1
0
mirror of https://github.com/immich-app/immich.git synced 2024-12-25 10:43:13 +02:00

Log a warning if JWT_SECRET key does not have enough bits

This commit is contained in:
bo0tzz 2022-10-13 21:54:29 +02:00
parent f2e0e3f345
commit c03f860f8e

View File

@ -1,5 +1,20 @@
import { Logger } from '@nestjs/common';
import { ConfigModuleOptions } from '@nestjs/config';
import Joi from 'joi';
import { createSecretKey, generateKeySync } from 'node:crypto'
const jwtSecretValidator: Joi.CustomValidator<string> = (value, _) => {
const key = createSecretKey(value, "base64")
const keySizeBits = (key.symmetricKeySize ?? 0) * 8
if (keySizeBits < 128) {
const newKey = generateKeySync('hmac', { length: 256 }).export().toString('base64')
Logger.warn("The current JWT_SECRET key is insecure. It should be at least 128 bits long!")
Logger.warn(`Here is a new, securely generated key that you can use instead: ${newKey}`)
}
return value;
}
export const immichAppConfig: ConfigModuleOptions = {
envFilePath: '.env',
@ -9,7 +24,7 @@ export const immichAppConfig: ConfigModuleOptions = {
DB_USERNAME: Joi.string().required(),
DB_PASSWORD: Joi.string().required(),
DB_DATABASE_NAME: Joi.string().required(),
JWT_SECRET: Joi.string().required(),
JWT_SECRET: Joi.string().required().custom(jwtSecretValidator),
DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false),
REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0,1,2,3).default(3),
LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose').default('simple'),