From 77e59e1caf7b509ded0fba0c366c101eec5a11d0 Mon Sep 17 00:00:00 2001
From: alexeh <alexurola@gmail.com>
Date: Sat, 21 Sep 2024 07:25:21 +0200
Subject: [PATCH] add new env vars to repo and docker build

---
 .github/workflows/deploy.yml               |  8 ++++++--
 api/Dockerfile                             | 16 ++++++++++++----
 infrastructure/main.tf                     |  2 +-
 infrastructure/modules/env/api_env_vars.tf | 19 +++++++++++++++++--
 4 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index bb71aed..978230d 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -130,8 +130,12 @@ jobs:
             DB_NAME=${{ secrets.DB_NAME }}
             DB_USERNAME=${{ secrets.DB_USERNAME }}
             DB_PASSWORD=${{ secrets.DB_PASSWORD }}
-            JWT_SECRET=${{ secrets.JWT_SECRET }}
-            JWT_EXPIRES_IN=${{ vars.JWT_EXPIRES_IN }}
+            ACCESS_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }}
+            ACCESS_TOKEN_SECRET=${{ vars.ACCESS_TOKEN_SECRET }}
+            RESET_PASSWORD_TOKEN_SECRET=${{ secrets.ACCESS_TOKEN_SECRET }}
+            RESET_PASSWORD_TOKEN_EXPIRES_IN=${{ secrets.RESET_PASSWORD_TOKEN_EXPIRES_IN }}
+            EMAIL_CONFIRMATION_TOKEN_SECRET=${{ secrets.EMAIL_CONFIRMATION_TOKEN_SECRET }}
+            EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN=${{ secrets.EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN }}
             AWS_SES_ACCESS_KEY_ID=${{ secrets.AWS_SES_ACCESS_KEY_ID }}
             AWS_SES_ACCESS_KEY_SECRET=${{ secrets.AWS_SES_ACCESS_KEY_SECRET }}
             AWS_SES_DOMAIN=${{ secrets.AWS_SES_DOMAIN }}
diff --git a/api/Dockerfile b/api/Dockerfile
index a505407..1227ee6 100644
--- a/api/Dockerfile
+++ b/api/Dockerfile
@@ -5,8 +5,12 @@ ARG DB_PORT
 ARG DB_NAME
 ARG DB_USERNAME
 ARG DB_PASSWORD
-ARG JWT_SECRET
-ARG JWT_EXPIRES_IN
+ARG ACCESS_TOKEN_SECRET
+ARG ACCESS_TOKEN_EXPIRES_IN
+ARG RESET_PASSWORD_TOKEN_SECRET
+ARG RESET_PASSWORD_TOKEN_EXPIRES_IN
+ARG EMAIL_CONFIRMATION_TOKEN_SECRET
+ARG EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN
 ARG AWS_SES_ACCESS_KEY_ID
 ARG AWS_SES_ACCESS_KEY_SECRET
 ARG AWS_SES_DOMAIN
@@ -17,8 +21,12 @@ ENV DB_PORT $DB_PORT
 ENV DB_NAME $DB_NAME
 ENV DB_USERNAME $DB_USERNAME
 ENV DB_PASSWORD $DB_PASSWORD
-ENV JWT_SECRET $JWT_SECRET
-ENV JWT_EXPIRES_IN $JWT_EXPIRES_IN
+ENV ACCESS_TOKEN_SECRET $ACCESS_TOKEN_SECRET
+ENV ACCESS_TOKEN_SECRET $ACCESS_TOKEN_EXPIRES_IN
+ENV RESET_PASSWORD_TOKEN_SECRET $RESET_PASSWORD_TOKEN_SECRET
+ENV RESET_PASSWORD_TOKEN_EXPIRES_IN $RESET_PASSWORD_TOKEN_EXPIRES_IN
+ENV EMAIL_CONFIRMATION_TOKEN_SECRET $EMAIL_CONFIRMATION_TOKEN_SECRET
+ENV EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN $EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN
 ENV AWS_SES_ACCESS_KEY_ID $AWS_SES_ACCESS_KEY_ID
 ENV AWS_SES_ACCESS_KEY_SECRET $AWS_SES_ACCESS_KEY_SECRET
 ENV AWS_SES_DOMAIN $AWS_SES_DOMAIN
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
index dc76635..fee86b1 100644
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -119,7 +119,7 @@ module "dev" {
   elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
   cname_prefix                                  = "blue-carbon-cost-tool-dev-environment"
   rds_instance_class = "db.t3.micro"
-  rds_engine_version = "15.5"
+  rds_engine_version = "15.7"
   rds_backup_retention_period = 3
   repo_name                                     = var.project_name
   github_owner                                  = var.github_owner
diff --git a/infrastructure/modules/env/api_env_vars.tf b/infrastructure/modules/env/api_env_vars.tf
index a5664ff..6fcbd0e 100644
--- a/infrastructure/modules/env/api_env_vars.tf
+++ b/infrastructure/modules/env/api_env_vars.tf
@@ -1,5 +1,15 @@
+resource "random_password" "access_token_secret" {
+  length           = 32
+  special          = true
+  override_special = "!#%&*()-_=+[]{}<>:?"
+}
 
-resource "random_password" "jwt_secret" {
+resource "random_password" "reset_password_token_secret" {
+  length           = 32
+  special          = true
+  override_special = "!#%&*()-_=+[]{}<>:?"
+}
+resource "random_password" "email_confirmation_token_secret" {
   length           = 32
   special          = true
   override_special = "!#%&*()-_=+[]{}<>:?"
@@ -16,7 +26,12 @@ locals {
     DB_PASSWORD = module.postgresql.password
     DB_USERNAME = module.postgresql.username
     DB_PORT = module.postgresql.port
-    JWT_SECRET = random_password.jwt_secret.result
+    ACCESS_TOKEN_SECRET = random_password.access_token_secret.result
+    ACCESS_TOKEN_EXPIRES_IN = "24h"
+    RESET_PASSWORD_TOKEN_SECRET = random_password.reset_password_token_secret.result
+    RESET_PASSWORD_TOKEN_EXPIRES_IN = "24h"
+    EMAIL_CONFIRMATION_TOKEN_SECRET = random_password.email_confirmation_token_secret.result
+    EMAIL_CONFIRMATION_TOKEN_EXPIRES_IN = "24h"
     AWS_SES_ACCESS_KEY_ID = aws_iam_access_key.email_user_access_key.id
     AWS_SES_ACCESS_KEY_SECRET = aws_iam_access_key.email_user_access_key.secret
     AWS_SES_DOMAIN = module.email.mail_from_domain