diff --git a/.env b/.env index df77abf..8ae60da 100644 --- a/.env +++ b/.env @@ -21,7 +21,7 @@ AZURE_AD_TENANT_ID=f69d1a93-bfba-498a-9b60-e87c1bc26276 # First APPLE_SECRET=eyJhbGciOiJFUzI1NiIsImtpZCI6IlRCM1YzNTVHNVkifQ.eyJhdWQiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiaXNzIjoiWEM1N1A5U1hESyIsImlhdCI6MTcxMjE3ODM0MiwiZXhwIjoxNzI3NzMwMzQzLCJzdWIiOiJjb20ubXdoaXRuZXNzaW5nLnNvZmlhIn0.XceA0qUQi0tXg0GM_LkJkpNU5AqXLiSB2JlEVbHCB_nINbQTWkjtoWxfqmvdOkIzwKtvdQ8FFb-crK9no9Bbbw APPLE_APP_ID=com.mwhitnessing.sofia -APPLE_SECRET=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IiJ9.eyJpYXQiOjE3MTMyMDI1MzAsImV4cCI6MTcyODc1NDUzMCwiYXVkIjoiaHR0cHM6Ly9hcHBsZWlkLmFwcGxlLmNvbSIsImlzcyI6IiIsInN1YiI6IiJ9.C18A_ZBGcaHoGf8JPeQtdkLdWQqAqzCygWd6eD_S-X3OXw8ZWNXGtGAk5xEB9sui84OW60dNnH6ZGQMAtP5-hA +APPLE_SECRET=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRCM1YzNTVHNVkifQ.eyJpYXQiOjE3MTMzMDQ1OTMsImV4cCI6MTcyODg1NjU5MywiYXVkIjoiaHR0cHM6Ly9hcHBsZWlkLmFwcGxlLmNvbSIsImlzcyI6IlhDNTdQOVNYREsiLCJzdWIiOiJjb20ubXdoaXRuZXNzaW5nLnNvZmlhIn0.iO2prjQ_4P7F17R7LTJfG9zHluj59uUtm8DA1LbK49jVBMeGHQP_Az7s_yU5D-GeMHSwU7VnVHcaVKiGWT_Yjg # with team in the ID? #APPLE_APP_ID=XC57P9SXDK.com.mwhitnessing.sofia diff --git a/.env.production b/.env.production index 112901f..8e9e8f4 100644 --- a/.env.production +++ b/.env.production @@ -7,7 +7,7 @@ NEXT_PUBLIC_PUBLIC_URL= https://sofia.mwitnessing.com NEXTAUTH_SECRET=1dd8a5457970d1dda50600be28e935ecc4513ff27c49c431849e6746f158d638 # ? do we need to duplicate this? already defined in the deoployment yml file DATABASE=mysql://jwpwsofia:dwxhns9p9vp248V39xJyRthUsZ2gR9@mariadb:3306/jwpwsofia - +# DATABASE=mysql://cart:cartpw@localhost:3306/cart EMAIL_BYPASS_TO= MAILTRAP_HOST_BULK=bulk.smtp.mailtrap.io diff --git a/_deploy/setupAppleId.mjs b/_deploy/setupAppleId.mjs index ef22074..7ff3383 100644 --- a/_deploy/setupAppleId.mjs +++ b/_deploy/setupAppleId.mjs @@ -4,14 +4,14 @@ import { SignJWT } from "jose" import { createPrivateKey } from "crypto" if (process.argv.includes("--help") || process.argv.includes("-h")) { - console.log(` + console.log(` Creates a JWT from the components found at Apple. By default, the JWT has a 6 months expiry date. Read more: https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens#3262048 Usage: node apple.mjs [--kid] [--iss] [--private_key] [--sub] [--expires_in] [--exp] - APPLE_ID=com.mwhitnessing.sofia + APPLE_APP_ID=com.mwhitnessing.sofia APPLE_TEAM_ID=XC57P9SXDK APPLE_KEY_ID=TB3V355G5Y APPLE_KEY @@ -37,45 +37,45 @@ eyJhbGciOiJFUzI1NiIsImtpZCI6IlRCM1YzNTVHNVkifQ.eyJhdWQiOiJodHRwczovL2FwcGxlaWQuY --exp Future date in seconds when the JWT expires `) } else { - const args = process.argv.slice(2).reduce((acc, arg, i) => { - if (arg.match(/^--\w/)) { - const key = arg.replace(/^--/, "").toLowerCase() - acc[key] = process.argv[i + 3] - } - return acc - }, {}) + const args = process.argv.slice(2).reduce((acc, arg, i) => { + if (arg.match(/^--\w/)) { + const key = arg.replace(/^--/, "").toLowerCase() + acc[key] = process.argv[i + 3] + } + return acc + }, {}) - const { - team_id, - iss = team_id, + const { + team_id, + iss = team_id, - private_key, + private_key, - client_id, - sub = client_id, + client_id, + sub = client_id, - key_id, - kid = key_id, + key_id, + kid = key_id, - expires_in = 86400 * 180, - exp = Math.ceil(Date.now() / 1000) + expires_in, - } = args + expires_in = 86400 * 180, + exp = Math.ceil(Date.now() / 1000) + expires_in, + } = args - /** - * How long is the secret valid in seconds. - * @default 15780000 - */ - const expiresAt = Math.ceil(Date.now() / 1000) + expires_in - const expirationTime = exp ?? expiresAt - console.log(` + /** + * How long is the secret valid in seconds. + * @default 15780000 + */ + const expiresAt = Math.ceil(Date.now() / 1000) + expires_in + const expirationTime = exp ?? expiresAt + console.log(` Apple client secret generated. Valid until: ${new Date(expirationTime * 1000)} ${await new SignJWT({}) - .setAudience("https://appleid.apple.com") - .setIssuer(iss) - .setIssuedAt() - .setExpirationTime(expirationTime) - .setSubject(sub) - .setProtectedHeader({ alg: "ES256", kid }) - .sign(createPrivateKey(private_key.replace(/\\n/g, "\n")))}`) + .setAudience("https://appleid.apple.com") + .setIssuer(iss) + .setIssuedAt() + .setExpirationTime(expirationTime) + .setSubject(sub) + .setProtectedHeader({ alg: "ES256", kid }) + .sign(createPrivateKey(private_key.replace(/\\n/g, "\n")))}`) } \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 9acc5d5..a8be91d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4802,6 +4802,7 @@ "version": "3.1.0", "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "optional": true, "dependencies": { "clean-stack": "^2.0.0", "indent-string": "^4.0.0" @@ -5771,6 +5772,7 @@ "url": "https://github.com/sponsors/sibiraj-s" } ], + "optional": true, "engines": { "node": ">=8" } @@ -5784,6 +5786,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "optional": true, "engines": { "node": ">=6" } @@ -8546,7 +8549,8 @@ "node_modules/hosted-git-info": { "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", - "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==" + "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", + "optional": true }, "node_modules/hsl-to-hex": { "version": "1.0.0", @@ -8888,6 +8892,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "optional": true, "engines": { "node": ">=8" } @@ -8915,6 +8920,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "optional": true, "engines": { "node": ">=10" } @@ -10943,6 +10949,7 @@ "version": "2.5.0", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", + "optional": true, "dependencies": { "hosted-git-info": "^2.1.4", "resolve": "^1.10.0", @@ -10954,6 +10961,7 @@ "version": "5.7.2", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", + "optional": true, "bin": { "semver": "bin/semver" } @@ -13870,6 +13878,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", + "optional": true, "dependencies": { "aggregate-error": "^3.0.0" }, @@ -15871,6 +15880,7 @@ "version": "3.2.0", "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==", + "optional": true, "dependencies": { "spdx-expression-parse": "^3.0.0", "spdx-license-ids": "^3.0.0" @@ -15879,12 +15889,14 @@ "node_modules/spdx-exceptions": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", - "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==" + "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==", + "optional": true }, "node_modules/spdx-expression-parse": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==", + "optional": true, "dependencies": { "spdx-exceptions": "^2.1.0", "spdx-license-ids": "^3.0.0" @@ -15893,7 +15905,8 @@ "node_modules/spdx-license-ids": { "version": "3.0.17", "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", - "integrity": "sha512-sh8PWc/ftMqAAdFiBu6Fy6JUOYjqDJBJvIhpfDMyHrr0Rbp5liZqd4TjtQ/RgfLjKFZb+LMx5hpml5qOWy0qvg==" + "integrity": "sha512-sh8PWc/ftMqAAdFiBu6Fy6JUOYjqDJBJvIhpfDMyHrr0Rbp5liZqd4TjtQ/RgfLjKFZb+LMx5hpml5qOWy0qvg==", + "optional": true }, "node_modules/ssf": { "version": "0.8.2", @@ -17442,6 +17455,7 @@ "version": "3.0.4", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", + "optional": true, "dependencies": { "spdx-correct": "^3.0.0", "spdx-expression-parse": "^3.0.0" diff --git a/pages/api/auth/apple-token.ts b/pages/api/auth/apple-token.ts index 128c34a..dd44751 100644 --- a/pages/api/auth/apple-token.ts +++ b/pages/api/auth/apple-token.ts @@ -9,17 +9,19 @@ export default async function handler(req, res) { if (req.method === 'GET') { try { const appleKey = fs.readFileSync(path.resolve('./_deploy/appleKey.p8'), 'utf8'); - + const teamID = process.env.APPLE_TEAM_ID || "XC57P9SXDK"; + const keyID = process.env.APPLE_KEY_ID || "TB3V355G5Y"; + const appleAppID = process.env.APPLE_APP_ID || "com.mwitnessing.mwitnessing"; const token = jwt.sign({}, appleKey, { algorithm: 'ES256', expiresIn: '180d', - issuer: process.env.APPLE_TEAM_ID, + issuer: teamID, header: { alg: 'ES256', - kid: process.env.APPLE_KEY_ID, + kid: keyID, }, audience: 'https://appleid.apple.com', - subject: process.env.APPLE_ID, + subject: appleAppID, }); // Redirect to Apple's authentication page, or send the token to the client to do so diff --git a/server.js b/server.js index 2c41621..88c5b7b 100644 --- a/server.js +++ b/server.js @@ -40,7 +40,7 @@ console.log("process.env.PORT = ", process.env.PORT); console.log("process.env.TELEGRAM_BOT = ", process.env.TELEGRAM_BOT); console.log("process.env.DATABASE_URL = ", process.env.DATABASE_URL); console.log("process.env.DATABASE = ", process.env.DATABASE); -console.log("process.env.APPLE_ID = ", process.env.APPLE_ID); +console.log("process.env.APPLE_APP_ID = ", process.env.APPLE_APP_ID); //require('module-alias/register');