Remove default values from cli and modify config.js file

src/config/index.js

@@ -20,7 +20,7 @@ const envVarsSchema = Joi.object()
     VERBOSE: Joi.string().valid('console', null).default(null),
 
     CORS_ORIGIN_WHITELIST: Joi.string().default('*'),
-    AUTH: Joi.boolean().default(false),
+    AUTH: Joi.boolean(),
 
     RATE_LIMIT_ENABLED: Joi.boolean().default(false),
     RATE_LIMIT_WINDOW_MS: Joi.number().positive().default(1000),
@@ -33,9 +33,9 @@ const envVarsSchema = Joi.object()
     INITIAL_USER_USERNAME: Joi.string(),
     INITIAL_USER_PASSWORD: Joi.string(),
 
-    TOKEN_SECRET: Joi.string().default(null),
+    TOKEN_SECRET: Joi.string(),
-    ACCESS_TOKEN_EXPIRATION_TIME: Joi.string().default('5H'),
+    ACCESS_TOKEN_EXPIRATION_TIME: Joi.string(),
-    REFRESH_TOKEN_EXPIRATION_TIME: Joi.string().default('3D'),
+    REFRESH_TOKEN_EXPIRATION_TIME: Joi.string(),
   })
   .unknown();
 
@@ -113,12 +113,16 @@ module.exports = {
       envVars.CORS_ORIGIN_WHITELIST?.split(',') || ['*'],
   },
 
-  auth: argv.auth || envVars.AUTH,
+  auth: argv.auth || envVars.AUTH || false,
-  tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET,
+  tokenSecret: argv.tokensecret || envVars.TOKEN_SECRET || null,
   accessTokenExpirationTime:
-    argv.accesstokenexpirationtime || envVars.ACCESS_TOKEN_EXPIRATION_TIME,
+    argv.accesstokenexpirationtime ||
+    envVars.ACCESS_TOKEN_EXPIRATION_TIME ||
+    '5H',
   refreshTokenExpirationTime:
-    argv.refreshtokenexpirationtime || envVars.REFRESH_TOKEN_EXPIRATION_TIME,
+    argv.refreshtokenexpirationtime ||
+    envVars.REFRESH_TOKEN_EXPIRATION_TIME ||
+    '3D',
 
   initialUserUsername:
     argv.initialuserusername || envVars.INITIAL_USER_USERNAME,

src/controllers/auth/common.js

@@ -13,4 +13,12 @@ const isUsernameTaken = (username) => {
   return users.length > 0;
 };
 
-module.exports = { isUsernameTaken };
+const checkAuthConfigs = ({ auth, tokenSecret }) => {
+  if (auth && !tokenSecret) {
+    throw new Error(
+      'You need to provide a token secret either from the CLI or from your environment variables',
+    );
+  }
+};
+
+module.exports = { isUsernameTaken, checkAuthConfigs };

src/controllers/auth/index.js

@@ -1,5 +1,6 @@
 const users = require('./user');
 const token = require('./token');
 const tables = require('./tables');
+const { checkAuthConfigs } = require('./common');
 
-module.exports = { ...users, ...token, ...tables };
+module.exports = { ...users, ...token, ...tables, checkAuthConfigs };

src/index.js

@@ -23,6 +23,7 @@ const {
   createDefaultTables,
   createInitialUser,
   removeRevokedRefreshTokens,
+  checkAuthConfigs,
 } = require('./controllers/auth');
 
 const { runCLICommands } = require('./commands');
@@ -85,6 +86,9 @@ if (config.rateLimit.enabled) {
   app.use(limiter);
 }
 
+// If Auth mode is activated but if the tokenSecret value is undefined then throw an error
+checkAuthConfigs({ auth: config.auth, tokenSecret: config.tokenSecret });
+
 // If Auth mode is activated then create auth tables in the DB & create a super user if there are no users in the DB
 if (config.auth) {
   createDefaultTables();