||
"rollup-plugin-commonjs": "^9.2.0",
|
||||
|
|
@ -37,5 +38,10 @@
|
|||
"rollup-plugin-size-snapshot": "^0.7.0",
|
||||
"rollup-plugin-url": "^2.1.0",
|
||||
"supertest": "^3.0.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"date-fns": "^1.30.1",
|
||||
"pretty-bytes": "^5.1.0",
|
||||
"sort-by": "^1.2.0"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const builtinModules = require('module').builtinModules;
|
||||
|
||||
const forge = require('node-forge');
|
||||
const babel = require('rollup-plugin-babel');
|
||||
const commonjs = require('rollup-plugin-commonjs');
|
||||
const json = require('rollup-plugin-json');
|
||||
|
|
@ -15,6 +16,26 @@ const dev = env === 'development';
|
|||
// Allow storing env vars in .env in dev.
|
||||
if (dev) require('dotenv').config();
|
||||
|
||||
function readFile(file) {
|
||||
return fs.readFileSync(path.resolve(__dirname, file), 'utf8');
|
||||
}
|
||||
|
||||
let secretKey;
|
||||
if (process.env.NODE_ENV === 'production') {
|
||||
secretKey = {
|
||||
public: readFile('./secret_key.pub'),
|
||||
private: readFile('./secret_key')
|
||||
};
|
||||
} else {
|
||||
// Generate a random keypair for dev/testing.
|
||||
// See https://gist.github.com/sebadoom/2b70969e70db5da9a203bebd9cff099f
|
||||
const keypair = forge.rsa.generateKeyPair({ bits: 2048 });
|
||||
secretKey = {
|
||||
public: forge.pki.publicKeyToPem(keypair.publicKey, 72),
|
||||
private: forge.pki.privateKeyToPem(keypair.privateKey, 72)
|
||||
};
|
||||
}
|
||||
|
||||
const functionsIndex = {
|
||||
external: id => true,
|
||||
input: path.resolve(__dirname, 'modules/functions/index.js'),
|
||||
|
|
@ -63,7 +84,7 @@ const functions = [
|
|||
'process.env.CLOUDFLARE_KEY': JSON.stringify(
|
||||
process.env.CLOUDFLARE_KEY
|
||||
),
|
||||
'process.env.SECRET_KEY': JSON.stringify(process.env.SECRET_KEY)
|
||||
'process.env.SECRET_KEY': JSON.stringify(secretKey)
|
||||
})
|
||||
]
|
||||
};
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Reference in New Issue