Extract encryption key into the configuration param

.env-dist

@@ -7,8 +7,10 @@ EMAILS_RENDERER_HOST=http://emails-renderer:3000
 
 ## Security params
 JWT_USER_SECRET=
+JWT_ENCRYPTION_KEY=
 JWT_PUBLIC_KEY_PATH=
 JWT_PRIVATE_KEY_PATH=
+JWT_PRIVATE_KEY_PASS=
 
 ## External services
 RECAPTCHA_PUBLIC=

api/components/OAuth2/Component.php

@@ -13,6 +13,11 @@ use yii\base\Component as BaseComponent;
 
 class Component extends BaseComponent {
 
+    /**
+     * @var string|\Defuse\Crypto\Key
+     */
+    public $encryptionKey;
+
     /**
      * @var AuthorizationServer
      */
@@ -34,7 +39,7 @@ class Component extends BaseComponent {
                 $accessTokensRepo,
                 new Repositories\EmptyScopeRepository(),
                 new EmptyKey(),
-                '123' // TODO: extract to the variable
+                $this->encryptionKey
             );
             $authCodeGrant = new AuthCodeGrant($authCodesRepo, $refreshTokensRepo, new DateInterval('PT10M'));
             $authCodeGrant->disableRequireCodeChallengeForPublicClients();

api/config/config-test.php

@@ -1,6 +1,9 @@
 <?php
 return [
     'components' => [
+        'oauth' => [
+            'encryptionKey' => 'mock-encryption-key',
+        ],
         'tokens' => [
             'hmacKey' => 'tests-secret-key',
             'privateKeyPath' => codecept_data_dir('certs/private.pem'),

api/config/config.php

@@ -11,6 +11,10 @@ return [
         'user' => [
             'class' => api\components\User\Component::class,
         ],
+        'oauth' => [
+            'class' => api\components\OAuth2\Component::class,
+            'encryptionKey' => getenv('JWT_ENCRYPTION_KEY'),
+        ],
         'tokens' => [
             'class' => api\components\Tokens\Component::class,
             'hmacKey' => getenv('JWT_USER_SECRET'),

autocompletion.php

@@ -22,7 +22,6 @@ class Yii extends \yii\BaseYii {
  * @property \GuzzleHttp\Client               $guzzle
  * @property \common\components\EmailsRenderer\Component $emailsRenderer
  * @property \mito\sentry\Component           $sentry
- * @property \api\components\OAuth2\Component $oauth
  * @property \common\components\StatsD        $statsd
  * @property \yii\queue\Queue                 $queue
  * @property \api\components\Tokens\Component $tokens
@@ -36,6 +35,7 @@ abstract class BaseApplication extends yii\base\Application {
  *
  * @property \api\components\User\Component      $user User component.
  * @property \api\components\ReCaptcha\Component $reCaptcha
+ * @property \api\components\OAuth2\Component    $oauth
  *
  * @method \api\components\User\Component getUser()
  */

common/config/config.php

@@ -12,7 +12,7 @@ return [
         '@console' => '@root/console',
     ],
     'params' => [
-        'fromEmail' => 'ely@ely.by',
+        'fromEmail' => 'account@ely.by',
         'supportEmail' => 'support@ely.by',
     ],
     'container' => [
@@ -91,12 +91,9 @@ return [
         ],
         'emailsRenderer' => [
             'class' => common\components\EmailsRenderer\Component::class,
-            'serviceUrl' => getenv('EMAILS_RENDERER_HOST'),
+            'serviceUrl' => getenv('EMAILS_RENDERER_HOST') ?: 'http://emails-renderer:3000',
             'basePath' => '/images/emails',
         ],
-        'oauth' => [
-            'class' => api\components\OAuth2\Component::class,
-        ],
         'authManager' => [
             'class' => \api\rbac\Manager::class,
             'itemFile' => '@api/rbac/.generated/items.php',