lib/app.ts

@@ -1,7 +1,7 @@
 import "dotenv/config";
 import "dotenv-expand/config";
 import Cairo from "./Cairo";
-import { assertRequired } from "./config";
+import { assertRequiredEnvars } from "./config";
-assertRequired();
+assertRequiredEnvars();
 const cairo = new Cairo();
 await cairo.start();

lib/config.ts

@@ -1,12 +1,15 @@
 import DefaultRolePolicies from "./vix/AppPolicies";
 
-const requiredEnvars: string[] = ["CAIRO_KEYPAIR_KEY"];
+const REQUIRED_ENV: string[] = [
+  "CAIRO_POSTGRES_URI", // Used for postgres connections
+  "CAIRO_KEYPAIR_KEY", // Used for encrypting and decrypting keypair keys
+];
 
-const encodedEnvar = (envar: string | undefined) => (!!envar ? Buffer.from(envar, "base64").toString("utf8") : envar);
+const decodeEnvar = <T extends string | undefined>(e: T) => (!!e ? Buffer.from(e, "base64").toString("utf8") : e) as T;
-
+export function assertRequiredEnvars() {
-export function assertRequired() {
+  for (const envar of Object.values(REQUIRED_ENV)) if (!process.env[envar]) throw Error(`Envar ${envar} is required!`);
-  for (const e of requiredEnvars) if (!process.env[e]) throw Error(`Envar '${e}' is required!`);
 }
+const ENV = process.env as { [key in (typeof REQUIRED_ENV)[number]]: string } & Record<string, string | null>;
 
 export default {
   Server: {
@@ -33,11 +36,11 @@ export default {
     },
   },
   SigningOptions: {
-    HashRounds: 12,
+    HashRounds: 14,
     Version: "0.0.1-alpha",
-    Issuer: encodedEnvar(process.env.CAIRO_HOSTNAME) ?? "https://cairo.dunemask.net",
+    Issuer: process.env.CAIRO_HOSTNAME ?? "https://cairo.dunemask.net",
     Keys: {
-      KeyPair: encodedEnvar(process.env.CAIRO_KEYPAIR_KEY) ?? "keypair-key",
+      KeyPair: decodeEnvar(ENV.CAIRO_KEYPAIR_KEY),
     },
     Subjects: {
       User: "user",

prisma/schema.prisma

@@ -56,9 +56,9 @@ model KeyPair {
   name                String?
   encryptedPrivateKey String
   encryptedPublicKey  String
-  project             Project     @relation(fields: [projectId], references: [id])
 
-  // Application Level Uniqueness for non-custom usages. For example, there can only be 1 UserToken Keypair
+  // Relations
+  project Project @relation(fields: [projectId], references: [id])
 }
 
 enum AuthorityType {

src/util/api/GeneratedRequests.ts

@@ -7,10 +7,19 @@ import { authenticatedApiRequest } from "./requests";
   authenticatedApiRequest({ subpath: `/${project}/auth/verify`, method: "GET", jsonify: true });
 
 export const postProjectAuthLogin = (project: string, login: CAuthContract["Login"]) =>
-    apiRequest<CAuthContract["LoginCredentials"]>({subpath: `/${project}/auth/login`, method:"POST", json: login, jsonify: true});
+  apiRequest<CAuthContract["LoginCredentials"]>({
+    subpath: `/${project}/auth/login`,
+    method: "POST",
+    json: login,
+    jsonify: true,
+  });
 
 export const getProjectAuthCredentials = (project: string) =>
-    authenticatedApiRequest<CAuthContract["Credentials"]>({subpath: `/${project}/auth/credentials`, method:"GET", jsonify: true});
+  authenticatedApiRequest<CAuthContract["Credentials"]>({
+    subpath: `/${project}/auth/credentials`,
+    method: "GET",
+    jsonify: true,
+  });
 
 export const postProjectCreate = (project: string, create: CProjectContract["Create"]) =>
   authenticatedApiRequest({ subpath: `/${project}/create`, method: "POST", json: create, jsonify: true });