add new env vars to repo and docker build

.github/workflows/deploy.yml

@@ -130,8 +130,12 @@ jobs:
             DB_NAME=${{ secrets.DB_NAME }}
             DB_USERNAME=${{ secrets.DB_USERNAME }}
             DB_PASSWORD=${{ secrets.DB_PASSWORD }}
-            JWT_SECRET=${{ secrets.JWT_SECRET }}
-            JWT_EXPIRES_IN=${{ vars.JWT_EXPIRES_IN }}
+            ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }}
+            ACCESS_TOKEN_SECRET=${{ vars.ACCESS_TOKEN_SECRET }}
+            RESET_PASSWORD_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }}
+            RESET_PASSWORD_TOKEN_EXPIRES_IN=${{ secrets.RESET_PASSWORD_TOKEN_EXPIRES_IN }}
+            EMAIL_CONFIRMATION_TOKEN_SECRET=${{ secrets.EMAIL_CONFIRMATION_TOKEN_SECRET }}
+            EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN=${{ secrets.EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN }}
             AWS_SES_ACCESS_KEY_ID=${{ secrets.AWS_SES_ACCESS_KEY_ID }}
             AWS_SES_ACCESS_KEY_SECRET=${{ secrets.AWS_SES_ACCESS_KEY_SECRET }}
             AWS_SES_DOMAIN=${{ secrets.AWS_SES_DOMAIN }}

api/Dockerfile

@@ -5,8 +5,12 @@ ARG DB_PORT
 ARG DB_NAME
 ARG DB_USERNAME
 ARG DB_PASSWORD
-ARG JWT_SECRET
-ARG JWT_EXPIRES_IN
+ARG ACCESS_TOKEN_SECRET
+ARG ACCESS_TOKEN_EXPIRES_IN
+ARG RESET_PASSWORD_TOKEN_SECRET
+ARG RESET_PASSWORD_TOKEN_EXPIRES_IN
+ARG EMAIL_CONFIRMATION_TOKEN_SECRET
+ARG EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN
 ARG AWS_SES_ACCESS_KEY_ID
 ARG AWS_SES_ACCESS_KEY_SECRET
 ARG AWS_SES_DOMAIN
@@ -17,8 +21,12 @@ ENV DB_PORT $DB_PORT
 ENV DB_NAME $DB_NAME
 ENV DB_USERNAME $DB_USERNAME
 ENV DB_PASSWORD $DB_PASSWORD
-ENV JWT_SECRET $JWT_SECRET
-ENV JWT_EXPIRES_IN $JWT_EXPIRES_IN
+ENV ACCESS_TOKEN_SECRET $ACCESS_TOKEN_SECRET
+ENV ACCESS_TOKEN_SECRET $ACCESS_TOKEN_EXPIRES_IN
+ENV RESET_PASSWORD_TOKEN_SECRET $RESET_PASSWORD_TOKEN_SECRET
+ENV RESET_PASSWORD_TOKEN_EXPIRES_IN $RESET_PASSWORD_TOKEN_EXPIRES_IN
+ENV EMAIL_CONFIRMATION_TOKEN_SECRET $EMAIL_CONFIRMATION_TOKEN_SECRET
+ENV EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN $EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN
 ENV AWS_SES_ACCESS_KEY_ID $AWS_SES_ACCESS_KEY_ID
 ENV AWS_SES_ACCESS_KEY_SECRET $AWS_SES_ACCESS_KEY_SECRET
 ENV AWS_SES_DOMAIN $AWS_SES_DOMAIN

infrastructure/main.tf

@@ -119,7 +119,7 @@ module "dev" {
   elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
   cname_prefix                                  = "blue-carbon-cost-tool-dev-environment"
   rds_instance_class = "db.t3.micro"
-  rds_engine_version = "15.5"
+  rds_engine_version = "15.7"
   rds_backup_retention_period = 3
   repo_name                                     = var.project_name
   github_owner                                  = var.github_owner

infrastructure/modules/env/api_env_vars.tf

@@ -1,5 +1,15 @@
+resource "random_password" "access_token_secret" {
+  length           = 32
+  special          = true
+  override_special = "!#%&*()-_=+[]{}<>:?"
+}
 
-resource "random_password" "jwt_secret" {
+resource "random_password" "reset_password_token_secret" {
+  length           = 32
+  special          = true
+  override_special = "!#%&*()-_=+[]{}<>:?"
+}
+resource "random_password" "email_confirmation_token_secret" {
   length           = 32
   special          = true
   override_special = "!#%&*()-_=+[]{}<>:?"
@@ -16,7 +26,12 @@ locals {
     DB_PASSWORD = module.postgresql.password
     DB_USERNAME = module.postgresql.username
     DB_PORT = module.postgresql.port
-    JWT_SECRET = random_password.jwt_secret.result
+    ACCESS_TOKEN_SECRET = random_password.access_token_secret.result
+    ACCESS_TOKEN_EXPIRES_IN = "24h"
+    RESET_PASSWORD_TOKEN_SECRET = random_password.reset_password_token_secret.result
+    RESET_PASSWORD_TOKEN_EXPIRES_IN = "24h"
+    EMAIL_CONFIRMATION_TOKEN_SECRET = random_password.email_confirmation_token_secret.result
+    EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN = "24h"
     AWS_SES_ACCESS_KEY_ID = aws_iam_access_key.email_user_access_key.id
     AWS_SES_ACCESS_KEY_SECRET = aws_iam_access_key.email_user_access_key.secret
     AWS_SES_DOMAIN = module.email.mail_from_domain