Merge pull request #460 from curveball/new-privilege-system

Use new curveball environment variables.
curveball · Oct 4, 2023 · 0959c0f · 0959c0f
2 parents c8b235b + d5e6f08
commit 0959c0f
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 21 deletions.
diff --git a/changelog.md b/changelog.md
@@ -26,6 +26,8 @@ Changelog
   accounts
 * When using the Redis session backend, CSRF tokens would not get stored
   correctly, causing some browser operations to fail.
+* a12n-server will now report a better process name in linux process lists.
+* The server now picks up the `CURVEBALL_ORIGIN` environment variable.
 
 
 0.23.1 (2023-03-29)

diff --git a/package-lock.json b/package-lock.json
diff --git a/src/app.ts b/src/app.ts
@@ -15,15 +15,17 @@ const pkgInfo = require('../package.json');
 console.info('⚾ %s %s', pkgInfo.name, pkgInfo.version);
 
 const port = process.env.PORT ? parseInt(process.env.PORT, 10) :  8531;
+
 if (!process.env.PUBLIC_URI) {
   process.env.PUBLIC_URI = 'http://localhost:' + port + '/';
   console.log('PUBLIC_URI environment variable was not set, defaulting to http://localhost:' + port + '/');
 }
 
 (async () => {
 
-  await initDb();
+  process.title = 'a12n-server/' + pkgInfo.version;
 
+  await initDb();
   await load();
 
   const app = new Application();

diff --git a/src/mfa/webauthn/controller/login.ts b/src/mfa/webauthn/controller/login.ts
@@ -45,8 +45,8 @@ class WebAuthnLoginRequestController extends Controller {
       verification = verifyAuthenticationResponse({
         credential: body,
         expectedChallenge,
-        expectedOrigin: getSetting('webauthn.expectedOrigin') || new URL(process.env.PUBLIC_URI!).origin,
-        expectedRPID: getSetting('webauthn.relyingPartyId') || new URL(process.env.PUBLIC_URI!).host,
+        expectedOrigin: getSetting('webauthn.expectedOrigin') || ctx.request.origin,
+        expectedRPID: getSetting('webauthn.relyingPartyId') || ctx.request.origin,
         authenticator: {
           credentialID: authenticatorDevice.credentialID,
           counter: authenticatorDevice.counter,

diff --git a/src/mfa/webauthn/controller/registration.ts b/src/mfa/webauthn/controller/registration.ts
@@ -14,7 +14,7 @@ class WebAuthnAttestationController extends Controller {
 
     const registrationOptions = generateRegistrationOptions({
       rpName: getSetting('webauthn.serviceName'),
-      rpID: getSetting('webauthn.relyingPartyId') || new URL(process.env.PUBLIC_URI!).host,
+      rpID: getSetting('webauthn.relyingPartyId') || new URL(ctx.request.origin).host,
       userID: user.id.toString(),
       userName: user.nickname,
       timeout: 60000,
@@ -50,8 +50,8 @@ class WebAuthnAttestationController extends Controller {
       verification = await verifyRegistrationResponse({
         credential: body,
         expectedChallenge,
-        expectedOrigin: getSetting('webauthn.expectedOrigin') || new URL(process.env.PUBLIC_URI!).origin,
-        expectedRPID: getSetting('webauthn.relyingPartyId') || new URL(process.env.PUBLIC_URI!).host,
+        expectedOrigin: getSetting('webauthn.expectedOrigin') || ctx.request.origin,
+        expectedRPID: getSetting('webauthn.relyingPartyId') || new URL(ctx.request.origin).host,
       });
     } catch (error: any) {
       /* eslint-disable-next-line no-console */

diff --git a/src/one-time-token/controller/generate.ts b/src/one-time-token/controller/generate.ts
@@ -15,7 +15,7 @@ class OneTimeTokenController extends Controller {
     const user = await principalService.findByExternalId(ctx.params.id, 'user');
 
     const token = await createToken(user);
-    const url = resolve(process.env.PUBLIC_URI!, 'reset-password/token/' + token.token);
+    const url = resolve(ctx.request.origin, 'reset-password/token/' + token.token);
 
     ctx.response.body = hal.oneTimeToken(user, url, token);