refactor: make SECRET_SIGN_KEY auto-generated on app start up instead of environment variable | [AntonioMrtz#277]

AntonioMrtz · web-flow · commit 96affe2759b1 · 2024-11-02T21:09:24.000+01:00
diff --git a/.github/disabled_workflows/backend-tests-streaming-serverless.yml b/.github/disabled_workflows/backend-tests-streaming-serverless.yml
@@ -33,7 +33,6 @@ jobs:
           python -m pytest tests/
         env:
           MONGO_URI: mongodb://root:root@localhost:27017/
-          SECRET_KEY_SIGN: "f24e2f3ac557d487b6d879fb2d86f2b2"
           SERVERLESS_FUNCTION_URL: ${{ secrets.SERVERLESS_FUNCTION_URL }}
           ARCH: "SERVERLESS"
           ENV_VALUE: "PROD"
diff --git a/.github/disabled_workflows/generate-docs.yml b/.github/disabled_workflows/generate-docs.yml
@@ -30,7 +30,6 @@ jobs:
           python generate-docs.py
         env:
             MONGO_URI : ${{ secrets.MONGO_URI }}
-            SECRET_KEY_SIGN : none
             SERVERLESS_FUNCTION_URL : none
             ARCH : BLOB
             ENV_VALUE : TEST
diff --git a/.github/disabled_workflows/generate-openapi-schema-client.yml b/.github/disabled_workflows/generate-openapi-schema-client.yml
@@ -30,7 +30,6 @@ jobs:
           python -m app.tools.generate_openapi
         env:
           MONGO_URI: ${{ secrets.MONGO_URI }}
-          SECRET_KEY_SIGN: none
           ARCH: BLOB
           ENV_VALUE: PROD
 
diff --git a/.github/workflows/backend-tests-database-blob.yml b/.github/workflows/backend-tests-database-blob.yml
@@ -33,6 +33,5 @@ jobs:
           python -m pytest tests/
         env:
           MONGO_URI: mongodb://root:root@localhost:27017/
-          SECRET_KEY_SIGN: "f24e2f3ac557d487b6d879fb2d86f2b2"
           ARCH: "BLOB"
           ENV_VALUE: "PROD"
diff --git a/.github/workflows/openapi-check-updated.yml b/.github/workflows/openapi-check-updated.yml
@@ -47,7 +47,6 @@ jobs:
           python -m app.tools.generate_openapi
         env:
           MONGO_URI: mongodb://root:root@localhost:27017/
-          SECRET_KEY_SIGN: "f24e2f3ac557d487b6d879fb2d86f2b2"
           ARCH: "BLOB"
           ENV_VALUE: "PROD"
 
diff --git a/Backend/Dockerfile b/Backend/Dockerfile
@@ -19,4 +19,4 @@ EXPOSE 8000
 #CMD ["tail", "-f", "/dev/null"]
 
 #docker build -t spotify_electron_backend_image .
-#docker run -d --name spotify_electron_backend -e MONGO_URI=mongo-uri SECRET_KEY_SIGN=secret-key-sign SERVERLESS_FUNCTION_URL=serverless-function-url ARCH=BLOB ENV_VALUE=PROD -p 8000:8000 spotify_electron_backend_image
+#docker run -d --name spotify_electron_backend -e MONGO_URI=mongo-uri SERVERLESS_FUNCTION_URL=serverless-function-url ARCH=BLOB ENV_VALUE=PROD -p 8000:8000 spotify_electron_backend_image
diff --git a/Backend/app/__main__.py b/Backend/app/__main__.py
@@ -15,7 +15,8 @@
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
-from app.common.app_schema import AppConfig, AppEnvironment, AppInfo
+from app.auth.auth_schema import AuthConfig
+from app.common.app_schema import AppAuthConfig, AppConfig, AppEnvironment, AppInfo
 from app.common.PropertiesManager import PropertiesManager
 from app.database.DatabaseConnectionManager import DatabaseConnectionManager
 from app.logging.logging_constants import LOGGING_MAIN
@@ -53,6 +54,12 @@ async def lifespan_handler(app: FastAPI) -> AsyncGenerator[None, Any]:
     environment = PropertiesManager.get_environment()
     connection_uri = getattr(PropertiesManager, AppEnvironment.MONGO_URI_ENV_NAME)
 
