use server_token header

2025-06-10 02:54:15 +00:00 · 2023-04-04 12:10:56 +00:00 · 2023-04-04 12:10:56 +00:00 · bcd1735fcd
commit bcd1735fcd
parent 24d7038191
3 changed files with 8 additions and 6 deletions
--- a/packages/message_server/src/api.js
+++ b/packages/message_server/src/api.js
@ -12,7 +12,7 @@ import routes from "./routes"
 const mainAPI = axios.create({
    baseURL: process.env.MAIN_API_URL ?? "http://localhost:3010",
    headers: {
-        "server_token": `${process.env.MAIN_SERVER_ID}:${process.env.MAIN_SERVER_TOKEN}`,
+        server_token: `${process.env.MAIN_SERVER_ID}:${process.env.MAIN_SERVER_TOKEN}`,
    }
 })

@ -82,7 +82,7 @@ class TextRoomServer {

                if (!session.valid) {
                    console.error(`[${socket.id}] failed to validate session caused by invalid token`, session)
-                    
+
                    return next(new Error(`auth:token_invalid`))
                }

--- a/packages/server/package.json
+++ b/packages/server/package.json
@ -21,7 +21,7 @@
    "formidable": "^2.1.1",
    "jimp": "^0.16.2",
    "jsonwebtoken": "^9.0.0",
-    "linebridge": "0.15.7",
+    "linebridge": "0.15.8",
    "luxon": "^3.2.1",
    "mime-types": "^2.1.35",
    "minio": "^7.0.32",
--- a/packages/server/src/api.js
+++ b/packages/server/src/api.js
@ -35,6 +35,8 @@ export default class API {
        require("@controllers"),
        require("@middlewares"),
        {
+            "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+            "Access-Control-Allow-Headers": "Content-Type, Authorization, Content-Length, X-Requested-With, X-Access-Token, X-Refresh-Token, server_token",
            "Access-Control-Expose-Headers": "regenerated_token",
        },
    )
@ -44,15 +46,15 @@ export default class API {
    eventBus = global.eventBus = new EventEmitter()

    storage = global.storage = createStorageClientInstance()
-
+    
    jwtStrategy = global.jwtStrategy = {
        jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-        secretOrKey: this.server.server_token,
+        secretOrKey: process.env.SERVER_TOKEN ?? "secret",
        algorithms: ["sha1", "RS256", "HS256"],
        expiresIn: process.env.signLifetime ?? "1h",
        enforceRegenerationTokenExpiration: false,
    }
-
+    
    constructor() {
        this.server.engine_instance.use(express.json())
        this.server.engine_instance.use(express.urlencoded({ extended: true }))