mirror of
				https://github.com/immich-app/immich.git
				synced 2025-10-26 16:22:33 -04:00 
			
		
		
		
	Log a warning if JWT_SECRET key does not have enough bits
This commit is contained in:
		
							parent
							
								
									f2e0e3f345
								
							
						
					
					
						commit
						c03f860f8e
					
				| @ -1,5 +1,20 @@ | |||||||
|  | import { Logger } from '@nestjs/common'; | ||||||
| import { ConfigModuleOptions } from '@nestjs/config'; | import { ConfigModuleOptions } from '@nestjs/config'; | ||||||
| import Joi from 'joi'; | import Joi from 'joi'; | ||||||
|  | import { createSecretKey, generateKeySync } from 'node:crypto' | ||||||
|  | 
 | ||||||
|  | const jwtSecretValidator: Joi.CustomValidator<string> = (value, _) => { | ||||||
|  |   const key = createSecretKey(value, "base64") | ||||||
|  |   const keySizeBits = (key.symmetricKeySize ?? 0) * 8 | ||||||
|  | 
 | ||||||
|  |   if (keySizeBits < 128) { | ||||||
|  |     const newKey = generateKeySync('hmac', { length: 256 }).export().toString('base64') | ||||||
|  |     Logger.warn("The current JWT_SECRET key is insecure. It should be at least 128 bits long!") | ||||||
|  |     Logger.warn(`Here is a new, securely generated key that you can use instead: ${newKey}`) | ||||||
|  |   } | ||||||
|  | 
 | ||||||
|  |   return value; | ||||||
|  | } | ||||||
| 
 | 
 | ||||||
| export const immichAppConfig: ConfigModuleOptions = { | export const immichAppConfig: ConfigModuleOptions = { | ||||||
|   envFilePath: '.env', |   envFilePath: '.env', | ||||||
| @ -9,7 +24,7 @@ export const immichAppConfig: ConfigModuleOptions = { | |||||||
|     DB_USERNAME: Joi.string().required(), |     DB_USERNAME: Joi.string().required(), | ||||||
|     DB_PASSWORD: Joi.string().required(), |     DB_PASSWORD: Joi.string().required(), | ||||||
|     DB_DATABASE_NAME: Joi.string().required(), |     DB_DATABASE_NAME: Joi.string().required(), | ||||||
|     JWT_SECRET: Joi.string().required(), |     JWT_SECRET: Joi.string().required().custom(jwtSecretValidator), | ||||||
|     DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false), |     DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false), | ||||||
|     REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0,1,2,3).default(3), |     REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0,1,2,3).default(3), | ||||||
|     LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose').default('simple'), |     LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose').default('simple'), | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user