-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathindex.js
More file actions
68 lines (59 loc) · 2.51 KB
/
index.js
File metadata and controls
68 lines (59 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
/**
* Central configuration and constants.
* All environment-dependent values and shared helpers are defined here.
*
* This module now uses the validated environment configuration from env.js.
* All environment variables are validated on startup.
*/
import logger from '../logging/logger.js';
import env, { getAllowedOrigins, getMaxRequestSize, isPostgresConfigured } from './env.js';
// Export validated environment variables
export const DATA_DIR = env.DATA_DIR;
export const AUTH_DB_PATH = `${DATA_DIR}/auth.db`;
export const PORT = env.PORT;
export const DB_TYPE = env.DB_TYPE;
export const POSTGRES_URL = env.POSTGRES_URL;
export const POSTGRES_HOST = env.POSTGRES_HOST;
export const POSTGRES_PORT = env.POSTGRES_PORT;
export const POSTGRES_DB = env.POSTGRES_DB;
export const POSTGRES_USER = env.POSTGRES_USER;
export const POSTGRES_PASSWORD = env.POSTGRES_PASSWORD;
export { isPostgresConfigured };
export const NODE_ENV = env.NODE_ENV;
export const TRUST_PROXY = env.TRUST_PROXY;
export const LOG_LEVEL = env.LOG_LEVEL;
export const MAX_REQUEST_SIZE = getMaxRequestSize();
export const ALLOWED_ORIGINS = getAllowedOrigins();
/**
* Parses JWT_ACCESS_TTL into seconds.
* Supports formats: '1h', '30m', '3600' (seconds), etc.
*/
export const parseExpiresInToSeconds = (expiresInStr) => {
if (!expiresInStr) return 3600; // Default 1 hour
const unitMatch = expiresInStr.toLowerCase().match(/^(\d+)([smhd])$/);
if (unitMatch) {
const value = parseInt(unitMatch[1], 10);
const unit = unitMatch[2];
const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };
if (Object.prototype.hasOwnProperty.call(multipliers, unit)) {
// Safe: unit is validated before access
// eslint-disable-next-line security/detect-object-injection
return value * multipliers[unit];
}
}
const num = parseInt(expiresInStr, 10);
if (!isNaN(num)) return num;
throw new Error(`Invalid JWT_ACCESS_TTL: "${expiresInStr}". Use e.g., '1h', '3600', or '30m'.`);
};
export const ACCESS_TTL_SECONDS = parseExpiresInToSeconds(env.JWT_ACCESS_TTL);
export const REFRESH_TTL_SECONDS = parseExpiresInToSeconds(env.JWT_REFRESH_TTL);
// Export JWT secrets (auto-generated in development if not set)
export const JWT_SECRET = env.JWT_SECRET;
export const JWT_REFRESH_SECRET = env.JWT_REFRESH_SECRET;
export const SESSION_SECRET = env.SESSION_SECRET;
logger.info('JWT TTL configuration', {
accessTTL: `${ACCESS_TTL_SECONDS}s`,
accessTTLSource: env.JWT_ACCESS_TTL,
refreshTTL: `${REFRESH_TTL_SECONDS}s`,
refreshTTLSource: env.JWT_REFRESH_TTL,
});