Inject secret key at build time

2019-01-05 18:03:10 -08:00
parent 09ed8ac129
commit 76f05911cd
12 changed files with 79 additions and 52 deletions
--- a/rollup.config.js
+++ b/rollup.config.js
@ -1,6 +1,7 @@
+const fs = require('fs');
 const path = require('path');
 const builtinModules = require('module').builtinModules;
-
+const forge = require('node-forge');
 const babel = require('rollup-plugin-babel');
 const commonjs = require('rollup-plugin-commonjs');
 const json = require('rollup-plugin-json');
@ -15,6 +16,26 @@ const dev = env === 'development';
 // Allow storing env vars in .env in dev.
 if (dev) require('dotenv').config();

+function readFile(file) {
+  return fs.readFileSync(path.resolve(__dirname, file), 'utf8');
+}
+
+let secretKey;
+if (process.env.NODE_ENV === 'production') {
+  secretKey = {
+    public: readFile('./secret_key.pub'),
+    private: readFile('./secret_key')
+  };
+} else {
+  // Generate a random keypair for dev/testing.
+  // See https://gist.github.com/sebadoom/2b70969e70db5da9a203bebd9cff099f
+  const keypair = forge.rsa.generateKeyPair({ bits: 2048 });
+  secretKey = {
+    public: forge.pki.publicKeyToPem(keypair.publicKey, 72),
+    private: forge.pki.privateKeyToPem(keypair.privateKey, 72)
+  };
+}
+
 const functionsIndex = {
  external: id => true,
  input: path.resolve(__dirname, 'modules/functions/index.js'),
@ -63,7 +84,7 @@ const functions = [
        'process.env.CLOUDFLARE_KEY': JSON.stringify(
          process.env.CLOUDFLARE_KEY
        ),
-        'process.env.SECRET_KEY': JSON.stringify(process.env.SECRET_KEY)
+        'process.env.SECRET_KEY': JSON.stringify(secretKey)
      })
    ]
  };