Initial T06 security template

2026-05-12 06:49:39 +00:00
commit af0ff49f87
20 changed files with 529 additions and 0 deletions
--- a/api/src/auth.js
+++ b/api/src/auth.js
@@ -0,0 +1,37 @@
+const fs = require('fs');
+const path = require('path');
+const jwt = require('jsonwebtoken');
+
+const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-ne-koristiti-u-produkciji';
+
+function privateKeyPath() {
+  return path.join(__dirname, '..', 'private.pem');
+}
+
+function publicKeyPath() {
+  return path.join(__dirname, '..', 'public.pem');
+}
+
+function signToken(user) {
+  const payload = {
+    sub: user.id,
+    username: user.username,
+    role: user.role
+  };
+
+  // TODO Z1.4:
+  // Zamijeni simetrično HS256 potpisivanje asimetričnim RS256 potpisivanjem.
+  // 1. Generiraj api/private.pem i api/public.pem.
+  // 2. Umjesto JWT_SECRET koristi fs.readFileSync(privateKeyPath()).
+  // 3. Promijeni algorithm iz HS256 u RS256.
+  return jwt.sign(payload, JWT_SECRET, {
+    algorithm: 'HS256',
+    expiresIn: '15m'
+  });
+}
+
+function getPublicKeyPath() {
+  return publicKeyPath();
+}
+
+module.exports = { signToken, getPublicKeyPath, privateKeyPath, publicKeyPath };