variables clean-up and lib secuirty fixes.

Author: sachin-maheshwari

README.md

@@ -80,9 +80,7 @@ The other configurations can be changed in `config/default.js` or by setting env
 - `LOG_LEVEL` the logging level, `error` or `debug`
 - `PORT` the port on that app listens
 - `API_VERSION` the api version
-- `ALLOWED_SERVICES` the allowed calling services
 - `JWT_TOKEN_SECRET` the secret to sign JWT tokens
-- `JWT_TOKEN_EXPIRES_IN` the JWT token expiration
 - `TC_EMAIL_URL` the email service URL (http://localhost:4001, if deployed locally)
 - `TC_EMAIL_TOKEN` the email service authentication token (see tc-email README for details **link should be added later**)
 - `TC_EMAIL_CACHE_PERIOD` the period to cache template placeholders from email service (60 min default)
@@ -96,14 +94,6 @@ npm install
 npm start
 ```
 
-## Generate JWT Tokens:
-
-To generate JWT Tokens for allowed services, run:
-
-```bash
-npm run generate-tokens
-```
-
 To view the Swagger UI interface visit `http://localhost:3000/docs`
 
 This project leverages the mega-awesome [swagger-tools](https://github.com/apigee-127/swagger-tools) middleware which does most all the work.

common/helper.js

@@ -116,16 +116,6 @@ function verifyJwtToken (token) {
   return payload
 }
 
-/**
- * Sign the payload and get the JWT token.
- *
- * @param {Object} payload the payload to be sign
- * @returns {String} the token
- */
-function signJwtToken (payload) {
-  return jwt.sign(payload, config.JWT_TOKEN_SECRET, {expiresIn: config.JWT_TOKEN_EXPIRES_IN})
-}
-
 /**
  * Validate the event payload
  *
@@ -164,7 +154,6 @@ function verifyTokenScope (req, scope) {
 module.exports = {
   buildService,
   verifyJwtToken,
-  signJwtToken,
   validateEventPayload,
   verifyTokenScope
 }

config/default.js

@@ -9,8 +9,6 @@ module.exports = {
   AUTH_SECRET: process.env.JWT_TOKEN_SECRET,
   VALID_ISSUERS: process.env.VALID_ISSUERS ? process.env.VALID_ISSUERS.replace(/\\"/g, '') : null,
   JWT_TOKEN_SECRET: process.env.JWT_TOKEN_SECRET || '',
-  JWT_TOKEN_EXPIRES_IN: process.env.JWT_TOKEN_EXPIRES_IN || '100 days',
-  ALLOWED_SERVICES: process.env.ALLOWED_SERVICES || ['project-service', 'message-service'],
   TC_EMAIL_SERVICE_URL: process.env.TC_EMAIL_SERVICE_URL,
   TC_EMAIL_SERVICE_CACHE_PERIOD: process.env.TC_EMAIL_SERVICE_CACHE_PERIOD || (3600 * 1000),
 

deploy.sh

@@ -36,15 +36,12 @@ AWS_ECS_CONTAINER_NAME=$(eval "echo \$${ENV}_AWS_ECS_CONTAINER_NAME")
 LOG_LEVEL=$(eval "echo \$${ENV}_LOG_LEVEL")
 JWT_TOKEN_SECRET=$(eval "echo \$${ENV}_JWT_TOKEN_SECRET")
 API_VERSION=$(eval "echo \$${ENV}_API_VERSION")
-ALLOWED_SERVICES=$(eval "echo \$${ENV}_ALLOWED_SERVICES")
-JWT_TOKEN_EXPIRES_IN=$(eval "echo \$${ENV}_JWT_TOKEN_EXPIRES_IN")
 PORT=$(eval "echo \$${ENV}_NODE_PORT")
 
 KAFKA_URL=$(eval "echo \$${ENV}_KAFKA_URL")
 KAFKA_CLIENT_CERT=$(eval "echo \$${ENV}_KAFKA_CLIENT_CERT")
 KAFKA_CLIENT_CERT_KEY=$(eval "echo \$${ENV}_KAFKA_CLIENT_CERT_KEY")
 
-AUTH_DOMAIN=$(eval "echo \$${ENV}_AUTH_DOMAIN")
 VALID_ISSUERS=$(eval "echo \$${ENV}_VALID_ISSUERS")
 
 TC_EMAIL_SERVICE_URL=$(eval "echo \$${ENV}_TC_EMAIL_SERVICE_URL")
@@ -123,25 +120,13 @@ make_task_def(){
 								"name": "JWT_TOKEN_SECRET",
 								"value": "%s"
 						},
-						{
-								"name": "ALLOWED_SERVICES",
-								"value": "%s"
-						},
-						{
-								"name": "JWT_TOKEN_EXPIRES_IN",
-								"value": "%s"
-						},
 						{
 								"name": "API_VERSION",
 								"value": "%s"
 						},
 						{
 								"name": "PORT",
 								"value": "%s"
-						},
-												{
-								"name": "AUTH_DOMAIN",
-								"value": "%s"
 						},
 						{
 								"name": "VALID_ISSUERS",
@@ -190,7 +175,7 @@ make_task_def(){
 		}
 	]'
 
-	task_def=$(printf "$task_template" $AWS_ECS_CONTAINER_NAME $AWS_ACCOUNT_ID $AWS_REGION $AWS_REPOSITORY $TAG $ENV $KAFKA_URL "$KAFKA_CLIENT_CERT" "$KAFKA_CLIENT_CERT_KEY" $LOG_LEVEL $JWT_TOKEN_SECRET "$ALLOWED_SERVICES" $JWT_TOKEN_EXPIRES_IN "$API_VERSION" $PORT "$AUTH_DOMAIN" "$VALID_ISSUERS" $TC_EMAIL_SERVICE_URL "$AUTH0_URL" "$AUTH0_AUDIENCE" $AUTH0_CLIENT_ID "$AUTH0_CLIENT_SECRET" $TOKEN_CACHE_TIME $AWS_ECS_CLUSTER $AWS_REGION $AWS_ECS_CLUSTER $ENV)
+	task_def=$(printf "$task_template" $AWS_ECS_CONTAINER_NAME $AWS_ACCOUNT_ID $AWS_REGION $AWS_REPOSITORY $TAG $ENV $KAFKA_URL "$KAFKA_CLIENT_CERT" "$KAFKA_CLIENT_CERT_KEY" $LOG_LEVEL $JWT_TOKEN_SECRET "$API_VERSION" $PORT "$VALID_ISSUERS" $TC_EMAIL_SERVICE_URL "$AUTH0_URL" "$AUTH0_AUDIENCE" $AUTH0_CLIENT_ID "$AUTH0_CLIENT_SECRET" $TOKEN_CACHE_TIME $AWS_ECS_CLUSTER $AWS_REGION $AWS_ECS_CLUSTER $ENV)
 }
 
 register_definition() {