Fixes #3: use symmetric key for JWT

qiangxue · Feb 19, 2020 · 8e7306c · 8e7306c
1 parent 5488727
commit 8e7306c
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 13 deletions.
diff --git a/Makefile b/Makefile
@@ -31,21 +31,18 @@ test-cover: test ## run unit tests and show test coverage information
 
 .PHONY: run
 run: ## run the API server
-	go run ${LDFLAGS} cmd/server/main.go & echo $$! > $(PID_FILE)
-
-.PHONY: run-stop
-run-stop: ## stop the API server
-	@pkill -P `cat $(PID_FILE)` || true
+	go run ${LDFLAGS} cmd/server/main.go
 
 .PHONY: run-restart
 run-restart: ## restart the API server
-	@make run-stop
+	@pkill -P `cat $(PID_FILE)` || true
 	@printf '%*s\n' "80" '' | tr ' ' -
 	@echo "Source file changed. Restarting server..."
-	@make run
+	@go run ${LDFLAGS} cmd/server/main.go & echo $$! > $(PID_FILE)
 	@printf '%*s\n' "80" '' | tr ' ' -
 
-run-live: run ## run the API server with live reload support (requires fswatch)
+run-live: ## run the API server with live reload support (requires fswatch)
+	@go run ${LDFLAGS} cmd/server/main.go & echo $$! > $(PID_FILE)
 	@fswatch -x -o --event Created --event Updated --event Renamed -r internal pkg cmd config | xargs -n1 -I {} make run-restart
 
 .PHONY: build

diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -85,7 +85,7 @@ func buildHandler(logger log.Logger, db *dbcontext.DB, cfg *config.Config) http.
 
 	rg := router.Group("/v1")
 
-	authHandler := auth.Handler(cfg.JWTVerificationKey)
+	authHandler := auth.Handler(cfg.JWTSigningKey)
 
 	album.RegisterHandlers(rg.Group(""),
 		album.NewService(album.NewRepository(db, logger), logger),

diff --git a/config/local.yml b/config/local.yml
@@ -1,3 +1,2 @@
 dsn: "postgres://127.0.0.1/go_restful?sslmode=disable&user=postgres&password=postgres"
 jwt_signing_key: "LxsKJywDL5O5PvgODZhBH12KE6k2yL8E"
-jwt_verification_key: "IuDQoh1QAIFwnKAydSntyJrTmOkct3wN"
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -21,8 +21,6 @@ type Config struct {
 	DSN string `yaml:"dsn" env:"DSN,secret"`
 	// JWT signing key. required.
 	JWTSigningKey string `yaml:"jwt_signing_key" env:"JWT_SIGNING_KEY,secret"`
-	// JWT verification key. required.
-	JWTVerificationKey string `yaml:"jwt_verification_key" env:"JWT_VERIFICATION_KEY,secret"`
 	// JWT expiration in hours. Defaults to 72 hours (3 days)
 	JWTExpiration int `yaml:"jwt_expiration" env:"JWT_EXPIRATION"`
 }
@@ -32,7 +30,6 @@ func (c Config) Validate() error {
 	return validation.ValidateStruct(&c,
 		validation.Field(&c.DSN, validation.Required),
 		validation.Field(&c.JWTSigningKey, validation.Required),
-		validation.Field(&c.JWTVerificationKey, validation.Required),
 	)
 }