+    AuthConfig.init_auth_config(
+        access_token_expire_minutes=AppAuthConfig.ACCESS_TOKEN_EXPIRE_MINUTES,
+        verification_algorithm=AppAuthConfig.VERTIFICATION_ALGORITHM,
+        days_to_expire_cookie=AppAuthConfig.DAYS_TO_EXPIRE_COOKIE,
+    )
+
     DatabaseConnectionManager.init_database_connection(
         environment=environment, connection_uri=connection_uri
     )
diff --git a/Backend/app/auth/auth_schema.py b/Backend/app/auth/auth_schema.py
@@ -2,6 +2,8 @@
 Authentication schema for domain model
 """
 
+import binascii
+import os
 from dataclasses import dataclass
 
 from app.exceptions.base_exceptions_schema import SpotifyElectronException
@@ -30,6 +32,38 @@ def __init__(self, auth_value: str) -> None:
         self.headers[TOKEN_HEADER_FIELD_NAME] = auth_value
 
 
+class AuthConfig:
+    """Stores application authentication config"""
+
+    VERTIFICATION_ALGORITHM: str
+    ACCESS_TOKEN_EXPIRE_MINUTES: int
+    DAYS_TO_EXPIRE_COOKIE: int
+    SIGNING_SECRET_KEY: str
+    """Key for signing JWT, generated using `openssl rand -hex 16`"""
+
+    @classmethod
+    def init_auth_config(
+        cls,
+        verification_algorithm: str,
+        access_token_expire_minutes: int,
+        days_to_expire_cookie: int,
+    ) -> None:
+        """Init authentication configuration, required to start the app successfully
+
+        Args:
+            verification_algorithm (str): JWT verification algorithm
+            access_token_expire_minutes (int): minutes until the JWT expires
+            days_to_expire_cookie (int): days until cookies expire
+        """
+        random_bytes = os.urandom(16)
+        hex_string = binascii.hexlify(random_bytes).decode("utf-8")
+        cls.SIGNING_SECRET_KEY = hex_string
+
+        cls.VERTIFICATION_ALGORITHM = verification_algorithm
+        cls.ACCESS_TOKEN_EXPIRE_MINUTES = access_token_expire_minutes
+        cls.DAYS_TO_EXPIRE_COOKIE = days_to_expire_cookie
+
+
 class BadJWTTokenProvidedException(SpotifyElectronException):
     """Bad JWT Token provided"""
 
diff --git a/Backend/app/auth/auth_service.py b/Backend/app/auth/auth_service.py
@@ -6,12 +6,12 @@
 from typing import Any
 
 import bcrypt
-from fastapi.security import OAuth2PasswordBearer
 from jose import JWTError, jwt
 
 import app.spotify_electron.user.base_user_service as base_user_service
 import app.spotify_electron.user.validations.base_user_service_validations as base_user_service_validations  # noqa: E501
 from app.auth.auth_schema import (
+    AuthConfig,
     BadJWTTokenProvidedException,
     CreateJWTException,
     JWTExpiredException,
@@ -24,8 +24,6 @@
     UserUnauthorizedException,
     VerifyPasswordException,
 )
-from app.common.app_schema import AppEnvironment
-from app.common.PropertiesManager import PropertiesManager
 from app.exceptions.base_exceptions_schema import BadParameterException
 from app.logging.logging_constants import LOGGING_AUTH_SERVICE
 from app.logging.logging_schema import SpotifyElectronLogger
@@ -41,9 +39,6 @@
 ACCESS_TOKEN_EXPIRE_MINUTES = 10080  # 7 days
 DAYS_TO_EXPIRE_COOKIE = 7
 
