Removed secrets from config.

2025-12-13 23:43:49 +00:00 · 2025-12-13 23:43:49 +00:00 · b24c9e1b3e
commit b24c9e1b3e
parent 80aeb116dc
3 changed files with 13 additions and 15 deletions
--- a/config.json
+++ b/config.json
@ -9,11 +9,9 @@
      "keycloak": {
        "url": "https://auth.tombutcher.work",
        "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
      },
-      "requiredRoles": [],
-      "sessionSecret": "n00Dl3s23!"
+      "requiredRoles": []
    },
    "app": {
      "urlClient": "http://localhost:3000",
@ -60,11 +58,9 @@
      "keycloak": {
        "url": "https://auth.tombutcher.work",
        "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
      },
-      "requiredRoles": [],
-      "sessionSecret": "n00Dl3s23!"
+      "requiredRoles": []
    },
    "app": {
      "urlClient": "http://localhost:3000",
--- a/src/keycloak.js
+++ b/src/keycloak.js
@ -2,7 +2,7 @@ import Keycloak from 'keycloak-connect';
 import session from 'express-session';
 import config, { getEnvironment } from './config.js';
 import axios from 'axios';
-import jwt from 'jsonwebtoken';
+import dotenv from 'dotenv';
 import log4js from 'log4js';
 import NodeCache from 'node-cache';
 import { userModel } from './database/schemas/management/user.schema.js';
@ -12,6 +12,8 @@ import { hostModel } from './database/schemas/management/host.schema.js';
 const logger = log4js.getLogger('Keycloak');
 logger.level = config.server.logLevel || 'info';

+dotenv.config();
+
 // Initialize NodeCache with 5-minute TTL
 const userCache = new NodeCache({ stdTTL: 300 }); // 300 seconds = 5 minutes

@ -65,14 +67,14 @@ const keycloakConfig = {
  'use-resource-role-mappings': true,
  'verify-token-audience': true,
  credentials: {
-    secret: config.auth.keycloak.clientSecret,
+    secret: process.env.KEYCLOAK_CLIENT_SECRET,
  },
 };

 const memoryStore = new session.MemoryStore();

 var expressSession = session({
-  secret: config.auth.sessionSecret,
+  secret: process.env.SESSION_SECRET || 'n00Dl3s23!',
  resave: false,
  saveUninitialized: true, // Set this to true to ensure session is initialized
  store: memoryStore,
@ -98,7 +100,7 @@ const isAuthenticated = async (req, res, next) => {
        new URLSearchParams({
          token: token,
          client_id: config.auth.keycloak.clientId,
-          client_secret: config.auth.keycloak.clientSecret,
+          client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
        }),
        {
          headers: {
--- a/src/services/misc/auth.js
+++ b/src/services/misc/auth.js
@ -104,7 +104,7 @@ const fetchAndStoreUser = async (req, token) => {
      userInfoUrl,
      new URLSearchParams({
        client_id: config.auth.keycloak.clientId,
-        client_secret: config.auth.keycloak.clientSecret,
+        client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
      }),
      {
        headers: {
@ -161,7 +161,7 @@ export const loginTokenRouteHandler = async (req, res, redirectType = 'web') =>
        new URLSearchParams({
          grant_type: 'authorization_code',
          client_id: config.auth.keycloak.clientId,
-          client_secret: config.auth.keycloak.clientSecret,
+          client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
          code: code,
          redirect_uri: callbackUrl,
        }).toString(),
@ -401,7 +401,7 @@ export const refreshTokenRouteHandler = (req, res) => {
      new URLSearchParams({
        grant_type: 'refresh_token',
        client_id: config.auth.keycloak.clientId,
-        client_secret: config.auth.keycloak.clientSecret,
+        client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
        refresh_token: refreshToken,
      }).toString(),
      {