Remove jwt security key from store client side code

Cezerin2 · May 13, 2019 · 09dc837 · 09dc837
1 parent f079775
commit 09dc837
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 24 deletions.
diff --git a/config/server.js b/config/server.js
@@ -0,0 +1,17 @@
+// config used by store server side only
+module.exports = {
+ // store UI language
+ language: process.env.LANGUAGE || 'en',
+ // used by Store (server side)
+ ajaxBaseUrl: process.env.AJAX_BASE_URL || 'http://localhost:3001/ajax',
+ // used by Store (server side)
+ apiBaseUrl: process.env.API_BASE_URL || 'http://localhost:3001/api/v1',
+
+ storeListenPort: process.env.STORE_PORT || 3000,
+
+ // key to sign tokens
+ jwtSecretKey: process.env.JWT_SECRET_KEY || '-',
+
+ // key to sign store cookies
+ cookieSecretKey: process.env.COOKIE_SECRET_KEY || '-'
+};
diff --git a/config/store.js b/config/store.js
@@ -2,21 +2,8 @@
 module.exports = {
  // store UI language
  language: process.env.LANGUAGE || 'en',
-
- // used by Store (server side)
- apiBaseUrl: process.env.API_BASE_URL || 'http://localhost:3001/api/v1',
-
- // used by API to service assets
- assetsBaseURL: process.env.ASSETS_BASE_URL || 'http://localhost:3001',
-
  // used by Store (server side)
  ajaxBaseUrl: process.env.AJAX_BASE_URL || 'http://localhost:3001/ajax',
-
- storeListenPort: process.env.STORE_PORT || 3000,
-
- // key to sign tokens
- jwtSecretKey: process.env.JWT_SECRET_KEY || '-',
-
- // key to sign store cookies
- cookieSecretKey: process.env.COOKIE_SECRET_KEY || '-'
+ // used by API to service assets
+ assetsBaseURL: process.env.ASSETS_BASE_URL || 'http://localhost:3001'
 };
diff --git a/src/server/auth-header.js b/src/server/auth-header.js
@@ -1,5 +1,5 @@
 import jwt from 'jsonwebtoken';
-import serverConfigs from '../../config/store';
+import serverConfigs from './settings';
 
 const cert = serverConfigs.jwtSecretKey;
 class AuthHeader {

diff --git a/src/server/index.js b/src/server/index.js
@@ -4,7 +4,7 @@ import responseTime from 'response-time';
 import path from 'path';
 import cookieParser from 'cookie-parser';
 import winston from 'winston';
-import settings from '../../config/store';
+import settings from './settings';
 import logger from './logger';
 import robotsRendering from './robotsRendering';
 import sitemapRendering from './sitemapRendering';

diff --git a/src/server/settings.js b/src/server/settings.js
@@ -1,2 +1,2 @@
-import settings from '../../config/store';
+import settings from '../../config/server';
 export default settings;
diff --git a/theme/src/components/account/index.js b/theme/src/components/account/index.js
@@ -2,7 +2,6 @@ import React from 'react';
 import { Redirect } from 'react-router-dom';
 import Lscache from 'lscache';
 import { themeSettings, text } from '../../lib/settings';
-import AuthHeader from '../../../../src/server/auth-header';
 import Account from './account';
 
 export default class AccountForm extends React.Component {
@@ -22,7 +21,7 @@ export default class AccountForm extends React.Component {
  first_name: values.first_name,
  last_name: values.last_name,
  email: values.email,
- password: AuthHeader.encodeUserPassword(values.password),
+ password: values.password,
  token: Lscache.get('auth_data'),
  shipping_address,
  billing_address,

diff --git a/theme/src/components/login/index.js b/theme/src/components/login/index.js
@@ -1,5 +1,4 @@
 import React from 'react';
-import AuthHeader from '../../../../src/server/auth-header';
 import { themeSettings, text } from '../../lib/settings';
 import Lscache from 'lscache';
 import Login from './login';
@@ -19,7 +18,7 @@ export default class LoginForm extends React.Component {
 
  this.props.loginUser({
  email: values.email,
- password: AuthHeader.encodeUserPassword(values.password),
+ password: values.password,
  history: this.props.history,
  cartLayer: cartLayer
  });

diff --git a/theme/src/components/register/index.js b/theme/src/components/register/index.js
@@ -1,5 +1,4 @@
 import React from 'react';
-import AuthHeader from '../../../../src/server/auth-header';
 import { Redirect } from 'react-router-dom';
 import { themeSettings, text } from '../../lib/settings';
 import Register from './register';
@@ -18,7 +17,7 @@ export default class RegisterForm extends React.Component {
  first_name: values.first_name,
  last_name: values.last_name,
  email: values.email,
- password: AuthHeader.encodeUserPassword(values.password),
+ password: values.password,
  history: this.props.history
  });
  };