-
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="users/whoami/")
-
 auth_service_logger = SpotifyElectronLogger(LOGGING_AUTH_SERVICE).getLogger()
 
 
@@ -73,7 +68,7 @@ def create_access_token(data: dict[str, str], expires_delta: timedelta | None =
         to_encode.update({"exp": expire})  # type: ignore
         encoded_jwt = jwt.encode(
             to_encode,
-            getattr(PropertiesManager, AppEnvironment.SECRET_KEY_SIGN_ENV_NAME),
+            AuthConfig.SIGNING_SECRET_KEY,
             algorithm=ALGORITHM,
         )
     except Exception as exception:
@@ -105,7 +100,7 @@ def get_jwt_token_data(
     try:
         payload = jwt.decode(
             token_raw_data,  # type: ignore
-            getattr(PropertiesManager, AppEnvironment.SECRET_KEY_SIGN_ENV_NAME),
+            AuthConfig.SIGNING_SECRET_KEY,
             algorithms=[ALGORITHM],
         )
         username = payload.get("access_token")
@@ -323,7 +318,7 @@ def validate_jwt(token: str) -> None:
     try:
         decoded_token = jwt.decode(
             token,
-            getattr(PropertiesManager, AppEnvironment.SECRET_KEY_SIGN_ENV_NAME),
+            AuthConfig.SIGNING_SECRET_KEY,
             ALGORITHM,
         )
         validate_token_is_expired(decoded_token)
diff --git a/Backend/app/common/PropertiesManager.py b/Backend/app/common/PropertiesManager.py
@@ -31,7 +31,6 @@ def __init__(self) -> None:
         self.config_sections = [AppConfig.APP_INI_SECTION]
         self.env_variables = [
             AppEnvironment.MONGO_URI_ENV_NAME,
-            AppEnvironment.SECRET_KEY_SIGN_ENV_NAME,
             AppEnvironment.SERVERLESS_URL_ENV_NAME,
             AppEnvironment.ENV_VALUE_ENV_NAME,
         ]
diff --git a/Backend/app/common/app_schema.py b/Backend/app/common/app_schema.py
@@ -49,20 +49,27 @@ class AppEnvironmentMode(StrEnum):
     TEST = "TEST"
 
 
-class AppArchitecture:
+class AppArchitecture(StrEnum):
     """App architecture constants"""
 
     ARCH_BLOB = "BLOB"
     ARCH_SERVERLESS = "SERVERLESS"
 
 
+class AppAuthConfig:
+    """App authentication configuration"""
+
+    VERTIFICATION_ALGORITHM = "HS256"
+    ACCESS_TOKEN_EXPIRE_MINUTES = 10080  # 7 days
+    DAYS_TO_EXPIRE_COOKIE = 7
+
+
 class AppEnvironment:
     """App environment constants"""
 
     ARCHITECTURE_ENV_NAME = "ARCH"
 
     DEFAULT_ARCHITECTURE = AppArchitecture.ARCH_BLOB
-    SECRET_KEY_SIGN_ENV_NAME = "SECRET_KEY_SIGN"
     MONGO_URI_ENV_NAME = "MONGO_URI"
     SERVERLESS_URL_ENV_NAME = "SERVERLESS_FUNCTION_URL"
     ENV_VALUE_ENV_NAME = "ENV_VALUE"
diff --git a/Backend/app/spotify_electron/song/providers/song_collection_provider.py b/Backend/app/spotify_electron/song/providers/song_collection_provider.py
@@ -18,7 +18,7 @@ def get_song_collection() -> Collection:
     Returns:
         Collection: the song collection depending on architecture
     """
-    repository_map = {
+    repository_map: dict[AppArchitecture, Collection] = {
         AppArchitecture.ARCH_BLOB: DatabaseConnectionManager.get_collection_connection(
             DatabaseCollection.SONG_BLOB_FILE
         ),
diff --git a/Backend/app/spotify_electron/song/providers/song_service_provider.py b/Backend/app/spotify_electron/song/providers/song_service_provider.py
@@ -9,11 +9,7 @@
 from app.common.PropertiesManager import PropertiesManager
 from app.logging.logging_constants import LOGGING_SONG_SERVICE_PROVIDER
 from app.logging.logging_schema import SpotifyElectronLogger
-from app.spotify_electron.song.song_service_constants import (
-    MODULE_PREFIX_NAME,
-    SONG_SERVICE_BLOB_MODULE_NAME,
-    SONG_SERVICE_SERVERLESS_MODULE_NAME,
-)
+from app.spotify_electron.song.song_service_constants import SongServicePath
 
