jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed the damn SECRET_KEY vs. JWT_SECRET debacle.

Browse Source
This commit is contained in:
Josh 2025-07-10 12:12:30 +00:00
parent 54c07122f5
commit a32af6f25a
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
aptiva-ar.json Normal file
View File

10
backend/server.js
View File

@ -211,7 +211,7 @@ app.post('/api/register', async (req, res) => {
// NEW: Now that we have the new user_profile.id (newProfileId), // NEW: Now that we have the new user_profile.id (newProfileId),
// generate a JWT to auto-sign them in. // generate a JWT to auto-sign them in.
// We'll mimic what /api/signin does: // We'll mimic what /api/signin does:
const token = jwt.sign({ id: newProfileId }, SECRET_KEY, { const token = jwt.sign({ id: newProfileId }, JWT_SECRET, {
expiresIn: '2h', expiresIn: '2h',
}); });
@ -305,7 +305,7 @@ app.post('/api/signin', async (req, res) => {
// IMPORTANT: Use 'row.userProfileId' (from user_profile.id) in the token // IMPORTANT: Use 'row.userProfileId' (from user_profile.id) in the token
// so your '/api/user-profile' can decode it and do SELECT * FROM user_profile WHERE id=? // so your '/api/user-profile' can decode it and do SELECT * FROM user_profile WHERE id=?
const token = jwt.sign({ id: row.userProfileId }, SECRET_KEY, { const token = jwt.sign({ id: row.userProfileId }, JWT_SECRET, {
expiresIn: '2h', expiresIn: '2h',
}); });
@ -367,7 +367,7 @@ app.post('/api/user-profile', (req, res) => {
let profileId; let profileId;
try { try {
const decoded = jwt.verify(token, SECRET_KEY); const decoded = jwt.verify(token, JWT_SECRET);
profileId = decoded.id; // user_profile.id from sign-in profileId = decoded.id; // user_profile.id from sign-in
} catch (error) { } catch (error) {
console.error('JWT verification failed:', error); console.error('JWT verification failed:', error);
@ -539,7 +539,7 @@ app.get('/api/user-profile', (req, res) => {
let profileId; let profileId;
try { try {
const decoded = jwt.verify(token, SECRET_KEY); const decoded = jwt.verify(token, JWT_SECRET);
profileId = decoded.id; // user_profile.id profileId = decoded.id; // user_profile.id
} catch (error) { } catch (error) {
console.error('Error verifying token:', error.message); console.error('Error verifying token:', error.message);
@ -614,7 +614,7 @@ app.post('/api/activate-premium', (req, res) => {
let profileId; let profileId;
try { try {
const decoded = jwt.verify(token, SECRET_KEY); const decoded = jwt.verify(token, JWT_SECRET);
profileId = decoded.id; profileId = decoded.id;
} catch (error) { } catch (error) {
return res.status(401).json({ error: 'Invalid or expired token' }); return res.status(401).json({ error: 'Invalid or expired token' });

4
backend/server3.js
View File

@ -58,8 +58,8 @@ const authenticatePremiumUser = (req, res, next) => {
} }
try { try {
const SECRET_KEY = process.env.SECRET_KEY; const JWT_SECRET = process.env.JWT_SECRET;
const { id } = jwt.verify(token, SECRET_KEY); const { id } = jwt.verify(token, JWT_SECRET);
req.id = id; // store user ID in request req.id = id; // store user ID in request
next(); next();
} catch (error) { } catch (error) {