fix: auth issues

.github/actions/deploy/backend/action.yml

@@ -46,6 +46,12 @@ inputs:
   cookie_domain:
     description: "Cookie Domain"
     required: true
+  jwt_access_token_key:
+    description: "JWT Access Token Key"
+    required: true
+  jwt_refresh_token_key:
+    description: "JWT Refresh Token
+    required: true
 
 runs:
   using: 'composite'
@@ -77,6 +83,8 @@ runs:
         echo SERVER_CERT_PATH=${{ inputs.server_cert_path }} >> .env
         echo SERVER_KEY_PATH=${{ inputs.server_key_path }} >> .env
         echo COOKIE_DOMAIN=${{ inputs.cookie_domain }} >> .env
+        echo JWT_ACCESS_TOKEN_KEY=${{ inputs.jwt_access_token_key }} >> .env
+        echo JWT_REFRESH_TOKEN_KEY=${{ inputs.jwt_refresh_token_key }} >> .env
 
     - name: Deploy to EC2 instance
       uses: easingthemes/[email protected]

.github/workflows/deploy.yml

@@ -54,6 +54,8 @@ jobs:
           server_cert_path: ${{ vars.SERVER_CERT_PATH }}
           server_key_path: ${{ vars.SERVER_KEY_PATH }}
           cookie_domain: ${{ vars.COOKIE_DOMAIN }}
+          jwt_access_token_key: ${{ secrets.JWT_ACCESS_TOKEN_KEY }}
+          jwt_refresh_token_key: ${{ secrets.JWT_REFRESH_TOKEN_KEY }}
 
       - name: Deploy web to S3
         uses: ./.github/actions/deploy/web

apps/backend/pkg/jwt/jwt.go

@@ -104,6 +104,7 @@ func (m *Manager) CreateToken(userID string, tokenType TokenType) (string, error
 	if err != nil {
 		return "", fmt.Errorf("signing token: %w", err)
 	}
+
 	return tokenString, nil
 }
 

apps/backend/pkg/jwt/module.go

@@ -1,11 +1,15 @@
 package jwt
 
-import "go.uber.org/fx"
+import (
+	"os"
+
+	"go.uber.org/fx"
+)
 
 func Module() fx.Option {
 	return fx.Provide(
 		func() *Manager {
-			return NewManager([]byte("access-key"), []byte("refresh-key"))
+			return NewManager([]byte(os.Getenv("JWT_ACCESS_TOKEN_KEY")), []byte(os.Getenv("JWT_REFRESH_TOKEN_KEY")))
 		},
 	)
 }

apps/backend/pkg/repo/repo.go

@@ -222,12 +222,10 @@ func (r *Repo) ListExercises(ctx context.Context, p ListExercisesParams) (orm.Ex
 		query = append(query, orm.ExerciseWhere.CreatedAt.LT(pt.CreatedAt))
 	}
 
-	boil.DebugMode = true
 	exercises, err := orm.Exercises(query...).All(ctx, r.executor())
 	if err != nil {
 		return nil, nil, fmt.Errorf("exercises fetch: %w", err)
 	}
-	boil.DebugMode = false
 
 	if len(exercises) > p.Limit {
 		pt, ptErr := json.Marshal(pageToken{CreatedAt: exercises[p.Limit-1].CreatedAt})

apps/backend/rpc/interceptors/auth.go

@@ -15,6 +15,7 @@ import (
 
 	"github.com/crlssn/getstronger/apps/backend/pkg/jwt"
 	v1 "github.com/crlssn/getstronger/apps/backend/pkg/pb/api/v1"
+	"github.com/crlssn/getstronger/apps/backend/pkg/xzap"
 )
 
 type auth struct {
@@ -72,27 +73,30 @@ func (a *auth) initMethods() {
 
 // Unary is the unary interceptor method for authentication.
 func (a *auth) Unary() connect.UnaryInterceptorFunc {
-	interceptor := func(next connect.UnaryFunc) connect.UnaryFunc {
+	return func(next connect.UnaryFunc) connect.UnaryFunc {
 		return func(
 			ctx context.Context,
 			req connect.AnyRequest,
 		) (connect.AnyResponse, error) {
+			log := a.log.With(xzap.FieldRPC(req.Spec().Procedure))
+			log.Info("request received")
+
 			requiresAuth := a.methods[req.Spec().Procedure]
 			if !requiresAuth {
-				a.log.Info("method does not require authentication", zap.String("method", req.Spec().Procedure))
+				log.Info("request does not require authentication")
 				return next(ctx, req)
 			}
 
 			claims, err := a.claimsFromHeader(req.Header())
 			if err != nil {
-				a.log.Warn("unauthenticated request", zap.Error(err))
+				log.Warn("request unauthenticated", zap.Error(err))
 				return nil, connect.NewError(connect.CodeUnauthenticated, nil)
 			}
 
+			log.Info("request authenticated", xzap.FieldUserID(claims.UserID), zap.Any("claims", claims))
 			return next(context.WithValue(ctx, jwt.ContextKeyUserID, claims.UserID), req)
 		}
 	}
-	return interceptor
 }
 
 var (

apps/backend/rpc/v1/auth.go

@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"os"
 	"strings"
-	"time"
 
 	"connectrpc.com/connect"
 	"go.uber.org/zap"
@@ -114,20 +113,14 @@ func (h *auth) Login(ctx context.Context, req *connect.Request[v1.LoginRequest])
 	})
 
 	cookie := &http.Cookie{
-		Name:        "refreshToken",
-		Value:       refreshToken,
-		Quoted:      false,
-		Path:        "/api.v1.AuthService",
-		Domain:      os.Getenv("COOKIE_DOMAIN"),
-		Expires:     time.Time{},
-		RawExpires:  "",
-		MaxAge:      int(jwt.ExpiryTimeRefresh),
-		Secure:      true,
-		HttpOnly:    true,
-		SameSite:    http.SameSiteNoneMode,
-		Partitioned: false,
-		Raw:         "",
-		Unparsed:    nil,
+		Name:     "refreshToken",
+		Value:    refreshToken,
+		Path:     "/api.v1.AuthService",
+		Domain:   os.Getenv("COOKIE_DOMAIN"),
+		MaxAge:   int(jwt.ExpiryTimeRefresh),
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteNoneMode,
 	}
 	res.Header().Set("Set-Cookie", cookie.String())
 
@@ -195,20 +188,14 @@ func (h *auth) Logout(ctx context.Context, _ *connect.Request[v1.LogoutRequest])
 
 	res := connect.NewResponse(&v1.LogoutResponse{})
 	cookie := &http.Cookie{
-		Name:        "refreshToken",
-		Value:       "",
-		Quoted:      false,
-		Path:        "/api.v1.AuthService",
-		Domain:      os.Getenv("COOKIE_DOMAIN"),
-		Expires:     time.Time{},
-		RawExpires:  "",
-		MaxAge:      -1,
-		Secure:      true,
-		HttpOnly:    true,
-		SameSite:    http.SameSiteNoneMode,
-		Partitioned: false,
-		Raw:         "",
-		Unparsed:    nil,
+		Name:     "refreshToken",
+		Value:    "",
+		Path:     "/api.v1.AuthService",
+		Domain:   os.Getenv("COOKIE_DOMAIN"),
+		MaxAge:   -1,
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteNoneMode,
 	}
 	res.Header().Set("Set-Cookie", cookie.String())