 
 class SongServiceProvider:
@@ -26,18 +22,16 @@ def init_service(cls) -> None:
         """Init song service"""
         cls.logger = SpotifyElectronLogger(LOGGING_SONG_SERVICE_PROVIDER).getLogger()
         cls.song_services = {
-            AppArchitecture.ARCH_BLOB: SONG_SERVICE_BLOB_MODULE_NAME,
-            AppArchitecture.ARCH_SERVERLESS: SONG_SERVICE_SERVERLESS_MODULE_NAME,  # noqa: E501
+            AppArchitecture.ARCH_BLOB: SongServicePath.BLOB_MODULE_NAME,
+            AppArchitecture.ARCH_SERVERLESS: SongServicePath.SERVERLESS_MODULE_NAME,
         }
         cls.create_song_service()
 
     @classmethod
     def create_song_service(cls) -> None:
         """Creates the song service depending on the song architecture selected"""
         architecture_type = getattr(PropertiesManager, AppEnvironment.ARCHITECTURE_ENV_NAME)
-        import_module = importlib.import_module(
-            MODULE_PREFIX_NAME + cls.song_services[architecture_type]
-        )
+        import_module = importlib.import_module(cls.song_services[architecture_type])
         cls.logger.info(f"Song service MODULE selected: {architecture_type}")
         cls.song_service = import_module
 
diff --git a/Backend/app/spotify_electron/song/song_service_constants.py b/Backend/app/spotify_electron/song/song_service_constants.py
@@ -2,6 +2,12 @@
 Constants for Song services
 """
 
-MODULE_PREFIX_NAME = "app.spotify_electron.song."
-SONG_SERVICE_SERVERLESS_MODULE_NAME = "serverless.song_service"
-SONG_SERVICE_BLOB_MODULE_NAME = "blob.song_service"
+from enum import StrEnum
+
+
+class SongServicePath(StrEnum):
+    """Song service file paths"""
+
+    MODULE_PREFIX = "app.spotify_electron.song."
+    SERVERLESS_MODULE_NAME = f"{MODULE_PREFIX}serverless.song_service"
+    BLOB_MODULE_NAME = f"{MODULE_PREFIX}blob.song_service"
diff --git a/Backend/docker/env/dev.env b/Backend/docker/env/dev.env
@@ -1,6 +1,5 @@
 #! Copy and rename this file to .env and move it to Backend/ root folder, more about environments on the official docs hhttps://antoniomrtz.github.io/SpotifyElectron/backend/Environment/
 MONGO_URI=mongodb://root:root@mongodb:27017/
-SECRET_KEY_SIGN=f24e2f3ac557d487b6d879fb2d86f2b2
 # PROD,DEV
 SERVERLESS_FUNCTION_URL=https://lambda-url.us-east-1.on.aws/path/
 ENV_VALUE=DEV
diff --git a/Backend/docker/env/prod.env b/Backend/docker/env/prod.env
@@ -1,5 +1,4 @@
 MONGO_URI=
-SECRET_KEY_SIGN=openssl rand -hex 16 result
 SERVERLESS_FUNCTION_URL=not-needed-in-blob-arch
 ENV_VALUE=PROD
 ARCH=BLOB
diff --git a/Backend/tests/test__properties_manager.py b/Backend/tests/test__properties_manager.py
@@ -6,7 +6,6 @@
 
