secure jwt

.gitignore

@@ -4,3 +4,5 @@ tmp
 go-nkode
 *.db-shm
 *.db-wal
+secrets.json
+.DS_Store

core/jwt_claims.go

@@ -23,7 +23,7 @@ const (
 	resetNKodeTokenExp = 5 * time.Minute
 )
 
-var secret = []byte("your-secret-key")
+var secret = GetJwtSecret("./secrets.json")
 
 func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) {
 	accessClaims := NewAccessClaim(username, customerId)

core/secrets.go

@@ -0,0 +1,43 @@
+package core
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+)
+
+type NKodeSecrets struct {
+	JwtSecret []byte `json:"jwt_secret"`
+}
+
+func ReadSecrets(filePath string) (NKodeSecrets, error) {
+	// Initialize an empty NKodeSecrets struct
+	var secrets NKodeSecrets
+
+	// Read the contents of the file
+	data, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return secrets, fmt.Errorf("error reading secrets file: %w", err)
+	}
+
+	// Unmarshal JSON data into the NKodeSecrets struct
+	err = json.Unmarshal(data, &secrets)
+	if err != nil {
+		return secrets, fmt.Errorf("error unmarshaling secrets: %w", err)
+	}
+
+	return secrets, nil
+}
+
+func GetJwtSecret(filePath string) []byte {
+	secrets, err := ReadSecrets(filePath)
+	if err != nil {
+		log.Fatal("can't read secrets: ", err)
+	}
+	if secrets.JwtSecret == nil {
+		log.Fatal("wt secret is nil")
+	}
+	return secrets.JwtSecret
+
+}

secure_bytes.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Define the number of bytes you want to generate
+num_bytes=16
+
+# Use dd to read cryptographically secure bytes from /dev/urandom
+# and convert them to integers using od
+secure_bytes=$(dd if=/dev/urandom bs=1 count=$num_bytes 2>/dev/null | od -An -tu1)
+
+# Remove leading/trailing spaces and replace spaces with commas
+secure_bytes=$(echo $secure_bytes | sed 's/ /,/g')
+
+# Output the result as a comma-separated list of integers
+echo "Cryptographically secure bytes (as integers): $secure_bytes"