Sync DNS2 production changes - removed obsolete test suite and refactored structure
This commit is contained in:
Krystie
@@ -8,10 +8,8 @@ const jwt = require('jsonwebtoken');
|
||||
const crypto = require('crypto');
|
||||
const credentialManager = require('./credential-manager');
|
||||
const cryptoUtils = require('./crypto-utils');
|
||||
const { safeLog } = require('./logger-utils');
|
||||
|
||||
// JWT signing secret - derived from encryption key for consistency
|
||||
// SECURITY: Loaded from secure storage, never logged
|
||||
const JWT_SECRET = cryptoUtils.loadOrCreateKey();
|
||||
|
||||
// Namespace for API keys in credential manager
|
||||
@@ -40,13 +38,12 @@ class AuthManager {
|
||||
{
|
||||
...payload,
|
||||
iat: Math.floor(Date.now() / 1000),
|
||||
scope: payload.scope || ['read', 'write'],
|
||||
scope: payload.scope || ['read', 'write']
|
||||
},
|
||||
JWT_SECRET,
|
||||
{ expiresIn },
|
||||
{ expiresIn }
|
||||
);
|
||||
|
||||
// SECURITY: Log event only, never log the actual token
|
||||
console.log(`[AuthManager] Generated JWT for user: ${payload.sub}, expires in: ${expiresIn}`);
|
||||
return token;
|
||||
} catch (error) {
|
||||
@@ -67,14 +64,13 @@ class AuthManager {
|
||||
userId: decoded.sub,
|
||||
scope: decoded.scope || [],
|
||||
iat: decoded.iat,
|
||||
exp: decoded.exp,
|
||||
exp: decoded.exp
|
||||
};
|
||||
} catch (error) {
|
||||
if (error.name === 'TokenExpiredError') {
|
||||
console.log('[AuthManager] JWT token expired');
|
||||
} else if (error.name === 'JsonWebTokenError') {
|
||||
// SECURITY: Never log the actual token
|
||||
console.log('[AuthManager] JWT token invalid');
|
||||
console.log('[AuthManager] JWT token invalid:', error.message);
|
||||
} else {
|
||||
console.error('[AuthManager] JWT verification failed:', error.message);
|
||||
}
|
||||
@@ -111,7 +107,7 @@ class AuthManager {
|
||||
name,
|
||||
scopes,
|
||||
createdAt: new Date().toISOString(),
|
||||
lastUsed: null,
|
||||
lastUsed: null
|
||||
};
|
||||
|
||||
const metadataKey = `${API_KEY_METADATA_NAMESPACE}.${keyId}`;
|
||||
@@ -120,7 +116,6 @@ class AuthManager {
|
||||
// Cache metadata
|
||||
this.keyMetadataCache.set(keyId, metadata);
|
||||
|
||||
// SECURITY: Log event only, never log the actual API key
|
||||
console.log(`[AuthManager] Generated API key: ${name} (${keyId})`);
|
||||
|
||||
return {
|
||||
@@ -128,7 +123,7 @@ class AuthManager {
|
||||
id: keyId,
|
||||
name,
|
||||
scopes,
|
||||
createdAt: metadata.createdAt,
|
||||
createdAt: metadata.createdAt
|
||||
};
|
||||
} catch (error) {
|
||||
console.error('[AuthManager] API key generation failed:', error.message);
|
||||
@@ -179,7 +174,7 @@ class AuthManager {
|
||||
|
||||
// Update last used timestamp (non-blocking)
|
||||
this.updateLastUsed(keyId, metadata).catch(err =>
|
||||
console.error(`[AuthManager] Failed to update lastUsed for ${keyId}:`, err.message),
|
||||
console.error(`[AuthManager] Failed to update lastUsed for ${keyId}:`, err.message)
|
||||
);
|
||||
|
||||
console.log(`[AuthManager] API key verified: ${metadata.name} (${keyId})`);
|
||||
@@ -187,7 +182,7 @@ class AuthManager {
|
||||
return {
|
||||
keyId,
|
||||
scopes: metadata.scopes || [],
|
||||
name: metadata.name,
|
||||
name: metadata.name
|
||||
};
|
||||
} catch (error) {
|
||||
console.error('[AuthManager] API key verification failed:', error.message);
|
||||
@@ -282,7 +277,7 @@ class AuthManager {
|
||||
try {
|
||||
const updatedMetadata = {
|
||||
...metadata,
|
||||
lastUsed: new Date().toISOString(),
|
||||
lastUsed: new Date().toISOString()
|
||||
};
|
||||
|
||||
const metadataKey = `${API_KEY_METADATA_NAMESPACE}.${keyId}`;
|
||||
|
||||
Reference in New Issue
Block a user