 env_variables_mapping = {
     AppEnvironment.ARCHITECTURE_ENV_NAME: "ARCH",
-    AppEnvironment.SECRET_KEY_SIGN_ENV_NAME: "SECRET_KEY_SIGN",
     AppEnvironment.MONGO_URI_ENV_NAME: "MONGO_URI",
     AppEnvironment.SERVERLESS_URL_ENV_NAME: "SERVERLESS_FUNCTION_URL",
     AppEnvironment.ENV_VALUE_ENV_NAME: "ENV_VALUE",
diff --git a/Electron/src/components/AdvancedUIComponents/ContextMenu/Playlist/ContextMenuPlaylist.tsx b/Electron/src/components/AdvancedUIComponents/ContextMenu/Playlist/ContextMenuPlaylist.tsx
@@ -20,7 +20,7 @@ interface ConfirmationMenuData {
 enum ConfirmationMenuActionKind {
   ADD_SUCCESS = 'ADD_SUCCESS',
   ADD_ERROR = 'ADD_ERROR',
-  DELETE_SUCESS = 'DELETE_SUCCESS',
+  DELETE_SUCCESS = 'DELETE_SUCCESS',
   DELETE_ERROR = 'DELETE_ERROR',
   CLIPBOARD = 'CLIPBOARD',
 }
@@ -58,7 +58,7 @@ const reducerConfirmationMenu = (
         },
       };
 
-    case ConfirmationMenuActionKind.DELETE_SUCESS:
+    case ConfirmationMenuActionKind.DELETE_SUCCESS:
       return {
         payload: {
           type: InfoPopoverType.SUCCESS,
diff --git a/docs/developer/backend/Environment.md b/docs/developer/backend/Environment.md
@@ -36,7 +36,6 @@ In this section we will explain the meaning and the usage of the environment var
 ### ➡️ Commons
 
 - **MONGO_URI**: the database connection URI such as `mongodb://root:root@mongodb:27017/`, this will connect backend into the selected database for storing all persistent data.
-- **SECRET_KEY_SIGN**: 32 byte key(16 characters) for signing JWT Tokens that will authenticate the user. You can use `f24e2f3ac557d487b6d879fb2d86f2b2` as an example. This key will make sure the JWT Tokens are provided by our backend and not someone else's. For generating a new secret use `openssl rand -hex 16`.
 - **ENV_VALUE**: determines the current environment of the app, it can be:
   - `PROD`: production environment.
   - `DEV`: development environment. Enables hot reload.
@@ -57,7 +56,6 @@ ARCH=SERVERLESS
 The following file can be used out of the box for development purpouse. It contains the following characteristics:
 
 - **Local MongoDB database**. Use local MongoDB database, you can deploy one using our Docker stack as described [here](Docker.md).
-- **Ready to use secret key**
 - **BLOB architecture selected**. This will only make necessary a MongoDB database because no cloud services are used in this architecture.
 - **DEV** mode. It will enable hot reload for FastAPI.
 
@@ -69,7 +67,6 @@ The following file can be used out of the box for development purpouse. It conta
 The following file can be used out of the box for development purpouse. It contains the following characteristics:
 
 - **Remote MongoDB database**. Use a remote MongoDB production ready database. Replace both `root` in `mongodb://root:root@mongodb:27017/` with MongoDB instance user and password respectively.
-- **Ready to use secret key**. Generate it using `openssl rand -hex 16`.
 - **BLOB architecture selected**. Use streaming architecture using BLOB files.
 - **PROD** mode. It will disable hot reload for FastAPI.
 

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,6 @@ def __init__(self) -> None:`
`31`	`31`	`self.config_sections = [AppConfig.APP_INI_SECTION]`
`32`	`32`	`self.env_variables = [`
`33`	`33`	`AppEnvironment.MONGO_URI_ENV_NAME,`
`34`		`- AppEnvironment.SECRET_KEY_SIGN_ENV_NAME,`
`35`	`34`	`AppEnvironment.SERVERLESS_URL_ENV_NAME,`
`36`	`35`	`AppEnvironment.ENV_VALUE_ENV_NAME,`
`37`	`36`	`]`